The URL can be used to link to this page

Home My WebLink About32-33RESOLUTION 32-23 RESOLUTION AUTHORIZING STAFF TO AUTHORIZE REQUEST FOR PROPOSALS (RFP) FOR QUALIFIED CONSULTANTS FOR INFORMATION TECHNOLOGY MANAGED SERVICES WHEREAS, the Town of Los Altos Hills adopted a resolution for FY2022-23 with a 1 -year agreement with Eaton & Associates for IT Managed Services; and WHEREAS, the IT Managed Services agreement will expire June 30, 2022; and WHEREAS, the scope of services (Attachment 1) will be included in the Request for Proposals (RFP) ; and NOW THEREFORE, The Administrative Services Director is hereby authorized to advertise the request for proposals for consultant services to provide information technology managed services. The above and foregoing Resolution was passed and adopted by the City Council of the Town of Los Altos Hills at a regular meeting held on the 16th day of March 2023 by the following vote: AYES: Swan, Mok, Schmidt, Tankha, Tyson NOES: None ABSTAIN: None ABSENT: None ATTEST: Deborah Padovan, City Clerk BY: Linda G. Swan, Mayor Resolution 32-23 Page 1 EXHIBIT A Scope of Services 1 General Support 1.1 Contractor will provide support for the Town desktop computers and desktop applications. 1.2 Contractor will work with vendors for application issues beyond routine troubleshooting procedures and for non-standard, unique third -party software that the Town utilizes. 1.3 Contractor will provide 24/7 support for all Windows and Linux based server(s), including virtual servers. 1.4 Contractor will provide 24/7 management and monitoring of the network infrastructure. 1.5 Contractor will provide 24/7 network security and cyber security monitoring and management. 1.6 Contractor will provide centralized security patches/updates and firmware process. 1.7 Contractor will assist and help plan a cybersecurity audit based on principles outlined by the State of California (https://cdt.ca.aov/security/information-security-program-audit-services/). 1.8 Contractor will evaluate steps recommended by CISA to prevent ransomware attacks (https://www.cisa.gov/stopransomware/resources). 1.9 Contractor will evaluate and recommend technology upgrades to the Town as needed to improve performance, security, reliability, etc. The Town will act as the final decision maker for any proposed upgrades. 1.10 Contractor will undertake a study to evaluate how the Town's in-house infrastructure can be migrated to the cloud for increased security, determine cost tradeoffs, ease of use and better scalability (https:Hgovernmenttechnologyinsider.com/why-local- governments-should-migrate-government-to-the-cloud/). 1.11 Contractor will identify, evaluate, and recommend any third -party software tools that Town will be required to procure. The Town will act as the final decision maker for any software licensed by, or for, the Town, procured with Town funds, or required to be reimbursed with Town funds. 1.12 Acceptance Testing and Documentation of Procedures. Following the completion by Contractor of any deliverables required by this Agreement that result in operational changes or new processes, Town will test each process/procedure in accordance with standard industry procedures, noting in writing whether the deliverable will be accepted (final acceptance) or if modifications are required. Following final acceptance by Town, Contractor will provide written documentation procedures within thirty (30) calendar days of the effective date of final acceptance. 1.13 Contractor Staffing: Contractor will provide technical staff that are knowledgeable and trained to carry out this Scope and Services. Based on ongoing IT needs, staffing levels may change upon mutual agreement between Contractor and Town. Managed Service staffing includes: 1.13.1 Dedicated Account Manager -Act as the main point of contact between Contractor and Town. 1.13.2 Desktop and Server Engineer- Technical skills necessary to support current and future Town desktop, mobile and peripheral infrastructure. Resolution 32-23 Page 2 1.13.3 Systems and Network Engineer - Technical engineering support for the Town's servers and network infrastructure and cloud -based systems. 1.13.4 Chief Technology Officer / Director of IT - Serve as the Senior Engineer, Strategist and Technology Consultant to the Town. 1.13.5 Project Manager—will provide tools, documents, techniques, and resources to support managed services and approved projects. 1.13.6 Continuing Education and Training — Contractor will ensure all staff complete all necessary training and credentialing to provide this Agreement's services. 1.14 Town Resources The Town will provide Contractor with resources as needed to carry out services such as facilities access, server, and network access, and temporary workstations. The Town will respond as quickly and completely as possible to enquires made by the Contractor. Contractor will communicate in advance to the Town when assistance is required. Town will provide a designated point of contact for Contractor. 2 Service Delivery Areas (1) Base Services (2) Desktop and Server Services (3) Network and Security Services 2.1 Services not included are related to the implementation of new infrastructure or new software systems/solutions. Contractor will provide cost estimates to the Town for all none- included services as needed. The cost estimate should be itemized with descriptions of each item. 3 Base Services 3.1 Purchasing 3.1.1 Contractor will be responsible for making recommendations on IT -related equipment (hardware) and software and coordinating with vendors as requested, Town will make purchase. 3.1.2 Contractor will be responsible for obtaining quotes for maintenance or warranty renewals and reviewing the terms and conditions of the Town's maintenance and support agreements. Contractor will follow all Town purchasing policies. The Town will act as the final decision maker for any hardware or software purchases made on behalf of the Town, procured with Town funds, or required to be reimbursed with Town funds. 3.1.3 All hardware and software purchases will be updated in an asset database with serial numbers, warranties, and expiration dates and will be reflected in the annual Tech Audit. 3.2 Project Management and Delivery 3.2.1 Contractor will deliver and manage projects with a high level of professionalism and skill to ensure timelines, scope and budgets are adhered to. 3.2.2 Contractor will provide a consistent methodology for all technology projects (i.e., planned during the yearly budget process, ad hoc projects) to ensure successful projects. 3.2.3 At Town"s's sole discretion, new technology or application implementation Resolution 32-23 Page 3 requiring project management and services, maybe sole -sourced to the Contractor or maybe submitted for outside bids. 3.3 Documentation 3.3.1 Contractor will create and maintain accurate and updated technology documentation, including, but not limited to: 3.3.1.1 Device configuration version control 3.3.1.2 Change control documentation, including thorough test plans. 3.3.1.3 Standard procedures (i.e., patch management) 3.3.1.4 Updated equipment/application/warranty/license lists. 3.3.1.5 Vendor contact list 3.4 Service Level Metrics, Availability and Response Times 3.4.1 Support Tracking Contractor will utilize an interactive ticketing system that tracks each ticket from initiation to completion. The system will serve as the central communication hub between the Contractor's helpdesk and Town users. In addition, the Contractor will provide a weekly report on outstanding support tickets to the Town as well as a secure web portal where tickets can be viewed by the Town in real-time 3.4.2 Service Levels aims to ensure that the Contractor meets Town's business requirements for availability, reliability, and secure services that are backed by service levels. By meeting these objectives, Town aims to: • ensure end-user experience and productivity • standardize hardware and software environments • ensure security, data management, and backup • ensure asset management and control 3.4.3 Contractor will follow industry best practices, specifically the "Service Operation" standards outlined by the Information Technology Infrastructure Library (ITIL). Contractor will use processes governed by a Service Level Matrix ("SLM") and a set of Service Level Objectives ("SLOs") to identify incidents (i.e., alerts and/or events), define each incident's priority level (defined by that incident's urgency and impact), respond to incidents in order of priority, and ultimately resolve incidents as quickly as possible. Regular Service After Hours Service (desktop services only) 7:00am to 6:00pm, Monday - Friday After 6:00 pm and before 7:00 am after hours of service Monday — Friday All hours Saturday, Sunday 3 Help Desk hours are defined as 7:00am to 6:00 pm Monday through Friday except for Town holidays. Network support 24X7X365 is included in pricing. Desktop support performed by Contractor outside the normal business hours, on weekends or holidays will be billed at the appropriate overtime rates (see contract) Resolution 32-23 Page 4 Table 1- Service Level Metrics / Objectives Metric Availability- : Network Support Operations A Ivailability- Helpdesk 24x7x365 24x7x365 24x7x365 24x7x365 24x7x365 24x7x365 24x7x365 Regular Service Hours Resolution 32-23 Page 5 Acknowledgement 15 minutes 15 minutes1 30 minutes Status Updates 30 minutes 2 hours 8 hours Resolution Plan < 4 hours < 8 hours < 8 hours/NBD 90%o resolved 90% resolved 75% resolved in Resolution Time in less than 4 in less than 8 less than 16 hours hours business hours Table 2- Priority Levels 30 minutes 12 hours < 3 days 75% resolved in less than 1 week P1 — Critical Typically, an emergency incident affecting all or most users and that is halting the use of critical "line of business" applications and/or access to the network or a data/security breach. Examples: Email server(s) not sending/receiving email, Internet connection down, database server appears offline, etc. P2 — Likely affecting multiple users and impairing access to one or more critical Important business applications, though, not resulting in a complete stoppage of work. Examples: Slow/intermittent Internet connectivity, backup failures, imminent server crash due to lack of hard disk space, etc. P3 - Normal Typically affecting between 1 and 5 users and generally non-critical in nature. j Workarounds are likely available. I Examples: User cannot print to a network printer, user's domain account locked due to unsuccessful password entries, a user has deleted an email by accident and wants it restored, etc. P4 - Low The problem affects no more than a few users and is typically non -business impacting. Workarounds available. Examples: User has some "dead pixels" on her monitor, user application displaying persistent error messages with no impact to use of the application, occasional static heard on a particular VoIP phone, etc 3.4.4 Contractor will deliver a monthly report (SLO Report) documenting performance according to the agreed-upon service levels set forth above. Any SLA that is not met will require a remediation plan included in the SLA Report that will be implemented in less than 30 days 3.5 Account Administration, Management, and Reporting Contractor is responsible for maintaining a high level of service and accurate reporting on that service. Account administration includes, but is not limited to, the following services and reports: 3.5.1 Prepare and deliver Service Level Objectives Reports (monthly) 3.5.2 Help Desk tickets or reported incidents that have been open more than three days can be escalated by the Town via the real-time portal and will be included in the bi-weekly meetings and monthly ticket reports. 3.5.3 Summary report of all tickets opened, closed, or worked during the month, with a Resolution 32-23 Page 6 status for each. 3.5.4 Prepare and provide monthly, quarterly, and annual Customer Satisfaction reports based on the responses from closed tickets. 3.5.5 Perform Annual Technology Audit to include the current state of all hardware, software, licenses, vendors, diagrams, and recommendations for improvements, innovation, new technology, including improvement and sustainability projects As part of this audit, the Contractor should present the Town with all upcoming hardware and software technologies that will help improve the performance of Town's hardware and software, which will eventually help improve Town's services. 3.5.6 Attend IT meetings (quarterly) on-site or via teleconference with department IT user group and or Executive Team. 3.5.7 Conduct bi-weekly IT status update meetings with Town designated point of contact 3.5.8 Provide status of service request or project (as needed) 3.5.9 Decommission and remove hardware, including hard drives in compliance with DOJ/CJIS policies. 3.6 Asset Management Services include: 3.6.1.1 Physical inventory 3.6.1.2 Asset receiving 3.6.1.3 Asset tracking 3.6.1.4 Software license management 3.6.1.5 Asset cascading and disposal 3.7 Change Management 3.7.1 Managing and minimizing disruption to end-users is critical in delivering high levels of customer service. Therefore, Contractor will utilize a Change Management methodology to support the Town. The change control structure will include roles and responsibilities, required inputs and outputs, and communication requirements. Identify any areas where specific processes or procedures needs to be adhered (e.g., application vs. infrastructure). 3.8 Tran sition/Onboard ing 3.8.1 The Contractor will provide onboarding and transition services by working closely with Town contacts and existing IT providers to ensure the Town's systems and technology works seamlessly. 3.8.2 Contractor will conduct a security assessment and provide a report to the Town of findings and recommendations to ensure the Town's system are secure and stable. 3.8.3 Contractor will meet weekly during the first 100 days with the Town. 3.8.4 Contractor commits to supporting a smooth handoff with any other IT Contractor or Agent designated by the Town, during the term of the contract, or related to end of the contract. Contractor agrees that any final payments owed may be withheld pending completion of successful transition. Transition includes (but is not limited to) walk- throughs, documentation, access credentials, and operating practices to enable the other IT Contractor or Agent to provide needed services. Resolution 32-23 Page 7 4 Desktop and Server (Intel based) Services 4.1 Help Desk management, maintenance, and monitoring activities for the operation and performance of network equipment, desktops, peripherals, and telephone equipment. 4.2 Contractor will provide a full-service Help Desk from 7:00 a.m. to 6:00 p.m., with ability to provide on-site resources (as needed) Monday through Friday that will include escalation resources, as well as 24 hour on-call resources for urgent priorities that may need immediate response on-site and/or remotely. 4.3 Contractorwill provide support for Microsoft Windows, Microsoft Office (multiple versions), Microsoft Server (multiple OS versions) 4.4 Contractor will provide support for Town email services (Exchange 2019 and Office365) 4.5 Contractor will manage all aspects of Help Desk service delivery as a single point of contact, including: 4.5.1 All problem resolution (Tier 1, 2, 3) 4.5.2 Service request tracking 4.5.3 Problem management 4.5.4 Call escalation management 4.5.5 Dispatch 4.5.6 Knowledge management 4.5.7 Self help 4.5.8 New Employee Onboarding / training on how to use the help desk. 4.5.9 Manage the team providing services to Town. 4.5.10 Manage the performance of Contractor's personnel and services and continually seek opportunities to enhance and improve performance. 4.5.11 The Town, working with the Contractor, will set or change the priorities of tickets. 4.5.12 A maximum of two Town staff requires the ability to adjust priorities within the ticketing system. 4.5.13 Provide Town monthly service level reports and access to the help desk portal. 4.5.14 Staff may participate in receiving alerts and alarms. (e.g., Wi-Fi, server room temperature, hardware issues) 4.6 Operations will be focused on delivering exceptional customer service. The Contractor will be required to measure and monitor customer service and provide monthly reports on customer service delivery. The contractor will also provide a process for customer service escalations and remediation. 4.7 Desktop Hardware / Software Maintenance Support 4.7.1 Service provided in this area supports desktops hardware and software, laptops hardware and software, and the peripheral devices attached to them. A wide variety of applications are in use across the departments. 4.7.2 Desktop Client Services include: 4.7.2.1 Hardware break/fix 4.7.2.2 Software break/fix 4.7.2.3 Peripheral break/fix (i.e., printers, scanners, copiers, fax, audio/visual equipment Note: Contractor will not be expected to fix a/v related equipment (e.g., Crestron) but rather help diagnose issues and if necessary, recommend replacement hardware. Contractor will coordinate with the Town's preferred vendor for copier and printer repairs and maintenance.) Resolution 32-23 Page 8 4.7.2.4 Technology refresh (includes planning and coordination with Town staff). Included in annual costs is planned technology refreshes for existing equipment (e.g., computers, laptops, servers, printers, switches, firewalls) 4.7.2.5 Training room setup (setup equipment in miscellaneous locations, as needed) 4.7.2.6 Installations, moves, adds, and changes. 4.7.2.7 Troubleshoot and fix desktop (on site or remotely) and network issues. 4.7.2.8 Provide support to Emergency Operation Center (EOC) to ensure network connectivity to EOC internet connection and phone lines. 4.7.3 Desktop Application Services include: 4.7.3.1 Basic troubleshooting/connectivity to support all Town applications. 4.7.3.2 Image management 4.7.3.3 Patch management (all applications) 4.7.3.4 Provide and maintain security on all endpoints (antivirus) 4.7.3.4.1 Implement antivirus automated scheduled scans and automatic definition updates (no manual updates or scan) 4.7.3.5 Electronic software distribution 4.7.3.6 Integration and testing 4.7.3.7 Support laptops, tablets, iPads and mobile devices (cell/smart phones) 4.8 Third -Party Software Support 4.8.1 The contractor will provide basic support of all third -party business application used by the Town. 4.8.2 Basic support could include connectivity to the application, potential account setup, and upgrade support. 4.8.3 Provide support to miscellaneous utility software (i.e., Adobe, Cisco WebEx, Zoom, SeeClickFix, Scanner/OCR, Fuel System, label, Shortel communicator) 4.8.4 Town Website Support will be provided on a best effort basis and coordinate with the Town's webmaster as required. 4.8.5 Contractor will provide administrative support for the entire Office365 environment licensed by the Town. 4.8.6 Contractor will evaluate any software for any security vulnerabilities due to software supply chain issues, encryption of sensitive data and robust access control requirements. 4.9 Microsoft Server Administration and Security 4.9.1 This section includes the maintenance of all aspects of server security, incident management, virus and malware protection, access control, and auditing. 4.9.2 Contractor responsibilities include, but are not limited to: 4.9.2.1 Microsoft server administration: with access provided by Town, set up users, manage access to resources (file shares/printers), and implement security for each per Town requirements. 4.9.2.2 Provide server -side support for print queues, end users with printer issues and coordinate with Town's managed printer vendor. 4.9.2.3 Provide all support for VMWare Hyper Converged Server Environment 4.9.2.4 As needed support VolP (i.e., networking Town utilizes Mitel/Shortel Communicator) 4.9.2.5 Provide and support an antivirus solution (solution requires approval by Resolution 32-23 Page 9 Town) 4.9.2.6 Ensure Town security policies are enforced on endpoints. 4.9.2.7 Perform regular maintenance and auditing to ensure security on all devices. 4.9.2.8 Monitor and respond to logs on endpoints, antivirus, patching. 4.9.2.9 Ensure servers and devices have the latest available security patches and firmware installed. 4.9.2.10 Implement a remote access tool to maintain a secure remote access environment using appropriate technologies. 4.9.2.11 Provide remote access administration that comply with Town policies. 4.9.2.12 Support and maintain Active Directory and Group Policies 4.9.2.13 Apply and maintain Town policies for file system security and user access. 4.9.2.14 Assist with the development of new IT related policies and the updating of existing policies as needed. 4.9.3 Storage, Backup & Disaster Recovery 4.9.3.1 Support storage environment 4.9.3.2 Contractor will manage and ensure the recoverability of all Town data based on agreed upon backup and retention schedules. 4.9.3.3 Provide all support related to backup solutions including but not limited to: • Manage backup system and Storage Area Network (SAN) • Perform backups and snapshots in accordance with established backup schedule. • Maintain backup software and infrastructure. • Perform file and database recovery from backup media or snapshots and as requested; perform monthly backup recovery testing. • Manage and monitor location of all backup media in accordance with media retention schedule. • Schedule transport and destruction requests • Perform and document annual backup media disaster recovery test. 4.9.4 Implement, maintain and perform monthly testing of automatic failover for critical server infrastructure and applications. 4.9.5 Secure Large File Transfer Services • Contractor will provide support to assist with large file transfers. 5 Network and Security Services 5.1 Contractor will provide 24x7x365 network and security services. 5.2 Contractor will manage the Town's network and provide network engineering, administration, maintenance, and projects services. 5.3 Contractor will provide a next generation security information and event management (SIEM) networking management and monitoring software system. 5.4 Network administration includes maintaining and monitoring the communication through the Town network, ensuring optimal performance. This includes but is not limited to document and support of the firewalls, switches, and VLANs. 5.5 Security administration includes the maintenance of all aspects of information security, incident management, firewall services, anti-virus services, intrusion protection, penetrating services, system security and auditing. Resolution 32-23 Page 10 5.6 The communication/network responsibilities include regular patching, updates, firmware and service pack updates, network operating system upgrades, and the monitoring, maintaining, and optimizing of all the services and devices. The network projects include documenting and ensuring standardizations across the network (e.g., VLANS, device management). 5.7 The network services will also include maintaining the current environment, as well as changes and improvements to existing operations, including new capabilities. Network services changes will be scheduled in advance (unless needed for security or other emergency purposes). 5.8 The responsibilities include, but are not limited to: 5.8.1 Maintain all firewall, routers, switches, and VPNs; provide network design and engineering expertise to maintain network. 5.8.2 Maintaining all WAPs with the assistance of current third -party maintenance provider 5.8.3 Evaluating and applying security patches and upgrades 5.8.4 Monitoring network performance and capaTown 5.8.5 Identifying potential limitations before traffic on the network increases to the point that it affects system performance. 5.8.6 Supporting as needed the VolP infrastructure (connectively issues) and coordinate as needed with current third -party maintenance provider. 5.8.7 Keeping inventory and maintenance records for all network equipment and ensuring documentation and recoverability of network device configurations 5.8.8 Providing or scheduling repairs and maintenance necessary to continue operations and meet approved service levels. 5.8.9 Timely coordination and communication with Town Town staff regarding maintenance and upgrades to minimize impact to Town operations. 5.8.10 Diagnosing, investigating, and identifying root cause to network problems; recommend and implement fixes. 5.8.11 Integration with other Agencies / Applications 5.8.12 Ensure applications are available for internal/external access. 5.8.13 Maintain security settings, software, and firmware on all network equipment, computers, and laptops. 5.8.14 Utilize NIST security framework and standards to manage the Town's network security program. 5.8.15 Network diagrams 5.8.15.1 The documentation will be audited and inventoried on an annual basis. A quarterly update will be sent to the designated IT contact for review. 10 Resolution 32-23 Page I I