HomeMy WebLinkAbout20183927.tiffPRICE AGREEMENT AMENDMENT
Amendment #1
Price Agreement #2018-083
Original CMS # 109811
Amendment CMS # 121301
1. PARTIES
This Amendment to the above -referenced Original Contract (hereinafter called the Price Agreement) is entered into by
and between Shred -It US JV LLC dba Shred -It USA LLC (hereinafter called "Contractor"), and the State of
Colorado, acting by and through the Department of Personnel & Administration, State Purchasing &
Contracts Office (hereinafter called the "State"), and collectively referred to as the "Parties."
2. EFFECTIVE DATE AND ENFORCEABILITY
This Amendment shall not be effective or enforceable until it is approved and signed by the Colorado State Controller
or designee (hereinafter called the "Effective Date"). The State shall not be liable to pay or reimburse Contractor for
any performance hereunder including, but not limited to, costs or expenses incurred, or be bound by any provision
hereof prior to the Effective Date.
3. FACTUAL RECITALS
The Parties entered into the Price Agreement effective June I, 2018 for the provision of Document and Media
Destruction, as set forth in the Price Agreement, contract number 2018-083.
4. CONSIDERATION
The Parties acknowledge that the mutual promises and covenants contained herein and other good and valuable
consideration are sufficient and adequate to support this Amendment.
5. LIMITS OF EFFECT
This Amendment is incorporated by reference into the Price Agreement, and the Price Agreement and all prior
Amendments thereto, if any, remain in full force and effect except as specifically modified herein.
6. MODIFICATIONS
This Amendment shall modify the following:
A. The Price Agreement shall now include Exhibit H, Federal Bureau of Investigation, Criminal Justice
Information Services Security Addendum.
B. Exhibit A, General Work Requirements, of the Price Agreement, shall be modified as follows:
Section 1, Certification, shall now include the following:
"1.3 Contractor is authorized to destroy Criminal Justice Information Services (CJIS) documents, per Exhibit H,
with the following restrictions:
a) Contractor shall not have access to any information systems while performing Services under the Contract;
and
b) The extent of the certification shall be limited to document and media destruction."
7. START DATE
This Amendment shall take effect on the Effective Date.
8. ORDER OF PRECEDENCE
Except for the Special Provisions, in the event of any conflict, inconsistency, variance, or contradiction between the
provisions of this Amendment and any of the provisions of the Price Agreement, the provisions of this Amendment
shall in all respects supersede, govern, and control.
9. AVAILABLE FUNDS
Financial obligations of the state payable after the current fiscal year are contingent upon funds for that purpose being
appropriated, budgeted, or otherwise made available.
Page 1 of 8
2018-3927
Cornmuric akionS CC: PCT Mc) ,CP Cf t3)
12/1O8 tL/4/18
ACo022
THE PARTIES HERETO HAVE EXECUTED THIS AMENDMENT
CONTRACTOR
Shred -It US JV LLC dba Shred -It USA LLC
By:
(14._ A410
Date:
Signature
/o-Zz—i�
STATE OF COLORADO
John W. Hickenlooper, Governor
Department of Personnel and Administration
e Taylor, Executive Director
y: John Chapman, State Purchasing Manager
Date:
ALL CONTRACTS REOUIRE APPROVAL BY THE STATE CONTROLLER
CRS §24-30-202 requires the State Controller to approve all State contracts. This Amendment is not valid until signed and dated below by
the State Controller or delegate. Contractor is not authorized to begin performance until such time. If Contractor begins performing prior
thereto, the State of Colorado is not obligated to pay Contractor for such performance or for any goods and/or services provided
hereunder.
By:
STATE CONTROLLER
Robert Jaros, CPA, MBA, JD
Page 2 of 8
Date: // 24 /r
EXHIBIT H, FEDERAL BUREAU OF INVESTIGATION CRIMINAL JUSTICE
INFORMATION SERVICES SECURITY ADDENDUM
Legal Authority for and Purpose and Genesis of the
Security Addendum
Traditionally, law enforcement and other criminal justice agencies have been responsible for the confidentiality of their
information. Accordingly, until mid -1999, the Code of Federal Regulations Title 28, Part 20, subpart C, and the National
Crime Information Center (NCIC) policy paper approved December 6, 1982, required that the management and exchange
of criminal justice information be performed by a criminal justice agency or, in certain circumstances, by a noncriminal
justice agency under the management control of a criminal justice agency.
In light of the increasing desire of governmental agencies to contract with private entities to perform administration of
criminal justice functions, the FBI sought and obtained approval from the United States Department of Justice (DOJ) to
permit such privatization of traditional law enforcement functions under certain controlled circumstances. In the Federal
Register of May 10, 1999, the FBI published a Notice of Proposed Rulemaking, announcing as follows:
1. Access to CHRI [Criminal History Record Information] and Related
Information, Subject to Appropriate Controls, by a Private Contractor Pursuant to a
Specific Agreement with an Authorized Governmental Agency To Perform an
Administration of Criminal Justice Function (Privatization). Section 534 of title 28 of
the United States Code authorizes the Attorney General to exchange identification,
criminal identification, crime, and other records for the official use of authorized
officials of the federal government, the states, cities, and penal and other institutions.
This statute also provides, however, that such exchanges are subject to cancellation if
dissemination is made outside the receiving departments or related agencies. Agencies
authorized access to CHRI traditionally have been hesitant to disclose that
information, even in furtherance of authorized criminal justice functions, to anyone
other than actual agency employees lest such disclosure be viewed as unauthorized. In
recent years, however, governmental agencies seeking greater efficiency and economy
have become increasingly interested in obtaining support services for the
administration of criminal justice from the private sector. With the concurrence of the
FBI's Criminal Justice Information Services (CJIS) Advisory Policy Board, the DOJ
has concluded that disclosures to private persons and entities providing support
services for criminal justice agencies may, when subject to appropriate controls,
properly be viewed as permissible disclosures for purposes of compliance with 28
U.S.C. 534.
We are therefore proposing to revise 28 CFR 20.33(a)(7) to provide express
authority for such arrangements. The proposed authority is similar to the authority that
already exists in 28 CFR 2021(bx3) for state and local CHRI systems. Provision of
CHRI under this authority would only be permitted pursuant to a specific agreement
with an authorized governmental agency for the purpose of providing services for the
administration of criminal justice. The agreement would be required to incorporate a
security addendum approved by the Director of the FBI (acting for the Attorney
General). The security addendum would specifically authorize access to CHRI, limit
the use of the information to the specific purposes for which it is being provided,
ensure the security and confidentiality of the information consistent with applicable
laws and regulations, provide for sanctions, and contain such other provisions as the
8/9/2013 H-7
Cll SD-ITS-DOC-08140-5.2
Page 3 of 8
Director of the FBI (acting for the Attorney General) may require. The security
addendum, buttressed by ongoing audit programs of both the FBI and the sponsoring
governmental agency, will provide an appropriate balance between the benefits of
privatization, protection of individual privacy interests, and preservation of the
security of the FBI's CHRI systems.
The FBI will develop a security addendum to be made available to interested
governmental agencies. We anticipate that the security addendum will include
physical and personnel security constraints historically required by NCIC security
practices and other programmatic requirements, together with personal integrity and
electronic security provisions comparable to those in NCIC User Agreements between
the FBI and criminal justice agencies, and in existing Management Control
Agreements between criminal justice agencies and noncriminal justice governmental
entities. The security addendum will make clear that access to CHRI will be limited to
those officers and employees of the private contractor or its subcontractor who require
the information to properly perform services for the sponsoring governmental agency,
and that the service provider may not access, modify, use, or disseminate such
information for inconsistent or unauthorized purposes.
Consistent with such intent, Title 28 of the Code of Federal Regulations (C.F.R.) was
amended to read:
§ 20.33 Dissemination of criminal history record information.
a) Criminal history record information contained in the Interstate Identification
Index (Ill) System and the Fingerprint Identification Records System (FIRS)
may be made available:
1) To criminal justice agencies for criminal justice purposes, which
purposes include the screening of employees or applicants for
employment hired by criminal justice agencies.
2) To noncriminal justice governmental agencies performing criminal
justice dispatching functions or data processing/information services for
criminal justice agencies; and
3) To private contractors pursuant to a specific agreement with an agency
identified in paragraphs (a)(I) or (aX6) of this section and for the purpose
of providing services for the administration of criminal justice pursuant
to that agreement. The agreement must incorporate a security addendum
approved by the Attorney General of the United States, which shall
specifically authorize access to criminal history record information, limit
the use of the information to the purposes for which it is provided,
ensure the security and confidentiality of the information consistent with
these regulations, provide for sanctions, and contain such other
provisions as the Attorney General may require. The power and
authority of the Attorney General hereunder shall be exercised by the
FBI Director (or the Director's designee).
This Security Addendum, appended to and incorporated by reference in a government -private sector contract
entered into for such purpose, is intended to insure that the benefits of privatization are not attained with any
accompanying degradation in the security of the national system of criminal records accessed by the contracting private
party. This Security Addendum addresses both concerns for personal integrity and electronic security which have been
addressed in previously executed user agreements and management control agreements.
8/9/2013 H-7
CJ I S D -ITS- D O C-08140- 5.2
Page 4 of 8
A government agency may privatize functions traditionally performed by criminal justice agencies (or
noncriminal justice agencies acting under a management control agreement), subject to the terms of this Security
Addendum. If privatized, access by a private contractor's personnel to NCIC data and other GIS information is restricted
to only that necessary to perform the privatized tasks consistent with the government agency's function and the focus of
the contract. If privatized the contractor may not access, modify, use or disseminate such data in any manner not expressly
authorized by the government agency in consultation with the FBI.
8/9/2013 M-7
CJ ISD-ITS-DOC-08140.5.2
Page 5of8
FEDERAL BUREAU OF INVESTIGATION
CRIMINAL JUSTICE INFORMATION SERVICES
SECURITY ADDENDUM
The goal of this document is to augment the CJIS Security Policy to ensure adequate security is provided for
criminal justice systems while (1) under the control or management of a private entity or (2) connectivity to FBI
CHS Systems has been provided to a private entity (contractor). Adequate security is defined in Office of
Management and Budget Circular A-130 as "security commensurate with the risk and magnitude of harm resulting
from the loss, misuse, or unauthorized access to or modification of information."
The intent of this Security Addendum is to require that the Contractor maintain a security program
consistent with federal and state laws, regulations, and standards (including the CJIS Security Policy in effect when
the contract is executed), as well as with policies and standards established by the Criminal Justice Information
Services (CJIS) Advisory Policy Board (APB).
This Security Addendum identifies the duties and responsibilities with respect to the installation and
maintenance of adequate internal controls within the contractual relationship so that the security and integrity of the
FBI's information resources are not compromised. The security program shall include consideration of personnel
security, site security, system security, and data security, and technical security.
The provisions of this Security Addendum apply to all personnel, systems, networks and support facilities
supporting and/or acting on behalf of the government agency.
1. Definitions
1.1.
Contracting Government Agency (CGA) - the government agency, whether a Criminal Justice Agency
or a Noncriminal Justice Agency, which enters into an agreement with a private contractor subject to this
Security Addendum.
1.2. Contractor - a private business, organization or individual which has entered into an agreement for the
administration of criminal justice with a Criminal Justice Agency or a Noncriminal Justice Agency.
2. Responsibilities of the Contracting Government Agency.
2.1. The CGA will ensure that each Contractor employee receives a copy of the Security Addendum and the
CHS Security Policy and executes an acknowledgment of such receipt and the contents of the Security
Addendum. The signed acknowledgments shall remain in the possession of the CGA and available for
audit purposes. The acknowledgement may be signed by hand or via digital signature (see glossary for
definition of digital signature).
3. Responsibilities of the Contractor.
3.1. The Contractor will maintain a security program consistent with federal and state laws, regulations, and
standards (including the CJIS Security Policy in effect when the contract is executed and all subsequent
versions), as well as with policies and standards established by the Criminal Justice Information Services
(CJIS) Advisory Policy Board (APB).
4. Security Violations.
4.1. The CGA must report security violations to the CHS Systems Officer (CSO) and the Director, FBI,
along with indications of actions taken by the CGA and Contractor.
4.2. Security violations can justify termination of the appended agreement.
8/9/2013 H-7
CJ I S D-ITS-DOC-08 1 40-5.2
Page 6 of 8
4.3. Upon notification, the FBI reserves the right to:
a. Investigate or decline to investigate any report of unauthorized use;
b. Suspend or terminate access and services, including telecommunications links. The FBI will
provide the CSO with timely written notice of the suspension. Access and services will be
reinstated only after satisfactory assurances have been provided to the FBI by the CJA and
Contractor. Upon termination, the Contractor's records containing CHRI must be deleted or
returned to the CGA.
5. Audit
5.1. The FBI is authorized to perform a final audit of the Contractor's systems after termination of the
Security Addendum.
6. Scope and Authority
6.1. This Security Addendum does not confer, grant, or authorize any rights, privileges, or obligations on any
persons other than the Contractor, CGA, CIA (where applicable), CSA, and FBI.
6.2. The following documents are incorporated by reference and made part of this agreement: (I) the
Security Addendum; (2) the NCIC 2000 Operating Manual; (3) the CJIS Security Policy; and (4) Title
28, Code of Federal Regulations, Part 20. The parties are also subject to applicable federal and state laws
and regulations.
6.3. The terms set forth in this document do not constitute the sole understanding by and between the parties
hereto; rather they augment the provisions of the CHS Security Policy to provide a minimum basis for
the security of the system and contained information and it is understood that there may be terms and
conditions of the appended Agreement which impose more stringent requirements upon the Contractor.
6.4. This Security Addendum may only be modified by the FBI, and may not be modified by the parties to
the appended Agreement without the consent of the FBI.
6.5. All notices and correspondence shall be forwarded by First Class mail to:
Assistant Director
Criminal Justice Information Services Division, FBI
1000 Customer Hollow Road
Clarksburg, West Virginia 26306
8/9/2013
CJ I SD -I TS-DOC-08140-5.2
Page 7 of 8
H-7
FEDERAL BUREAU OF INVESTIGATION
CRIMINAL JUSTICE INFORMATION SERVICES
SECURITY ADDENDUM
CERTIFICATION
I hereby certify that I am familiar with the contents of (1) the Security Addendum, including its legal authority
and purpose; (2) the NCIC Operating Manual; (3) the CJIS Security Policy; and (4) Title 28, Code of Federal
Regulations, Part 20, and agree to be bound by their provisions.
I recognize that criminal history record information and related data, by its very nature, is sensitive and has
potential for great harm if misused. I acknowledge that access to criminal history record information and related data
is therefore limited to the purpose(s) for which a government agency has entered into the contract incorporating this
Security Addendum. I understand that misuse of the system by, among other things: accessing it without
authorization; accessing it by exceeding authorization; accessing it for an improper purpose; using, disseminating or
re -disseminating information received as a result of this contract for a purpose other than that envisioned by the
contract, may subject me to administrative and criminal penalties. I understand that accessing the system for an
appropriate purpose and then using, disseminating or re -disseminating the information received for another purpose
other than execution of the contract also constitutes misuse. I further understand that the occurrence of misuse does
not depend upon whether or not I receive additional compensation for such authorized activity. Such exposure for
misuse includes, but is not limited to, suspension or loss of employment and prosecution for state and federal crimes.
Printed Name/Signature of Contractor Employee Date
Printed Name/Signature of Contractor Representative Date
Organization and Title of Contractor Representative Date
8/9/2013 H-7
CJIS D-ITS-DOC-08140-5.2
Page 8 of 8
Hello