1

Clerk of Circuit Court and Comptroller, Lee County, FL

Request for Proposals

RFP TITLE: ERP System Replacement

RFP Number: 19-001

RFP DATE: 05/09/2019

Important Notice: The Cost Proposal portion of each response must be segregated from other proposal components. Vendor Proposals that include costs in the other components will not be considered.

2

Table of Contents

GENERAL INFORMATION ...................................................................................................... 3

1.1. Introduction to RFP ............................................................................................................................ 3 1.2. Cost to Develop Proposal ................................................................................................................. 4 1.3. Clerk Reserves the Right .................................................................................................................. 4 1.4. Florida Sunshine Laws ...................................................................................................................... 4

SCHEDULE OF EVENTS ........................................................................................................... 5

2.1. Schedule Dates .................................................................................................................................... 5

BIDDING INSTRUCTIONS ....................................................................................................... 6

3.1. Letter of Intent to participate in RFP .............................................................................................. 6 3.2. Sealed Proposals ................................................................................................................................ 6 3.3. Response .............................................................................................................................................. 6

PROPOSAL RESPONSE FORMAT .......................................................................................... 7

4.1. Proposal Components ....................................................................................................................... 7 4.2. Company Information Format .......................................................................................................... 8 4.3. System Proposal Format ................................................................................................................... 9 4.4. Cost Proposal Format ...................................................................................................................... 12

CURRENT ENVIRONMENT ................................................................................................... 14

5.1. Organizational Structure ................................................................................................................. 14 5.2. Current System Infrastructure ....................................................................................................... 14

EXHIBITS ................................................................................................................................... 15

6.1. A - Proposal Form ............................................................................................................................. 15 6.2. B - Exception Form ........................................................................................................................... 15 6.3. C - Lee County Clerk of Courts Non-Disclosure Agreement ................................................. 15 6.4. D – Lee County Clerk of Courts Vendor Travel Policy ............................................................ 15 6.5. E – Lee County Clerk of Courts Security Policy ....................................................................... 15 6.6. F – Public Records Request Notice/Chapter 119, Florida Statutes ...................................... 15 6.7. G – RFP Vendor Letter of Intent .................................................................................................... 15 6.8. H –Functional Requirements/Questionnaire .............................................................................. 15

3

General Information

1.1. Introduction to RFP

Through this Request for Proposals (RFP), the Clerk of Circuit Court and Comptroller of

Lee County, Florida is soliciting proposals for a new Enterprise Resource Planning (ERP)

system to replace the existing system and to provide general purpose:

Flexibility

Stability

Consistent software upgrades and versions

Timely and effective support by the vendor

Compliance with the American Disabilities Act (ADA)

Compliance with applicable Florida Statutes

Compliance with Lee County Clerk of Courts and

Comptroller’s technology standards

Change control/Patch management for upgrades and new

versions

Consistent and tested releases with detailed documentation

identifying changes and enhancements

Basic functions must include:

Fund/Government accounting

General Ledger/Financial Reporting

Procure-to-Pay

Cash Management

Budget Management

Asset Management/Fixed Assets/Inventory

Accounts Receivables

The following parties are referenced in this document:

Clerk The Clerk of Circuit Court and Comptroller of Lee County,

Florida is the accountant and clerk to the Lee County Board of

County Commissioners, Clerk to the Circuit and County Courts

in Lee County, and custodian of the Lee County official

records.

4

Vendor Vendor refers to an organization that provides the required

solutions and/or service.

Evaluation Team The Clerk’s Evaluation Team consists of Clerk

personnel who are knowledgeable of the operations of the

Clerk’s office and the requirements of the Clerk’s Finance and

Records Department.

1.2. Cost to Develop Proposal

All costs for preparing, submitting, and presenting proposals in response to this RFP are

the responsibility of the vendor.

1.3. Clerk Reserves the Right

The solicitation of proposals does not commit the Clerk to award a contract.

The Clerk reserves the right to waive minor informalities in any proposal; to reject any or

all proposals with or without cause; and to accept without further discussion the proposal

that, in its judgment, best meets the needs of the Clerk.

The Clerk reserves the right to reject any and all proposals deemed non-responsive to

the requirements set forth in this RFP. Proposals which contain false or misleading

statements or which provide invalid references or information will be rejected.

1.4. Florida Sunshine Laws

Vendors should be aware that all information (including financial statements) provided

with a proposal are subject to Public Records disclosure laws and are not afforded

confidentiality, pursuant to Chapter 119, Florida Statutes. Chapter 119.071 (1) (b),

Florida Statutes, provides an exemption for “sealed bids, proposals, or replies received

by an agency pursuant to a competitive solicitation” until the agency provides notice of an

intended decision or 30 days after opening the bids, etc., whichever is earlier.

In addition, Chapter 815.045, Florida Statutes, provides that a trade secret, as defined by

Chapter 812.081, Florida Statutes, is confidential and exempt from public records law.

Items submitted under a Sealed Proposal must be marked as “confidential trade secrets”

at the time of submission to be considered to have this protection. Any financial

information not so marked will not be exempt from disclosure. However, if so marked,

will be considered exempt unless and until a court decides the information does not

qualify as a trade secret.

All materials received in response to this RFP shall become the property of the Clerk and

will not be returned.

5

Schedule of Events

2.1. Schedule Dates

The Clerk and all participating organizations shall adhere to the following schedule of

events.

May 9, 2019 to June 7, 2019 – Public Notice.

May 9, 2019 - Issue date of the Request for Proposal.

June 7, 2019 – Letter of Intent – The Letter of Intent is required for any Response to the

RFP to be considered.

June 21, 2019 - Please submit all questions pertaining to the ERP Replacement/RFP 19-

001 by e-mail to ERPRFP19001@leeclerk.org no later than the end of business day

Friday, June 21, 2019. The time from the date of issuance through June 21, 2019 is

intended to allow all participants the opportunity to ask any questions or receive

clarification on any requirements within the Request for Proposal.

July 5, 2019 - All submitted questions will be answered in one document/e-mail and

distributed to the group no later than 5pm on July 5, 2019.

July 19, 2019 - Electronic format and sealed proposals are due to the Clerk’s Office,

Department of Innovation and Technology no later than July 19, 2019, by 5:00 p.m.

July 19, 2019 through August 22, 2019 - the Selection Committee will evaluate each

proposal. By end of day Friday, August 23, 2019, each organization that has been

selected to present their system will be contacted by a member of the Selection

Committee to schedule a demonstration.

August 26, 2019 – October 4, 2019 - Each organization selected will be given up to six

hours to make a presentation that must include a demonstration of the organization’s

ERP solution followed by a question and answer period.

October 4, 2019 - The Selection Committee will notify the institution who has been

selected for contract negotiations by end of day Friday, October 4, 2019.

Although vendor selection may be made without discussion, the Clerk may initiate

discussions should clarification become necessary. Vendors shall be prepared to make

personnel available to discuss technical, functional, and contractual aspects of their

proposals. If the Clerk awards a contract relative to this RFP, a letter shall advise the

vendors that were not selected. The Clerk will adhere to this schedule as closely as

possible. However, we reserve the right modify the timeline when it is deemed it in the

best interest of the Agency. In the event of schedule changes all participants will be

notified in writing.

6

Bidding Instructions

3.1. Letter of Intent to participate in RFP

Each organization wishing to respond to the Clerk’s RFP must submit their intent in a

letter including all parties representing the institution in this bid and their contact

information. By submitting the letter of intent to bid on the ERP Replacement System

RFP the organization has provided Lee County Clerk of Circuit Court and Comptroller

with their contact information for all for future correspondences related to this RFP. All

Letters of Intent must be received by the end of business on June 7, 2019 Please hand

deliver letters to the address listed under the Sealed Proposals section or by e-mail to

ERPRFP19001@leeclerk.org.

3.2. Sealed Proposals

Please note information regarding confidentiality of submitted proposals, Public Records

Requests and sealed proposals in section 1.4 (Florida Sunshine Laws) of this

document. All respondents are required to submit their response in electronic

format (DVD, CD, or thumb drive) and one (1) copy of their proposal in a sealed

envelope or package no later than July 19, 2019, by 5:00PM EST. and clearly identified

as:

Lee County Clerk of Circuit Court and Comptroller’s ERP

Replacement System RFP

Mail to:

Lee County Clerk of Circuit Court and Comptroller Michelle Miller PO Box 9834 Fort Myers, Florida 33902

Or Deliver to:

Lee County Clerk of Circuit Court and Comptroller Michelle Miller Innovation and Technology, 5th Floor 2115 Second Street Fort Myers, Florida 33901

3.3. Response

All organizations submitting a proposal for the Clerk ERP Replacement System are

required to provide the following:

Proposals must use letterhead bearing the proposing organizations’ name and

signed by an officer of the organization.

Proposals must bear the organizations’ corporate seal.

7

Include the following completed/signed Exhibits as provided within this RFP:

Exhibit A – Proposal Form

Exhibit B – Exception Form

Exhibit C - Non-Disclosure Agreement

Exhibit D - Vendor Travel Policy

Exhibit E - Security Policy

Exhibit F – Public Records Request Notice/Chapter 119, Florida Statutes

Exhibit G - RFP Vendor Letter of Intent

Exhibit H - Completed Detailed Functionality Requirements/Questionnaire

Audited financial statements, with accompanying footnotes, for the prior two years.

Availability schedule.

Each organization must submit the proposal in an electronic format (DVD, CD, or

thumb drive).

Each organization must submit one (1) original paper proposal.

A response to all questions in this Request for Proposal must be answered

completely.

Proposal Response Format

4.1. Proposal Components

Vendor Proposals will consist of three components: Company Information, System

Proposal, and Cost Proposal. The Cost Proposal must be separate from the other two

sections. Failure to comply with this request will disqualify the vendor.

The paper copies of each component shall be on standard letter-size paper. The

electronic copies shall be in PDF, MS Word or MS Excel format and submitted on DVD,

CD or a thumb drive.

Vendor Proposals shall contain all the elements of information specified. Proposals that

deviate from these instructions may be considered non-responsive.

4.1.1. Company Information

Vendor Proposals shall contain Company Information formatted as specified

below. The Company Information may be included with the System Proposal.

Paper Copies: 1 Electronic Copies: 1 Title Customer Information RFP Number 19-001 Vendor name

8

4.1.2. System Proposal

Vendor Proposals shall contain a System Proposal formatted as specified below.

Paper Copies: 1 Electronic Copies: 1 Title System Proposal RFP Number 19-001 Vendor name

4.1.3. Cost Proposals

Vendor Proposals shall contain a Cost Proposal formatted as specified below.

The Cost Proposal must be in a sealed envelope and separate from the System

Proposal. Failure to comply with this request will disqualify the vendor.

If the vendor wishes to bid more than one platform, then separate System and

Cost Proposals are required.

Paper Copies: 1 Electronic Copies: 1 Title Cost Proposal RFP Number 19-001 Vendor name Brief platform description if more than one is bid

4.2. Company Information Format

4.2.1. Cover Letter

Vendors must provide a Cover Letter signed by an authorized representative of

the responding vendor. The Cover letter should be printed on company

letterhead and identify the vendor's name and address. The cover letter must

indicate that all components of the Vendor Proposal are accurate and valid

through March 31, 2020.

4.2.2. Executive Summary

The Executive Summary shall provide the following information:

Company name, business address, telephone number

Year established (include former firm names and years established,

if applicable)

Type of ownership and parent company, if any

Company size and organizational chart indicating number of

employees by department

Project manager name and qualifications

Project team member names, roles, and qualifications

9

4.2.3. Company Financials

The Company Financials section must provide current year (year-to-date)

financial statements, including balance sheet, income statement, and statement

of cash flows. The financial information shall be certified as being true and

correct and signed by the chief financial officer of the company.

4.2.4. Sample Documents

Include samples of any existing standard documents your company may require

for our review:

Vendor Contract

Master Services Agreement

Statement of Work

4.2.5. Customer References

Provide a list of five (5) client references that have implemented similar

configurations and software application(s) proposed by the vendor. All selected

clients should be similar in size and complexity to the Clerk.

The minimum information required for each reference shall include:

State(s) in which Client currently does business

Has client converted data from JD Edwards EnterpriseOne?

Company Name

Contact name

Contact title

Address

Telephone number

Client software version and modules currently deployed

Time period as Customer

Time to implement

Implementation status

4.3. System Proposal Format

All System Proposals must be submitted in the following format:

System Description

Project Plan

Data conversion plan

Training Plan

10

Technical Support

Application Maintenance

4.3.1. System Description

Provide a clear description of the proposed system. It must identify:

Application software components,

System server platform, including all hardware and software

components,

Web server platform, including all hardware and software

components,

Is system on premise?

Network infrastructure components and requirements,

Database management system and version number,

Peripheral equipment requirements,

Any and all other components of the proposed solution.

4.3.2. Project Plan

Provide a high level project plan for implementing the proposed system. The

plan must include all high level tasks required from notification of contract award

through the deployment, milestones and final acceptance of all components of

the proposed system.

For each task, the plan must identify:

Who is responsible (i.e., Vendor, Clerk, or both)

Total effort estimates (i.e. man-hours or duration)

Beginning and ending time estimates

4.3.3. Data Conversion Plan

Provide a detailed plan for converting existing data from the JD Edwards

EnterpriseOne (V9.2) system to your proposed system. Include a plan to convert

and/or duplicate existing related images.

4.3.4. Training Plan

Provide a detailed description of the training program offered as part of the

proposal. It should include system and equipment operation, administration of

application, system support, use of all software included with the system, an

outline showing the title and length of time required for each course, the

audience for each course, course description, and any other training materials

available.

11

4.3.5. Technical Support

Provide a description of the technical support offered as part of the proposal.

Provide the following information:

1. Describe your existing call center, including hours of operation, actual

staffing levels by shift, current call volume by time period, average time

to close a call, and methods of receiving calls (e.g., phone, email)

2. Explain the procedures used to prioritize, resolve, and escalate customer

problems including the use of progression indicators

3. Explain peak and non-peak hours and the number and qualification of

personnel that are dedicated to providing customer support during peak

and non-peak hours

4. Explain the procedures used to identify potential errors in the system

software

5. Define what knowledge base software is used if accessible by Lee

County users

6. Explain how long an incident ticket can remain open before it is resolved

– 3, 6, 12 months, or longer

7. Provide a description of all Incident Levels; for example what constitutes

a Level 1 priority, Level 2 priority, etc.

8. Explain how remote diagnostics are performed

9. Describe the qualifications required of and training provided for your call

center and customer support personnel

10. Identify any existing SLA’s and recourse plan if SLA’s are not met

11. Describe existing customer/user group forums

4.3.6. Application Maintenance

Provide a description of the application maintenance offered as part of the

proposal. Provide the following information:

1. Is the software warranty for more than one (1) year? What triggers the

effective start date?

2. How often are enhancements/upgrades provided?

3. How are enhancements/upgrades prioritized and selected for release?

Are current customers permitted to participate in the prioritization of

enhancements?

4. How are enhancements/upgrades delivered to the customer?

5. When a proposed enhancement is determined to be a customization and

one customer pays for it, is it then provided to the remaining customers

that are currently paying maintenance?

12

6. Are the customer’s technical personnel permitted to install

enhancements and/or upgrades?

7. Can routine warranty/maintenance work be scheduled during “off-peak”

hours when it is convenient for both the Clerk and the vendor?

4.3.7. Functionality Chart and Required Submittals

(see Exhibits)

Exhibit 6.8.H is a functionality/requirement chart. For each line there is space

for you to provide either a “Yes” or “No” response as well as describe how your

company and the proposed solution meets the requirement. An omitted

response will be assumed your company or system cannot comply with the

functionality or requirement.

Provide a response for each line in the chart. For any line items requiring

additional space, for the description or explanation, submit an additional

document noting the requirement Section name, Sub-section name, line

number, and requirement description from the original chart (Exhibit 6.8.h).

4.4. Cost Proposal Format

All Cost Proposals must be submitted in the following format:

1. Software Costs

2. Hardware Costs

3. Services Costs

4. Training Costs

5. Technical Support Costs

6. Application Maintenance Costs

If there is a discrepancy between the total quoted amount or the extended amounts and

the unit prices quoted, the unit prices will prevail and the corrected sum will be

considered the quoted price.

The Cost Proposal must include all system costs.

4.4.1. Software Costs

Software costs must be clearly delineated and include all software licenses that

are required for the proposed system.

4.4.2. Hardware Costs

Hardware costs must be clearly delineated and include all hardware that is

required for the proposed system.

4.4.3. Services Costs

Services costs must be clearly identified and include all services that are required

for the proposed system, including Installation and Conversion. Travel costs

associated with Services should be identified and included in this section.

13

For the purposes of this proposal, assume:

1. Parallel Testing – Onsite support is required during normal business hours.

May include weekends

2. Application Deployment –Onsite support is required. May include weekends

4.4.4. Training Costs

Training costs must be clearly delineated and include all training that is required

for the proposed system. For the purpose of this proposal, assume that training

will be conducted at the Clerk’s facility. Travel costs associated with Training are

subject to the Lee County Clerk of Court and Comptroller’s Vendor Travel Policy

(Exhibit 6.4.D).

4.4.5. Technical Support Costs

Technical Support costs must be clearly delineated and include all one-time and

recurring costs for technical support services.

For the purpose of the cost proposal, assume:

1. Technical coverage for software and any proposed hardware.

2. Web-based access to an online incident/tracking report system that gives

the customer the ability to open incident tickets (report problems), to

create and run custom statistical reports on their own data, provide

access to historical support logs, etc.

3. Access to existing customer/user group forums.

4.4.6. Application Maintenance Costs

Application Maintenance costs must be clearly delineated and include all

maintenance included in the System Proposal.

14

Current Environment

5.1. Organizational Structure

Lee County

The population of Lee County Florida is approximately 750,000 and consists of the

following municipalities – Fort Myers, Cape Coral, Sanibel, Fort Myers Beach, Village of

Estero, and Bonita Springs. The governing board for Lee County Government is the

Board of Lee County Commissioners.

Clerk of Circuit Court and Comptroller

The Clerk of the Circuit Court and Comptroller is a constitutional local government office

established by the Constitution of the State of Florida. The Lee County Clerk and

Comptroller employs approximately 350 people and is divided into six (6) departments:

Courts, Finance & Records, Human Resources, Innovation and Technology,

Administration, and Inspector General.

Finance Department

The Clerk’s Finance Department is comprised of six offices devoted to providing

mandated and necessary financial reporting and services for the Lee County Board of

County Commissioners, Lee County Port Authority, Lee County Clerk of Courts, and

County funded portion of Lee County Court Administration. The finance functions

include payroll, financial reporting, cash management, banking, investing and portfolio

management, accounts payable, and fixed asset functions. There are currently

approximately 40 employees within the Finance Department.

5.2. Current System Infrastructure

It is part of Clerk’s Technology strategy to implement and maintain systems that allow for the

improved processing of transactions. Systems should be implemented that can take

advantage of changing technologies and upgrade as needed to comply with infrastructure

improvements while remaining current on vendor supported software. Systems that are

implemented or upgraded should comply with the Innovation and Technology Department’s

standard infrastructure components and versions. Any system presented to the public via the

Internet must be ADA (American Disabilities Act) compliant. Systems should be compatible

with the current globally standard technologies such as Databases, Server Operating

Systems, PC Operating Systems, Microsoft Windows, Microsoft Office and Internet Explorer.

15

Exhibits

6.1. A - Proposal Form

6.2. B - Exception Form

6.3. C - Lee County Clerk of Courts Non-Disclosure Agreement

6.4. D – Lee County Clerk of Courts Vendor Travel Policy

6.5. E – Lee County Clerk of Courts Security Policy

6.6. F – Public Records Request Notice/Chapter 119, Florida Statutes

6.7. G – RFP Vendor Letter of Intent

6.8. H –Functional Requirements/Questionnaire

EXHIBIT 6.1.A – Proposal Form

Lee County Clerk of Circuit Court ERP System Replacement

Request for Proposal

Proposal Form

Proposal Submitted By:

Address:

Telephone

This proposal contains all of the information requested in the Request for Proposal, including

the following Exhibits:

________ Exhibit 6.1.A – Proposal Form

________ Exhibit 6.2.B – Exception Form

________ Exhibit 6.3.C – Lee County Clerk of Courts Non-Disclosure Agreement

________ Exhibit 6.4.D – Lee Count Clerk of Courts Vendor Travel Policy

________ Exhibit 6.5.E – Lee County Clerk of Courts Security Policy

________ Exhibit 6.6.F - Public Records Request Notice/Chapter 119, Florida Statutes

________ Exhibit 6.7.G – RFP Vendor Letter of Intent

________ Exhibit 6.8.H – Completed Detailed Functional Requirements/Questionnaire

________ Audited financial statements for the previous two years

________ Availability schedule

________ Responses to all questions in this Request for Proposal have been answered completely

Signature

Type Name

Title

Date

EXHIBIT 6.2.B – Exception Form

Lee County Clerk of Courts

ERP System Replacement

Request for Proposal

Exception Form

The responding company can comply with all aspects of this Request for Proposal with the exception

to the items listed below:

Page Number

Item Number

Page Number

Item Number

Page Number

Item Number

Page Number

Item Number

Page Number

Item Number

CONFIDENTIALITY AND NONDISCLOSURE AGREEMENT

WHEREAS, Lee County Clerk of Court agrees to furnish certain confidential information

relating to network infrastructure, systems and user security and information;

WHEREAS, _________________________ agrees to review, examine, inspect or obtain such

confidential information only for the purposes described above, and to otherwise hold such

information confidential pursuant to the terms of this Agreement.

BE IT KNOWN, that the Lee County Clerk of Court has or shall furnish to

_________________________ certain confidential information and may further allow the right to

discuss or interview representatives of Lee County Clerk of Court on the following conditions:

1. _________________________ agrees to hold confidential, sensitive, or exempt information

(“confidential information”) in trust and confidence and agrees that it shall be used only for the

contemplated purposes, shall not be used for any other purpose, or disclosed to any third party.

2. No copies will be made or retained of any written information or prototypes supplied without

the permission of Lee County Clerk of Court.

3. At the conclusion of any discussions, or upon demand by Lee County Clerk of Court, all

confidential information, including written notes, photographs, sketches, models, memoranda or

notes taken shall be returned to the Lee County Clerk of Court.

4. Confidential information shall not be disclosed to any employee, consultant or third party unless

they agree to execute and be bound by the terms of this Agreement, and have been approved by

the Lee County Clerk of Court.

5. _________________________ agrees and abides by all policies presented by Information

Security. A copy of the Information Security Policy Manual may be provided upon request.

6. This Agreement and its validity, construction and effect shall be governed by the laws of the

State of Florida.

AGREED AND ACCEPTED BY:

Date: ________________

By _____________________________ Title: ________________________________

By _____________________________ Title: ________________________________

1 | P a g e

PO Box 9834, Fort Myers, FL 33902 Phone: (239) 533-2200 | FAX: (239) 485-2033

Vendor Travel Management Policy

Lee County Clerk of Courts

March 23, 2017

2 | P a g e

PO Box 9834, Fort Myers, FL 33902 Phone: (239) 533-2200 | FAX: (239) 485-2033

Organizational Overview

This is a Clerk-wide policy maintained in the Technology Services Department.

Authoritative Guidance

Section 112.061, Florida Statutes Sections 775.082 and 775.083, Florida Statutes

Chapter 69I-42.010, Florida Administration Code US General Services Administration (GSA) Per Diem Rates

Purpose

The Clerk’s Vendor Travel Management policy provides a framework to clarify the circumstances under which the Lee County Clerk of Courts will reimburse a vendor/service provider for travel expenses. The following policy seeks to enable efficient travel while ensuring the proper accountability for, and prudent use of public funds, and compliance with applicable Federal, State and local laws and regulations.

General Requirements and Consideration

The policies described herein apply to Vendors, Independent Contractors, Consultants, Outsourced Service Providers, and, other Approved Vendors that perform approved billable services on behalf of the Lee County Clerk of Courts. For the purposes of this document, all third party references listed above will be referred to as “Vendors” and the Lee County Clerk of Courts will be referred to as “Clerk”.

The Clerk will reimburse for travel expenses incurred while performing services only when ordinary business communications are not sufficient to accomplish the business mission and when pre-approved in writing by a Technology Services Manager. The Clerk will reimburse for pre-approved travel expenses incurred in connection with services provided as long as all expenses comply with this policy.

Exceptions to this policy are made only with prior Clerk, Department Chief Officer, or designee, approval.

Definitions

Per Diem reimbursements can include rental car fuel, bridge and/or road tolls, taxi fare, ferry fares, non-valet parking fees, official business communications, and other incidental expenses. For purposes of reimbursement rates and methods of calculation, per-diem and subsistence allowances are calculated by using the US General Services Administration (GSA) Meals and Incidental Expenses Breakdown Chart. These rates vary by traveler’s primary destination. See the GSA Per Diem Rates page to determine a location’s rate.

3 | P a g e

PO Box 9834, Fort Myers, FL 33902 Phone: (239) 533-2200 | FAX: (239) 485-2033

Policy Details

Authorization to Travel:

All travel must be authorized and approved, prior to travel, by the Department Chief Officer, or their designated representative, from whose funds the traveler is paid. The Department Chief Officer will not authorize or approve such a request unless it is accompanied by a signed statement by the vendor stating that such travel is on the official business of the Clerk and also stating the purpose of such travel. The Department Chief Officer will have to re-authorize reimbursement after travel if the cost of the trip is 10% or more than the estimated cost. Reimbursement for Travel:

Reimbursement will be made for per diem, usual ordinary and incidental expenditures necessarily incurred by a traveler upon submission of properly executed form and accompanying receipts.

Vendors should invoice the Clerk for travel expenses within thirty (30) days of travel. All receipts should be attached to invoices and sent to the Department Chief Officer, or their designated representative for processing. Invoices should reference the Clerk Purchase Order number for the engagement, if applicable, and expenses should be billed at costs without any additional markup. Hotel Accommodations:

The Clerk has not designated “preferred hotels”; however, the least expensive hotel choice should be selected while keeping within the 3-4 diamond Triple A Auto Club (AAA) rating. Safety of the traveler must be considered. Reimbursements will be made for a standard room type of single occupancy. Travelers are not required to share hotel rooms with other travelers.

Telephone calls should be charged to the Vendor’s company or personal calling card to avoid hotel surcharges. Also, the Vendor is responsible for canceling “guaranteed late arrival” reservations in order to avoid “no-show” charges. The Clerk does not reimburse for “no-show” charges.

Meals:

The Clerk will reimburse for the cost of meals when traveling on business according to times outlined in Florida Statutes and the amounts in the US General Service Administration’s (GSA) website. As Florida Statutes dictate, the following times must be followed to receive reimbursement for meals:

Breakfast-travel starts before 5:59am and extends beyond 8:01am

Lunch-travel begins before 11:59am and extends beyond 2:01pm

Dinner-travel begins before 5:59pm and extends beyond 8:01pm

4 | P a g e

PO Box 9834, Fort Myers, FL 33902 Phone: (239) 533-2200 | FAX: (239) 485-2033

Any costs in excess of the GSA maximums will not be reimbursed and remain the responsibility of the Vendor. In addition, if a Continental Breakfast or other meal is furnished during the travel period, the traveler will not be reimbursed or advanced for that meal. An exception will be made if the traveler is unable to consume the furnished meal(s) because of medical requirements or religious beliefs.

Air Travel:

Airline travel may be used when it is more efficient and economical to either the traveler or the Department and is within an approved threshold. Air Travel will be charged to the Vendor’s credit card. When securing the lowest logical airfare, including restricted and/or advanced airfares whenever possible, the Vendor will use the following criteria:

The flight’s departure or arrival time is within two (2) hours before or after the requested departure or arrival time. This includes use of alternate airports.

One stop or connecting flights on the preferred carriers should be used if a savings of $200 or more can be achieved and the flight’s departure or arrival time is no more than two (2) hours longer than the requested non-stop flight time.

Fees will be reimbursed for Coach Class only.

Boarding Pass receipts and a copy of the itinerary must be submitted for reimbursement.

Fees for one checked bag per week of travel for each traveler. (Roundtrip) Vehicle Travel:

Car Rental will be approved if there is no shuttle or taxi service available to and from the hotel, is isolated from any amenities (restaurants, taxis) and it is the most economical option. Whenever reasonable, when two or more travelers are attending the same event, travelers should travel together. The Clerk will reimburse for intermediate/mid-size or smaller car only. When physical limitations require additional space and/or travel includes four or more travelers, a larger class may be considered. Rental Car insurance will be the responsibility of the Vendor and cars should be returned with a full tank of gas to avoid higher priced refueling costs. Personal Vehicles may be utilized for vendor travel. For travel within the circuit (Lee, Hendry, Glades, Charlotte and Collier Counties) the mileage is reimbursed at the current US General Service Administration’s (GSA) rate. All mileage shall be shown from point of origin to point of destination and, when possible, shall be computed on the basis of the current map from a generally accepted source (i.e. Google, MapQuest, etc.). For travel outside of the circuit (Lee, Hendry, Glades, Charlotte and Collier Counties) the traveler will be reimbursed for their gasoline use during the trip, plus $0.15 per mile. Proof of gasoline use is required for

5 | P a g e

PO Box 9834, Fort Myers, FL 33902 Phone: (239) 533-2200 | FAX: (239) 485-2033

reimbursement. The driver will need to fill the tank prior to leaving, and upon return of the trip. Each receipt and any gas receipt in-between must be submitted for reimbursement. For mileage reimbursement, mileage shall be shown from point of origin to point of destination and, when possible, shall be computed on the basis of the current map from a generally accepted source (i.e. Google, MapQuest, etc.). The traveler's insurance will be the sole insurance for claims and whenever reasonable, when two or more travelers are attending the same event, travelers should travel together.

Other Ground Transportation: Whenever possible, Vendor’s use of public transportation is encouraged, including vans and courtesy shuttles. Taxis should be used in lieu of a rental car when a taxi is more cost-effective. The Clerk reserves the right to reject expenses for taxis or ground transportation costs if deemed excessive.

Incidental Expenses:

Bridge, road and tunnel fees, as well as non-valet parking fees may be reimbursed with a valid receipt.

The Clerk will not reimburse for travel expenses and related items that are not covered by this policy and such expenses remain the sole responsibility of the Vendor. In general, if this policy does not explicitly identify an item as a covered expense, it is not reimbursable. The following list can be utilized as a guide:

Air Travel: Airline club membership dues, airline guides, airline class of service upgrades, in-flight movies and refreshments, lost or damaged luggage, luggage or briefcases, lost or damaged laptop computer, optional travel or baggage insurance, loss of on unrecoverable airline tickets or traveler’s checks, travel paid by frequent flyer miles. Personal: Items and services purchased while traveling to include toiletries, clothing, cosmetics, etc., baby-sitter or pet-sitter fees, barber or hairstylist, magazines, books, newspapers, personal reading materials, valet parking, parking tickets or traffic violations, personal entertainment (health club fees, sightseeing tours, etc.), personal productivity tools such as tablets and smartphones, entertainment of spouse and/or companion.

Hotel: “No show” charges, in-room movies, mini-bar purchases, room upgrades.

Car: “No show” charges for car service, car rental upgrades, repairs, maintenance or insurance on personal car.

Fraudulent Travel Claims

Chapter 112, Florida Statutes, classifies fraudulent travel claims as a misdemeanor of the second degree. The penalties are prescribed by Sections 775.082 and 775.083, Florida Statutes.

6 | P a g e

PO Box 9834, Fort Myers, FL 33902 Phone: (239) 533-2200 | FAX: (239) 485-2033

Revision History

December 2, 2014 – Original Version February 11, 2016 – Version 2

March 23, 2017 – Version 3

Information Security Policy

“Protect to Enable”

Revision History Version 2.2 – October 10, 2013

Table of Contents

Introduction .......................................................................................................................................... 1

Scope ........................................................................................................................................................ 1

Division of Policy Manual ................................................................................................................. 1

Exceptions .............................................................................................................................................. 1

Enforcement .......................................................................................................................................... 1

Part I: Employees and Contractors ............................................................................................... 2

Acceptable Use ...................................................................................................................................................................................... 2

Accounts and Passwords ....................................................................................................................................................................... 2

Physical Equipment ............................................................................................................................................................................... 3

Remote Access & Virtual Private Network (VPN) .................................................................................................................................. 3

Mobile Devices ...................................................................................................................................................................................... 4

Audits .................................................................................................................................................................................................... 5

Part II: Administrators and Data Center Access ...................................................................... 6

Accounts and Passwords ....................................................................................................................................................................... 6

Servers ................................................................................................................................................................................................... 6

Wireless Communication ...................................................................................................................................................................... 7

Physical Access ...................................................................................................................................................................................... 7

Additional TSD Policies .......................................................................................................................................................................... 7

References ............................................................................................................................................. 8

Revision History Version 2.2 – October 10, 2013

~ 1 ~

Introduction

An important responsibility for each employee or contractor of the Clerk of Courts is keeping records for the constituents and government of Lee County. Documents stored and accessed on or by Clerk computing systems include property deeds, court data, financial information, and juvenile records. Constituents entrust each of us to maintain the confidentiality of specific records (e.g. juvenile data, Social Security numbers), maintain the integrity of all records, and ensure the availability of all data. With this in mind, it is critical to balance productivity with security in our day-to-day duties. That’s why Technology Service Department (TSD) Risk Management’s mantra is “protect to enable”. The idea is to enable business goals while applying a reasonable level of protection to the data and the network. Laying a foundation for this is the purpose of this policy manual. Please consult your supervisor or TSD Risk Management if you have questions about policy.

Scope

This policy manual applies to:

All systems, services, hardware, software, or data owned, leased, licensed, or otherwise managed by the Lee County Clerk of Courts; or any devices attached to Clerk systems.

Any person or organization employed or contracted by the Lee County Clerk of Courts.

Division of Policy Manual

This policy manual is divided into two primary sections:

Part I: Employees and Contractors is for everyone to read and understand.

Part II: Administrators & Data Center Access is additional for those listed below to read and understand: o Those who have administrative account access of any kind inclusive but not limited to applications,

databases, servers, and the network. o Those who have physical access (i.e. badge and/or key access) to any data center (i.e. computer

room) where Clerk equipment (e.g. servers, routers) resides.

Exceptions

Exceptions to this policy must be approved via the Information Security Policy Exception Request form, and a record of those exceptions is to be maintained by TSD Risk Management.

Enforcement

All employees and contractors must comply with this Information Security Policy Manual. Any employee found to have violated policy may be subject to disciplinary action, up to and including termination of employment and prosecution. Any contractor found to have violated this policy may be subject to action, up to and including removal from the project, termination of contract, and prosecution.

Employees and contractors shall have no expectation of privacy in anything they store, send or receive on the Clerk's network or equipment. Monitoring, audits, or assessments of compliance with this policy manual may be conducted at any time by TSD Risk Management or designee with or without the knowledge of employees, vendors, or contractors.

Revision History Version 2.2 – October 10, 2013

~ 2 ~

Part I: Employees and Contractors

(To be read and understood by all employees and contractors)

Acceptable Use

Background to Know

Any data created or stored on Clerk's systems remains the property of the Clerk of Court.

Do

Exercise good judgment regarding the reasonableness of personal use of Clerk’s systems and comply with the Employee Policy Manual regarding such.

When a computing device will be left unattended, and whenever the option is available, secure the device by locking or logging off. For example, use “Windows Key-L” on machines with a Windows operating system.

Practice caution when opening e-mail attachments, particularly those from unknown senders, as they may contain malware (e.g. viruses, worms, Trojans, spyware).

Don’t

Don’t use Clerk accounts to send messages (e.g. e-mail, instant messages) or post any content on the Internet (e.g. social media, newsgroups, forums, blogs, article comments) that may negatively reflect upon the Clerk’s office.

Don’t send spam or junk mail including chain letters or pyramid schemes.

Don’t create, download, view, or share pornography or content that is discriminatory toward protected classes of race, color, religion, national origin, age, sex, gender, physical or mental disabilities.

Don’t attempt to disable, disrupt, or remove any scanning or monitoring applications inclusive of anti-virus software unless you are TSD staff and are doing so in the performance of legitimate job responsibilities.

Don’t violate laws regarding copyright, trade secret, patent or other intellectual property, including, but not limited to, the installation, use, digitization (e.g. scanning a magazine page), or sharing of software, music, videos, movies, magazines, books, or other media.

Don’t install or use: o Clerk-owned software licenses on non-Clerk equipment. o Unapproved software licenses (e.g. freeware, shareware).

Don’t access Clerk equipment (e.g. servers, firewalls), accounts (e.g. administrator accounts, co-workers’ accounts), or data (e.g. databases, personnel files) that are not pursuant with your job duties.

Don’t install or use software or equipment that may monitor or disrupt Clerk computing unless it is pursuant to your job duties.

Accounts and Passwords

Background to Know

Although not all Clerk applications support good password construction, S.M.A.R.T. passwords1 or passphrases are

recommended to be used whenever possible. Characteristics of S.M.A.R.T. passwords are:

Strong. Longer—20-25 characters—is better.

Multi-character. Use punctuation, letters of mixed case, and numbers, but don’t use easy-to-guess substitutions (e.g. “3” for “e” or “1” for “i” or “l”).

Avoid associations. Don’t use easily-guessed information such as family or pet names, favorite sports teams, etc.

Random. Use complex, non-obvious passwords. Consider an easy-to-remember passphrase using the first letter of each word. For example, “Humpty Dumpty sat on a wall. Humpty Dumpty had a great fall. All the king’s horses and all the king’s men couldn’t put Humpty together again.” could become “HDs0aw.HDhagf.AtkhaatkmcpHta.”

Tools. An alternative to a passphrase is using a TSD-approved password generator tool that creates a password using a jumble of characters, and then you can store those passwords in a TSD-approved password manager.

If the application doesn’t have the ability to use a S.M.A.R.T. password, create the strongest password possible inclusive of the following:

1 http://clerknet/TechExchg/Lists/Posts/Post.aspx?ID=31

Revision History Version 2.2 – October 10, 2013

~ 2 ~

Part I: Employees and Contractors

(To be read and understood by all employees and contractors)

Acceptable Use

Background to Know

Any data created or stored on Clerk's systems remains the property of the Clerk of Court.

Do

Exercise good judgment regarding the reasonableness of personal use of Clerk’s systems and comply with the Employee Policy Manual regarding such.

When a computing device will be left unattended, and whenever the option is available, secure the device by locking or logging off. For example, use “Windows Key-L” on machines with a Windows operating system.

Practice caution when opening e-mail attachments, particularly those from unknown senders, as they may contain malware (e.g. viruses, worms, Trojans, spyware).

Don’t

Don’t use Clerk accounts to send messages (e.g. e-mail, instant messages) or post any content on the Internet (e.g. social media, newsgroups, forums, blogs, article comments) that may negatively reflect upon the Clerk’s office.

Don’t send spam or junk mail including chain letters or pyramid schemes.

Don’t create, download, view, or share pornography or content that is discriminatory toward protected classes of race, color, religion, national origin, age, sex, gender, physical or mental disabilities.

Don’t attempt to disable, disrupt, or remove any scanning or monitoring applications inclusive of anti-virus software unless you are TSD staff and are doing so in the performance of legitimate job responsibilities.

Don’t violate laws regarding copyright, trade secret, patent or other intellectual property, including, but not limited to, the installation, use, digitization (e.g. scanning a magazine page), or sharing of software, music, videos, movies, magazines, books, or other media.

Don’t install or use: o Clerk-owned software licenses on non-Clerk equipment. o Unapproved software licenses (e.g. freeware, shareware).

Don’t access Clerk equipment (e.g. servers, firewalls), accounts (e.g. administrator accounts, co-workers’ accounts), or data (e.g. databases, personnel files) that are not pursuant with your job duties.

Don’t install or use software or equipment that may monitor or disrupt Clerk computing unless it is pursuant to your job duties.

Accounts and Passwords

Background to Know

Although not all Clerk applications support good password construction, S.M.A.R.T. passwords1 or passphrases are

recommended to be used whenever possible. Characteristics of S.M.A.R.T. passwords are:

Strong. Longer—20-25 characters—is better.

Multi-character. Use punctuation, letters of mixed case, and numbers, but don’t use easy-to-guess substitutions (e.g. “3” for “e” or “1” for “i” or “l”).

Avoid associations. Don’t use easily-guessed information such as family or pet names, favorite sports teams, etc.

Random. Use complex, non-obvious passwords. Consider an easy-to-remember passphrase using the first letter of each word. For example, “Humpty Dumpty sat on a wall. Humpty Dumpty had a great fall. All the king’s horses and all the king’s men couldn’t put Humpty together again.” could become “HDs0aw.HDhagf.AtkhaatkmcpHta.”

Tools. An alternative to a passphrase is using a TSD-approved password generator tool that creates a password using a jumble of characters, and then you can store those passwords in a TSD-approved password manager.

If the application doesn’t have the ability to use a S.M.A.R.T. password, create the strongest password possible inclusive of the following:

1 http://clerknet/TechExchg/Lists/Posts/Post.aspx?ID=31

Revision History Version 2.2 – October 10, 2013

~ 3 ~

At least eight alphanumeric characters long—the longer the better.

Include mixed-case letters, digits, and punctuation.

Don’t use a word in any language, slang, dialect, jargon, etc.

Don’t base it on personal information (e.g. names of family, names of pets, birthdays, favorite sports team, etc.)

Do

Change your passwords at least every 90 days. If you have reason to suspect your password has been compromised, change it immediately.

Chiefs, managers, and supervisors determine what level of access employees and contractors receive to their department’s data and complete requests to grant the appropriate level of access.

Don’t

Don’t share passwords of accounts assigned to you with a co-worker, contractor, anyone in management, TSD personnel, family, friends, or anyone else. You are solely responsible for any activity with your accounts.

Don’t document passwords in an unsecure fashion including: o Don’t place a paper with a password under your keyboard, in an unlocked drawer, or anywhere

accessible by others. o Don’t document a password in an e-mail client, a word processor, a spreadsheet, or anywhere else on

a computer except in an authorized, encrypted password manager that you can obtain from the TSD Service Desk.

Don’t transmit passwords to yourself or others via unsecured electronic communication such as e-mail, text, or instant messaging; and don’t leave them on voicemail.

Don’t use the same password for Clerk accounts that you use for non-Clerk accounts (e.g. personal Web mail, banking, shopping accounts).

Physical Equipment

Do

Treat devices connected to the Clerk's network or equipment as if owned by the Clerk regardless of whether it is.

Understand that the use of personal equipment on the Clerk's network or within the Clerk's office is a privilege that may be revoked at any time.

Don’t

Don’t attach or install non-Clerk equipment to Clerk equipment or the Clerk’s network without prior authorization from TSD via the Non-Clerk Equipment Authorization form. This includes, but is not limited to, workstations, laptops, USB drives, PDA’s, smartphones, MP3 players, and digital cameras. This also includes a prohibition from connecting unapproved, personal devices to a machine on the network in order to charge it.

Don’t store exempt, confidential, or sensitive data on any unapproved device--even temporarily.

Don’t allow anyone, including family and friends, to use Clerk equipment (e.g. PC’s, laptops, smartphones, USB drives, etc.) who is not an authorized employee or contractor.

Remote Access & Virtual Private Network (VPN)

Background to Know

Remote access implementations that may be used to connect to the Clerk network are VPN, SSH, SFTP, point-to-point, or TSD-approved VNC.

Do

Use the most up-to-date anti-virus software with any equipment, whether Clerk-owned or personal, when connecting to the Clerk’s network.

Obtain authorization to access the VPN through a Clerk supervisor.

Only use TSD-approved VPN clients.

Don’t

Don’t use pings or other artificial network processes in order to maintain VPN connections.

Revision History Version 2.2 – October 10, 2013

~ 4 ~

Mobile Devices

Background to Know

All mobile devices that access e-mail or connect to the Clerk’s network, whether owned or leased by the Clerk, employee, or contractor, fall within the scope of this section. Definitions: mobile device: small, hand-held computing device, typically having a display screen with touch input and/or a miniature keyboard.

2 Generally, this includes smart phones and tablets.

smart phone: a mobile phone built on a mobile computing platform, with more advanced computing ability and connectivity than a feature phone.

3

tablet: a mobile computer, larger than a mobile phone, integrated into a flat touch screen and primarily operated by touching the screen rather than using a physical keyboard.

4

Do

You may choose to connect your employee- or contractor-owned or leased mobile device to access Clerk e-mail.

Obtain authorization from your departmental chief if you require a Clerk-owned mobile device.

With written authorization from your departmental chief, you may connect wirelessly via the VPN with a mobile device.

Configure mobile devices: o To lock with a minimum of a six-character password, a complex shape, or a biometric identification

system. o To automatically lock within three minutes or less of inactivity.

Immediately report the loss to the Service Desk: o Of a Clerk-owned mobile device. o Of an employee- or contractor-owned mobile device that has been used to connect to the VPN.

When a mobile device is lost: o Immediately change your network password. o Consider remotely wiping the device of all data.

Understand that connecting mobile devices to Clerk e-mail or through the VPN is a privilege that may be revoked at any time for any reason.

Understand that in litigation, you may be required by subpoena to relinquish for legal discovery a mobile device used for Clerk business.

Understand that the Clerk only pays for approved, business-related, financial charges for Clerk-owned mobile devices. No stipend or other payment is offered for use of non-Clerk mobile devices.

Don’t

Don’t allow anyone else to use a Clerk mobile device assigned to you.

Don’t connect any mobile device that cannot meet the requirements for password-protection or locking.

Don’t connect mobile devices not owned by the Clerk to the Clerk’s network or computers via wired or wireless methods including Ethernet, USB, Bluetooth, or other means unless explicitly approved in writing. This includes not connecting employee or contractor’s mobile devices to charge them.

Don’t store the master copy of any Clerk record on any mobile device.

Don’t store confidential or sensitive data on a mobile device. This includes records covered by the Health Insurance Portability and Accountability Act (HIPAA), Payment Card Information (PCI) data, and records exempt from public viewing according to the Sunshine Law.

Don’t store Clerk data of any kind, even transitionally, on any non-Clerk storage (e.g. cloud storage applications, USB drives, home PC).

Don’t store passwords to Clerk services on a mobile device except when using an approved password manager. This prohibition is inclusive of using a “remember password” feature in Web browsers.

If connected to the VPN, don’t allow anyone else to use the mobile device.

2 http://en.wikipedia.org/wiki/Mobile_device

3 http://en.wikipedia.org/wiki/Smartphone

4 http://en.wikipedia.org/wiki/Tablet_computer

Revision History Version 2.2 – October 10, 2013

~ 5 ~

Don’t use a mobile device for Clerk business while operating a motor vehicle. If use is necessary, safely park first.

Audits

Background to Know

With approval of the chief information officer, audits may be conducted by Risk Management with respect to computer hardware and software owned or operated by the Clerk. Audits may also be conducted with respect to computer hardware or software connecting to the Clerk’s intranet, whether it is owned by the Clerk or not.

TSD personnel and approved contractors performing normal job duties to investigate unusual activity, possible security incidents, or user or system activity does not qualify as an audit and is exempt from this section.

Do

Risk Management should coordinate audits as required to: o Ensure confidentiality, integrity, and availability of information and resources. o Ensure compliance with Clerk's security policies.

Don’t

Don’t conduct audits that will perform denial of service activities unless approved by the appropriate Clerk manager(s).

Revision History Version 2.2 – October 10, 2013

~ 6 ~

Part II: Administrators and Data Center Access

(To be read and understood by all employees and contractors with administrator or data center access)

Accounts and Passwords

Background to Know

This section applies to Clerk personnel or contractors who create, use, and maintain system-level (e.g. administrator) technology accounts including accounts for the domain, applications, databases, and infrastructure devices.

Do

Have a documented process to add, modify, remove, and periodically review accounts for validity: o Disable accounts that have been inactive (e.g. accounts for new employees that were never used,

accounts for contractors who are no longer under contract, accounts for employees on leave, etc.) for 30 days.

o Except for special circumstances (e.g. an employee is on FMLA leave), delete accounts that have been disabled for 90 days.

o Account review must occur at least semi-annually and must be documented.

Create a unique system-level password for each account. No two accounts should share the same password.

Change system-level passwords, except service accounts, a minimum of every 90 days.

For service accounts, configure S.M.A.R.T. passwords (see Accounts and Passwords in Part I: Employees and Contractors), and change these passwords a minimum of every 365 days.

Store system-level passwords in a shared password management safe. See the TSD Password Management Policy for details.

When generating a password for another user (e.g. a new employee), create a strong password as described in the Accounts and Passwords section of Part I: Employees and Contractors.

Applications and databases must: o Support authentication of individual user and group-based roles. o Store and/or transmit passwords in an encrypted format that meets or exceeds industry-standard

encryption of 256-bit keys such as SSL or AES. Technology specific to the Payment Card Industry (PCI), the Health Insurance Portability and Accountability Act (HIPAA), or other laws or organizations may require more stringent standards.

o Store credentials separately from the other code (e.g. credentials must be in a separate source file or stored procedure). The file that contains the credentials must contain no other code but the credentials (i.e., the username and password) and any functions, routines, or methods that will be used to access the credentials.

o Provide for role management such that an administrator can reassign the capabilities of another without having to know the other's password.

Don’t

Don’t provide access to an account until in receipt of management authorization.

Applications and databases must not: o Store passwords in the documents tree of a Web server. o Store passwords in a location that can be accessed through a Web server. o Implement non-LDAP, pass-through authentication that allows access to the database solely upon a

remote user’s authentication on the remote host. o For languages that execute from source code, the credentials' source file must not reside in the same

browsable or executable file directory tree in which the executing body of code resides.

Servers

Background to Know

This section applies to TSD personnel or contractors who maintain servers.

Do

Assign ownership of all servers to the group that will be responsible for administering it.

Approved server configuration guides must be established and maintained by each operational group.

Revision History Version 2.2 – October 10, 2013

~ 7 ~

Disable services and applications that have no practical use in the Clerk’s environment.

Log access to services, and protect those logs.

Within six months of release, install patches or hot fixes recommended by the equipment vendor in a test environment and then in the subsequent production environment.

Only create trust relationships between systems when necessary to meet a business requirement.

If a methodology for secure channel connection is available (e.g. SSL, SSH), perform privileged access via a secure channel.

Place servers in an access-controlled environment (e.g. data center) and not in an uncontrolled area such as an office.

Wireless Communication

Background to Know

This section applies to TSD personnel or contractors who configure wireless communication.

Do

Configure all computers with wireless LAN devices with point-to-point hardware encryption of at least 256 bits. All implementations must support a hardware address (e.g. a MAC address) that can be registered and tracked.

Require a certificate for access to all wireless networks with access to the Clerk’s intranet.

Physical Access

Background to Know

This policy applies to those who have access to any TSD-restricted facility such as a data center or any physical location where servers, routers, switches, or other network systems are stored.

Do

Be responsible for the security of your keys and/or access cards.

Using good judgment, those with approved access to a TSD-restricted facility are to escort those without their own access. For data centers, ensure visitors sign in and out.

TSD Facilities Management must document and manage physical access to all data centers: o Grant access only to TSD personnel and contractors whose job responsibilities require access. o Train each person who is granted access in emergency procedures. o Place a visitor log that is easily visible inside each data center. o Review access records and visitor logs on a quarterly basis, investigating any unusual access. o Review card and/or key access rights on a quarterly basis and remove access for individuals that no longer

require access.

Don’t

Don’t share access cards and/or keys.

Additional TSD Policies The following policies supplement the Information Security Policy Manual. For those with administrator or data center access, reading and understanding them are required: TSD Change Management Policy TSD Escalation Management Policy TSD Password Management Policy

Revision History Version 2.2 – October 10, 2013

~ 8 ~

References

Copyright Act of 1976 http://www.copyright.gov/title17/

Foreign Corrupt Practices Act of 1977 http://www.usdoj.gov/criminal/fraud/fcpa.html

Computer Fraud and Abuse Act of 1986 http://www.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00001030----000-.html

Computer Security Act of 1987 http://www.cio.gov/archive/computer_security_act_jan_1998.html

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) http://aspe.hhs.gov/admnsimp/pl104191.htm

Florida Statute Title X Chapter 119 http://www.leg.state.fl.us/statutes/index.cfm?App_mode=Display_Index&Title_Request=X

Vendor Notice

Statutory Requirements — Florida Statutes 119.0701

New and Renewal Contracts

Lee County Clerk of Courts and Comptroller Office (Clerk of Courts) is a public agency subject to Chapter 119, Florida Statutes. To the extent a Contractor is acting on behalf of the Clerk of Courts pursuant to Chapter 119.0701, Florida Statutes, Contractor shall:

a) Keep and maintain public records that ordinarily and necessarily would be required to be kept and maintained by the Clerk of Courts were the Clerk of Courts performing the services under this Contract;

b) Provide the public agency’s custodian of records with access to such public records on the same terms and conditions that the Clerk of Courts would provide the records and at a cost that does not exceed that provided in Chapter 119, Florida Statutes, or as otherwise provided by law;

c) Ensure that public records that are exempt or that are confidential and exempt from public record requirements are not disclosed except as authorized by law; and

d) Meet all requirements for retaining public records and transfer to the Clerk of Courts, at no cost, all public records in possession of the Contractor upon termination of this Contract and destroy any duplicate public records that are exempt or confidential and exempt from public disclosure requirements. All records stored electronically must be provided to the Clerk of Courts in a format that is compatible with the information technology systems of the Clerk of Courts.

Failure of a Contractor to comply with the provisions set forth by Florida Statute shall constitute a Default and Breach of Contract.

Enclosure: 2018 Chapter 119.0701, Florida Statute

WWW.LEECLERK.ORG

1 | P a g e

Department of Innovation and Technology

PO Box 9834, Fort Myers, FL 33902 Phone: (239) 533-2200 | FAX: (239) 485-2033

[to be provided on Bidder's Letterhead]

Date: Attention: Re: [RFP Title/RFP Number] Dear Mr XXXX, We acknowledge receipt of your Request for Proposal (RFP), which was received on ___________, and agree that the documents received by us remain the property of Lee County Clerk of Courts, Department of Innovation and Technology. We undertake to treat all information concerning, arising out of, or received by virtue of this request as confidential and to obtain similar undertakings from any person employed or retained hereafter. We have indicated with an "X" below our intention:

We express an interest in the [RFP Title/RFP Number] contract and comply with the following:

We have read and agree to be bound by the conditions set out in the RFP documents;

We hereby attach the completed Form of Acknowledgement as required;

We decline your invitation to participate and hereby return all related documents. Our reason for declining is; _____________________________________________________________________ _______________________________________________________________________________

We acknowledge that:

Our response must be received by the date stated in the RFP instructions. Lee County Clerk of Courts, Department of Innovation and Technology reserves the right not to consider proposals received after such date;

Lee County Clerk of Courts, Department of Innovation and Technology will not reimburse any costs incurred by the Bidder in responding to this request;

Neither the issue of this request nor any information provided by Lee County Clerk of Courts, Department of Innovation and Technology shall be regarded as a commitment or intention to enter into a contractual arrangement;

Lee County Clerk of Courts, Department of Innovation and Technology reserves the right to terminate the project and/or discussions with us at any time;

By expressing an interest and participating in the RFP, this does not guarantee inclusion in the tender process. The person responsible for RFP response in our organization and to whom all communications shall be addressed is: [please insert contact name, address, contact details] Yours sincerely, _______________________ _______________________ Name, Signature, and Title Office Address

16

6.8.H –Functional Requirements/Questionnaire

Line #

Business Process Requirements Has? (Yes/No)

Description

1 Does your system support fund accounting without customization via development or change of code?

2 Is your proposed system modular allowing for selection or implementation of only the selected, necessary functions?

3 Does your system support workflow processing and is it customizable without development or change of code?

4 Do your workflow processes allow for configurable, multi-level or multi-path approval checkpoints? If so, can they be delegated or bypassed as necessary?

5 Does your system support the Record to Report process? (“Financial reporting” process from data entry to formal reporting)

6 Does your system support the Procure to Pay process? (contracts, purchasing , receiving, payments, 1099 tracking/reporting)

17

7 Does your system include a cash management function? (pooled cash/interfund settlements, interest distribution, wire transfers, interfund loans)

8 Does your system include a comprehensive Budget module? If so, please describe?

9 Does your system include a comprehensive Fixed Asset and Inventory Module?

10 Does your system include an Accounts Receivable module?

11 Describe your methods for integrating with external systems (e.g. report writers, analysis tools, document management system)

12 Does your system include a document management repository? If so does the system include Records Management processes including document categories, auto retention/destruction features, etc.? Please describe.

18