Contract - Acorn Technology - 2021-10-211
AGREEMENT FOR CONSULTANT SERVICES
This Agreement is made and effective as of __________, between the Costa
Mesa Sanitary District, a sanitary district (“District”), and Acorn Technology
Services (“Consultant”). In consideration of the mutual covenants and conditions
set forth herein, the parties agree as follows:
Recitals
Whereas, the District requires information technology ad hoc services to
conduct system remediation, hardware replacement, and security enhancements;
and
Whereas, the Consultant is an independent contractor that provides
comprehensive information technology managements services, and the District
desires to utilize the services of the Consultant to conduct system remediation,
hardware replacement, and security enhancements; and
Whereas, the Consultant is expected to work and communicate effectively
with District staff, officials, and other vendors to make District technologies and
systems seamless to end-users; and
Whereas, the Consultant is expected to assist in management of long-term
planning to keep systems current and functional in the most cost-effective manner;
and
Whereas, the Consultant is expected to provide comprehensive, reliable,
timely, and proactive information technology services that promote the mission
and vision of the District in serving its ratepayers; and
Whereas, the District has determined that the Consultant possesses the
professional skills and abilities to provide services for the District; and
Whereas, the parties hereto do hereby agree to have Consultant provide
those services on a temporary basis as provided in this Agreement.
Now, therefore, the parties hereto agree as follows:
DocuSign Envelope ID: 6FB5D59A-E7F2-4F75-BEFE-952BAF6D6D33
10/21/2021
2
1. TERM
This Agreement shall commence on _____________, and shall remain and
continue in effect until tasks described herein are completed, unless sooner
terminated pursuant to the provisions of this Agreement.
2. SERVICES
The Consultant shall perform all of the tasks described in Exhibit A, attached
hereto and incorporated herein as though set forth in full.
3. PERFORMANCE
The Consultant shall, at all times, faithfully, competently and to the best of
his/her/its ability, experience, and talent perform all tasks described herein.
Consultant shall employ, at a minimum, generally accepted standards and
practices utilized by persons engaged in providing similar services as are required
of Consultant hereunder in meeting its obligations under this Agreement.
Consultant shall warrant that all services provided and equipment installed shall
perform in a workmanlike manner and be fit for its particular purpose.
4. DISTRICT MANAGEMENT
The District’s General Manager shall represent the District in all matters
pertaining to the administration of this Agreement. The General Manager shall be
authorized to act on the District’s behalf and to execute all necessary documents
which enlarge the tasks to be performed or change the Consultant’s compensation,
subject to Section 5 hereof.
5. PAYMENT
(a) The District agrees to pay the Consultant in accordance with the tasks
as set forth in Exhibit A, attached hereto. This amount shall not exceed Seventy-
six Thousand Three Hundred Ninety-two Dollars and Twenty-two Cents
DocuSign Envelope ID: 6FB5D59A-E7F2-4F75-BEFE-952BAF6D6D33
10/21/2021
3
($76,392.22) for the total term of this Agreement unless additional payment is
approved as provided in this Agreement. Said sum includes travel and other costs.
(b) The Consultant shall not be compensated for any services rendered in
connection with its performance of this Agreement which are in addition to those
set forth herein, unless such additional services are authorized in advance and in
writing by the District. The Consultant shall be compensated for any additional
services in the amounts and in the manner as agreed to by the General Manager
and the Consultant at the time the District’s written authorization is given to the
Consultant for the performance of said services.
(c) Consultant will submit invoices upon task completion unless
otherwise agreed. Payment shall be made within thirty (30) days of receipt of each
invoice as to all non-disputed fees. If the District disputes any of the Consultant’s
fees, it shall give written notice to the Consultant within thirty (30) days of receipt
of the invoice of any disputed fees set forth on the invoice.
6. SUSPENSION OR TERMINATION OF AGREEMENT WITHOUT CAUSE
(a) The District may, at any time, for any reasons, with or without cause,
suspend or terminate this Agreement, or any portion hereof, by serving upon the
Consultant at least ten (10) days prior written notice. Upon receipt of said notice,
the Consultant shall immediately cease all work under this Agreement, unless the
notice provides otherwise. If the District suspends or terminates a portion of this
Agreement, such suspension or termination shall not make voice or invalidate the
remainder of this Agreement.
(b) In the event this Agreement is terminated pursuant to this Section, the
District shall pay to the Consultant the actual value of the work performed up to
the time of termination, provided that the work performed is of value to the
District. Upon termination of the Agreement pursuant to this Section, the
Consultant will submit an invoice to the District pursuant to Section 5.
7. DEFAULT OF CONSULTANT
(a) The Consultant’s failure to comply with the provisions of this
Agreement shall constitute a default. In the event that the Consultant is in default
DocuSign Envelope ID: 6FB5D59A-E7F2-4F75-BEFE-952BAF6D6D33
4
for cause under the terms of this Agreement, the District shall have no obligation
or duty to continue compensating Consultant for any work performed after the
date of default and can terminate this Agreement immediately by written notice to
the Consultant. If such failure by the Consultant to make progress in the
performance of work hereunder arises out of causes beyond the Consultant’s
control, and without fault of negligence of the Consultant, it shall not be considered
a default.
(b) If the General Manager or his/her delegate determines that the
Consultant is in default in the performance of any of the terms or conditions of this
Agreement, he/she shall cause to be served upon the Consultant a written notice of
the default. The Consultant shall have ten (10) days after service upon it of said
notice in which to cure the default by rendering a satisfactory performance. In the
event that the Consultant fails to cure its default within such period of time, the
District shall have the right, notwithstanding any other provision of this
Agreement, to terminate this Agreement without further notice and without
prejudice to any other remedy to which it may be entitled at law, in equity or under
this Agreement.
8. OWNERSHIP OF DOCUMENTS
(a) The Consultant shall maintain complete and accurate records with
respect to the professional services required by this Agreement and will produce
the work product specified in Exhibit A and other such information required by
the District that relate to the performance of services under this Agreement. Such
work product shall be fully usable by District. Consultant shall maintain adequate
records of services provided in sufficient detail to permit an evaluation of services.
All such records shall be maintained in accordance with generally accepted
accounting principles and shall be clearly identified and readily accessible.
Consultant shall provide free access to the representatives of the District or its
designees at reasonable times to such books and records; shall give the District the
right to examine and audit said books and records; shall permit the District to make
transcripts therefrom as necessary; and shall allow inspection of all work, data,
documents, proceedings and activities related to this Agreement. Such records,
together with supporting documents, shall be maintained for a period of three (3)
years after receipt of final payment. Alternatively, all documents produced shall
be maintained and owned at District offices.
DocuSign Envelope ID: 6FB5D59A-E7F2-4F75-BEFE-952BAF6D6D33
5
(b) Upon completion, termination or suspension of this Agreement, all
work produce reduced to any medium and other documents prepared in the
course of providing the services to be performed pursuant to this Agreement shall
become the sole property of the District and may be used, reused or otherwise
disposed of by the District without the permission of the Consultant. With respect
to computer files, the Consultant shall make available to the District, at the
Consultant’s office and upon reasonable written request by the District, the
necessary computer software and hardware for purposes of accessing, compiling,
transferring and printing computer files.
9. INDEMNIFICATION
(a) Indemnification for Professional Liability. When the law establishes
a professional standard of care for the Consultant’s services, to the fullest extent
permitted by law, the Consultant shall indemnify, protect, defend and hold
harmless the District and any and all of its officials, employees and agents
(“Indemnified Parties”) from and against any and all losses, liabilities, damages,
costs and expenses, including attorney’s fees and costs to the extent same are
caused in whole or in part by any negligent or wrongful act, error or omission of
the Consultant, its officers, agents, employees or subconsultants (or any entity or
individual that the Consultant shall bear the legal liability thereof) in the
performance of professional services under this Agreement.
(b) Indemnification for Other than Professional Liability. Other than in
the performance of professional services and to the full extent permitted by law,
the Consultant shall indemnify, defend and hold harmless the District, and any and
all of its employees, officials and agents from and against any liability (including
liability for claims, suits, actions, arbitration proceedings, administrative
proceedings, regulatory proceedings, losses, expenses or costs of any kind, whether
actual, alleged or threatened, including attorney’s fees and costs, court costs,
interest, defense costs and expert witness fees), where the same arise out of, are a
consequence of, or are in any way attributable to, in whole or in part, the
performance of this Agreement by the Consultant or by any individual or entity for
which the Consultant is legally liable, including, but not limited to, officers, agent,
employees or subconsultants of the Consultant.
DocuSign Envelope ID: 6FB5D59A-E7F2-4F75-BEFE-952BAF6D6D33
6
10. INSURANCE
The Consultant shall maintain prior to the beginning of and for the duration
of this Agreement insurance coverage as specified in Exhibit B attached to and part
of this Agreement. Such coverage shall provide automotive, commercial general
liability and professional error coverage, if appropriate. Existing coverage may
suffice if coverage limits are acceptable. District must be named an additional
insured on the endorsement.
11. INDEPENDENT CONSULTANT
(a) The Consultant is and shall at all times remain as to the District a
wholly independent Consultant. The personnel performing the services under this
Agreement on behalf of the Consultant shall at all times be under the Consultant’s
exclusive direction and control. Neither the District nor any of its officers,
employees, or agents shall have control over the conduct of the Consultant or any
of the Consultant's officers, employees, or agents, except as set forth in this
Agreement. The Consultant shall not at any time or in any manner represent that
it or any of its officers, employees, or agents are in any manner officers, employees,
or agents of the District. The Consultant shall not incur or have the power to incur
any debt, obligation, or liability whatever against the District, or bind the District
in any manner.
(b) No employee benefits shall be available to the Consultant in connection
with the performance of this Agreement. Except for the fees paid to the Consultant
as provided in the Agreement, the District shall not pay salaries, wages, or other
compensation to the Consultant for performing services hereunder for the District.
The District shall not be liable for compensation or indemnification to the
Consultant for injury or sickness arising out of performing services hereunder.
(c) With regard to A.B. 5 (Labor Code §2750.3) this Agreement sets forth a
“business to business” relationship. The Consultant is the employer of all persons
provided under this Agreement, and those persons are employees of the
Consultant. Control of those persons shall be with the Consultant and the District
shall provide direction to the Consultant who shall direct its employees in
accordance with that direction.
DocuSign Envelope ID: 6FB5D59A-E7F2-4F75-BEFE-952BAF6D6D33
7
12. LEGAL RESPONSIBILITIES
The Consultant shall keep itself informed of State and Federal laws and
regulations which in any manner affect those employed by it or in any way affect
the performance of its service pursuant to this Agreement. The Consultant shall at
all times observe and comply with all such laws and regulations. The District, and
its officers and employees, shall not be liable at law or in equity occasioned by
failure of the Consultant to comply with this Section.
13. UNDUE INFLUENCE
The Consultant declares and warrants that no undue influence or pressure has
been used against or in concert with any officer or employee of the Costa Mesa
Sanitary District in connection with the award, terms or implementation of this
Agreement, including any method of coercion, confidential financial arrangement
or financial inducement. No officer or employee of the Costa Mesa Sanitary District
will receive compensation, directly or indirectly, from the Consultant, or from any
officer, employee or agent of the Consultant, in connection with the award of this
Agreement or any work to be conducted as a result of this Agreement. Violation of
this Section shall be a material breach of this Agreement entitling the District to
any and all remedies at law or in equity.
14. NO BENEFIT TO ARISE TO LOCAL EMPLOYEES
No member, officer, or employee of the District, or their designees or agents,
and no public official who exercises authority over or responsibilities with respect
to the Project during his/her tenure or for one year thereafter, shall have any
interest, direct or indirect, in any agreement or sub-agreement, or the proceeds
thereof, for work to be performed in connection with the Project performed under
this Agreement.
15. RELEASE OF INFORMATION / CONFLICTS OF INTEREST
(a) All information gained by the Consultant in performance of this
Agreement shall be considered confidential and shall not be released by the
Consultant without the District's prior written authorization. The Consultant, its
DocuSign Envelope ID: 6FB5D59A-E7F2-4F75-BEFE-952BAF6D6D33
8
officers, employees, agents or subconsultants, shall not without written
authorization from the General Manager or unless requested by the District
Counsel, voluntarily provide declarations, letters of support, testimony at
depositions, response to interrogatories, or other information concerning the work
performed under this Agreement or relating to any project or property located
within the District. Response to a subpoena or court order shall not be considered
"voluntary" provided the Consultant gives the District notice of such court order or
subpoena.
(b) The Consultant shall promptly notify the District should the Consultant,
its officers, employees, agents or subconsultants be served with any summons,
complaint, subpoena, notice of deposition, request for documents, interrogatories,
requests for admissions, or other discovery request, court order, or subpoena from
any person or party regarding this Agreement and the work performed thereunder
or with respect to any project or property located within the District. The District
retains the right, but has no obligation, to represent the Consultant and/or be
present at any deposition, hearing, or similar proceeding. The Consultant agrees to
cooperate fully with the District and to provide the opportunity to review any
response to discovery requests provided by the Consultant. However, the District's
right to review any such response does not imply or mean the right by the District
to control, direct, or rewrite said response.
(c) The Consultant covenants that neither he/she nor any officer or
principal of their firm have any interest in, or shall acquire any interest, directly
or indirectly, which will conflict in any manner or degree with the performance of
their services hereunder. The Consultant further covenants that in the
performance of this Agreement, no person having such interest shall be employed
by them as an officer, employee, agent or subconsultant. The Consultant further
covenants that the Consultant has not contracted with nor is performing any
services, directly or indirectly, with any developer(s) and/or property owner(s)
and/or firm(s) and/or partnership(s) owning property in the District or the study
area and further covenants and agrees that the Consultant and/or its
subconsultants shall provide no service or enter into any agreement or agreements
with a/any developer(s) and/or property owner(s) and/or firm(s) and/or
partnership(s) owning property in the District or the study area prior to the
completion of the work under this Agreement.
DocuSign Envelope ID: 6FB5D59A-E7F2-4F75-BEFE-952BAF6D6D33
9
16. NOTICES
Any notices which either party may desire to give to the other party under
this Agreement must be in writing and may be given by: (i) personal service, (ii)
delivery by a reputable document delivery service, such as but not limited to,
Federal Express, which provides a receipt showing date and time of delivery, or
(iii) mailing in the United States Mail, certified mail, postage prepaid, return receipt
requested, addressed to the address of the party as set forth below or at any other
address as that party may later designate by notice:
To District: Costa Mesa Sanitary District
290 Paularino Avenue
Costa Mesa, CA 92626
Attn: Management Analyst II
To Consultant: Acorn Technology Services
1960 Chicago Ave, Ste E9
Riverside, CA 92507
Attn: Mickey McGuire, CEO
17. ASSIGNMENT
The Consultant shall not assign the performance of this Agreement, nor any
part thereof, nor any monies due hereunder, without prior written consent of the
District.
18. LICENSES
At all times during the term of this Agreement, the Consultant shall have in
full force and effect, all licenses required of it by law for the performance of the
services described in this Agreement.
19. GOVERNING LAW
The District and the Consultant understand and agree that the laws of the
State of California shall govern the rights, obligations, duties and liabilities of the
DocuSign Envelope ID: 6FB5D59A-E7F2-4F75-BEFE-952BAF6D6D33
10
parties to this Agreement and also govern the interpretation of this Agreement.
Any litigation concerning this Agreement shall take place in the municipal,
superior or federal district court with jurisdiction over the Costa Mesa Sanitary
District.
20. ENTIRE AGREEMENT
This Agreement contains the entire understanding between the parties
relating to the obligations of the parties described in this Agreement. All prior or
contemporaneous agreements, understandings, representations, and statements,
oral or written, are merged into this Agreement and shall be of no further force or
effect. Each party is entering into this Agreement based solely upon the
representations set forth herein and upon each party's own independent
investigation of any and all facts such party deems material.
21. CONTENTS OF PROPOSAL
Consultant is bound by the contents of Exhibit A hereto and incorporated
herein by this reference.
22. MODIFICATION
No modification to this Agreement shall be effective unless it is in writing
and signed by authorized representatives of the parties hereto.
23. AUTHORITY TO EXECUTE THIS AGREEMENT
The person or persons executing this Agreement on behalf of the Consultant
warrants and represents that he/she has the authority to execute this Agreement
on behalf of the Consultant and has the authority to bind the Consultant to the
performance of its obligations hereunder.
DocuSign Envelope ID: 6FB5D59A-E7F2-4F75-BEFE-952BAF6D6D33
11
24. INTERPRETATION
In the event of conflict or inconsistency between this Agreement and any
other document, including any proposal or Exhibit hereto, this Agreement shall
control unless a contrary intent is clearly stated.
IN WITNESS WHEREOF, the parties hereto have caused this Agreement to be
executed this day and year first above written.
COSTA MESA SANITARY DISTRICT CONSULTANT
__________________________ __________________________
General Manager Signature
ATTEST: __________________________
Typed Name
__________________________
District Clerk __________________________
Title
APPROVED AS TO FORM:
__________________________
District Counsel
DocuSign Envelope ID: 6FB5D59A-E7F2-4F75-BEFE-952BAF6D6D33
Mickey McGuire
CEO
Recommendation Reason Needed Solution Cost
A1.1
Purchase onsite storage. In the meantime, Acorn is performing
image based backups for all supported windows servers using the
CMSD-VBR server.
CMSD does not have sufficient storage for
server based image backups.
(1) QNAP storage device
(5) 6TB hard drives
2,813.38$
A1.2
Purchase onsite storage. In the meantime, Acorn is performing
image based backups for all supported windows servers using the
CMSD-VBR server.
CMSD does not have sufficient storage for
server based image backups.
Labor
625.00$
A2.1
Replace current routers and purchase VPN licenses for terminal
server users. Move terminal server connection behind firewall as
an additional security measure, since it is currently exposed to the
public.
EOL & no longer under support. This will
provide redundancy and improve network
security.(2) SonicwallTZ570 3,665.92$
A2.2
Replace current routers and purchase VPN licenses for terminal
server users. Move terminal server connection behind firewall as
an additional security measure, since it is currently exposed to the
public.
EOL & no longer under support. This will
provide redundancy and improve network
security.(2) VPN licenses 626.04$
A2.3
Replace current routers and purchase VPN licenses for terminal
server users. Move terminal server connection behind firewall as
an additional security measure, since it is currently exposed to the
public.
EOL & no longer under support. This will
provide redundancy and improve network
security.Labor 625.00$
A3.1 Replace old backup power unit (CMSDUPS05) at the Yard.
To provide sufficient power to the existing
critical network equipment at the Yard and
allow for monitoring (1) APC Smart-UPS 750VA w/ management card 1,162.50$
A3.2 Replace old backup power unit (CMSDUPS05) at the Yard.
To provide sufficient power to the existing
critical network equipment at the Yard and
allow for monitoring Labor 625.00$
A4.1 Replace old switch (CMSDSWT07) at the Yard.EOL (1) Cisco Business 250 Series 250-24FP-4G $ 1,036.30
A4.2 Replace old switch (CMSDSWT07) at the Yard.EOL Labor $ 625.00
A5.1
Build new virtual secondary file server and purchase license for
Windows Server 2019 standard Redundancy
Monthly Recurring Cost = $150 $ 1,900.00
A5.2
Build new virtual secondary file server and purchase license for
Windows Server 2019 standard Redundancy
(2) Windows Server Standard license
(15) Windows Remote Desktop Services Client
Access License
$ 3,329.33
A5.3
Build new virtual secondary file server and purchase license for
Windows Server 2019 standard Redundancy
Labor
$ 1,500.00
B1
Upgrade workstations:
HQ: CMSDWRK009 (Kaitlin) & CMSDWRK001 (Noelani)These workstations are 7-8 years old, so they
are past their replacement schedule.
HQ: (2) Lenovo Docking Stations ($700)
$ 856.41
B1
Upgrade workstations:
HQ: CMSDWRK009 (Kaitlin) & CMSDWRK001 (Noelani)
Yard: CMSDWRK016-Yard (Crew Office) & CMSDWRK014-Yard
(Breakroom)
These workstations are 7-8 years old, so they
are past their replacement schedule.
Yard: (2) Dell OptiPlex 7090 MiniTower ($2511.78) $ 2,826.72
B4
Conduct internal and external Vulnerability Scan to audit all
services and hardware connected to CMSD's network.Identify and remediate vulnerabilities
Utilize subscription based software licenses and
hardware owned by Acorn $ 8,672.81
B5.1
Install Secureworks' Managed Detection and Response service for
network log collection (endpoint detection and response - EDR)
Monitoring, analysis, and alert system for
suspicious activity and security breaches
Secureworks' Managed Detection and Response
(Taegis XDR), Redcloak $ 14,327.81
B5.2
Install Secureworks' Managed Detection and Response service for
network log collection (endpoint detection and response - EDR)
Monitoring, analysis, and alert system for
suspicious activity and security breaches
Secureworks' Managed Detection and Response
(Taegis XDR), Redcloak $ 3,500.00
B5.3
Install Secureworks' Managed Detection and Response service for
network log collection (endpoint detection and response - EDR)
Monitoring, analysis, and alert system for
suspicious activity and security breaches
Secureworks' Managed Detection and Response
(Taegis XDR), Redcloak $ 4,800.00
B6
Conduct KnowBe4 security awareness training w/ phishing testing
and training modules on cyber security practices (phishing, social
engineering, physical security, passwords, etc.)Continued training of staff regarding security KnowBe4 Training software (HQ) $ 630.00
B6
Conduct KnowBe4 security awareness training w/ phishing testing
and training modules on cyber security practices (phishing, social
engineering, physical security, passwords, etc.)Continued training of staff regarding security KnowBe4 Training software (DY) $ 245.00
C2
If transition to Microsoft Office365 is not possible, build a new
Microsoft Exchange Server and perform a migration of user
mailboxes, public folders, etc. to the new server, then
decommission and fully remove the existing CMSD-MAIL Microsoft
Exchange server from the network.
The best way to ensure that a clean machine
is reintegrated into the environment is
rebuilding it or restoring it from known good
media.Server build = $1500 1,500.00$
D2 Acorn's Data Center
- Use current equipment + additional
equipment (QNAP, router, hard drives,
licensing, switch)
- OK if we are concerned with local
emergencies impacting our immediate area
(Orange County)
Hardware & software = $6000
$ 14,500.00
D2 Acorn's Data Center
- Use current equipment + additional
equipment (QNAP, router, hard drives,
licensing, switch)
- OK if we are concerned with local
emergencies impacting our immediate area
(Orange County)
Colocation = $500
$ 6,000.00
76,392.22$
Exhibit A
DocuSign Envelope ID: 6FB5D59A-E7F2-4F75-BEFE-952BAF6D6D33
Recommendations Reason Needed Solution Cost Cost Breakdown Budget Notes/questions
A1
Purchase onsite storage. In the meantime, Acorn is performing image based
backups for all supported windows servers using the CMSD-VBR server.
CMSD does not have sufficient storage for
server based image backups.
(1) QNAP storage device
(5) 6TB hard drives
2,387.02$ Hardware: $2387.02 Unbudgeted One-time
A2
Replace current routers and purchase VPN licenses for terminal server users.
Move terminal server connection behind firewall as an additional security
measure, since it is currently exposed to the public.
EOL & no longer under support. This will
provide redundancy and improve
network security.(2) SonicwallTZ570 + VPN licenses 3,746.63$
Hardware: $3270.96
Licenses: $475.67 Unbudgeted
Hardware = one-time
Licenses = one-time
A3 Replace old backup power unit (CMSDUPS05) at the Yard.
To provide sufficient power to the
existing critical network equipment at the
Yard and allow for monitoring
(1) APC Smart-UPS 750VA w/ management
card 868.97$ Hardware: $868.97 Unbudgeted One-time; Fund 20 only
A4 Replace old switch (CMSDSWT07) at the Yard.EOL (1) Cisco Business 250 Series 250-24FP-4G $ 752.92 Hardware: $752.92 Unbudgeted One-time; Fund 20 only
A5
Build new virtual secondary file server and purchase license for Windows
Server 2019 standard Redundancy
(2) Windows Server Standard license
(15) Windows Remote Desktop Services
Client Access License
Monthly Recurring Cost = $150 $ 4,761.45
Licenses: $2961.45
Maintenance: $150 Unbudgeted
Licenses = one-time
Maintenance = monthly
Misc. Services/Equip 1,000.00$
Labor 4,000.00$
Tax 1,016.49$
Shipping & handling -$
Total 18,533.48$
DocuSign Envelope ID: 6FB5D59A-E7F2-4F75-BEFE-952BAF6D6D33
Recommendations Reason Needed Solution Cost Cost Breakdown Budget Notes/questions
B1
Upgrade workstations:
HQ: CMSDWRK009 (Kaitlin) & CMSDWRK001 (Noelani)
Yard: CMSDWRK016-Yard (Crew Office) & CMSDWRK014-Yard (Breakroom)
These workstations are 7-8 years
old, so they are past their
replacement schedule.
HQ: (2) Lenovo Docking Stations ($700)
Yard: (2) Dell OptiPlex 7090 MiniTower
($2511.78) $ 3,211.78
Hardware:
HQ: $700
Yard: $2511.78
Budgeted - Small Tools
HQ: $3000
Yard: $3500 Hardware: One-time (Small Tools)
B4
Conduct internal and external Vulnerability Scan to audit all services and
hardware connected to CMSD's network.
Identify and remediate
vulnerabilities
Utilize subscription based software licenses
and hardware owned by Acorn $ 7,800.00 Software: $7800
Budgeted - Comp. Lic.
$3800 Software: Annual (Comp Lic.)
B5
Install Secureworks' Managed Detection and Response service for network log
collection (endpoint detection and response - EDR)
Monitoring, analysis, and alert
system for suspicious activity and
security breaches
Secureworks' Managed Detection and
Response (Taegis XDR), Redcloak $ 21,300.00
Software: $13,000
Installation: $3500
Acorn Maint: $400
Budgeted - Capital
Outlay
$6200
Software: Annual
Installation: One-time
Acorn maintenance: monthly
B6
Conduct KnowBe4 security awareness training w/ phishing testing and training
modules on cyber security practices (phishing, social engineering, physical
security, passwords, etc.)
Continued training of staff
regarding security KnowBe4 Training software $ 700.00
Subscription: $28
per staff member
(25 staff is the
minimum) Unbudgeted Subscription: Annual (Staff development)
Misc. Services/Equip 700.00$
Tax 2,146.97$
Shipping & handling -$
Total 35,858.75$
DocuSign Envelope ID: 6FB5D59A-E7F2-4F75-BEFE-952BAF6D6D33
Microsoft Exchange Remediation Description Solution Cost Breakdown Total FY 21-22 Cost Cost Breakdown Budget Notes/questions
C2
If transition to Microsoft Office365 is not possible,
build a new Microsoft Exchange Server and
perform a migration of user mailboxes, public
folders, etc. to the new server, then decommission
and fully remove the existing CMSD-MAIL
Microsoft Exchange server from the network.
The best way to ensure that a clean machine is
reintegrated into the environment is
rebuilding it or restoring it from known good
media.Server build = $1500 1,500.00$ 1,500.00$ Labor: $1500 Unbudgeted Labor: One-time
DocuSign Envelope ID: 6FB5D59A-E7F2-4F75-BEFE-952BAF6D6D33
Disaster Recovery Description Estimated Costs Approximate Total Notes/questions
D2 Acorn's Data Center
- Use current equipment + additional equipment (QNAP, router, hard drives, licensing,
switch)
- OK if we are concerned with local emergencies impacting our immediate area (Orange
County)
Hardware & software = $6000
Labor = $8500
Colocation = $500
One-time = $14,500
Monthly = $500
Hardware/software = one-time
Labor = one-time
Colocation = monthly
Set up separate internet service @ Yard and HQ; this should save $
since we're paying for site replication ~ $4,000 per month
DocuSign Envelope ID: 6FB5D59A-E7F2-4F75-BEFE-952BAF6D6D33
COSTA MESA SANITARY DISTRICT
290 Paularino Ave., Costa Mesa, California 92626
(949) 645-8400
To: Consultants/Contractors:
PLEASE GIVE THESE REQUIREMENTS TO YOUR INSURANCE AGENT
The Costa Mesa Sanitary District (CMSD) requires certificates of workers’ compensation, general
liability, automobile, and if necessary, professional errors and omissions insurance before you can
begin work for CMSD. All certificates must contain the following:
Workers’ Compensation – Minimum policy limit requirements are $1,000,000 bodily injury by
disease; and $1,000,000 bodily injury each employee for accident or disease per occurrence. If
you have no employees, you must sign a Declaration of Non-employee Status form available
from the District. In lieu of a certificate of insurance, a certificate of Consent to Self-Insure issued
by the California Director of industrial Relations is also acceptable.
General Liability – Minimum policy limit requirement is $1,000,000 combined single limit
coverage with insurance designated “per occurrence.” Insurance must include coverage for
ongoing operations and completed operations. The insurance carrier providing the commercial
general liability policy must have an AM Best Rating of A- or better and be an admitted carrier in
the State of California or an approved Surplus Line Insurer from California Department of
Insurance.
Automobile Liability – Minimum policy limit requirement is $1,000,000 combined single limit
coverage with insurance designated “per occurrence.” The “Any Auto” box must be checked.
Professional Errors and Omissions (if necessary) – Minimum policy limit that is appropriate
to the profession.
Description of Operations – The following wording must be added to the policy: “All operations:
Costa Mesa Sanitary District, their elected and appointed officials, agents, officers, volunteers,
and employees listed as Additional Insured – Pursuant to attached endorsement.”
Change in Coverages – The following wording must be added to the policy by endorsement:
“Said policy shall not terminate, nor shall it be canceled nor the coverage reduced, until thirty (30)
days after written notice is given to the District.”
Excess and Non-contributing – The following wording must be added to the policy by
endorsement: “Any other insurance maintained by the Costa Mesa Sanitary District shall be
excess and non-contributing with the insurance provided by this policy.”
Additional Insured Endorsement – (for General Liability, Automobile only). This must be a
separate attachment naming the District as additional insured. The endorsement must include
the policy number and the wording of the additional insured must be exact, stating: “The Costa
Mesa Sanitary District, its elected and appointed officials, agents, officers, volunteers and
employees are additional insureds.” ISO Form CG 20 12 07 98, or a comparable equivalent must
be used.
Exhibit BDocuSign Envelope ID: 6FB5D59A-E7F2-4F75-BEFE-952BAF6D6D33
DocuSign Envelope ID: 6FB5D59A-E7F2-4F75-BEFE-952BAF6D6D33