HomeMy WebLinkAbout2024-125ESTIMATE
OTM Cyber
600 Blvd SSW, STE 104
Huntsville, AL 35802
Sales: kcorter@otmcyber.com,
Billing: alyna@otmcyber.com
+1 (256) 581-5868
otmcyber.com
Indian River County Emergency Services
Bill to
Karen Rackard
Indian River County Emergency Services
Estimate details
Estimate no.: 1057
Estimate date: 05/14/2024
k Date Product or service
1. Penetration Test - Tier 3
2. GSA - OTM Service (Tier 3
Management CyberBox)
GSA Contract Number:
47QTCA23DO095
3
Description
A penetration test is a critical
cybersecurity service designed to
simulate a cyber -attack on your
company's IT systems, applications, or
entire network. The primary goal of a
penetration test is to identify and exploit
vulnerabilities before malicious hackers
can find and exploit them. By emulating
the strategies and tactics of real-world
attackers, our team of certified ethical
hackers provides a realistic assessment
of your security posture.
Managed Detection and Response
service with 24/7 monitoring, regular
reporting, Incident Response first aid,
assigned analysts, cyber event
escalation, and much more for a Tier 3
customer with a Tier 3 management
appliance. This includes 1 (one) cyber
box and installation.
CyberBox Cyber Box device for log storage,
correlation, detection, and cyber tools.
Sophos endpoint detection comes
installed on each box
Note to customer
A TRUE COPY
CERTIFICATION ON LAST PAGE
RYAN L. BUTLER, CLERK
OTM
Cyber
Ship to
Karen Rackard
Indian River County Emergency Services
SKU
OTM 3
Total
Qty Rate Amount
1 $15,000.00 $15,000.00
1 $17,410.58 $17,410.58
4 $4,060.00 $16,240.00
$48,650.58
2024 $48,650.00
2025 $33,650.00
2026 $33.650.00
A TRUE COPY
CERTIFICATION ON LAST PAGE
RYAN L. BUTLER, CLERK
A TRUE COPY
CERTIFICATION ON LAST PAGE
RYAN L. BUTLER, CLERK
OTM CYBER Optimized Threat Management Cybersecurity Services Terms and Conditions
This Service Agreement (SA) addresses the Services, standards, and responsibilities of OTM CYBER
and the Customer. OTM CYBER offers professional cybersecurity services to Indian River County FL
(hereinafter "Customer"). This agreement is entered partially pursuant to the General Services
Administration Contract 47QTCA23D0095, which takes priority in any disputes.
The term of this agreement is for OTM Cyber to provide the duties and services contained herein to the
Customer for a period of 3 Years from the time of installation.
The Customer agrees to the following:
1. Representations and Warranties. OTM CYBER represents and warrants to the Customer that: (i)
there are no contracts and/or restrictive covenants preventing the full performance of its duties
and obligations under this Agreement; and (ii) it has the requisite qualifications, knowledge, and
experience to perform the obligations under this Agreement.
2. The Engagement. OTM CYBER will provide the Customer with the services and equipment as
outlined in the "Quote" section of this document. The nature and scope of the Services may be
updated and adjusted from time to time upon mutual written consent by the parties.
3. Independent Contractor; Taxes. The parties understand and agree that OTM CYBER is an
independent contractor and there are and will not be employer-employee or partnership
relationship between the parties. OTM CYBER recognizes that it will have sole responsibility to
pay any taxes or to any other compensation it will receive from the Customer in consideration for
the Services.
4. Access. The customer acknowledges that OTM CYBER will have access to sensitive information
and may, at times perform network scans, vulnerability assessments, and other methods of
system and network access in order to facilitate accurate security investigations and appropriate
security responses.
5. Duties of OTM CYBER. OTM CYBER hereby affirms and undertakes that, in the process of
providing the Services to the Customer, it will:
A TRUE COPY
CERTIFICATION ON LAST PAGE
RYAN L. BUTLER, CLERK
a. devote its time, know-how, energy, expertise, talent, experience and best efforts, to the
business and affairs of the Customer as assigned in the line items of this document, and
to the performance of its duties with the Customer within the framework of tasks assigned
to it during the tenure of this engagement, by mutual agreement between OTM CYBER
and the Customer;
b. perform and discharge well and faithfully, with devotion, honesty and fidelity, its
obligations as set forth herein;
c. comply with all of Customer's disciplinary regulations, work rules, policies, procedures
and objectives, as may be determined by Customer from time to time, and as notified to
OTM CYBER by the Customer;
d. immediately and without delay, inform the designated Customer point of contact of any
affairs and/or matters that might constitute a conflict of interest with its position in the
Customer; and
e. not use any trade secrets or proprietary information in such a manner that may breach
any confidentiality and/or other obligation OTM CYBER may have undertaken relating to
any former employer(s) and/or any third party.
f. OTM CYBER is registered with and will use the Department of Homeland Security's E -
Verify system (www.e-verify.gov) to confirm the employment eligibility of all newly hired
employees for the duration of this agreement, as required by Section 448.095, F.S. OTM
CYBER is also responsible for obtaining an affidavit from all subcontractors, as required
in Section 448.095(5)(b), F.S., stating the subcontractor does not employ, contract with,
or subcontract with an unauthorized alien.
6. Proprietary Information and Confidentiality.
a. OTM CYBER is aware that in the course of its engagement with the Customer and/or in
connection therewith, OTM CYBER may have access to, and be entrusted with,
technical, proprietary, sales, legal, financial, and other data and information with respect
to the affairs and business of the Customer, its affiliates, customers and suppliers. This
information may include information received by the Customer from any third party
subject to obligations of confidentiality towards said third party, all of which data and
information, whether documentary, written, oral or computer generated, will be deemed to
be, and referred to as "Proprietary Information", which, by way of illustration but not
limitation, will include trade and business secrets, processes, patents, improvements,
ideas, inventions (whether reduced to practice or not), techniques, products, and
A TRUE COPY
CERTIFICATION ON LAST PAGE
RYAN L. BUTLER, CLERK
technologies (actual or planned), financial statements, marketing plans, strategies,
forecasts, customer and/or supplier lists and/or relations, research and development
activities, formula, data, know-how, designs, discoveries, models, computer hardware
and software and any and all documentation relating thereto, drawings, dealings and
transactions, except for such information which, on the date of disclosure, is, or thereafter
becomes, available in the public domain or is generally known in the industry through no
fault on the part of OTM CYBER.
b. OTM CYBER agrees and declares that all Proprietary Information, patents and/or patent
applications, copyrights, and other intellectual property rights in connection therewith, are
and will remain the sole property of the Customer and its assigns. During the Term and
upon its expiration thereafter, OTM CYBER will keep in confidence and trust all
Proprietary Information, and any part thereof, and will not use or disclose and/or make
available, directly or indirectly, to any third party any Proprietary Information without the
prior written consent of the Customer, except and to the extent as may be necessary in
the ordinary course of performing OTM CYBER's duties pertaining to the Customer and
except and to the extent as may be required under any applicable law, regulation, judicial
decision or determination of any governmental entity.
c. Without derogating from the generality of the foregoing, OTM CYBER agrees: (a) not to
copy, transmit, reproduce, summarize, quote, publish and/or make any commercial or
other use whatsoever of the Proprietary Information, or any part thereof, without the prior
written consent of Customer, except as may be necessary in the performance of its duties
pertaining to the Customer; (b) to exercise the highest degree of care in safeguarding the
Proprietary Information against loss, theft or other inadvertent disclosure and to take all
reasonable steps necessary to ensure the maintaining of confidentiality; (c) upon a
request by the Customer to do so, OTM CYBER will immediately deliver to the Customer
or remove all Proprietary Information and any and all copies thereof, in whatever form,
that had been furnished to OTM CYBER, prepared thereby and/or came to its possession
in any manner whatsoever, during and in the course of its engagement with the
Customer, and will not retain and/or make copies thereof in whatever form
7. Term and Termination
a. This Agreement will be effective as of the signature date of this Agreement (the "Effective
Date") and will remain in full force and effect until terminated by either party (the "Term").
A TRUE COPY
CERTIFICATION ON LAST PAGE
RYAN L. BUTLER, CLERK
b. Either parry may terminate this Agreement for any reason by furnishing the other party
with 30 -days notice of termination (the "Notice of Termination"). Unless the Customer has
waived any and/or all of OTM CYBER's Services under this Agreement during the 30
days prior to termination, OTM CYBER will continue to discharge and perform all of its
duties and obligations under this Agreement during the 30 -day period. OTM CYBER will
also take all steps satisfactory to the Customer to ensure the orderly transition of all
matters handled by OTM CYBER to any persons or entities designated by the Customer
until termination. No later than 30 days after termination the Customer will return all OTM
CYBER property.
c. Early Termination. In the event of early termination by the Customer, OTM CYBER shall
have the right to accelerate fifty percent (50%) of the remaining total Fixed Annual Invoice
values and any additional expenses due under the Agreement and otherwise payable.
d. Notwithstanding the provisions above, the Customer will be entitled to terminate this
Agreement with immediate effect as a result of a breach by OTM CYBER of any
provisions of this Agreement.
e. Upon termination of the OTM CYBER's Services, the OTM CYBER affirms and
undertakes to (i) terminate its Services to the Customer in an efficient, complete,
appropriate, and orderly manner; and (ii) return to the Customer's principal office all
equipment or documentation, in any media which was given to it by the Customer in
connection with its Services (collectively, the "Equipment"). OTM CYBER will have no
(and hereby waives any) rights of lien with respect to any asset or right comprising the
Equipment.
OTM CYBER certifies that it and those related entities of OTM CYBER as defined by
Florida law are not on the Scrutinized Companies that Boycott Israel List, created
pursuant to s. 215.4725 of the Florida Statutes, and are not engaged in a boycott of
Israel. Customer may terminate this Contract if OTM CYBER, including all wholly owned
subsidiaries, majority-owned subsidiaries, and parent companies that exist for the
purpose of making profit, is found to have been placed on the Scrutinized Companies
that Boycott Israel List or is engaged in a boycott of Israel as set forth in section
215.4725, Florida Statutes.
8. Assignment. The rights and liabilities of the parties hereto will bind and inure to the benefit of their
respective successors, heirs, executors, and administrators. OTM CYBER may not assign any of
its rights or obligations hereunder without first obtaining the Customer's written consent. The
Customer may assign its rights and obligations hereunder to any person or entity that succeeds
to all or substantially all the Customer's business.
9. General.
A TRUE COPY
CERTIFICATION ON LAST PAGE
RYAN l.. BUTLER, CLERK
a. Either party's failure at any time to require strict compliance by the other party of the
provisions of this Agreement will not diminish such party's right thereafter to demand
strict compliance therewith or with any other provision. Waiver of any default will not
waive any other default.
b. All disputes with respect to this Agreement will be determined in accordance with the
laws of the State of Alabama, without giving effect to any principles of conflict of law, and
the competent courts Alabama will have exclusive jurisdiction of any such dispute.
c. In the event that any provision of this Agreement will be deemed unlawful or otherwise
unenforceable, such provision will be severed from this Agreement and all other
provisions of the Agreement will continue in full force and effect.
d. This Agreement contains and sets forth the entire agreement and understanding between
the parties with respect to the subject matter contained herein, and as such supersedes
all prior discussions, agreements, representations, and understandings in this regard.
This Agreement will not be modified except by an instrument in writing signed by both
parties.
e. Provisions intended to survive the termination of this Agreement, will so survive.
f. Each notice and/or demand given by one party to the other pursuant to this Agreement
will be given in writing and will be sent by registered mail or delivered by hand to the
other party at the addresses set forth above, and such notice and/or demand will be
deemed given at the expiration of 3 days from the date of mailing by registered mail or
immediately if delivered by hand. Such address will be effective unless notice of a
change in address is provided by registered mail to the other party.
g. This Agreement may be executed in counterparts, which may be faxed counterparts,
each of which, when so delivered, will be deemed an original and, together, an original
instrument.
10. Disclaimers.
a. Customer recognizes its own responsibilities herein with respect to its cybersecurity
program. Customer acknowledges that it must participate in its own defense and work
with OTM CYBER to create a prioritized, flexible, repeatable, performance-based, and
cost-effective approach, including information security measures and controls, to
establish an ongoing process to identify, assess, and manage cyber risk throughout
Customer's network.
b. Customer acknowledges that OTM CYBER is not responsible for customer's use of or
response to alerts or reports from the OTM CYBER Optimized Threat Management
Services and that customer maintains sole liability for the cybersecurity maintenance of
its digital infrastructure.
A TRUE COPY
CERTIFICATION ON LAST PAGE
RYAN L. BUTLER, CLERK
c. OTM CYBER does not make any guarantees regarding the effectiveness of its Services
with respect to overall cybersecurity program, due to lack of control over numerous
aspects of customer's operations, personnel, and information systems.
11. Customer Obligations.
a. Cooperation with OTM CYBER. Customer will cooperate and assist OTM CYBER as
reasonably necessary regarding installation and maintenance of the OTM CYBER
Services, including but not limited to (a) the review and acceptance of the Order and any
schedules or other documentation applicable to the Order; (b) if customer elects
additional services, the review and acceptance of the Order and any other documentation
applicable to the Order; (c) the prompt communication of any questions or issues
potentially affecting or pertaining to performance of the OTM CYBER Services; and (d)
prompt response to OTM CYBER queries and requests on issues and matters pertaining
to the OTM CYBER Services and other matters arising under this Service Guide.
b. Data and Information. Customer will make available in a timely manner at no charge to
OTM CYBER all technical data, computer facilities, programs, files, documentation, test
data, sample output, or other information and resources reasonably required by OTM
CYBER for the implementation and provisioning of the OTM CYBER Services. Customer
will be responsible for ensuring the correctness, accuracy, and completeness of all data,
materials, and information supplied by customer.
c. Equipment. Customer will provide access to equipment, network connectivity, personnel
and customer expertise and institutional knowledge required by OTM CYBER for the
implementation and provisioning of the OTM CYBER Services.
d. OTM CyberBox®. OTM CyberBoxes® are the physical (or virtual) hardware that allows
cyber threats to be detected. OTM CyberBoxes® include various software platforms and
features that enable OTM CYBER to perform the security services as outlined in this
document. Customer acknowledges that any OTM CyberBox® is the property of OTM
CYBER. If an OTM CyberBox® is physically located at a Customer site, Customer will
provide and maintain a secure environment at its facilities for the OTM CyberBox®(es),
including safeguards to prevent unauthorized physical access and ensure protection
against fire and other disasters. Customer will ensure that the OTM CyberBox®(es) have
reliable power, reliable connectivity to the network(s) to be monitored, and reliable
connectivity to the internet, and will notify OTM CYBER reasonably in advance of any
planned outages affecting power or connectivity of the OTM CyberBoxO(es). Customer
will permit OTM CYBER as the delivery agent, to inspect the OTM CyberBox®(es) during
ordinary business hours upon reasonable prior notice.
A TRUE COPY
CERTIFICATION ON LAST PAGE
RYAN L. BUTLER, CLERK
e. CyberBox®(es) must be returned to OTM CYBER within 14 days of the end of service
term. End of service may be the end of the service term, end of a trial period, or other
reason for termination. CyberBox®(es) can be mailed to OTM CYBER offices.
f. Customer Security Program. Customer acknowledges that it will provide the following
controls, tools, and processes to directly support the OTM CYBER Services, and that
failure to do so may impact OTM CYBER's ability to perform the Services effectively:
i. - A written governance, risk and compliance (GRC) policy or policies, approved
by a Senior Officer or equivalent, setting forth customer's policies and
procedures for the protection of its information systems and nonpublic
information stored on those information systems (aka "Cybersecurity Policy");
ii. -A written Incident Response Action Plan (I RAP) that is exercised and/or
practiced with key scenario driven evaluations (i.e., tabletop exercises) on at
least an annual basis;
iii. - Designate two or more employees, executives, or agents who will respond to
any security alerts and take recommended actions to mitigate harm to customer's
network; and,
iv. - Although not required, it is recommended that each customer conducts a
periodic risk and vulnerability assessment (RVA) to address changes to
information systems, nonpublic information, and/or business operations. The risk
and vulnerability assessment should allow for revision of controls to respond to
technological developments and evolving threats.
g. Customer Incident Response and Remediation. Customer will be responsible for
determining and undertaking or arranging for the undertaking of any action(s) in response
to a security alert or report.
h. Customer Contacts. Customer will appoint in writing a primary and alternate technical -
level employee or agent to act as the primary contact person for all technical
communication between the customer and OTM CYBER related to the Services.
Customer will also designate a managerial -level contact person.
i. Network Change Notification. Customer will immediately inform OTM CYBER of any
physical change to the customer network.
j. Other Customer Obligations. Customer will be solely responsible for ensuring that it is not
subject to contractual obligations materially affecting the implementation or use of the
OTM CYBER Services.
12. Service Limitations. The following Services limitations and disclaimers apply:
a. Services provide information to customer to enable customer to better assess security
threats and take appropriate action. Although some OTM CYBER Optimized Threat
A TRUE COPY
CERTIFICATION ON LAST PAGE
RYAN L. BUTLER, CLERK
Management Service features perform automatic remediation and protection, the
customer is ultimately responsible for the security of their own infrastructure.
b. Customer may contact OTM CYBER for support for any issues with Services.
c. For OTM CYBER Optimized Threat Management, customer must:
i. - Maintain internet connectivity to enable remote monitoring; and
ii. - Facilitate proper technical controls to allow OTM CYBER to effectively monitor,
inspect, and filter traffic.
d. Customer agrees to review with OTM CYBER the customer's architecture, including any
and all changes to the architecture that may affect the performance of the Services.
e. A6 -week period is required to baseline network traffic, during which time the system is
under full operational monitoring but is being enhanced and tuned to better detect
incidents should they occur.
f. Incident Response First Aid consists of assistance with Detection & Analysis and
Containment phases of the NIST Incident Response Life Cycle within the first 48 hours of
incident detection. Incident Response First Aid does not guarantee full Containment of
the threat, nor does it include Eradication or Recovery. Customer acknowledges that
incident response may take weeks or months.
13. Cyber Incident Response Obligations, Services, and Procedures
a. At initial deployment, the OTM CYBER team immediately begins working with the
customer's team to help create, test, and employ an incident response plan. The incident
response plan is designed to serve as a playbook or guide in the event of a cyber
incident to ensure that the threat is identified, isolated, and mitigated. If the customer has
an existing incident response plan, OTM CYBER will follow the procedures as outlined in
the existing plan.
b. In the event of a cyber incident detected by OTM CYBER, OTM CYBER will employ the
procedures outlined in the incident response plan and work with the customer's
appointed points of contact (as outlined in the incident response plan) to appropriately
escalate the issue and participate in the customer led mitigation and remediation process
as appropriate. OTM CYBER follows an escalation and classification model to
appropriately categorize cyber incidents based on criticality, impact, and time sensitivity.
Cyber incidents declared by OTM CYBER as "High" may require immediate action by all
parties involved and outlined in the incident response plan.
c. It is the priority of OTM CYBER to help prevent cyber incidents and OTM CYBER
commits to putting forth its best professional effort in doing so. However, in the unlikely
event that a high criticality cyber incident should occur despite best efforts on the part of
the customer and OTM CYBER, OTM CYBER commits to working with the customer to
A TRUE COPY
CERTIFICATION ON LAST PAGE
RYAN L. BUTLER, CLERK
execute the incident response procedure and assist in the customer led mitigation efforts.
If needed, OTM CYBER can provide contracted fly -away teams to collocate with the
customer during a cyber incident and assist in the mitigation and remediation of the cyber
incident.
14. Payment and Billing Process:
a. Once signed and returned, an installation date will be coordinated with the appropriate
point of contact at your organization. At installation, a delivery confirmation form will be
presented to a representative of your organization for signature. Terms begin at service
start date and service start date will be the signature date on the delivery confirmation
form. You will be invoiced at the time of the signing of the contract and payment will be
due net 30 from that time. Annual billing is based on the date of signature of the delivery
confirmation form. For the duration of your contract, you Will be billed 12 months from the
day the delivery confirmation form was signed.
OTM Cyber Representative Signature
Name: Kristopher corter
Title: Director of sales
Date:
10/06/24
Signature: Kris C°rte un 10, 202410:58 EDT)
OTM Cyber Representative Signature
Name: Cole Clemens
Title: Senior Sales Specialist
Date:
10/06/24
Com_ CI M., Ilf
Signature: Cole Clemens (Jun 10, 202410:27 EDT)
A TRUE COPY
CERTIFICATION ON LAST PAGE
RYAN L. BUTLER, CLERK
Customer/Client Representative Signature
Your signature indicates an agreement with the terms and conditions, and a commitment to purchase and does
not represent the contract start date. The contract start date will begin as described in the Payment and Billing
Section of this document. Please sign and return accordingly or contact us if you have any questions.
APPRO ED,/SSTTO FOR LE SU CIEN
By: '�L�K...
Willia K. 7r,al,By:41,
John A. Tit anich, Jr., Ceunty mini
ams, Chairman
Ryan L. Butler, Clerk of Court and Comptroller
Attest:
Deputy Clerk
(SEAL)
Designated Representative:
Karen Rackard, 911 Coordinator
422543 rd Ave, Vero Beach, FL 32967
(772) 226-3942
krackard@indianriver.gov
Customer Billing Information
Provided on Purchase Order
- �i A✓ i
PiJ off.,.
• FRCOUNT`i.�''
If applicable, please provide your purchase order number below and return this signed document with any
relevant attachments.
Purchase Order:
India n_River_3-Year_Partnership_Agreement_Fi
nal
Final Audit Report
2024-06-10
"Indian_River_3-Year_Partnership_Agreement_Final" History
Document created by Cole Clemens (cclemens@otmcyber.com)
2024-06-10 - 2:23:09 PM GMT
t -y Document emailed to Cole Clemens (cclemens@otmcyber.com) for signature
2024-06-10 - 2:23:16 PM GMT
Email viewed by Cole Clemens (cclemens@otmcyber.com)
2024-06-10 - 2:26:56 PM GMT
do Document e -signed by Cole Clemens (cclemens@otmcyber.com)
Signature Date: 2024-06-10 - 2:27:59 PM GMT - Time Source: server
P, 4 Document emailed to Kris Corter (kcorter@otmcyber.com) for signature
2024-06-10 - 2:28:01 PM GMT
Email viewed by Kris Corter (kcorter@otmcyber.com)
2024-06-10 - 2:56:06 PM GMT
do Document e -signed by Kris Corter (kcorter@otmcyber.com)
Signature Date: 2024-06-10 - 2:58:32 PM GMT - Time Source: server
Agreement completed.
2024-06-10 - 2:58:32 PM GMT
8 Adobe Acrobat Sign
STATE OF
Created:
2024-06-10
INDIAN RIVER CIOUNTY
THIS IS TO CERTIFY THAT THIS IS A TRUE AND CORRECT
By:
Cole Clemens (cclemens@otmcyber.com)
COPY OF THE ORIGINAL ON FILE IN THIS OFFICE.
RYAN L. BLLERK
BY r✓ D.C.
Status:
Signed
DATEQi, I
Transaction ID:
CBJCHBCAABAAxpWSQKm3h-kd7pMaAHYsyygFy3Gogtdm
"Indian_River_3-Year_Partnership_Agreement_Final" History
Document created by Cole Clemens (cclemens@otmcyber.com)
2024-06-10 - 2:23:09 PM GMT
t -y Document emailed to Cole Clemens (cclemens@otmcyber.com) for signature
2024-06-10 - 2:23:16 PM GMT
Email viewed by Cole Clemens (cclemens@otmcyber.com)
2024-06-10 - 2:26:56 PM GMT
do Document e -signed by Cole Clemens (cclemens@otmcyber.com)
Signature Date: 2024-06-10 - 2:27:59 PM GMT - Time Source: server
P, 4 Document emailed to Kris Corter (kcorter@otmcyber.com) for signature
2024-06-10 - 2:28:01 PM GMT
Email viewed by Kris Corter (kcorter@otmcyber.com)
2024-06-10 - 2:56:06 PM GMT
do Document e -signed by Kris Corter (kcorter@otmcyber.com)
Signature Date: 2024-06-10 - 2:58:32 PM GMT - Time Source: server
Agreement completed.
2024-06-10 - 2:58:32 PM GMT
8 Adobe Acrobat Sign