2024/02/26 Truleo, Inc. Body Worn Camera Audio Analytics Software Solution2905/031858-0001
19584139.6 a02/16/24
CITY OF MENIFEE
SOFTWARE SERVICES AGREEMENT
BODY WORN CAMERA AUDIO ANALYTICS SOFTWARE SOLUTION
THIS SOFTWARE SERVICES AGREEMENT (“Agreement”) is made and effective this
______ day of __________, 2024 (“Effective Date”) by and between the CITY OF MENIFEE, a
California municipal corporation, (“City”) and Truleo, Inc., a Delaware Corporation (“Provider”).
City and Provider may sometimes herein be referred to individually as a “Party” and collectively
as the “Parties.” In consultation with the California Public Contract Code, the California Labor
Code, and other applicable laws relating to the performance of public work, the Parties agree that
the services to be performed hereunder do not involve a “public work” as that term is defined in
applicable law.
SECTION 1. SERVICES.
Subject to the terms and conditions set forth in this Agreement, Provider shall provide to
City the services described in the Scope of Services, attached hereto as Exhibit “A” and
incorporated herein by this reference (the “Services”). In the event of a conflict in or inconsistency
between the terms of this Agreement and Exhibit “A”, this Agreement shall prevail.
1.1 Term of Services. The term of this Agreement shall begin on February 1, 2024
and shall end on January 31, 2025 unless the term of this Agreement is otherwise terminated or
extended as provided for in Section 8. This Section 1.1 shall not affect City’s right to terminate
this Agreement, as provided for in Section 8.
1.2 Standard of Performance. Provider represents and warrants that Provider is a
provider of first class work and services and Provider is experienced in performing the Services
contemplated herein and, in light of such status and experience, Provider shall perform the Services
required pursuant to this Agreement in the manner and according to the standards observed by a
competent practitioner of the profession in which Provider is engaged in the geographical area in
which Provider practices its profession and to the sole satisfaction of the Contract Administrator.
1.3 Assignment of Personnel.
a. All Services. Provider shall assign only competent personnel to perform
the Services pursuant to Agreement. In the event that City, in its sole discretion, at any time during
the term of this Agreement, desires the reassignment of any such persons, Provider shall,
immediately upon receiving notice from City of such desire of City, reassign such person or
persons. To the fullest extent feasible, Provider shall maintain a consistent staff and shall minimize
staff changes or turnover on the Services. Provider shall keep a list of assigned personnel to the
Services and shall provide such list to the City upon execution of this Agreement and later upon
reasonable request.
b. Law Enforcement Services. If the Services are designed and procured for
or on behalf of the Menifee Police Department, Provider shall comply with all applicable
California Law Enforcement Telecommunications Services (CLETS) requirements including but
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
26th February, 2024
2905/031858-0001
19584139.6 a02/16/24 -2-
not limited to requiring assigned personnel to undergo required background checks when directed
by the City.
1.4 Time. Provider shall devote such time to the performance of the Services pursuant
to this Agreement as may be reasonably necessary to satisfy Provider’s obligations hereunder.
1.5 Authorization to Perform Services. Provider is not authorized to perform any of
the Services or incur any costs whatsoever under the terms of this Agreement until receipt of
authorization from the Contract Administrator.
1.6 Warranty. By executing this Agreement, Provider warrants that Provider (i) has
thoroughly investigated and considered the Services, (ii) has carefully considered how the Services
should be performed, and (iii) fully understands the facilities, difficulties, and restrictions attending
performance of the Services.
1.7 Cyber Security Incident and Data Breach Notification: In the event of a cyber
security incident or a data breach (each an "incident"), as such cyber security incident or data
breaches are defined by applicable law, which may detrimentally impact City’s information
technology network, Provider will report said incident by the fastest means available and also in
writing, within forty-eight (48) hours after Provider reasonably believes that there has been a such
incident has occurred. The notification shall identify the nature of the incident; (b) the data
accessed, used, or disclosed; (c) the persons who accessed, used, disclosed, or received the data;
(d) Provider’s approach to quarantine or mitigate the incident; and (e) what corrective action
Provider will take or has taken to prevent future incidents. Provider will provide daily, or more
frequently where requested by City, regarding findings and actions performed by Provider until
the cyber security incident has been effectively resolved to your satisfaction. Provider will
quarantine the incident to ensure secure access to data, and repair the Services as needed to recover
from the incident. Provider shall conduct an investigation of the incident and share the report of
the investigation with City. After any significant incident determined in City’s reasonable
discretion to be catastrophic and material, Provider will at its expense have an independent,
industry-recognized, City-approved third party perform an information security audit. The audit
results shall be shared with City within seven (7) days of Provider’s receipt of such results. Upon
Provider receiving the results of the audit, Provider will provide City with written evidence of
planned remediation within thirty (30) days and promptly modify its security measures in order to
meet its obligations under this Agreement. Section 5, Indemnification shall specifically apply to
Claims (defined below) arising from cyber security incidents or data breaches which impact City’s
information systems network through Provider’s network, system, or Services.
1.8 SOC Compliance. Where Provider is required by law to attain and maintain System
& Organizational Controls (“SOC”)1 and SOC 2 compliance, or its equivalent, for the Services,
Provider shall maintain such compliance for the duration of the Agreement, and shall provide a
copy of Provider’s SOC 1 Type 2 and SOC 2 Type 2 compliance reports to City within thirty (30)
days of execution of the Agreement and annually thereafter within thirty (30) days of such reports
being received by Provider.
1.9 City Policies. Provider shall comply with the City policy or policies attached hereto
as Exhibit “B” and incorporated herein by this reference.
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
2905/031858-0001
19584139.6 a02/16/24 -3-
1.10 Change in Control. Provider shall provide written notice to City of major changes
in control of Provider’s enterprise including mergers, sales, and any other occurrence resulting in
a change of more than fifty percent (50%) of Provider’s ownership or executives. City may, in its
sole discretion, elect to terminate this Agreement pursuant to Section 8 hereof as a result of a
change in control of Provider’s enterprise.
SECTION 2. COMPENSATION.
City hereby agrees to pay Provider a sum not to exceed TWENTY-FOUR THOUSAND,
FIVE HUNDRED DOLLARS ($24,500) notwithstanding any contrary indications that may be
contained in Provider’s proposal, for the Services to be performed and reimbursable costs incurred
under this Agreement. In the event of a conflict between this Agreement and Exhibit “A”,
regarding the amount of compensation, this Agreement shall prevail. City shall pay Provider for
the Services rendered pursuant to this Agreement at the time and in the manner set forth herein.
The payments specified below shall be the only payments from City to Provider for the Services
rendered pursuant to this Agreement. Provider shall submit all invoices to City in the manner
specified herein. Except as specifically authorized in advance by City, Provider shall not bill City
for duplicate services performed by more than one person.
2.1 Invoices. Provider shall submit an invoice during the first month of the contract
term. Invoice shall include the following information:
a. The beginning and ending dates of the billing period;
b. The Provider Representative’s signature.
Invoices shall be submitted to:
City of Menifee
Attn: Accounts Payable
29844 Haun Road
Menifee, CA 92586
accountspayable@cityofmenifee.us
2.2 Payment. City shall have thirty (30) days from the receipt of an invoice that
complies with all of the requirements above to pay Provider.
2.3 Total Payment. City shall not pay any additional sum for any expense or cost
whatsoever incurred by Provider in rendering the Services pursuant to this Agreement. City shall
make no payment for any extra, further, or additional service pursuant to this Agreement. In no
event shall Provider submit any invoice for an amount in excess of the maximum amount of
compensation provided above either for a task or for the entirety of the Services performed
pursuant to this Agreement, unless this Agreement is modified in writing prior to the submission
of such an invoice.
2.4 Hourly Fees. Fees for the Services performed by Provider on an hourly basis shall
not exceed the amounts shown on the fee schedule included with Exhibit “A” (if applicable).
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
2905/031858-0001
19584139.6 a02/16/24 -4-
When the Services involve fees on an hourly or other time-basis, Provider shall only perform such
Services to thresholds approved in advance in writing by the Contract Administrator.
2.5 Reimbursable Expenses. Reimbursable expenses are included within the maximum
amount of this Agreement.
2.6 Payment of Taxes. Provider is solely responsible for the payment of employment
taxes incurred under this Agreement and any federal or state taxes.
2.7 Payment upon Termination. In the event that City or Provider terminates this
Agreement pursuant to Section 8, City shall compensate Provider for all outstanding costs and
reimbursable expenses incurred for Services satisfactorily completed and for reimbursable
expenses as of the date of written notice of termination. Provider shall maintain adequate logs and
timesheets in order to verify costs and reimbursable expenses incurred to that date.
2.8 Service Level Commitment. This Section shall only apply to Services which
involve the provision or availability of a network, system, platform, or other asset by Provider to
City (each an “Online Asset”). In the event an Online Asset is unavailable to City in the
percentages listed below, City shall receive the corresponding deduction from the compensation
otherwise due to Provider for the Online Asset for the monthly payment following the
unavailability. The service level commitment required by this Section 2.8 does not include
unavailability of Online Assets due to regularly scheduled maintenance where written notice of
the unavailability is provided by Provider to City at least twenty-four (24) hours before the
unavailability.
Percentage Unavailable* Discount from Cost of Online Asset
98% - 100% None
90% - 97% 5%
80% - 90% 10%
75% - 80% 25%
74% and less 100%
*Decimals will be rounded to the nearest whole number.
In addition to the foregoing, Provider shall schedule and attend a quarterly service level review
meeting with the Contract Administrator or designee. The Contract Administrator may consent in
writing to cancelling any particular meeting or meetings.
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
2905/031858-0001
19584139.6 a02/16/24 -5-
SECTION 3. FACILITIES AND EQUIPMENT.
Except as otherwise provided, Provider shall, at its sole cost and expense, provide all
facilities, services, accessories, and equipment necessary to perform the services required by this
Agreement. City shall make available to Provider only physical facilities such as desks, filing
cabinets, and conference space, as may be reasonably necessary for Provider’s use while
consulting with City employees and reviewing records and the information in possession of City.
The location, quantity, and time of furnishing those facilities shall be in the sole discretion of City.
In no event shall City be required to furnish any facility or equipment that may involve incurring
any direct expense, including but not limited to computer, internet, long-distance telephone or
other communication charges, vehicles, and reproduction facilities.
SECTION 4. INSURANCE REQUIREMENTS.
Before beginning any work under this Agreement, Provider, at its own cost and expense,
shall procure the types and amounts of insurance listed below and provide certificates of insurance,
indicating that Provider has obtained or currently maintains insurance that meets the requirements
of this Section and which is satisfactory, in all respects, to City. Provider shall maintain the
insurance policies required by this Section throughout the term of this Agreement. The cost of
such insurance shall be included in Provider’s compensation. Provider shall not allow any
subcontractor, Provider or other agent to commence work on any subcontract until Provider has
obtained all insurance required herein for the subcontractor(s) and provided evidence thereof to
City. Verification of the required insurance shall be submitted and made part of this Agreement
prior to execution. Provider acknowledges the insurance policy must cover inter-insured suits
between City and other insureds. Provider agrees that the requirement to provide insurance shall
not be construed as limiting in any way the extent to which Provider may be held responsible for
the payment of damages to any persons or property resulting from Provider activities or the
activities of any person or persons for which Provider is otherwise responsible nor shall it limit
Provider’s indemnification liabilities as provided in Section 5.
4.1 Workers’ Compensation. Provider shall, at its sole cost and expense, maintain
Statutory Workers’ Compensation Insurance and Employer’s Liability Insurance for any and all
persons employed directly or indirectly by Provider pursuant to the provisions of the California
Labor Code. Statutory Workers’ Compensation Insurance and Employer’s Liability Insurance
shall be provided with limits of not less than ONE MILLION DOLLARS ($1,000,000.00) per
accident, ONE MILLION DOLLARS ($1,000,000.00) disease per employee, and ONE MILLION
DOLLARS ($1,000,000.00) disease per policy. In the alternative, Provider may rely on a self-
insurance program to meet those requirements, but only if the program of self-insurance complies
fully with the provisions of the California Labor Code. Determination of whether a self-insurance
program meets the standards of the California Labor Code shall be solely in the discretion of the
Contract Administrator. The insurer, if insurance is provided, or Provider, if a program of self-
insurance is provided, shall waive all rights of subrogation against City and its officers, officials,
employees, and authorized volunteers for loss arising from the Services performed under this
Agreement.
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
2905/031858-0001
19584139.6 a02/16/24 -6-
4.2 Commercial General and Automobile Liability Insurance.
a. General requirements. Provider, at its own cost and expense, shall maintain
commercial general and automobile liability insurance for the term of this Agreement in an amount
not less than ONE MILLION DOLLARS ($1,000,000.00) per occurrence, combined single limit
coverage, for risks associated with the Services contemplated by this Agreement, TWO MILLION
DOLLARS ($2,000,000.00) general aggregate, and TWO MILLION DOLLARS ($2,000,000.00)
products/completed operations aggregate. If a Commercial General Liability Insurance or an
Automobile Liability Insurance form or other form with a general aggregate limit is used, either
the general aggregate limit shall apply separately to the Services to be performed under this
Agreement or the general aggregate limit shall be at least twice the required occurrence limit. Such
coverage shall include but shall not be limited to, protection against claims arising from bodily
and personal injury, including death resulting therefrom, and damage to property resulting from
the Services contemplated under this Agreement, including the use of hired, owned, and non-
owned automobiles.
b. Minimum Scope of Coverage. Commercial general coverage shall be at
least as broad as Insurance Services Office Commercial General Liability occurrence form
CG 0001. Automobile coverage shall be at least as broad as Insurance Services Office Automobile
Liability form CA 0001 Code 2, 8, and 9. No endorsement shall be attached limiting the coverage.
c. Additional Requirements. Each of the following shall be included in the
insurance coverage or added as a certified endorsement to the policy:
(i) The insurance shall cover on an occurrence or an accident basis, and
not on a claims-made basis.
(ii) Any failure of Provider to comply with reporting provisions of the
policy shall not affect coverage provided to City and its officers, employees, agents, and
volunteers.
4.3 Professional Liability Insurance.
a. General Requirements. Provider, at its own cost and expense, shall
maintain for the period covered by this Agreement professional liability insurance for licensed
professionals performing the Services pursuant to this Agreement in an amount not less than ONE
MILLION DOLLARS ($1,000,000) covering the licensed professionals’ errors and omissions.
Any deductible or self-insured retention shall be shown on the Certificate. If the deductible or
self-insured retention exceeds TWENTY-FIVE THOUSAND DOLLARS ($25,000), it must be
approved in writing by City.
b. Claims-Made Limitations. The following provisions shall apply if the
professional liability coverage is written on a claims-made form:
(i) The retroactive date of the policy must be shown and must be no
later than the commencement of the Services.
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
2905/031858-0001
19584139.6 a02/16/24 -7-
(ii) Insurance must be maintained and evidence of insurance must be
provided for at least five (5) years after the expiration or termination of this Agreement or
completion of the Services, so long as commercially available at reasonable rates.
(iii) If coverage is canceled or not renewed and it is not replaced with
another claims-made policy form with a retroactive date that precedes the Effective Date of this
Agreement, Provider must provide extended reporting coverage for a minimum of five (5) years
after the expiration or termination of this Agreement or the completion of the Services. Such
continuation coverage may be provided by one of the following: (1) renewal of the existing policy;
(2) an extended reporting period endorsement; or (3) replacement insurance with a retroactive date
no later than the commencement of the Services under this Agreement. City shall have the right
to exercise, at Provider’s sole cost and expense, any extended reporting provisions of the policy,
if Provider cancels or does not renew the coverage.
(iv) A copy of the claim reporting requirements must be submitted to
City prior to the commencement of the Services under this Agreement.
4.4 Cyber Insurance. Provider, at its own cost and expense, shall maintain for the
period covered by this Agreement cyber liability insurance in an amount not less than ONE
MILLION DOLLARS ($1,000,000) covering any cyber security incidents which originates in or
migrates from Provider’s network, and impacts City’s network, system, or access to the Services.
Any deductible or self-insured retention shall be shown on the Certificate or Insurance. If the
deductible or self-insured retention exceeds TWENTY-FIVE THOUSAND
DOLLARS ($25,000), it must be approved in writing by City.
4.5 All Policies Requirements.
a. Acceptability of Insurers. All insurance required by this Section is to be
placed with insurers with a Bests’ rating of no less than A:VII and admitted in California.
b. Verification of Coverage. Prior to beginning the Services under this
Agreement, Provider shall furnish City with certificates of insurance, additional insured
endorsement or policy language granting additional insured status complete certified copies of all
policies, including complete certified copies of all endorsements. All copies of policies and
certified endorsements shall show the signature of a person authorized by that insurer to bind
coverage on its behalf. The certificate of insurance must include the following reference: BODY
WORN CAMERA AUDIO ANALYTICS SOFTWARE SOLUTION. The name and address
for additional insured endorsements, certificates of insurance and notice of cancellation is: City
of Menifee, 29844 Haun Road, Menifee, CA 92586. City must be endorsed as an additional
insured for liability arising out of ongoing and completed operations by or on behalf of Provider.
c. Notice of Reduction in or Cancellation of Coverage. Provider shall provide
written notice to City within ten (10) working days if: (1) any of the required insurance policies
is terminated; (2) the limits of any of the required polices are reduced; or (3) the deductible or self
insured retention is increased. In the event any of said policies of insurance are cancelled, Provider
shall, prior to the cancellation date, submit new evidence of insurance in conformance with this
Section 4 to the Contract Administrator.
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
2905/031858-0001
19584139.6 a02/16/24 -8-
d. Additional Insured; Primary Insurance. City and its officers, employees,
agents, and authorized volunteers shall be covered as additional insureds with respect to each of
the following: liability arising out of the Services performed by or on behalf of Provider, including
the insured’s general supervision of Provider; products and completed operations of Provider, as
applicable; premises owned, occupied, or used by Provider; and automobiles owned, leased, or
used by Provider in the course of providing the Services pursuant to this Agreement. The coverage
shall contain no special limitations on the scope of protection afforded to City or its officers,
employees, agents, or authorized volunteers. The insurance provided to City as an additional
insured must apply on a primary and non-contributory basis with respect to any insurance or self-
insurance program maintained by City. Additional insured status shall continue for one (1) year
after the expiration or termination of this Agreement or completion of the Services.
A certified endorsement must be attached to all policies stating that coverage is
primary insurance with respect to City and its officers, officials, employees, and volunteers, and
that no insurance or self-insurance maintained by City shall be called upon to contribute to a loss
under the coverage.
e. Deductibles and Self-Insured Retentions. Provider shall obtain the written
approval of City for the self-insured retentions and deductibles before beginning any of the
Services.
During the term of this Agreement, only upon the prior express written
authorization of the Contract Administrator, Provider may increase such deductibles or self-
insured retentions with respect to City, its officers, employees, agents, and volunteers. The
Contract Administrator may condition approval of an increase in deductible or self-insured
retention levels with a requirement that Provider procure a bond guaranteeing payment of losses
and related investigations, claim administration, and defense expenses that is satisfactory in all
respects to each of them.
f. Subcontractors. Provider shall include all subcontractors as insureds under
its policies or shall furnish separate certificates and certified endorsements for each subcontractor.
All coverages for subcontractors shall be subject to all of the requirements stated herein.
g. Variation. The Contract Administrator may, but is not required to, approve
in writing a variation in the foregoing insurance requirements, upon a determination that the
coverage, scope, limits, and forms of such insurance are either not commercially available, or that
City’s interests are otherwise fully protected.
4.6 Remedies. In addition to any other remedies at law or equity City may have if
Provider fails to provide or maintain any insurance policies or policy endorsements to the extent
and within the time herein required, City may, at its sole option, exercise any of the following
remedies, which are alternatives to other remedies City may have and are not the exclusive remedy
for Provider’s breach:
a. Obtain such insurance and deduct and retain the amount of the premiums
for such insurance from any sums due under this Agreement;
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
2905/031858-0001
19584139.6 a02/16/24 -9-
b. Order Provider to stop work under this Agreement or withhold any payment
that becomes due to Provider hereunder, or both stop work and withhold any payment, until
Provider demonstrates compliance with the requirements hereof; and/or
c. Terminate this Agreement.
SECTION 5. INDEMNIFICATION.
5.1 Indemnification for Professional Liability. Where the law establishes a
professional standard of care for performance of the Services, to the fullest extent permitted by
law, Provider shall indemnify, protect, defend (with counsel selected by City), and hold harmless
City and any and all of its officers, employees, officials, volunteers, and agents from and against
any and all claims, losses, costs, damages, expenses, liabilities, liens, actions, causes of action
(whether in tort, contract, under statute, at law, in equity, or otherwise) charges, awards,
assessments, fines, or penalties of any kind (including reasonable Provider and expert fees and
expenses of investigation, costs of whatever kind and nature and, if Provider fails to provide a
defense for City, the legal costs of counsel retained by City) and any judgment (collectively,
“Claims”) to the extent same are caused in whole or in part by any negligent or wrongful act, error,
or omission of Provider, its officers, agents, employees, or subcontractors (or any entity or
individual that Provider shall bear the legal liability thereof) in the performance of professional
services under this Agreement.
5.2 Indemnification for Other than Professional Liability. Other than in the
performance of professional services and to the full extent permitted by law, Provider shall
indemnify, protect, defend (with counsel through the City Attorney’s office, or otherwise
acceptable to City), and hold harmless City, and any and all of its officers, employees, officials,
volunteers, and agents from and against any and all Claims, where the same arise out of, are a
consequence of, or are in any way attributable to, in whole or in part, the performance of this
Agreement by Provider or by any individual or entity for which Provider is legally liable, including
but not limited to officers, agents, employees or subcontractors of Provider. This requirement
encompasses, without limitation, Claims arising from cyber security incidents arising out of
Provider’s performance of the Agreement, and copyright, intellectual property, or patent Claims
related to Provider’s provision of the Services.
5.3 Limitation of Indemnification for Design Professionals. Notwithstanding any
provision of this Section 5 to the contrary, design professionals, as that term is defined in Civil
Code Section 2782.8, are required to defend and indemnify City only to the extent permitted by
Civil Code Section 2782.8. The term “design professional” as defined in Section 2782.8, is limited
to licensed architects, licensed landscape architects, registered professional engineers, professional
land surveyors, and the business entities that offer such services in accordance with the applicable
provisions of the California Business and Professions Code. This Subsection 5.3 shall only apply
to Provider if Provider is a “design professional” as that term is defined in Civil Code Section
2782.8.
5.4 Limitation of Indemnification. The provisions of this Section 5 do not apply to
claims occurring as a result of City’s sole or active negligence. The provisions of this Section 5
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
2905/031858-0001
19584139.6 a02/16/24 -10-
shall not release City from liability arising from gross negligence or willful acts or omissions of
City or any and all of its officers, officials, employees, and agents acting in an official capacity.
SECTION 6. INDEPENDENT CONTRACTOR.
At all times during the term of this Agreement, Provider shall be an independent contractor
and shall not be an employee of City. City shall have the right to control Provider only insofar as
the results of the Services rendered pursuant to this Agreement and assignment of personnel
pursuant to Subsection 1.3; however, otherwise City shall not have the right to control the means
by which Provider accomplishes the Services rendered pursuant to this Agreement. The personnel
performing the Services under this Agreement on behalf of Provider shall at all times be under
Provider’s exclusive direction and control. Provider shall not at any time or in any manner
represent that it is or any of its officers, employees, or agents are in any manner officers, officials,
employees, or agents of City. Provider shall not incur or have the power to incur any debt,
obligation, or liability whatever against City, or bind City in any manner. Except for the fees paid
to Provider as provided in this Agreement, City shall not pay salaries, wages, or other
compensation to Provider for performing the Services hereunder for City. City shall not be liable
for compensation or indemnification to Provider for injury or sickness arising out of performing
the Services hereunder. Notwithstanding any other City, state, or federal policy, rule, regulation,
law, or ordinance to the contrary, Provider and any of its employees, agents, and subcontractors
providing services under this Agreement shall not qualify for or become entitled to any
compensation, benefit, or any incident of employment by City, including but not limited to
eligibility to enroll in the California Public Employees Retirement System (“PERS”) as an
employee of City and entitlement to any contribution to be paid by City for employer contributions
and/or employee contributions for PERS benefits.
SECTION 7. LEGAL REQUIREMENTS.
7.1 Governing Law. The laws of the State of California shall govern this Agreement.
7.2 Compliance with Applicable Laws. Provider and any subcontractor shall comply
with all applicable local, state, and federal laws and regulations applicable to the performance of
the work hereunder. Provider shall not hire or employ any person to perform work within City or
allow any person to perform the Services required under this Agreement unless such person is
properly documented and legally entitled to be employed within the United States. Provider
acknowledges and agrees that it shall be independently responsible for reviewing the applicable
laws and regulations and effectuating compliance with such laws. Provider shall require the same
of all subcontractors.
7.3 Cybersecurity Compliance. Without limiting Section 7.2 hereof, Provider shall
comply with all applicable rules and regulations related to cybersecurity, including but not limited
to the National Institute of Standards and Technology (NIST) security standards, Payment Card
Industry (PCI) security standards, Personally Identifiable Information (PII) security standards, the
Health Insurance Portability and Accountability Act (where applicable), and the California Privacy
Rights Act (CPRA.)
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
2905/031858-0001
19584139.6 a02/16/24 -11-
7.4 Prevailing Wages. Provider acknowledges and agrees that it shall be independently
responsible for reviewing the applicable prevailing wage laws and regulations and effectuating
compliance with such laws, including, but not limited to the prevailing wage and related
requirements applicable to public works contracts. Provider shall bear all risks of payment or non-
payment of prevailing wages under California law and/or the implementation of California Labor
Code Section 1781, as the same may be amended from time to time, and/or any other similar law.
Section 5, Indemnification, specifically encompasses Claims arising from or related to (i) the
noncompliance by Provider or any party performing the Services of any applicable local, state,
and/or federal law, including, without limitation, any applicable federal and/or state labor laws
(including, without limitation, the requirement to pay state prevailing wages and hire apprentices);
(ii) the implementation of California Labor Code Sections 1726 and 1781, as the same may be
amended from time to time, or any other similar law; and/or (iii) failure by Provider or any party
performing the Services to provide any required disclosure or identification as required by
California Labor Code Section 1781, as the same may be amended from time to time, and/or any
other similar law.
7.5 Licenses and Permits, Fees and Assessments. Provider represents, warrants, and
covenants to City that Provider and its employees, agents, and any subcontractors have all licenses,
permits, qualifications, and approvals of whatsoever nature that are legally required to practice
their respective professions, and perform the Services. Provider represents, warrants, and
covenants to City that Provider and its employees, agents, and subcontractors shall, at their sole
cost and expense, keep in effect at all times during the term of this Agreement any licenses,
permits, and approvals that are legally required to practice their respective professions, and
perform the Services. In addition to the foregoing, Provider and any subcontractors shall obtain
and maintain during the term of this Agreement valid business licenses from City. Provider shall
have the sole obligation to pay for any fees, assessments, and taxes, plus applicable penalties and
interest, which may be imposed by law and arise from or are necessary for Provider’s performance
of the Services, and shall indemnify, defend and hold harmless City, its officers, employees or
agents of City, against any such fees, assessments, taxes, penalties or interest levied, assessed, or
imposed against City hereunder.
7.6 Conflicts of Interest, Political Reform Act. Provider represents, warrants, and
covenants that Provider presently has no interest, direct or indirect, which would interfere with or
impair in any manner or degree the performance of Provider’s obligations and responsibilities
under this Agreement. Provider further agrees that while this Agreement is in effect, Provider
shall not acquire or otherwise obtain any interest, direct or indirect, that would interfere with or
impair in any manner or degree the performance of Provider’s obligations and responsibilities
under this Agreement. Provider acknowledges that pursuant to the provisions of the Political
Reform Act (Government Code Section 87100 et seq.), City may determine the Provider to be a
“consultant” as that term is defined by 2 California Code of Regulations Section 18700.3. In the
event City makes such a determination, Provider agrees to complete and file a “Statement of
Economic Interest” with the City Clerk to disclose such financial interests as required by City. In
such event, Provider further agrees to require any other person doing work under this Agreement
to complete and file a “Statement of Economic Interest” to disclose such other person’s financial
interests as required by City.
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
2905/031858-0001
19584139.6 a02/16/24 -12-
7.7 Annual Appropriation of Funding. In accord with Article 16 Section 18 of the
California Constitution, payment of compensation under this Agreement is contingent upon annual
appropriation of funds by City for that purpose. Provider acknowledges and agrees that to the
extent that the Services extend beyond one (1) fiscal year, payment for such Services is expressly
conditioned on City’s annual appropriation of funds for such Services for each year. If no funds
are appropriated then this Agreement shall be terminated. City pledges and agrees to process such
appropriation requests annually and in good faith. Nothing in this Subsection shall be construed
to limit the right of either Party to terminate this Agreement as provided herein.
SECTION 8. TERMINATION AND MODIFICATION.
8.1 Termination. City may cancel this Agreement at any time and without cause upon
written notification to Provider.
8.2 Termination by Provider. Provider may cancel this Agreement upon 30 days’
written notice to City.
8.3 Consequences of Termination. City is not entitled to a refund in the event of
Termination. Provider shall cooperate with City, and shall not unreasonably delay or impede City’s
efforts to transition the Services to another provider, where requested by City (a “Transition”).
The Transition may include any or all of the following:
a. Permitting the City to continue using the Services for up to three (3) months
as requested by City on the same terms as this Agreement; and/or
b. Extracting any City data (if any) from Provider’s service in a computer
readable format to be mutually agreed upon by the Parties; and/or
c. Providing to City documentation regarding City users and privileges to the
Services; and/or
d. Certifying to City that all City data has been deleted from Provider’s service
on a date mutually agreed upon by the Parties; and/or
e. Any other actions mutually agreeable to the Parties to assist with the
Transition.
8.4 Extension. INTENTIONALLY OMITTED.
8.5 Amendments. The Parties may amend this Agreement only by a writing signed by
all the Parties.
8.6 Assignment and Subcontracting. City and Provider recognize and agree that this
Agreement contemplates personal performance by Provider and is based upon a determination of
Provider’s unique personal competence, experience, and specialized personal knowledge.
Moreover, a substantial inducement to City for entering into this Agreement was and is the
professional reputation and competence of Provider. Provider may not assign this Agreement or
any interest therein without the prior written approval of the Contract Administrator. Provider
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
2905/031858-0001
19584139.6 a02/16/24 -13-
shall not subcontract any portion of the performance contemplated and provided for herein, other
than to the subcontractors noted in Provider’s proposal, without prior written approval of the
Contract Administrator. In the event that key personnel leave Provider’s employ, Provider shall
notify City immediately.
8.7 Survival. All obligations arising prior to the expiration or termination of this
Agreement and all provisions of this Agreement allocating liability between City and Provider
shall survive the expiration or termination of this Agreement.
8.8 Options upon Breach by Provider. If Provider materially breaches any of the terms
of this Agreement, City's remedies shall include, but not be limited to, any or all of the following:
a. Immediately terminate this Agreement;
b. Retain the work product prepared by Provider pursuant to this Agreement;
c. Retain a different Provider to complete the Services described in
Exhibit “A”; and/or
d. Charge Provider the difference between the cost to complete the Services
described in Exhibit “A” that is unfinished at the time of breach and the amount that City would
have paid Provider pursuant to Section 2 if Provider had completed the Services.
e.
SECTION 9. KEEPING AND STATUS OF RECORDS.
9.1 Records Created as Part of Provider’s Performance. Where the Services include
the preparation or receipt of any documents, including data, in any form, by Provider exclusively
or primarily for the purpose of providing the Services to City, such records shall become property
of City. Provider hereby agrees to deliver those documents to City upon the expiration or
termination of this Agreement. It is understood and agreed that the documents and other materials,
including but not limited to those described above, prepared pursuant to this Agreement are
prepared specifically for City and are not necessarily suitable for any future or other use. Any use
of such documents for other projects by City shall be without liability to Provider. City and
Provider agree that, until final approval by City, all data, plans, specifications, reports, and other
documents prepared exclusively or primarily for the purposes of providing the Services to City are
confidential and will not be released to third parties without prior written consent of both Parties
unless required by law.
9.2 Licensing of Intellectual Property. This Agreement creates a non-exclusive and
perpetual license for City to copy, use, modify, reuse, or sublicense any and all copyrights, designs,
rights of reproduction, and other intellectual property embodied in plans, specifications, studies,
drawings, estimates, test data, survey results, models, renderings, and other documents or works
of authorship fixed in any tangible medium of expression, including but not limited to, physical
drawings, digital renderings, or data stored digitally, magnetically, or in any other medium, which
are prepared or caused to be prepared by Provider under this Agreement (“Documents and Data”).
Provider shall require all subcontractors to agree in writing that City is granted a non-exclusive
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
2905/031858-0001
19584139.6 a02/16/24 -14-
and perpetual license for any Documents and Data the subcontractor prepares under this
Agreement. Provider represents and warrants that Provider has the legal right to license any and
all Documents and Data. Provider makes no such representation and warranty in regard to
Documents and Data which were prepared by design professionals other than Provider or provided
to Provider by the City. City shall not be limited in any way in its use of the Documents and Data
at any time, provided that any such use not within the purposes intended by this Agreement shall
be at City’s sole risk.
9.3 Provider’s Books and Records. Provider shall maintain any and all ledgers, books
of account, invoices, vouchers, canceled checks, and other records or documents evidencing or
relating to charges for the Services or expenditures and disbursements charged to City under this
Agreement for a minimum of three (3) years, or for any longer period required by law, from the
date of final payment to Provider under this Agreement. All such records shall be maintained in
accordance with generally accepted accounting principles and shall be clearly identified and
readily accessible.
9.4 Inspection and Audit of Records. Any records or documents that Subsection 9.3 of
this Agreement requires Provider to maintain shall be made available for inspection, audit, and/or
copying at any time during regular business hours, upon oral or written request of City. Under
California Government Code Section 8546.7, if the amount of public funds expended under this
Agreement exceeds TEN THOUSAND DOLLARS ($10,000.00), this Agreement shall be subject
to the examination and audit of the State Auditor, at the request of City or as part of any audit of
City, for a period of three (3) years after final payment under this Agreement.
SECTION 10. MISCELLANEOUS PROVISIONS.
10.1 Attorneys’ Fees. If either Party to this Agreement brings any action, including an
action for declaratory relief, to enforce or interpret the provision of this Agreement, the prevailing
Party shall be entitled to reasonable attorneys’ fees and expenses including costs, in addition to
any other relief to which that Party may be entitled; provided, however, that the attorneys’ fees
awarded pursuant to this Subsection shall not exceed the hourly rate paid by City for legal services
multiplied by the reasonable number of hours spent by the prevailing Party in the conduct of the
litigation. The court may set such fees in the same action or in a separate action brought for that
purpose.
10.2 Applicable Law, Venue. The laws of the State of California shall govern this
Agreement. In the event that either Party brings any action against the other under this Agreement,
the Parties agree that trial of such action shall be vested exclusively in Riverside County.
10.3 Severability. If any provision of this Agreement is held invalid, the remainder of
this Agreement shall not be affected thereby and all other parts of this Agreement shall
nevertheless be in full force and effect.
10.4 Section Headings and Subheadings. The section headings and subheadings
contained in this Agreement are included for convenience only and shall not limit or otherwise
affect the terms of this Agreement.
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
2905/031858-0001
19584139.6 a02/16/24 -15-
10.5 No Implied Waiver of Breach. Waiver by any Party to this Agreement of any term,
condition, or covenant of this Agreement shall not constitute a waiver of any other term, condition,
or covenant. Waiver by any Party of any breach of the provisions of this Agreement shall not
constitute a waiver of any other provision or a waiver of any subsequent breach or violation of any
provision of this Agreement. Acceptance by City of any work or services by Provider shall not
constitute a waiver of any of the provisions of this Agreement. No delay or omission in the
exercise of any right or remedy by a non-defaulting Party on any default shall impair such right or
remedy or be construed as a waiver. Any waiver by either Party of any default must be in writing
and shall not be a waiver of any other default concerning the same or any other provision of this
Agreement.
10.6 Successors and Assigns. The provisions of this Agreement shall inure to the benefit
of and shall apply to and bind the successors and assigns of the Parties.
10.7 Provider Representative. All matters under this Agreement shall be handled for
Provider by Anthony Tassone (“Provider’s Representative”). The Provider’s Representative shall
have full authority to represent and act on behalf of Provider for all purposes under this Agreement.
The Provider’s Representative shall supervise and direct the Services, using his best skill and
attention, and shall be responsible for all means, methods, techniques, sequences, and procedures
and for the satisfactory coordination of all portions of the Services under this Agreement.
10.8 City Contract Administration. This Agreement shall be administered by a City
employee, Chief Information Officer or designee (“Contract Administrator”). All correspondence
shall be directed to or through the Contract Administrator or his designee. The Contract
Administrator shall have the power to act on behalf of City for all purposes under this Agreement.
Unless otherwise provided in this Agreement, Provider shall not accept direction or orders from
any person other than the Contract Administrator or his designee.
10.9 Notices. Any written notice to Provider shall be sent to:
Truleo, Inc.
Attn: Anthony Tassone
119 W. 24th Street, 4th Floor
New York, NY 10011
Any written notice to City shall be sent to the Contract Administrator at:
City of Menifee
29844 Haun Road
Menifee, CA 92586
Attn: Chief Information Officer
with a copy to:
City Clerk
City of Menifee
29844 Haun Road
Menifee, CA 92586
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
2905/031858-0001
19584139.6 a02/16/24 -16-
10.10 Rights and Remedies. Except with respect to rights and remedies expressly
declared to be exclusive in this Agreement, the rights and remedies of the Parties are cumulative
and the exercise by either Party of one or more of such rights or remedies shall not preclude the
exercise by it, at the same or different times, of any other rights or remedies for the same default
or any other default by the other Party.
10.11 Integration. This Agreement, including the exhibits attached hereto and
incorporated herein by reference, represents the entire and integrated agreement between City and
Provider and supersedes all prior negotiations, representations, or agreements, either written or
oral. The terms of this Agreement shall be construed in accordance with the meaning of the
language used and shall not be construed for or against either Party by reason of the authorship of
this Agreement or any other rule of construction which might otherwise apply.
10.12 Counterparts. This Agreement may be executed in multiple counterparts, each of
which shall be an original and all of which together shall constitute one agreement.
10.13 Execution of Contract. The persons executing this Agreement on behalf of each of
the Parties hereto represent and warrant that (i) such Party is duly organized and existing, (ii) they
are duly authorized to execute and deliver this Agreement on behalf of said Party, (iii) by so
executing this Agreement, such Party is formally bound to the provisions of this Agreement, and
(iv) that entering into this Agreement does not violate any provision of any other agreement to
which said Party is bound.
10.14 Nondiscrimination. Provider covenants that, by and for itself, its heirs, executors,
assigns, and all persons claiming under or through them, that in the performance of this Agreement
there shall be no discrimination against or segregation of, any person or group of persons on
account of any impermissible classification including, but not limited to, race, color, creed,
religion, sex, marital status, sexual orientation, national origin, or ancestry.
10.15 No Third Party Beneficiaries. There are no intended third-party beneficiaries under
this Agreement and no such other third parties shall have any rights or obligations hereunder.
10.16 Nonliability of City Officers and Employees. No officer, official, employee, agent,
representative, or volunteer of City shall be personally liable to Provider, or any successor in
interest, in the event of any default or breach by City or for any amount which may become due to
Provider or to its successor, or for breach of any obligation of the terms of this Agreement.
10.17 No Undue Influence. Provider declares and warrants that no undue influence or
pressure is used against or in concert with any officer or employee of City in connection with the
award, terms or implementation of this Agreement, including any method of coercion, confidential
financial arrangement, or financial inducement. No officer or employee of City shall receive
compensation, directly or indirectly, from Provider, or from any officer, employee, or agent of
Provider, in connection with the award of this Agreement or any work to be conducted as a result
of this Agreement.
10.18 No Benefit to Arise to City Employees. No member, officer, or employee of City,
or their designees or agents, and no public official who exercises authority over or has
responsibilities with respect to this Agreement during his/her tenure or for one (1) year thereafter,
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
2905/031858-0001
19584139.6 a02/16/24 -17-
shall have any interest, direct or indirect, in any agreement or sub-agreement, or the proceeds
thereof, for the Services to be performed under this Agreement.
[Signatures on Following Page]
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
2905/031858-0001
19584139.6 a02/16/24 -18-
IN WITNESS WHEREOF, the Parties hereto have executed and entered into this
Agreement as of the Effective Date.
CITY OF MENIFEE
Armando G. Villa, City Manager
Attest:
Sarah A. Manwaring, City Clerk
Approved as to Form:
Jeffrey T. Melching, City Attorney
PROVIDER
Anthony Tassone, Chief Executive Officer
Christine Preizler, Senior Vice President
[Note: 2 officer’s signatures required if
Provider is a corporation, unless provided
with a certificate of secretary in-lieu]
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
2905/031858-0001
19584139.6 a02/16/24
EXHIBIT “A”
EXHIBIT “A”
SCOPE OF SERVICES
Services shall include BODY WORN CAMERA AUDIO ANALYTICS SOFTWARE
SOLUTION services in the amount not to exceed TWENTY-FOUR THOUSAND, FIVE
HUNDRED DOLLARS ($24,500) as further detailed in the following page(s).
The Services incorporate the Truleo End User License Agreement to the extent it does not conflict
with the terms of the body of this Agreement above. In addition to the foregoing, the following
changes shall be made to the Truleo End User License Agreement:
• The following is added to the end of Section 7 (b): “For the avoidance of doubt, data from
Department’s body-worn cameras shall be treated by Truleo as Confidential Information.”
• The following is added to Section 7(e): “When applicable law, including a court order
compels a Party to disclose Confidential Information obtained from the other Party under
this Agreement, the disclosing Party shall give the other Party at least ten (10) days’ notice
or the maximum amount permitted by law, so that such Party may seek a protective order
or other legal recourse against the disclosure.”
• Section 8 is intentionally omitted.
• Section 9 is intentionally omitted.
Section 12(c) is made mutual to replace reference to “Truleo” with “Either Party.”
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
2905/031858-0001
19584139.6 a02/16/24 EXHIBIT A.
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
2905/031858-0001
19584139.6 a02/16/24 EXHIBIT A.
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
2905/031858-0001
19584139.6 a02/16/24 EXHIBIT A.
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
2905/031858-0001
19584139.6 a02/16/24 EXHIBIT A.
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
2905/031858-0001
19584139.6 a02/16/24 EXHIBIT A.
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
2905/031858-0001
19584139.6 a02/16/24 EXHIBIT A.
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
2905/031858-0001
19584139.6 a02/16/24 EXHIBIT A.
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
2905/031858-0001
19584139.6 a02/16/24 EXHIBIT A.
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
2905/031858-0001
19584139.6 a02/16/24 EXHIBIT A.
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
2905/031858-0001
19584139.6 a02/16/24 EXHIBIT A.
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
EXHIBIT “B”
CITY POLICIES
CITY OF MENIFEE
City Council Policy
Policy Number: CC-18
Approving Authority:
City Council
Subject
Electronic Communication Use Policy and Procedures
Effective Date:
May 1, 2019
Page 1 of 8
PURPOSE
The objectives of this policy are to:
provide clear and concise direction regarding use of the City’s electronic
communications systems, including electronic mail (email), text messaging and voice
mail;
minimize any disruptions to City services related to electronic communications;
enhance work productivity through the use of electronic communications; and
comply with applicable State and Federal laws and City policies related to the use of
email and all other forms of electronic communication. Specifically, this policy
addresses the California Supreme Court’s 2017 decision in City of San Jose v.
Superior Court of Santa Clara County, holding that a city employee’s
communications, related to the conduct of public business, are subject to the
California Public Records Act, even if they were sent or received using a personal
account or personal device.
SCOPE / BACKGROUND
This policy applies to all persons (including employees, appointed and elected officials,
interns, and volunteers) who are permitted to use the City’s computing or network
resources, and particularly the email functions of the system (“Authorized Users”).
“City” means the City of Menifee. “Email” means any electronic communication to or
from any authorized user using the Email System, including all information, data, and
attachments to the electronic communication, “Email System” means the system of
devices (including hardware, software, and other equipment) owned and controlled by
the City or the authorized user, for the purpose of facilitating the electronic transmission.
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
“Electronic Communications” includes any and all electronic transmission, and every
other means of recording upon any tangible thing in any form of communication or
representation, including letters, words, pictures, sounds, or symbols, or combinations
thereof, and any record thereby created, regardless of the manner in which the record
has been stored. Without limiting the nature of the foregoing, “electronic
communications” include emails, texts, voicemails, and also include communications
on or within commercial applications (apps) such as Facebook Messenger, Twitter, etc.
POLICY
Definition of “Official City Record”
Under this Policy, the definition of “Official City Record” is the same as the definition
provided in the California Public Records Act (Cal. Gov. Code § 6250 et seq.) for “public
records” and “writing”:
“…any writing containing information relating to the conduct of the public’s business prepared,
owned, used or retained by any state or local agency regardless of physical form or
characteristics…”
“…’Writing’ means handwriting, typewriting, printing, photostating, photographing,
photocopying, transmitting by electronic mail or facsimile, and every other means of
recording upon any tangible thing any form of communication or representation,
including letters, words, pictures, sounds, or symbols, or combination thereof, and any
record thereby created, regardless of the manner in which the record has been stored.”
Electronic Communication Related to City Business is an Official City Record
Email and other forms of electronic communications, such as voice mail, texts,
tweets, and social media posts, generate correspondence and other types of
records that can be recognized as Official City Records and may be subject to
disclosure under the Public Records Act. In addition, any Official City Record
created through email and other forms of electronic communications must be
protected and retained in accordance with records retention laws. For this reason,
employees, appointed and elected officials, interns, and volunteers are prohibited
from using their personal devices for City business.
Messages transmitted using the City’s Email System or City-owned equipment with
capabilities for text messaging and/or voice mail, should be messages which
involve City business activities and contain information essential to accomplishment
of business-related tasks, or can otherwise be recognized as Official City Records.
However, the incidental use of electronic communications (email, or voice) that may
contain non-City related (personal) matters is permitted. This incidental use shall be
limited, and must not interfere with the conduct of City business or the provision of
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
City services. Any incidental (personal) email, text or voice messages are not
considered public records but may still be discoverable. All electronic
communications are the property of the City of Menifee.
City Email System is Not For Storage
The City reserves the right to retrieve and make proper and lawful use of any and
all electronic communications transmitted through the City’s Email System and any
City-owned equipment. Although the use of electronic communications is
considered official City business, the City’s communication systems, including
email, text messaging and voice mail, are intended as a medium of communication
only. Therefore, the Email System and any City-owned equipment such as cell
phones should not be used for the electronic storage or maintenance of
documentation, including, but not limited to, Official City Records. Regarding email,
the system administrator performs regular electronic back-ups of the City’s Email
System. However, the back-up is not a copy of all City email activity that occurred
on the City email server during the back-up period.
GUIDELINES FOR PROPER EMAIL USAGE
City email access is controlled through individual accounts and passwords. It is the
responsibility of each Authorized User to protect the confidentiality of his or her
account and password information.
Authorized Users are responsible for managing their mailboxes, including organizing
and cleaning out any non-City related messages that do not constitute Official City
Records. Authorized Users are responsible for determining if emails contain
substantive information regarding City business, or may later be important or useful
for carrying out City business, and thus could be considered as Official City Records.
An Outlook PST file, also known as an “Outlook Data File” or an “Outlook Personal
Folders File,” is a file format used by Outlook to store email and other Outlook items.
For reasons of security and network performance, the use of PST files is prohibited.
All Authorized Users must check and respond to their emails on a regular basis,
preferably daily.
Authorized Users are expected to remember that email sent from City email accounts is
a representation of the City. All Authorized Users must use normal standards of
professional and personal courtesy and conduct when drafting and sending email
messages. Email messages should be drafted and sent with the same care and in
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
the same manner as any communication printed on City letterhead. Like any other
City communication, email is a reflection of the City’s business practices.
Except as otherwise noted in this policy, all messages transmitted over the Email
System should be limited to those which involve City business activities or contain
information essential to Authorized Users for the accomplishment of City-related
tasks. Use of the City’s Email System for personal communication must be kept to a
minimum. Spam email can be harmful to the City’s computer system. Spam email is
electronic junk mail, usually unsolicited commercial and non-commercial messages
transmitted as a mass mailing to a number of recipients. If an email message does
not pertain to City business, it should be deleted from your email account and not
forwarded. Examples include jokes, thoughts for the day, “chain” type email
messages, etc.
Email messages should be easy to read and understand. Spelling and grammar should
be correct. Avoid using abbreviations unless you are certain the recipient will
understand the meaning.
Email messages should be sent to smaller rather than larger audiences where
appropriate. Avoid “broadcasting” messages and large documents. Email messages
should not be used for broadcast purposes unless they are of interest to all City
personnel.
Avoid long email “chain” messages that include past emails attached to a current
message. Deleting long strings of previous email exchanges from your reply
messages will enhance readability.
Limit designating email as “high-priority” or “urgent” – use those designations only when
necessary and appropriate.
PROHIBITED USES OF THE CITY’S ELECTRONIC COMMUNICATIONS SYSTEMS
Email shall not be used for any activity that is a violation of local, state, or federal law.
Types of messages prohibited from being transmitted through the City’s Email System
include, but are not limited to, the following:
Messages in support or opposition to campaigns for candidates for an elected office or
a ballot measure.
Messages of a religious nature or promoting or opposing religious beliefs.
Messages containing language which is insulting, offensive, disrespectful, demeaning,
or sexually suggestive.
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
Messages containing harassment of any form, sexual or ethnic slurs, obscenities, or any
representation of obscenities. For more information please refer to the Human
Resources Personnel Rules & Regulations Policy.
Messages used to send or receive copyrighted material, proprietary financial information
or similar materials.
Messages used for gambling or any activity that is a violation of local, state, or federal
law.
PROHIBITED USE OF CITY ELECTRONIC COMMUNICATION VIA PERSONAL
ACCOUNTS
City accounts shall be used to conduct City business. Authorized Users shall not use
personal accounts for the creation, transmission or storage of electronic
communications regarding City business.
All Authorized Users shall, within 60 days following the adoption of this updated policy,
search all private, nongovernmental electronic messaging accounts to which they
have user access and locate any electronic communications that might constitute a
“public record,” because it involved “City business” as set forth above. All such
communications shall be forwarded to the Authorized User’s City-provided account.
To the extent the Authorized User believes that any part of such communications
contain personal matter not related to the conduct of the public’s business, the
Authorized User shall provide a declaration, as set forth in Exhibit A.
If an Authorized User receives an electronic message regarding City business on his/her
non-City electronic messaging account, or circumstances require such person to
conduct City business on a non-City account, the Authorized User shall either: (a)
copy (“cc”) any communication from an Authorized User’s personal electronic
messaging account to his/her City electronic messaging account; or (b) forward the
associated electronic communication to his/her City account no later than 10 days
after the original creation or transmission of the electronic communication.
Authorized Users shall endeavor to ask persons sending electronic communications
regarding City business to a personal account to instead utilize the Authorized User’s
account, and likewise shall endeavor to ask a person sending an electronic
communication regarding non-City business to use the Authorized User’s personal
or non-City electronic messaging account.
ELECTRONIC COMMUNICATIONS AND PRIVACY
No Expectation of Privacy
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
Authorized Users have no right or expectation of privacy or confidentiality in any
message created, sent, received, deleted, or stored using the City Email System or
any City-owned or subsidized communication devices. All messages and any
attachments on the City’s computer network, Email System, or \City-owned system
or subsidized communication device are subject to City review and disclosure of
electronic communications regarding City business. Electronic communications
regarding City business that are created, sent, received, or stored on an electronic
messaging account, may be subject to the Public Records Act, even if created, sent
received, or stored on a personal account or personal device. Most
communications that include Authorized Users are not confidential
communications. However, certain communications such as police investigations,
personnel records, or attorney-client communications may be confidential or
contain confidential information. Questions about whether communications are
confidential, and how they are to be preserved, should be discussed with the City
Clerk.
Personal Email Accounts and Official City Records
The use of personal email accounts by Authorized Users to transmit messages
regarding City business is prohibited. In the event that messages regarding City
business are received by Authorized Users through their personal email accounts,
Authorized Users are directed to forward copies of such emails to their City email
addresses to ensure a copy exists in the City Email System. Personal emails
discussing City business are considered Official City Records that are subject to the
Public Records Act and records retention laws. Authorized Users are directed to
use only their City email accounts for sending/receiving emails regarding City
business.
Access Must Be Private
Notwithstanding the City’s right to have Authorized Users access email and other
electronic messages, all electronic messages should be treated as confidential by
other Authorized Users and accessed only by the intended recipient. Authorized
Users are not authorized to retrieve, read or listen to any electronic messages that
are not sent to them. Any exceptions must receive prior approval by the City
Manager or designee.
Use Caution with Confidential Information
All Authorized Users must exercise a greater degree of caution in sending
confidential information on the City’s electronic communications systems than they
take with other media because of the risk that such information may be copied
and/or retransmitted. When in doubt, do not use email, text messaging, or voice
mail as a means of confidential communication.
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
PUBLIC RECORDS REQUESTS, RETENTION AND DESTRUCTION
Electronic communications are a business tool which shall be used in accordance with
generally accepted business practices and all Federal and State laws, including the
California Public Records Act, to provide an efficient and effective means of intra-
agency and interagency communications. Under most circumstances,
communications sent electronically are public records, subject to disclosure under the
Public Records Act and subject to records retention laws applicable to cities.
Public Records Act
In the event a Public Records Act request is received by the City seeking
electronic communications of Authorized Users, the City Clerk’s office shall
promptly transmit the request to the applicable Authorized User whose electronic
communications are sought. The Clerk shall communicate the scope of the
information requested to the applicable Authorized User, and an estimate of the
time within which the City Clerk intends to provide any responsive electronic
communications to the requesting party.
It shall be the duty of each Authorized User receiving such a request from the City
Clerk to promptly conduct a good faith and diligent search of his/her personal
electronic messaging accounts and devices for responsive electronic
communications. The Authorized User shall then promptly transmit any responsive
electronic communications to the City Clerk. Such transmission shall be provided
in sufficient time to enable the City Clerk to adequately review and provide the
disclosable electronic communications to the requesting party.
In the event a City official does not possess, or cannot with reasonable diligence
recover, responsive electronic communications from the City official’s electronic
messaging account, the City official shall so notify the City Clerk by way of a
written declaration (Exhibit B).
Automatic Deletion of Email
The City’s email management system automatically deletes City emails, including
any text messages that become emails, which are more than 24 months old from
all Outlook folders of each City email user. Email in ”Deleted” and “Sent” folders
will be automatically removed after ninety days.
Managing Your City Email
Authorized Users are responsible for the management of their mailboxes and
associated folders on a daily basis. To ensure maximum efficiency in the operation
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
of the Email System, Authorized Users are directed to delete email messages that
are not Official City Records from their inboxes on a weekly basis. Examples of
such messages are personal emails, email advertisements/ announcements, or
newsletters received via email. If email messages that are not Official City Records
are necessary for transitory work, preliminary drafts, preparation of work product or
personal notes, Authorized Users should either print the email and maintain the
paper copy, or create a PDF version of the email (print to PDF) and store the file in
an electronic folder on the City’s network drive to be deleted when no longer
needed.
It is the responsibility of Authorized Users to determine if an email message is an
Official City Record which must be retained in accordance with the City’s Record
Retention Policy. Email messages (including any attachments) that are deemed to
be Official City Records shall be preserved. Authorized Users shall consider the
content of an email message when determining if it is an Official City Record. The
City Clerk can assist in making such a determination. In addition, following is a
general guideline for determining whether an email message is an Official City
Record:
Messages That Are Generally
Considered As Public Records
(Retention Time = 2 years)
Messages That Are Generally NOT
Considered As Public Records
Email that is created or received in
connection with official City
business.
Email that shows how a City policy was
created or how a decision was
made by City staff and/or the City
Council.
Email that begins, or authorizes, or
completes an item or a transaction
of official City business.
Email that documents significant official
decisions or commitments reached
verbally (person-to- person, by
phone or in conference) and not
otherwise
documented in City files.
Personal messages and
announcements not related to
official City business.
Duplicate documents (copies or
excerpts) distributed for
convenience or reference.
Transmittal Messages that merely assist
the flow of work.
Emails containing drafts, notes,
interagency or intra-agency memos
that are NOT retained in the ordinary
course of business. (Gov. Code §
6254(a).)
Email Attachments
Attachments to email messages should be retained or disposed of according to the
content of the attachment itself, not according to the email transmitting the
attachment. Many email attachments are simply duplicates of existing documents,
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
or are draft versions of documents that might not be retained by the City after the
final version of the document is complete. If you need help in determining whether
an attachment to an email message must be retained, please contact the City
Clerk’s Office.
Preserving Electronic Messages – Public Records Act Requests, Subpoenas, Claims,
and Potential Claims Against the City
The City periodically receives requests for inspection or production of documents
pursuant to the Public Records Act, as well as subpoenas or court orders for
documents. In the event such a request or demand includes electronic messages,
Authorized Users who have control over or access to any such messages, once
they become aware of the request or demand, shall use their best efforts, by
reasonable means available, to temporarily preserve any such message until it is
determined whether the message is subject to preservation, public inspection or
disclosure.
Authorized Users shall contact the City Clerk regarding any such messages that
are within their control.
VIOLATIONS
Authorized Users found to have violated this policy may have his or her access to City email,
text messaging or other means of electronic communication on City equipment limited or
revoked completely. Authorized Users who violate this policy may be subjected to formal
disciplinary action up to and including termination from City employment.
ROLES AND RESPONSIBILITIES
The City Manager is responsible for administering this policy and procedure.
All Authorized Users are responsible for compliance with this policy and procedure.
Revision History
Revision No. Date
Approved
Approved By: Comments
0 5/1/2019 City Council Original Policy
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
Bill Zimmerman, Mayor Date
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
CITY OF MENIFEE
Administrative Policy
Policy Number: AD-04
Approving Authority:
City Manager
Subject
Internet Use and Computer Resource Use Policy
Effective Date: 4/10/2016
Last Modified:
Page 1 of 7
PURPOSE
The purpose of this administrative policy is to provide guidelines for the appropriate use of all
technology resources provided by the City. All City computers, including
laptop/notebook computers, and related equipment are formal communication and
analytic tools. They should be used for City business-related purposes in a professional
and courteous manner. Any use of City computer equipment for personal purposes,
including sending and receiving emails and internet access, shall be limited, brief, and
infrequent provided that the use does not directly or indirectly interfere with City
computer systems or services, burden the City with additional incremental cost,
interfere with other city computer users employment or other obligations to the City, or
reflect negatively on the city or its employees.
The City reserves the right to change the policies and procedures set forth in this
administrative policy at any time.
Employees should be aware that all records, whether on paper, voicemail, or computerized,
are subject to the mandatory public disclosure requirements of the Public Records Act,
subject to the exceptions provided under the Act. In addition, employees who use the
City's computer network resources do so with no right or expectation of privacy or
confidentiality, and at all times the data, systems, and traffic they create utilizing the
City's computer network resources remain the property of the City.
SCOPE / BACKGROUND
This policy applies to all City of Menifee employees, volunteers, and contractors of the City
using electronic communications technology and resources owned, sponsored or
reimbursed by the City of Menifee. An electronic resource is any software or hardware
device capable of receiving, storing, sharing or sending electronic data including but
not limited to the internet, email, voicemail, cellular telephones,
computers/laptops/tablets,
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
telecommunications devices, video and audio equipment, wireless networks, servers,
networks, software, agency hosted social media, and documentation that supports electronic
communications services.
POLICY
The City's computer network resources are City property, regardless of physical location or
the form in which they are maintained, and are to be used for City business in the
course of normal operations. Employees who use the City's computer network
resources do so with no right or expectation of privacy or confidentiality. The use of all
computer network resources must comply with all requirements set forth in this
administrative policy and all other City policies. While passwords are issued to
employees in order to protect the City's business interests the conferral of such
passwords does not create any individual right of privacy as to the City's computer
network resources, including any data, files, or messages sent to, received, or created
by such Employee.
The City has the capability to and may, with or without notice for any lawful purpose, monitor
and audit all network activity to ensure compliance with this administrative policy, and
activate, access, block, review, copy, disable, delete, and/or disclose any information
residing on any computer network resources, including, but not limited to emails sent
and received, voice mail messages received, files created or accessed, and all
internet/web access, communications, and transactions.
All City network users are required to use personalized user IDs and passwords. The user ID
will be assigned by the Information Technology Department staff and follows the syntax
of first name initial and full last name unless otherwise specified. The passwords are
chosen by the user and are not known to the Information Technology Department staff.
Passwords are confidential and shall not be shared. Passwords shall not be revealed in email
messages or saved on files in any computer system. All passwords are to be treated
as confidential City information.
Passwords are used for logging into the City network, using applications, or accessing
specific resources. Network passwords are set to expire every 90 days. The system
will prompt users when a change is necessary. Users should choose a new password
when prompted.
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
All hardware with the potential or capacity to access computer network resources (including
but not limited to PCs, laptops, servers, handhelds, and wireless devices) is required
to be secured with a password-protected screensaver.
Electronic snooping or tampering is a violation of this administrative policy and is grounds for
disciplinary action, up to and including termination. This includes but is not limited to
the unauthorized use or attempt to use another employee's password; the unauthorized
entry to or attempted entry to the computer files and communications of another; the
unauthorized entry or attempted entry to access encrypted, protected, or restricted
computer network resources for which an employee has not been explicitly authorized
to access; unauthorized "interception" of data not intended for that person; the
utilization of City data for purposes other than those related to legitimate City business
within the scope of direct job duties (including the use of public domain data obtained
without following appropriate public information request procedures); or any other
attempt to circumvent user authentication or security of any computer network
resource.
Users of the City network are responsible for understanding and exercising reasonable
security precautions. These precautions include, preserving the secrecy of user IDs
and passwords, checking external data files for viruses before using on a computer,
and deleting e-mails from unknown sources.
The City may authorize persons who are not employed by the City to use the City's computer
network resources, only after approval from the appropriate department Director or City
Manager. Such authorized access may be granted only upon the condition that such
person shall use the system according to the rules and procedures established in this
administrative policy and all other City policies.
Because the City network is comprised of connected computers, servers, and other devices,
access to other users’ files may be possible. Users are expected to use caution and
protect confidential data files when storing such data on network drives that are
common areas to other users.
The use of City technology for personal profit or gain, or any other activity not specific to the
mission or duties of the users or City is prohibited.
The use of City technology for any illegal, harassment, obscene, or other purpose, which
could expose the City to liability or cause an adverse public perception, is prohibited.
The display of sexually explicit images, documents, or offensive material on any City
system is a violation of the City’s harassment policy. This includes sexually explicit or
offensive material accessed from or received through the Internet, e-mail, or other
electronic methods. In addition, sexually explicit or offensive material may not be
archived, stored, distributed, edited, or recorded using any City resource.
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
Unauthorized access, alteration, deletion, damage, infection, or destruction of any computer
resource on the network is prohibited.
Employees who are terminated or laid off have no rights to the contents of their computer
files, voice mail messages, or e-mail messages, and are not allowed access to any city-
owned systems. Supervisors or management may access an employee’s computer
resources as they deem necessary.
HARDWARE / SOFTWARE
The Information Technology Department staff or their designee will coordinate all computer
service, equipment, additions, changes, moves, and repairs.
The Information Technology Department has established a standard configuration of
computer hardware and software issued to users of the City network. Deviation by
users from this standard configuration is prohibited. Changes to the system
configuration must be requested from the Information Technology Department.
Unauthorized access, alteration, deletion, damage, infection, or destruction of any computer
resource on the network is prohibited.
Employees are encouraged to power off or place their computers or monitors into sleep-mode
before leaving for an extended period of time (meetings, lunch, etc.). Equipment should
not be left on overnight and should be completely powered off each evening. Be sure
to close all programs before powering off.
Laptops/ipads are assigned on a permanent or temporary basis to certain staff. All technology
use rules apply to laptop/ipad users.
Laptops/ipads issued to staff to be used for use while at the City should be stored in a locked
or secured area.
Additional laptops/ipads are available in a pool maintained by the Information Technology
Department staff for issuance to employees with department head approval. The
laptops will be assigned to the requestor on a first-come, first-served basis. Laptop
checkouts can be for overnight or weekend business use, and may also be used during
out-of-town travel on City business.
Laptops/ipads will be checked out and administered by Information Technology Division staff
who will maintain a log for each laptop. The employee will be required to sign a
checkout form.
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
The user is responsible for properly caring for the equipment while in his or her use. The user
shall not mark on any equipment with pencil or pen for any reason or permanently
adhere any items to the monitors, keyboards, printers, mouse, or any other form of
equipment. All liquids and food shall be kept away from the computer equipment at all
times.
Any problems with the equipment, software, or other computer-related problems shall be
reported to the Information Technology staff immediately. The user should not try to
resolve any unfamiliar problems, or error messages without their assistance. If a
problem does occur, the user shall immediately document what files were being
accessed when the problem started and contact Information Technology staff for
assistance.
All software used on the City network must be approved, acquired and licensed by the
Information Technology Department and the City of Menifee. Software licenses and the
physical media must be maintained in a central location by the Information Technology
Department staff.
Users may not transfer, move or copy City-licensed software or data to another system or
media without prior approval of Information Technology Department staff.
All software installation on any City resource must be installed or coordinated by Information
Technology Department staff. Users may not install any software onto any City-issued
resource. All software must be evaluated for compatibility by the Information
Technology staff.
Any software, including databases, custom reports, graphics, or other work product
developed while using a City resource or developed for use on the City network
becomes the property of the City of Menifee.
Virus protection software resides on each computer. Users shall not disable this software.
Users shall immediately notify Information Technology Division Staff of any virus
detected on their system.
ON_LINE SERVICES
The Internet is a rapidly evolving resource with a vast amount of available information.
Internet resources are made available to City network users to improve communication
and information exchange with citizens and others and to provide an informational and
research tool.
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
Users should only download files as they relate to their job function. Downloads can cause
significant slowdown in the network response time, introduce viruses, or damage other
systems and disrupt work for others. Users should not download any files that require
installation without authorization from the Information Technology Department staff.
Users shall not use any City resource to gain unauthorized access to other resources or
entities. For example, a user with network access shall not attempt to gain access to
areas on the City network or other outside networks.
Users should use caution when providing personal or business information over the Internet.
Many sites collect this information for use in email Spam or for other fraudulent
practices.
The City of Menifee seal & logo are trademarks of the City. Any use of the materials stored
on the City’s website is prohibited without the written permission of the City of Menifee.
The City of Menifee retains all intellectual property rights including copyrights on all
text, graphic images, and other content. Modification, distribution, mirroring, or use of
images or other web content is prohibited.
DATA STORAGE
The Information Technology Department staff maintains a backup of all files located on City
servers. Backups are not performed on individual computers.
Each user is assigned a personal home directory. Other network users cannot access this
directory. Files stored in this area should be ones only the creator will use. All data and
other forms of electronic information including email that is stored on any type of media
provided by the City are the City’s. The City reserves the right to access and disclose
all such stored information for any purpose.
Each division or department is given a common area for their departmental data that other
departments cannot access. Files stored in this area shall be ones that will be used by
other members in your division or department.
Each user has access to common directories for all departments. Files stored in this area
shall be ones that will be used by users outside of your division or department.
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
DocuSign Envelope ID: 1917B5B9-6CFE-4EB3-B95C-5CBCD497F233
PENALTIES
Violations of this administrative policy subject employees to discipline up to and including
termination. In the event of a violation, the City may pursue all remedies provided under the
law, including advising legal and/or law enforcement authorities of any violation of law by an
employee.
ROLES AND RESPONSIBILITIES
The City Manager is responsible for administering this policy and procedure
All employees, appointed or elected officials, volunteers, consultants, interns, are responsible for
compliance with this policy and procedure.
Revision History
Revision No. Date
Approved
Approved By: Comments
0 04/10/14 R. Johnson, CM Original Policy
1 04/10/16 R. Johnson, CM Revised Policy
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
DocuSign Envelope ID: 1917B5B9-6CFE-4EB3-B95C-5CBCD497F233
CITY OF MENIFEE
MEMORANDUM
Date: January 1, 2022
To: Armando G. Villa, City Manager
Rochelle Clayton, Assistant City Manager
From: Ron Puccinelli, Chief Information Officer
Cc: Robert Cardenas, Deputy HR Director, Risk Manager Sarah Manwaring, City Clerk
Subject: Requesting approval of Cybersecurity Policy Administrative Directive AD-28
The City relies on numerous computer systems to deliver services to the public and manage internal business processes.
These business systems collect, generate, and store large amounts of information, some of which is sensitive in nature
and obligates the City to comply with various cybersecurity standards such as HIPAA, CLETS/CJIS, PCI DSS, and others.
Additionally, a component of overall Risk Management includes a Cyber-Insurance policy through the City’s insurance
provider.
Both the Cyber-Insurance provider and several of the security standards require defining the City’s approach to
Cybersecurity and identifying roles and responsibilities by means of a Cybersecurity policy.
Currently the City does not have such a policy. The attached Cybersecurity Policy Administrative Directive will serve to
establish the City’s policy and approach to Cybersecurity and define the roles and responsibilities of the various
stakeholders across the City. The policy meets the requirements of the City’s Cyber-Insurance provider and the
applicable security standards. This Cybersecurity Policy has also been provided to all Department Heads and the Risk
Manager for review and incorporates all feedback received.
I am respectfully requesting your authorization and signature to make the policy effective as of January 1, 2022.
Attached please find the Cybersecurity Policy.
Reviewed by:
Ron Puccinelli _____
Rochelle Clayton ______
Robert Cardenas ______
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
DocuSign Envelope ID: 1917B5B9-6CFE-4EB3-B95C-5CBCD497F233
CITY OF MENIFEE
Administrative Policy
Policy Number: AD-28
Approving Authority:
City Manager
Subject
Cybersecurity Policy
Effective Date:
January 1, 2022
Last Modified: N/A
PURPOSE
The City of Menifee (City) is dedicated to building a strong cybersecurity program to support,
maintain, and secure critical infrastructure and data. The following policy is intended to maintain and
enhance key elements of a citywide cybersecurity program.
SCOPE / BACKGROUND
The Cybersecurity Policy lays the foundation for the City’s Cybersecurity Program as a whole and
articulates executive level support for the effort. The Cybersecurity Policy supports the City’s
Cybersecurity Program established to:
Protect City’s critical infrastructure
Protect the sensitive information entrusted to the City
Continuously improve our ability to detect and respond to cybersecurity events
Contain and eradicate compromises, restoring information resources to a secure and
operational status
Ensure cyber-risk management is sufficient and in alignment with City operations and mission
Comply with external and regulatory data protection requirements
The requirements identified in this policy apply to all information resources operated by or for the City,
its departments, and advisory bodies. This includes all software, devices, and services that process,
store, or transmit data, or anything that connects to a City device or Network. Elected officials,
employees, consultants, and vendors working on behalf of the City of Menifee are required to comply
with this policy.
POLICY
The City shall:
Assign cybersecurity responsibilities to the Chief Information Officer to coordinate citywide
cybersecurity efforts
Adopt the National Institute of Standards and Technology (NIST) Cybersecurity
Framework as a methodology to secure information resources
Use other NIST guidelines as applicable (csrc.nist.gov)
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
DocuSign Envelope ID: 1917B5B9-6CFE-4EB3-B95C-5CBCD497F233
City of Menifee Policy AD-28
Page 2 of 7
Cybersecurity Policy
Incorporate additional cybersecurity compliance or regulatory controls, such as Payment
Card Industry Data Security Standard (PCI DSS), Criminal Justice Information
Services (CJIS), Protected Health Information (PHI), and other security and privacy
requirements.
Conduct and update, at least annually, a cybersecurity risk assessment or with major
changes to systems
Support cyber incident response as needed in accordance with Emergency Support
Function 18 (ESF-18).
Develop and update, at least annually, a Cyber Incident Response Plan.
Conduct cybersecurity, risk, and compliance assessments across all Departments
Cybersecurity Framework
In order to adequately protect information resources, systems and data must be properly categorized
based on information sensitivity and criticality to operations. A risk-based methodology standardizes
security architecture, creates a common understanding of shared or transferred risk when systems
and infrastructure are connected, and makes securing systems and data more straightforward.
The NIST Cybersecurity framework provides five elements to a cybersecurity program:
Identify: Develop the organizational understanding to manage cybersecurity risk to
systems, assets, data, and capabilities.
Protect: Develop and implement appropriate safeguards to ensure delivery of digital
services.
Detect: Develop and implement appropriate activities to identify the occurrence of a
cybersecurity event.
Respond: Develop and implement appropriate activities to respond to a cybersecurity
event.
Recover: Develop and implement appropriate activities to maintain plans for resilience
and to restore any capabilities or services impaired by a cybersecurity event.
Cybersecurity Risk Assessment
As defined in NIST Special Publication 800-30, “Guide for Conducting Risk Assessments,” risk
assessment is the process of identifying, estimating, and prioritizing information security risks.
Assessing risk requires the careful analysis of threat and vulnerability information to determine
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
DocuSign Envelope ID: 1917B5B9-6CFE-4EB3-B95C-5CBCD497F233
City of Menifee Policy AD-28
Page 3 of 7
Cybersecurity Policy
the extent to which circumstances or events could adversely impact the City and the likelihood that
such circumstances or events will occur.
The purpose of risk assessment is to inform decision makers and support risk responses by
identifying:
Relevant cyber threats to the City
Vulnerabilities both internal and external
Impact (i.e., harm) to the City that may occur given the potential for threats exploiting
vulnerabilities
Likelihood that harm will occur
The result is a determination of risk (i.e., typically a function of the degree of harm and likelihood of
harm occurring). Risk assessments enable the City to determine current cybersecurity capabilities,
set individual goals for a target state, and establish a plan for improving and maintaining
cybersecurity program.
Risk Rating
The risk ratings will be based on NIST Federal Information Processing Standards (FIPS) 199 security
objectives of confidentiality, integrity, and availability of City systems and data. And the potential
impact of low, moderate, and high.
Figure 1 on the following page summarizes the potential impact definitions for each security
objective—confidentiality, integrity, and availability.
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
DocuSign Envelope ID: 1917B5B9-6CFE-4EB3-B95C-5CBCD497F233
City of Menifee Policy AD-28
Page 4 of 7
Cybersecurity Policy
Figure 1
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
DocuSign Envelope ID: 1917B5B9-6CFE-4EB3-B95C-5CBCD497F233
City of Menifee Policy AD-28
Page 5 of 7
Cybersecurity Policy
ROLES AND RESPONSIBILITIES
Chief Information Officer shall:
Be the designated Information Security Officer, Privacy Officer and Cyber-Risk lead for
the City.
Coordinate with the Risk Manager to evaluate and obtain Cyber Insurance and on
matters of Cyber-Risk.
Coordinate with the Risk Manager to notify and engage with the City’s Cyber Insurance
provider in the event of an incident.
Lead enterprise governance of information and technology efforts throughout the City.
Establish and maintain a security team and function with the ability to identify, protect,
detect, respond, and recover from attacks against City information resources.
Develop and maintain a cyber incident response plan capable of addressing major
compromises of City information resources.
Review Emergency Support Function 18 Unified Cyber Command annex annually and
ensure it is updated as needed.
Organize and coordinate the City’s Cyber-Incident Response Team.
Ensure that all Departments employ a risk-based assessment and treatment program,
and regularly report the status of the City’s residual cyber risk to the Executive Team.
Select, design, and monitor cybersecurity controls for all City systems including without
limitation any Software-as-a-Service or other hosted or cloud-based systems
employed by any City Department.
Perform ongoing assessment of security controls.
Inform the City Manager and City Attorney when there is an event which compromises
the confidentiality, integrity, or availability of a system or data involving Personally
Identifiable Information (including payment card information), Regulatory Protected
Information (such as but not limited to, CJIS, HIPAA or Social Security Numbers),
and/or data that is not considered public, as soon as practical.
Establish necessary procedures to support the cybersecurity program such as but not
limited to, cybersecurity awareness, business continuity, incident response, access
control, configuration management, change control, etc.
Monitor current cyber threats and trends and recommend any necessary changes.
Implement, operate, and maintain cybersecurity controls for all systems acquired, used,
or controlled by the City.
Executive Team shall:
Promote a culture of cybersecurity awareness and compliance with the City’s
cybersecurity policy. Department heads must remind their employees and
contractors about the City’s Cybersecurity policies, standards, procedures,
guidelines, and best practices.
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
DocuSign Envelope ID: 1917B5B9-6CFE-4EB3-B95C-5CBCD497F233
City of Menifee Policy AD-28
Page 6 of 7
Cybersecurity Policy
To the extent resources allow, ensure that all systems procured, operated, or contracted
by their departments and the data contained by them are protected.
To the extent possible, adequately support and fund cybersecurity operations based upon
risk to City operations and mission.
With the aid of the City Attorney determine the requirements and execute necessary
breach disclosures.
Emergency Manager shall:
Activate the city Emergency Operations Center (EOC) to coordinate response to an
emergency level cyber event as outlined in Emergency Support Function 18 Unified
Cyber Command.
Support cybersecurity emergency exercise for City leaders in coordination with the Chief
Information Officer.
City Clerk shall:
Work with the Chief Information Officer to develop and maintain an information
classification system and support departments in their data classification efforts
Public Information Officer shall:
Work with the Chief Information Officer to develop, maintain, and activate a cyber- event
communication plan as part of the incident response plan.
Risk Manager Shall:
Work with the Chief Information Officer to incorporate technology and Cyber risk into the
City’s risk management plans and acceptable risk profile.
Coordinate with the Chief Information Officer to evaluate and obtain appropriate Cyber
Insurance.
Assist the Chief Information Officer with notifying and coordinating with the City’s Cyber
Insurance provider in the event of an incident.
City Employees, contractors, and vendors shall:
Comply with cybersecurity practices, requirements, and acceptable use agreement
(Administrative Directive 04 - Internet Use and Computer Resource Use Policy)
Promptly report any incidents to the IT Service Desk.
Report suspicious emails.
Attend cybersecurity training at least annually.
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
2905/031858-0001
19584139.6 a02/16/24
EXHIBIT “B”
City of Menifee Policy AD-28
Page 7 of 7
Cybersecurity Policy
EXCEPTIONS
City cybersecurity requirements shall not supersede State or Federal requirements that
may apply to certain specific data or systems.
No exceptions to this policy will be approved.
DEFINITIONS
For a list of definitions please refer to: https://csrc.nist.gov/glossary
REFERENCES
NIST Computer Security Resource Center - https://csrc.nist.gov/
NIST Cybersecurity Framework Website - http://www.nist.gov/cyberframework
Payment Card Industry - https://www.pcisecuritystandards.org
Criminal Justice Information Services (CJIS) Security Policy (latest version)
https://www.fbi.gov/
California Emergency Support Function 18 Cybersecurity, Annex to the
California State Emergency Plan https://www.caloes.ca.gov/
Health Information Privacy https://www.hhs.gov/hipaa/for-
professionals/index.html
Cybersecurity & Infrastructure Security Agency https://www.cisa.gov/
Revision History
Revision No. Date Approved Approved By: Comments
0 2/11/2022 City Manager Original Policy
1
2/11/2022
Date
City
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45
DocuSign Envelope ID: 1917B5B9-6CFE-4EB3-B95C-5CBCD497F233
DocuSign Envelope ID: B8664483-E585-41CF-8208-09D8075C7C45