HomeMy WebLinkAboutWA State Patrol - Livescan to Win ABIS User Agreement (CRD00089)WSP Contract No. CRD00089
WASHINGTON STATE PATROL (WSP)
LIVESCAN TO WIN ABIS USER AGREEMENT
This Agreement, entered into between the Washington State Patrol (hereinafter referred to as
"WSP'), an agency of the State of Washington; and Pasco Police Department, (hereinafter referred
to as "the User'), witnesses that:
The WSP is an agency of the State of Washington authorized by law to establish and
operate an Automated Biometric Identification System (ABIS) capable of, but not limited to,
reading, classifying, matching,. and storing fingerprints, and maintaining information based
on fingerprint identification. ABIS forwards the criminal history record information to the
Washington State Identification System (WASIS) where it is stored and maintained by the
WSP.
The WSP has entered into agreement with the Western Identification Network (WIN) for
ABIS services. The WIN supports ABIS processing for the following eight states: Alaska,
Idaho, Montana, Nevada, Oregon, Utah, Washington, and Wyoming.
The User may utilize Livescan equipment to capture biometric fingerprint images and record
related personal identifiable information and submit to ABIS for authorized purposes as
allowed by state and federal statutes.
NOW THEREFORE, in light of the foregoing representations and the promises, conditions,
and other valuable considerations more fully set out or incorporated herein by reference, the
parties, by their duly authorized officials, do mutually agree as follows:
I. PERIOD OF PERFORMANCE
This agreement replaces any previous Livescan to WIN ABIS User Agreement between the
WSP and the User. This agreement is effective on the date of the last signature and
continues until status of services or the User signatory changes.
11. DEFINITIONS
As used throughout this Agreement, the following terms shall have the meanings set forth
below:
"Confidential Information" means information that may be exempt from disclosure to the
public or other unauthorized persons under either chapter 42.56 RCW or other state or
federal statutes. Confidential Information includes, but is not limited to, Personal
Identifiable Information (PII), agency source code or object code, and agency security
data, including Livescan data as described herein.
"Subcontractor" means one not in the employment of a party to this Agreement, who is
performing all or part of those services under this contract under a separate contract with a
party to this Agreement. The terms "subcontractor" and "subcontractors" mean
subcontr.;tctor(s) in any tier.
111. SECURITY REQUIREMENTS
This section will outline security requirements in reference to Livescan devices defined as
devices that collect, process, store, communicate, retrieve, display, or print Livescan
information.
Approved as to Form by the Washington Attorney General
2018 Livescan to WIN ABIS User Agreement 05/08/2018
Page 1 of7
RECEIVED
t\UG 1 6 2019
,.-, ? !DENT SECT.
~ q ,3.;\.
WSP Contract No. CRD00089
WSP recognizes that the FBI CJIS Security Policy is a minimum standard and that
circumstances are encountered that create a need for additional security measures.
These standards are in addition to the current CJIS Security Policy.
a. Livescan devices will comply with the following security requirements:
i. Unauthorized unescorted physical and logical access to Livescan devices will
be restricted. In some environments, it might not be realistic to expect
absolute control over a Livescan device 100% of the time. 1n these
environments, acceptable risk mitigations will be provided in lieu of 100%
control through escorted access. The WSP reserves the right to object to
equipment security measures and to suspend or withhold service until such
matters are corrected to the reasonable satisfaction of WSP.
ii. Livescan devices will be single purpose workstations. That is, applications
used on the workstation will be used only for functions involving Livescans.
iii. Livescan devices will have restricted internet access (i.e. authorized vendor
support).
iv. Livescan devices will not host email clients that can receive email from the
internet.
v. Livescan devices will not be used to display or edit documents except for
reports produced by the Livescan device (word processing, spreadsheets,
PDF's, etc.),
vi. Livescan devices will not be connected to any external media, except for the
purpose of performing software and application upgrades. The media should
be used only on Livescan devices. If the media is used on a non-Livescan
device, it will be erased and a new image will be placed on the media before
it is used with a Livescan device.
vii. Livescan devices will be protected from workstations that do have general
workstation functions by firewalls that prohibit external access to Livescan
devices.
viii. The Livescan will be located in an area that is physically restricted to the
public or other unauthorized users. When the Livescan is not in use and left
unattended, it must be logged off and password protected. In the cases of
portable Livescans, the Livescan will not be left unattended in a non-secure
area.
b. All security exceptions must be documented in writing and approved by WSP and
WIN.
c. The threat vectors currently addressed are:
i. Physical access issues
ii. Multiple/shared function ( due to security issues raised by co-resident
applications)
iii. Unrestricted internet access
iv. Email access
v. Accessing documents that could have been maliciously crafted
vi. External media
vii. Contact with other workstations over the local network segment that are at
higher risk for infection/compromise
viii. Lack of firewall separation/overiy permissive firewall configuration
Approved as to Form by the Washington Attorney General
2018 Livescan to WIN ABIS User Agreement 05/08/2018
Page2of7 ·
qECEIVED
i\ IIG 1 6 2019
· : GF NT SECT.
WSP Contract No. CRD00089
IV. SYSTEMS MANAGEMENT
{User Agency) shall ensure all Livescan systems, including portable systems are maintained
with the best security practices including but not limited to:
a. updating antivirus
b. maintaining current levels of security patches on operating systems
c. utilize firewalls
d. maintain physically secure areas for information systems
e. report any breaches to the WSP Criminal Records Division
V. OTHER TERMS AND CONDITIONS
By signing this agreement, the WSP and the User will mutually agree to the following:
a. The WSP will provide the User, as allowed, with information available in WASIS,
ABIS and WIN ABIS files. The WSP will serve as the means of exchange of
computerized criminal history information and biometric data.
b. The network connection will be made via an approved method identified by WSP.
c. The User will submit Livescan data {fingerprints, palm prints, mug shots, etc.) and
related demographic information electronically to the WSP for the purpose of
identification and when applicable, inclusion to the WIN ABIS and WASIS.
d. For applicant submissions requiring a fee, the User will establish a billing account
with the WSP. By establishing a billing account, the User agrees to collect, hold, and
reconcile fees charged by WSP. If a submission is sent in error, the User is
responsible for all fees associated with that submission.
e. The User agrees that WSP will provide authorization to connect to the ABIS and WIN
ABIS databases with certain restrictions as follows:
i. The User will submit Livescan data and related demographic information for
identification search and possible inclusion in ABIS, WASIS, and WIN ABIS
databases as allowed by statute.
ii. The User agrees to comply with statutory mandates concerning the
submission of criminal and civil fingerprint submissions to WSP.
f. The User is responsible for all personnel, operating, maintenance and data
transmission costs to submit Livescan data and related demographic information as
required under state statutes and/or local ordinances.
g. The User agrees to assign a Livescan point of contact to serve as the primary
contact person for any Livescan to ABIS connection related issues. The User must
notify WSP as soon as possible if the Livescan point of contact changes.
h. The WSP will schedule and provide Livescan training to User personnel at locations
and times specified by WSP. Livescan training may also be provided by the Livescan
vendor.
VI. COMPLIANCE
a. The User will operate Livescan equipment and maintain strict compliance with
applicable policies and procedures as identified in this Agreement.
b. Fingerprint identification and/or criminal history record information will not be further
disseminated by the User to any other person (private or public) or entity, except as
required in criminal proceedings pursuant to state and/or federal laws.
Approved as to Form by the Washington Attorney General
2018 Livescan to WIN ABIS User Agreement 05/08/2018
Pagel of7
RECEIVED
AUG 16 2019
'/\/SP \DENT SECT.
WSP Contract No. CRD00089
c. Users submitting Livescan data and related demographic information via Livescan to
the WSP are subject to audit per FBI CJIS Security Policy standards.
VII. SUSPENSION AND TERMINATION
a. The WSP may suspend services hereunder when, in its reasonable estimation, the
User has breached any material term of the Agreement. For the purposes of this
Agreement, the violation of any specific term of this Agreement or of any substantive
requirement or limitation imposed by the federal or state statutes, regulations, or
rules incorporated into this Agreement will be deemed a breach of material term of
the Agreement.
b. The WSP may terminate this Agreement if the User commits any material breach of
any term of this Agreement, which breach is not corrected within thirty (30) business
days after receipt of notice from WSP. Both parties may, by mutual agreement,
terminate this Agreement on terms acceptable to them.
c. Neither the WSP nor the User will be liable for any indirect, incidental, consequential
or special damage under this agreement arising solely from the termination of this
Agreement in accordance with its terms.
VIII. HOLD HARMLESS
To the extend allowed by law, the User agrees to hold harmless the WIN and its employees
and the State of Washington, the WSP and its employees from and against any and all
claims, demands, actions, suits, including but not limited to, any liability for damages by
reason of or arising out of any misuse of the ABIS, WASIS and WIN ABIS databases,
erroneous identifications, or any cause of action whatsoever, against any loss, cost,
expense, and damage resulting therefrom, including attorney fees.
IX. RECORDS MAINTENANCE AND INSPECTION
The parties to this Agreement shall each maintain books, records, documents, and other
evidence which sufficiently and proper1y reflect all direct and indirect delivery, receipt,
safeguarding, and uses of the Data shared under this Agreement. These records shall be
subject to inspection, review, or audit by personnel of each party, or other personnel authorized
by either party, the Office of the State Auditor, and federal officials authorized by law. Each
party shall retain all books, records, documents, and other material relevant to this Agreement
in accordance with the state retention schedules applicable to their agency. The Office of the
State Auditor, federal auditors, and any persons authorized by either party shall have full
access and the right to examine any of these materials during this period.
X. CONFIDENTIALITY
Data provided pursuant to this Agreement includes Confidential, Personal identifiable
information (jointly "Confidential Information"). Each Party acknowledges and agrees that it
has a continuing obligation to comply with all federal and state laws, regulations, and
security standards as enacted or revised over time, regarding Data Security, electronic data
interchange and restricted Permissible Uses of such information. As agencies of the state
of Washington, these standards must minimally meet all regulations set forth by the Office of
the Chief Information Officer (OCIO) under OCIO policy 141.10.
XI. SAFEGUARDING OF CONFIDENTIAL INFORMATION
Each Party shall protect and safeguard all Confidential Information provided under this
Agreement against any and all unauthorized disclosure, use, or loss because each party is
regulated by OCIO standards for the safeguarding of Confidential Information, each party
must conform to its own standards.
Approved as to Form by the Washington Attorney General
2018 Livescan to WIN ABIS User Agreement 05/08/2018
Page4of7
RECEIVED
AUG 16 2019
'NSP lDENT SECT.
WSP Contract No. CRD00089
Each party shall notify the other party in writing within 24 hours upon becoming aware of any
unauthorized access, use, or disclosure of Confidential Data. Each party shall take necessary
steps to mitigate any and all harmful effects of such use or disclosure.
XII. AUDIT
Both parties are obligated to maintain current standing with all OCIO audit requirements.
Additionally, WSP reserves the right to monitor, audit, or investigate the use of Confidential
Information collected, used, or acquired by the User through this Agreement.
XIII. DISPUTES
In the event that a dispute arises under this Agreement, it shall be determined by a Dispute Board
in the following manner: Each party to this Agreement shall appoint one member to the Dispute
Board. The members so appointed shall jointly appoint an additional member to the Dispute
Board. The Dispute Board shall review the facts, agreement terms and applicable statutes and
rules and make a determination of the dispute. The determination of the Dispute Board shall be
final and binding on the parties hereto. As an alternative to this process, either party may request
intervention by the Governor, as provided by RCW 43.17.330, in which event the Governor's
process will control.
XIV. GOVERNANCE
This Agreement is entered into pursuant to and under the authority granted by the laws of the
state of Washington, and any applicable federal laws and WSP policy. The provisions of this
Agreement shall be construed to conform to those laws and policy.
In the event of an inconsistency in the terms of this Agreement, or between its terms and any
applicable statute, rule, or policy, the inconsistency shall be resolved by giving precedence in the
following order:
a. Applicable state and federal statutes;
b. OCIO policy 141.10 and rules and WSP policy;
c. Terms and Conditions of this Contract
XV. ASSIGNMENT
The work to be provided under this Agreement, and any claim arising thereunder, is not
assignable or delegable by either party in whole or in part, without the express prior written
consent of the other party. Consent shall not be unreasonably withheld.
XVI. WAIVER
A failure by either party to exercise its rights under this Agreement shall not preclude that party
from subsequent exercise of such rights and shall not constitute a waiver of any other rights
under this Agreement unless stated to be such in a writing signed by an authorized representative
of the party and attached to the original Agreement.
XVII. RIGHTS OF INSPECTION
Each party shall provide right of access to the other party, its officers, or any other authorized
agent or official of the state or federal government at all reasonable times, in order to monitor
and evaluate the following: Performance, compliance, or quality assurance of internal policies
and procedures, or records relating to the safeguarding, use, and disclosure of Confidential
Information obtained or used as a result of this Agreement. Each party shall make available
information necessary for the other party to comply with a client's right to access, amend, or
receive an accounting of disclosures of their Confidential Information.
Approved as to Form by the Washington Attorney General
2018 Livescan to WIN ABIS User Agreement 05/08/2018
Page 5of7
RECEIVED
AUG 1 6 2019
r,tt;ri !DENT SECT
WSP Contract No. CRD00089
XVIII. SUBCONTRACTING
A party may only enter into subcontracts for any of the work or services under this contract if
it first receives written approval from the other party. Consent shall not be unreasonably
withheld. This clause does not include contracts of employment between a party and their
personnel who have been assigned to work under this Agreement. Each party is
responsible for ensuring that all terms, conditions, assurances, and certifications set forth in
this Agreement are carried forward to all subcontracts.
If the User grants any subcontractor access to any confidential information, it must first carry
forward all terms, conditions, and restrictions of this agreement to the subcontractor. The User
remains responsible for any violation committed by a subcontractor.
XIX. SEVERABILITY
If any provision of this Agreement or any provision of any document incorporated by reference
shall be held invalid, such invalidity shall not affect the other provisions of this Agreement which
can be given effect without the invalid provision, if such remainder conforms to the requirements
of applicable law and the fundamental purpose of this agreement, and to this end the provisions
of this Agreement are declared to be severable.
XX. ALL WRITINGS CONTAINED HEREIN
This Agreement contains all the terms and conditions agreed upon by the parties. No other
understandings, oral or otherwise, regarding the subject matter of this Agreement shall be
deemed to exist or to bind any of the parties hereto.
XXI. CONTRACT MANAGEMENT
The contract manager for each of the parties shall be responsible for and shall be the contact
person for all communications and billings regarding the performance of this Agreement.
Contract Manager for Pasco Police Contract Manager for
Department: WASHINGTON STATE PATROL:
Deputy Chief Ken Roske Deborah Collinsworth
Pasco Police Department Identification and Background Check Section
215 W Sylvester St Manager
Pasco WA 99301 Criminal Records Division
Phone: (509) 545-3481 PO Box42619
E-Mail: roskek @pasco-wa.g ov Olympia WA 98504-2619
Phone:(360) 534-2102
E-Mail: deborah.collinsworth @wso.wa.a ov
XXII. The following documents are incorporated by reference and made part of this agreement:
1. FBI CJIS Security Policy -The FBI CJIS Security Policy can be found at
https://www.fbi.gov/file-repository/c jis-security-policy-v5 6 20170605.pdf/view. WSP
will provide a copy of the manual upon request.
2. Applicable federal and state laws and regulations
Approved as to Form by the Washington Attorney General
2018 Livescan to WIN ABIS User Agreement 05/08/2018
Page6of7
RECEIVED
AUG 1 6 2019
-,.,... SFCT
WSP Contract No. CRD00089
As an agency head/director, I hereby acknowledge the duties and responsibilities set forth in this
Livescan to WIN ABIS User Agreement, as well as those documents incorporated by reference. I
acknowledge that these duties and responsibilities have been developed to ensure system integrity
and security. I also acknowledge that failure to comply with these duties and responsibilities will
subject my agency to various sanctions. These sanctions may include the termination of services to
submit fingerprint information to the WSP.
The parties signing below warrant that they have read and understand this Contract and have the
authority to enter into this Contract.
Livescan User Agency Name Pasco Police Department
Agency ORI WA0110200
Agency Head Name Interim Chief Larry Dickerson
Agency Head Email dickersonl@12asco-wa.gov
Agency Head Telephone Number (509) 545-3481 ,,., ,,,,--....
Agency Head or Designee Signature X~ -~ ' J L -J D~/t'"<f {C, ~
l -..., . (
WSP Agency Head or Designee Name Ms. Deborah Collinsworth
Title Id tification and Background Check Section
WSP Agency Head or Designee
Si nature
Approved as to Form by the Washington Attorney General
2018 Livescan to WIN ABIS User Agreement 05/08/2018
Page7of7
RECEIVED
AUG 16 2019
, ! ·, _J !DENT SECT.