The URL can be used to link to this page

CONTRACT 3740 Professional Services Agreement3740 PROFESSIONAL SERVICES AGREEMENT BETWEEN THE CITY OF EL SEGUNDO AND ESI ACQUISITION, INC. THIS AGREEMENT, is entered into this 20th day of June, 2007, by and between CITY OF EL SEGUNDO, a municipal corporation ( "CITY ") and ESi ACQUISITION, INC. a Delaware Corporation ( "CONSULTANT "). 1. CONSIDERATION. A. As partial consideration, CONSULTANT agrees to perform the scope of services attached as Exhibit "A," and incorporated herein ( "SERVICES "). The SERVICES include installing and maintaining a program for various tasks associated with submitting and retrieving information for WebEOC activities ( "SOFTWARE "). B. As additional consideration, CONSULTANT and CITY agree to abide by the terms and conditions contained in this Agreement; C. As additional consideration, CITY will pay CONSULTANT the compensation set forth in the SERVICES, but in no event more than FIFTY FIVE THOUSAND TWENTY dollars ($55,020.00). The compensation will be paid at the time and manner set forth in the SERVICES. D. CITY will not be liable for any costs or expenses exceeding the sum paid to CONSULTANT pursuant to Section 1(C) unless otherwise agreed to by the Parties and by written amendment to this Agreement. 2. OWNERSHIP. Title and full ownership rights to the SOFTWARE developed under this Agreement at all times remain with CONSULTANT. Title and full ownership rights to any documents, reports, or other data generated from CITY's use of the SOFTWARE belongs to CITY. 3. IRREVOCABLE LICENSE. In addition to the licensing permissions granted in the SERVICES for the SOFTWARE, CONSULTANT grants to CITY an irrevocable license to use the SOFTWARE, even after termination of this Agreement, if the SOFTWARE is required to access documents, reports, or other data generated from CITY's use of the SOFTWARE, and any updates thereto. This license will survive termination of this Agreement. This license includes, without limitation, the right to provide visual output on the world wide web. 4. TERM. The term of this Agreement will commence on June 20, 2007 and end on June 30, 2008, unless extended in accordance with this Agreement. 5. WARRANTIES. CONSULTANT represents and warrants that: Page 1 of 10 4 i 3740 • 0" .,f, EmerGeo Mapping Software System Requirements Note: System requirements are subject to change. Please review your planned hardware and network environment with an EmerGeo representative BEFORE purchasing equipment. EmerGeo Mapping Server Recommended: Pentium 4, 2 GHz processor or greater (3+ GHz dual processor for better performance) 800 MHz Front side bus preferred 2 GB RAM or greater 40 GB free disk space - includes 20% free space for optimum performance (SCSI RAID or greater recommended for data growth and reliability) Windows 2000 or XP or 2003 Server, with all service packs IIS 6 or later (NOTE: IIS MUST be installed before SQL 2000 is installed) Microsoft SQL 2000 (can be shared with WebEOC; MSDE also supported) MS .NET Framework 1.1 (not higher) Free download from: http: / /www microsoft com/ downloads /details.aspx ?familvid = 262d25e3 -f589- 4842 -8157- 034d1 e7cf3a3 &disp6vlanq =en Tape or NAS Backup recommended EmerGeo `Smart Client' Workstation Recommended: Pentium 4, 2 GHz processor or greater 500 MB RAM or greater 20 GB free disk space (depending on data cached on the local hard drive) Windows 2000 or Windows XP MS NET Framework 1.1 (not higher) Free download from: htti): / /www microsoft com/ downloads /detaiIs.asox ?familvid= 262d25e3 -f589- 4842 -8157- 034dl e7cf3a3 &displavlanq =en MDAC 2.7 or higher and Jet Engine These are included with newer PC's running Windows 2000 or XP; older PC users can download free install packs from: http://msdn.microsoft.com/data/downloads/updates/default.asi)x EmerGeo Web Browser Client Recommended: Internet Explorer version 6.0 or later High speed Internet/intranet connection to the EmerGeo server (56Kbps or slower will slow map display refresh times). Contact us for an online demo or visit www.emergeo.com. Erner lea USA CANADA AUSTRALIA ESi Acquisition, Inc. EmerGeo Solutions, Inc. Spatial Vision 699 Broad Street, Suite 1100 555 Burrard Street, Suite 900 Level 2, 170 Queen Street Augusta, GA 30901 Vancouver, B.C. V7X 1 M8 Melbourne Victoria 3000 Phone: (800) 596-0911 Phone: (604) 443-5025 Phone: +61 (3) 9691 3048 esiO)esi911.com infoCo)emercteo.com infoaspatialvision.com.au www.esi911.com www.emergeo.com www.spatialvision.com.au S A. 37 . . being of the essence. CONSULTANT will pay for any and all costs associated with such work, including, without limitation, data conversion tools. D. CONSULTANT acknowledges that the Year 2000 Compliance warranty is a material inducement for CITY to enter into this Agreement. CONSULTANT will therefore be liable for any contingent, incidental, or consequential damages to persons, property, or public services due to a Product failing to conform to the warranty contained in this Agreement. E. By signing this Agreement, CONSULTANT certifies that it is aware of the Year 2000 Information and Readiness Disclosure Act, 112 Stat. 2386, 15 U.S.C. §§ 6601, et seq. ( "the Act "). i. CONSULTANT acknowledges and agrees that the warranty contained herein supersedes any Year 2000 Statement ( "Y2K Statement "), as defined by the Act, that CONSULTANT may have made, or will make, unless such Y2K Statement provides CITY with greater protections and warranties than this Agreement in which case that Y2K Statement may be incorporated herein at CITY's sole option. ii. CONSULTANT acknowledges and agrees that the Act is inapplicable to this Agreement as set forth in Section 4(e)(2) of the Act. In addition, notwithstanding any other provision of law, CONSULTANT expressly waives any protections it might otherwise have under the Act. Such waiver will not be construed to limit any other rights or protections CONSULTANT may have. F. This warranty will survive termination or expiration of the Agreement. Nothing in this warranty will be construed to limit any rights or remedies the City may otherwise have under this agreement with respect to defects other than Year 2000 performance. 7. "SELF- HELP" AND "MALICIOUS" CODES PROHIBITED. A. CONSULTANT understands and agrees that CONSULTANT's use of any "self - help" or "malicious" codes, as defined by this Section, is prohibited and constitutes an "unfair business practice" as defined by California law. Notwithstanding any other provision of this Agreement that limits CONSULTANT's liability, CONSULTANT will be fully liable for all penalties and damages arising from use of a self -help or malicious code. B. "Self -help code" means any back -door, time -bomb, drop -dead, time -out, lock -up, slow -down, data freezing, logic bombs, or other software routine, code, devices, techniques intended to disable, slow, prevent operation of, or otherwise interfere with or change any operation of any computer system, software or other property automatically with the passage of time or under the prior instruction, triggering Page 3 of 10 C =1 WebEOC@ ASP Services Hosting Services feature state-of-the-art disaster avoidance and resilience In 2002, the Department of Justice, National Institute of Justice (NIJ) /Office of Science and Technology (OS &T), launched the Crisis Information Management Software (CIMS) Test Bed Project. Its primary goal was to assist Emergency Management Agencies (EMA) throughout the United States in comparing and contrasting commercially available CIMS software. Integral to the CIMS Test Bed Project feature comparison was a review of how customers accessed each application — local area network (LAN), application service provider (ASP), or Hybrid. ESi's WebEOC can be implemented in any of these models. ■ WebEOC can be installed on customer provided and maintained servers that are on a customer - managed LAN. WObEOC` can ue installed in a hosted environment on ESi servers. ■ WebEOC can be installed on a customer's LAN and hosted on ESi servers, depending on the architecture and redundancy desired. As a web -based application, WebEOC only requires a TCP /IP connection. Similar to a network appliance, if 37 4 0 • .. ..J the server is connected to the internet then anyone in the world, with proper authorization, can login. If the server is connected to the internal LAN /intranet and not accessible from the internet, then only intranet users can access WebEOC. In April 2004, ESi transitioned its ASP operations from Sprint Corporation to VeriCenter, Inc., the largest profitable enterprise managed services provider in the United States. Delta and American Airlines, Virgin Atlantic, Cathay Pacific, the State of Maryland, and the Department of Energy's Strategic Petroleum Reserve are just a few of ESi's customers who have implemented WebEOC using our hosted services. ESFs ASP servers are housed in VeriGenter HostCenter facilities located in Atlanta, Georgia and Dallas, Texas. These facilities feature a wide range of structural, network, and security safeguards to provide customers with state -of- the -art disaster avoidance and resilience. All Centers are next - generation facilities with built -in redundancy, providing resilient environments for hosting customers. 12 FE 3740 . and against any and all suits, actions, or claims, of any character whatever, including copyright or patent infringement claims or causes of action, brought for, or on account of, any injuries or damages sustained by any person or property resulting or arising from any negligent or wrongful act, error or omission by CONSULTANT or any of CONSULTANT's officers, agents, employees, or representatives, in the performance of this Agreement. ii. Indemnification for other Damages. CONSULTANT indemnifies and holds CITY harmless from and against any claim, action, damages, costs (including, without limitation, attorney's fees), injuries, or liability, arising out of this Agreement, or its performance. Should CITY be named in any suit, or should any claim be brought against it by suit or otherwise, whether the same be groundless or not, arising out of this Agreement, or its performance, CONSULTANT will defend CITY (at CITY's request and with counsel satisfactory to CITY) and will indemnify CITY for any judgment rendered against it or any sums paid out in settlement or otherwise. iii. For purposes of this section "CITY" includes CITY's officers, officials, employees, agents, and representatives. It is expressly understood and agreed that the foregoing provisions will survive termination of this Agreement. C. The requirements as to the types and limits of insurance coverage to be maintained by CONSULTANT as required by CITY, and any approval of said insurance by CITY, are not intended to and will not in any manner limit or qualify the liabilities and obligations otherwise assumed by CONSULTANT pursuant to this Agreement, including, without limitation, to the provisions concerning indemnification. INSURANCE. A. Before commencing performance under this Agreement, and at all other times this Agreement is effective, Consultant will procure and maintain the following types of insurance with coverage limits complying, at a minimum, with the limits set forth below: Type of Insurance Commercial general liability: Professional Liability Workers compensation Page 5 of 10 Limits (combined single) $1,000,000 $1,000,000 Statutory requirement. 3740••0.6% Guide 2 The information contained in this document represents the current view of ESi'' Acquisition Inc. on the issues discussed as of the date of publication. Because ESi must respond to changing market conditions, it should not be interpreted to be a commitment on the part of ESi, and ESi cannot guarantee the accuracy of any information presented after the date of publication. This White Paper is for informational purposes only. ESI MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of ESi Acquisition, Inc. ESi may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from ESi, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. C 2005 ESi Acquisition Inc. All rights reserved. ESi, WebEOC, and MapTAC are either registered trademarks or trademarks of ESi Acquisition Inc. in the United States and /or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. 3740•,,41 required by law. C. Should it become impossible for CONSULTANT to complete the SOFTWARE because of illness, death, or injury, this Agreement may be terminated at CITY's sole discretion and, in such event, all completed work, materials, and supplies related to the SOFTWARE will be delivered to CITY and become CITY's property. In the event of such termination, CITY may take such action as may appear to be appropriate in the circumstances then prevailing, including, without limitation, commissioning another contractor to complete the SOFTWARE. CITY will pay CONSULTANT for work completed up to and including the termination date. 14. NOTICES A. CONSULTANT will notify CITY of changes in address. All notices given or required to be given pursuant to this Agreement will be in writing and may be given by personal delivery or by mail. Notice sent by mail will be addressed as follows: To CITY: CITY OF EL SEGUNDO CITY CLERK ATTENTION: FIRE CHIEF 350 MAIN STREET, ROOM 5 EL SEGUNDO, CA 90245 -3813 To CONSULTANT: ESi ACQUISITIONS, INC. ATTENTION: CURT MACDONALD, VP OPERATIONS 699 BROAD STREET, SUITE 1100 AUGUSTA, GA 30901 and, when addressed in accordance with this paragraph, will be deemed given upon deposit in the United States mail, postage prepaid. In all other instances, notices will be deemed given at the time of actual delivery. Changes may be made in the names or addresses of persons to whom notices are to be given by giving notice in the manner prescribed in this paragraph. 15. AUDIT AND ACCESS TO RECORDS. CONSULTANT, including CONSULTANT's subcontractors, will maintain records and other evidence of all expenses incurred in the performance of this Agreement for a period of three (3) years after completion. CITY or any of its duly authorized representatives will, for the purpose of audit and examination, have access to and be permitted to inspect such records and other evidence of expenses and costs charged to CITY and /or incurred for work related to SERVICES. For purposes of audit, the date of completion of the Agreement will be the date of CITY'S payment for CONSULTANT's final billing (so noted on invoice) under this Agreement. Page 7 of 10 37 4 0 . at Logging............................................................................... ..............................9 Tracing............................................................................... ..............................9 BestPractices ................................................................ ............................... 10 Operating System and Application Hardening ................... ............................... 10 Securing Application Servers ........................................ ............................... 10 GroupPolicy ................................................................... ............................... 10 Key WebEOC 6 Security Settings .................................. ............................... 11 Key Windows Server 2003 Security Settings .............. ............................... 11 Hardening the Windows Infrastructure ........................ ............................... 12 BestPractices ................................................................ ............................... 12 Public Key Infrastructure ..................................................... ............................... 12 Certification Authorities ................................................ ............................... 12 Certificate Requirements .............................................. ............................... 12 BestPractices ................................................................ ............................... 12 WindowsUpdate .................................................................. ............................... 13 BestPractice ................................................................. ............................... 13 Addressing Threats on the Client .............................................. .................::............ 13 Appendix A: Deploying Standard Edition Server on a Single Computer ................. 15 Best Practices for a Single Computer Implementation ..... ............................... 15 Appendix B: Additional Resources ............................................ ............................... 16 ESi® WebEOC® 6.0 Documentation .................................. ............................... 16 SecurityGuides .................................................................... ............................... 16 BestPractices ...................................................................... ............................... 17 Additional Resources for Sections in this Guide .................. .............................18 Antivirus Protection ......................................................... .............................18 Authorization................................................................. ............................... 18 Connection Management ............................................... .............................18 Encryption........................................................................ .............................18 Monitoring, Logging, Tracing, and Archiving ................ ............................... 18 Operating System and Application Hardening ............. ............................... 18 Key Windows Server 2003 Security Settings .............. ............................... 19 Public Key Infrastructure .............................................. ............................... 19 Windows Update Services ............................................ ............................... 21 Miscellaneous...................................................................... ............................... 21 GroupPolicy ..................................................................... .............................21 SQLServer 2000 ........................................................... ............................... 21 Windows2000 .............................................................. ............................... 21 3740 . , , s 24. STATEMENT OF EXPERIENCE. By executing this Agreement. CONSULTANT represents that CONSULTANT has demonstrated trustworthiness and possesses the quality, fitness, and capacity to perform the Agreement in a manner satisfactory to CITY. CONSULTANT represents that CONSULTANT's financial resources, surety and insurance experience, service experience, completion ability, persoruiel, current workload, experience in dealing with private parties, and experience in dealing with public agencies all suggest that CONSULTANT is capable of performing the proposed contract and has a demonstrated capacity to deal fairly and effectively with and to satisfy a public agency. 25. WAIVER. A waiver by CITY of any breach of any term, covenant, or condition contained in this Agreement will not be deemed to be a waiver of any subsequent breach of the same or any other term, covenant, or condition contained in this Agreement whether- of the same or different character. The payment or acceptance of fees for any period after a default will not be deemed a waiver of any right or acceptance of defective performance. 26. SEVERABILITY. If any portion of this Agreement is declared by a court of competent jurisdiction to be invalid or unenforceable, then such portion will be deemed modified to the extent necessary in the opinion of the court to render such portion enforceable and, as so modified, such portion and the balance of this Agreement will continue in full force and effect. 27. TIME IS OF ESSENCE. Time is of the essence for each and every provision of this Agreement. 28. FORCE MAJEURE. Should performance of this Agreement be prevented due to fire, flood, explosion, acts of terrorism, war, embargo, government action, civil or military authority, the natural elements, or other- similar causes beyond the Parties' reasonable control, then the Agreement will immediately terminate without obligation of either party to the other. 29. INTERPRETATION; VENUE. This Agreement and its performance will be governed, interpreted, construed and regulated by the laws of the State of California. Exclusive venue for any action involving this Agreement will be in Los Angeles County. [SIGNATURES ON NEXT PAGE] Paae 9 of 10 Figure 1 Server roles available for WebEOC 6.0 �te UN, Remote ux-\' Memel � Invenel boundap bo,War) Web Sarver ® r (IIS Server 5 C of e CI Remote U., The supported network topologies are: • Remote access • Internal Access i DOW Se S.rve, (M—ft SOL Nrver 2WCI 3740 -so ...,d as a Process 2 i"40(th*�,/A *IMAI/ � LNd 13.1-1 c Web Server Web Server Web Server (IIS Server5Co,e C) (IISS -50are C) OISServ.r5Co,e C) t Enterprise Edition D.UbNe S.nsr Pool (M,uosoft SOIL arwr 200C) Security as a Process Security is a large ailU uutitplex topic. Because new threats arise, and existing threats retire, it is also a dynamic process. The definition of acceptable risk and the methods used to achieve a level of acceptable risk are different for different organizations. The definition and methodology can change over time. Your IT infrastructure and operation might change over time. 3740. C�1 March 26, 2007 Jeff Robinson City of El Segundo 314 Main Street El Segundo, CA 90245 Subject: WebEOC"" Crisis Information Management Software On behalf of ESi, I want to thank you for your interest in WebEOC , our Crisis Information Management Software (CIMS). WebEOCL' is used by agencies within the U.S. Departments of Agriculture, Defense, Energy, Homeland Security (CDP, FEMA, TSA), Health and Human Services, EPA, NASA, state, county and city EOCs, domestic and international airlines, corporations, public utilities, and universities. A WebEOC customer list can be found at httlr /iwww.esi91 l . com %esi /clientsiclients.slhtml. Attached is a quote and scope of work for: • WebEOC`R'Professional — Standard Edition • WebEOC''GISe. WebEOCc"G1Se is the Geographic Information System (GIS) interface between EST's WebEOC and ESRIN ArcIMSc'. GISe is a simple, lightweight map viewer that allows WebEOC users to geocode address information from within a WebEOC Status Board. Please review the scope of work (Attachment 6) to determine assumptions we make with respect to customer - provided equipment and services. We also want to make you aware of several optional items, some of which are described below. Pricing for these items can be found on Page 2 of your quote (Attachment 7). The options themselves are described in product datasheets (transmitted separately). Requirements for several are included as attachments to this letter. Options include: • Software enabling failover to another database server, possibly located at another site. This consists of: • WebEOCc"Professional Second Server license. • NSI Double - Take' Software — a third party failover /replication utility. Double -Take allows you to set your production (primary) server to fail over to a second server in the event of failure. • Resource Manager or Resource ManagerGIS. • Resource Manager enables customers to catalog and deploy resources in a manner that is compliant with FEMA's National Incident Management System (NIMS). • Resource ManagerGIS enhances this capability by providing GIS- driven demographic information and a resource locator. • Software Support. As part of the purchase price of WebEOC, customers receive Year 1 remote tech support and all correction, point, and level releases. Beginning with Year 2, customers may renew software support or opt for software upgrades /technical support at ESi's then current rates. Support plans are based on products selected. • Through WebEOC's Board Builder, or an external HTML editor, customers have the ability to develop their own status boards. Board Builder is covered during initial training and ESi will assist in board development to the extent allowed given the number of days quoted for onsite installation and training (see SOW). We have found that many customers want continued support from ESi in the board building process subsequent to initial installation. We have presented pricing for forty hours of technical services to illustrate this option. Hours purchased can be banked and drawn upon at any time if not used in support of initial implementation. www.esi911.com ESI Acquisition, Inc. 699 Broad Street, Suite 1100 Augusta, GA 30901 -1400 Tel: (706) 823 -0911 Fax (706) 826 -9911 3 7 4 0 . , ; the Threats 4 Identifying the Threats This section identifies and describes some of the common threats to the security of your WebEOC deployment. An installation of WebEOC 6.0 could possibly be exposed to the following threats: • Application -layer attack • Compromised -key attack • Denial -of- service attack • Eavesdropping • Identity spoofing (IP address spoofing) • Man -in- the - middle attack • Sniffing • Viruses and worms Application -Layer Attack The application -layer attack occurs when the attacker takes advantage of a fault in a server's operating system or one or more of the server's applications. A successful attack results in the attacker bypassing normal operation and control, providing the attacker with the following abilities: • Reading or writing data for the operating system or application. • Injecting viruses and worms into the compromised system. • Adding a sniffer program directly into and operating from the compromised system. The attacker can then periodically retrieve this sniffed data. • Installing the attacker's own server API (application programming interface) extension Program. Compromised -Key Attack A compromised -key attack occurs when the attacker determines the key, which is a secret code or number used to encrypt, decrypt, or validate secret information. This key corresponds to the certificate associated with the server. This is a time - consuming and sophisticated process, but not impossible. Once the attacker is successful in determining the key, the attacker uses the key to decrypt encrypted data without the knowledge of the sender of the data. ' 374o . Implementing WebEOC s. Topology WebEOC 6.0 deployments can consist of many different components, some of which are listed below. • WebEOC Application Software • WebEOC 6 ■ Professional, ST or Air (Standard or Enterprise Editions) • WebEOC Plug -ins • Team Management • WebEOCResource Manager • WebEOCResource ManagerGIS • WebEOCGISe (ESRI Mapping interface) • WebEOCG1Smp (A mapping interface and subscription to Microsoft's hosted MapPoint Web Service) • Operating System Software • Microsoft " Windows ServerTm 2003 (32 -bit, 64 -bit) operating system Note: WebEOC does not support Windows 2003 64 -bit edition for Itaniuim server architectures. • Microsoft Windows ServefFm 2000 operating system • Database Software' • Microsoft' SQL Serverrm 2005 Standard Edition • Microsoft SQL Server 2005 Express Edition' • Web Server Software • Microsoft Internet Information Services (IIS) 5.0 or 6.0 • Third -Party Software • NSI "' Double - Take' (Standard or Advanced Server) • ESRIc' ArcIMS` 9.0 or 9.1 (required for WebEOCGISe and WebEOC Resource ManagerGIS) • ESRI " ArcSDEc'' 9.0 or 9.1 (required for WebEOC Resource ManagerGIS) • New Atlanta ServletExecTm 5.0 (required for WebEOCGISe and WebEOC Resource ManagerGIS) Deployment WebEOC can be installed: • On servers within a customer- managed LAN. • In a hosted environment on ESi servers. • In a hybrid environment (i.e., a customer's LAN and hosted on an ESi server). Connectivity ' By default, WebEOC installs Microsoft SQL Server 2005 Express Edition. While SQL Server 2005 Express is adequate for most agencies, performance is affected by factors such as number of users, memory, third -party products, etc. Performance should not be impacted with fewer than fifty (50) concurrent users. Customers anticipating > 50 concurrent users, require the Standard Edition of Microsoft SQL Server 2005. ' The SQL Server 2005 Express Edition is NOT supported on 64 -bit platforms. In addition, only one 32 -but processor is supported. However, for perfonmance reasons, ESi recommends WebEOC be installed on servers equipped with dual processors. 1 of 4 Attachment I 37 4 0 Threats on the Server 6 is readable to the attacker. This is a type of eavesdropping. Currently, this isn't possible when SSL is used by the client. Viruses and Worms A virus is a unit of code that is coded to reproduce additional, similar code units that needs a host, like a file, e -mail, or a program. A worm is a unit of code that is coded to reproduce additional, similar code units and doesn't need a host. This primarily shows up during file transfers between clients, or when URLs are sent from other users. Addressing Threats on the Server This section describes some of the ways to help guard against the threats described in the previous section. A secure installation of WebEOC 6.0 addresses the threats, and helps to reduce the risk of a successful attack by using one or more of the following solutions: • Antivirus protection • Authentication • Authorization • Connection management • Defense in depth • Encryption • Monitoring, logging, tracing, and archiving • Operating system hardening • Windows Update This section describes these risk management solutions in greater detail. Antivirus Protection A detailed discussion is beyond the scope of this document. For more information about antivirus protection, see the Antivirus Defense -in -Depth Guide at http: / /www.microsoft.com/ downloads / details .asl2x ?FamilyID= F24A8CE3- 63A4 -45A 1-97136 - 3FEF52F63ABB &displaylane =en. Best Practice Use antivirus software to reduce risk of attack by viruses and worms, and keep the virus definition files up to date to help prevent these viruses from taking control of WebEOC 6.0 functionality and the functionality of other applications. 3740. Implementing WebEOC In addition, ESi recommends against making your Web server accessible to the public without implementing SSL. If security is a concern beyond what can be enforced in WebEOC (e.g., password complexity, length, age, lockout, etc.), then an agency can implement windows authentication on the web server enforcing network security policies through Active Directory. Redundancy Because WebEOC is used primarily by emergency management organizations to manage a crisis, consideration should be given to some level of redundancy. With respect to hardware, this can be achieved by installing servers with RAID 1 /RAIDS configured hard drives, split backplanes, redundant power supplies, etc. However, data availability must also be considered. Is it sufficient to fall back to pen and paper if you lose your WebEOC server? Is it acceptable to operate for some period of time without WebEOC while someone rebuilds a server and /or restores your database from tape? Or do you want data protection and high availability? Agencies desiring high availability, possibly at an alternate facility, should consider a redundant web /database server. An implementation involving WebEOUrofessional — Standard Edition (where WebEOC will be exposed to the internet), typically involves (at a minimum) three servers'. • (Primary) Web Server in a DMZ • (Primary) Database server behind a firewall • (Secondary) Server that acts as a combined web /database server, residing behind a firewall Achieving High Availability with WebEOC Due to the dynamic structure of the WebEOCo database, and the dynamic capabilities within WebEOCo to create new boards on the fly, which create new tables and fields within the database, the standard replication capabilities built into Microsoft SQL c` do not satisfy replication requirements. Because WebEOCo' utilizes a dynamic database, it requires a higher level of mirroring to copy the data, structure, and dynamic WebEOCo` pages to another server. If an agency desires redundancy and `high availability', multiple servers with mirrored databases are required. To meet this need, ESi installs a WebEOCGProfessional Second Server license and NSI` Double-Take' third party replication /fail -over utility. Double -Take can be setup to replicate from a primary (source) server to a secondary (or multiple) target server(s) and fail -over if the source fails or stops responding. Double -Take works over any distance using existing IP network — LAN, WAN, VPN or NAT. By replicating only the bytes that change, Double -Take uses the absolute minimum bandwidth required to replicate your data. In the event of a failure of the source machine, Double-Takeo' can initiate a failover to the target data set. Depending on an agency's network architecture, following a failover, WebEOC' users would either log back into the system, or access WebEOC® through their alternate URL. Double -lake is capable of automating the process of the target machine standing in for the source in the event of a failure. The target, if desired, can take on the name and IP address of the failed source as well as start selected services through scripts. ESi recommends, however, that the triggering of a failover be configured to require manual intervention. Manual intervention allows an administrator to confirm the validity of the failure before proceeding with the failover process and starting SQL services on the ' Minimum requirements for intranet -only implementations would be two combined servers. 3 of 4 Attachment 1 3740 • •' Addressing Threats on the Server 8 HTTPS Secure MEMO Access 443 TCP SQLAccess 1433 Best Practices • Use a Firewall to create internal, perimeter, and external networks. • Configure ports to allow only the required protocols to pass. • Deny all other protocols. • Close all other ports. Defense -in -Depth Defense -in -depth is a multilayered, multiple strategy, security management process used to reduce risk of compromise from internal and external threats. WebEOC 6.0's three tired architecture is designed to help you implement a defense -in -depth strategy. Role of the Web Server The Web Server provides the interface for client access to the database. It presents web pages which provide input and display forms, checklists, contacts, etc, all through a web interface. Role of the Component Object The Component Object with its administrator configured identity allows user access to information without giving them direct access to the database. The utilization of a component object prevents direct access to the database by users. Role of the Database Server The role of the database server is to secure and maintain all information. All WebEOC information to include users accounts, groups, etc., plus all user collected information is maintained in the database. Creating the Defense -in -Depth Strategy You can implement a defense -in -depth strategy for WebEOC 6.0 by: • Creating a perimeter network boundary. • Creating an internal network boundary. • Locating the Web Server in the perimeter network. This is often referred to as a DMZ. • Locating the Database Server behind the internal network ho nda!ry: Placing the database server in the internal network secures it from extemal access. • Configure Access Control lists. Access Control Lists (ACLs) should be configured that only allow the component object to communicate between the web server and database server through the internal network boundary. W ebEOCO'Professional System Requirements WebEOC (Dedicated Web Server) - Recommended ]"Processor 2 "d Processor Memory: Hard Drive: Hard Drive Controller: Backplane Hard Drive Configuration Floppy Disk Drive: Operating System: NIC: CD -ROM or DVD -ROM Drive: Power Supply 3740.1 3.6GHz /2MB Cache, Xeon, 800MHzFront Side Bus 3.6GHz /2MB Cache, Xeon, 800MHzFront Side Bus 4GB RAM Three (3) 36GB,SCS1, 15K Single Channel 1x6 Hard Drive Backplane RAID 5 1.44MB Floppy Drive Windows Server 2003 (32 bit, 64 bit), Standard Edition, Includes 5 CALS NOTE: 1A64 is not supported Microsoft Net Framework 2.0 Dual GB N1CS 24X CD -ROM Redundant Power Supply WebEOC (Dedicated SQL Database Server or Combined Web /SQL Server) - Recommended I" Processor: 2nd Processor: Memory: Hard Drive: Hard Drive Controller: Backplane Hard Drive Configuration Floppy Disk Drive: Operating System: Database Software: NIC: CD -ROM or DVD -ROM Drive: Power Supply 3.6GHz /2MB Cache, Xeon, 800MHzFront Side Bus 3.6GHz /2MB Cache, Xeon, 800MHzFront Side Bus 4 GB RAM Five (5) 36GB,SCSI,I5K Dual Channel 2 +4 Split Backplane RAID 1 /RAID 5 1.44MB Floppy Drive Windows Server 2003 (32 bit, 64 bit), Standard Edition, Includes 5 CALS NOTE: IA64 is not supported Microsoft Net Framework 2.0 MicrosofO SQL ServerTM 2005 STD (Per CPU or CAL)5 6 Dual GB NICS 24X CD -ROM Redundant Power Supply 5 By default, WebEOC installs Microsoft SQL Server 2005 Express Edition. While SQL Server 2005 Express is adequate for many agencies, performance is affected by factors such as number of users, memory, third -party products, etc. Performance should not be impacted with fewer than fifty (50) concurrent users. Customers anticipating > 50 concurrent users, require the Standard Edition of Microsoft SQL Server 2005. 6 The SQL Server 2005 Express Edition is NOT supported on 64 -bit platforms. In addition, only one 32 -but processor is supported. However, for performance reasons, ESi recommends WebEOC be installed on servers equipped with dual processors. 1 of 2 Attachment 2 3740•.'4:` Threats on the Server 10 Disable Tracing on Client Computers and ISA Servers at littp://www.microsoft.com/technetl securily� giiidaiiee/secinod] 92.i-nspx. Best Practices • Monitor the WebEOC Audit log and Error log • Monitor system event logs • Log key events • Monitor performance Operating System and Application Hardening You should harden your operating system and applications according to best practices for that specific component. See the existing documentation for those components, which are listed in "Appendix B: Additional Resources." Securing Application Servers For application servers, the operating system and the application should be hardened. For example, a Windows Server 2003 computer dedicated to running WebEOC 6.0 should be hardened from the operating system and from the application perspective. For more information about securing servers, see "Appendix B: Additional Resources." Group Policy Group Policy provides directory-based desktop configuration management. You can use Group Policy to implement security lockdowns by defining Computer and User settings within a Group Policy object (GPO) for the following: • Registry-based policies • Security • Software installation • Scripts • Folder redirection • Remote installation services To provide a user interface for the administrator to configure these settings, administrative templates are shipped with operating system releases, and service pack releases. Group Policy Security Settings Group Policy contains security settings for a GPO under Computer Configuration/Windows Settings /Security Settings when accessed from Gpdeit.dll. You can import security templates to configure security settings for the GPO. The Windows Server 2003 Security Guide contains a number of sample templates that you can modify to meet your needs. For more information about WebEOC RResource ManagerGlS System Requirements Necessary components: • ESi"° WebEOC 'I`'Professional (or ST, Air) Version 6.5 or higher • ES?' W ebEOC` "Resource ManagerGlS • ESRI'�' ArcIMS" • ESRIc ArcGIS" Server Enterprise Edition/Basic' 3740. The ArcIMS component must be installed on a separate server. It cannot be installed on the WebEOC server(s), even if separate web and database servers are employed. The ArcSDE component can be installed on a WebEOC dedicated database server. ATCGIS Server system requirements can be found at http: / /supl2ort.esi-i.com/ index. cfin? fa= knowled�iebase .systemRegiureinents .matrix &LName= Al -cGIS +Server &1?rodu etID= 66 &pvName= 9.2 &versionlD =l 15 &PID= 66 &PVID =350 Resource ManagerGlS uses the ArcIMS Active X Connector. The GIS data must be in ESRI format (shapefile or SDE). Two data layers must be added to the data repository: 1. A union of city, county, and ZIP code boundaries that contain associated identification attributes and 2. U.S. Census Block Group data with demographic information. There must be a geocodable street centerline data file with specific geocodable attributes. The field definition for ZIP code must be numeric. Minimum system requirements for the Resource ManagerGlS plug -in are listed below: Product: ESRP ArcGIS �' Server Enterprise/Basic 9.2 or Shapefiles ESRI" ArcIMS`R" 9.2 ESi WebEOC" Pr gfessional, ST, or Air Version 6.5 or higher Operating System: Microsoft "" Windows 2003 (32 bit; 64 -bit) Server NOTE: 64 -bit for Itanium servers not supported) Web Server: Internet Information Server (IIS) 5.0 or higher Web Browser: Internet Explorer 6.0 or higher Servlet Engine: New Atlanta ServletExeccN' 5.0 ' Not required if using Shapefiles. 1 of 1 Attachment 3 r 3740,'' Addressing Threats on the Server 12 • Security Policy Settings at http:/ /www microsoft.com/ Resources / Documentation /windowssery /2003 /all /techret `/en- us /W2K3TR sepol set.asp?frame =true. Hardening the Windows Infrastructure Read and apply Windows Server 2003 Security Guide at http•/ /www microsoft.com /technet/ security / prodtech /Win2003 /W2003HG /SGCHOO.mspx. Best Practices • Harden all server operating systems and applications. • Use Group Policy to implement security lockdowns. • Implement key WebEOC security settings. Public Key Infrastructure WebEOC 6.0 can utilize certificates from your existing PKI (Public Key Infrastructure), or certificates issued from a public CA. WebEOC 6.0 uses certificates for: • SSL encryption between web server and client • SSL encryption between web server and database server. You can configure SSL and certificates within your WebEOC 6.0 deployment. Certification Authorities WebEOC 6.0 supports the following CAs: • Internal (private) CAs • Windows Server 2003 Enterprise CA • Windows Server 2003 Standalone CA • Windows 2000 Standalone CA • External (public) CAs Certificate Requirements Although SSL encryption is not required, ESi recommends using SSL for all connections, and therefore, requiring certificates for all installed WebEOC 6.0 servers. Best Practices • Implement a PKi and certificates for SSL. • Use a certificate issued by a public CA. EmerGeo Mapping Server Processor Memory: Hard Drive: Floppy Disk Drive: Operating System: Web Server Database Server Tape Backup EmerGeo 'Smart Client' Workstation 3740. , EmerGeoTM System Requirements (Options) Pentium 4, 2 GHz processor or greater (3+ GHz dual processor for better performance), 800 MHz Front side bus preferred 2GB RAM or greater 40 GB free disk space - includes 20% free space for optimum performance (SCSI RAID or greater recommended for data growth and reliability) 1.44MB Floppy Drive Windows 2000 or XP or 2003 (32 bit) Server, with all service packs MS NET Framework 1.1 (not higher). Free download from: httLi:/ /www microsol't.com/ downl oads /details.aspx ?familyid= 262d25e3 4589- 4842 -8 157 -034dl e7cf3a3 &displaylanc =en IIS 6 or later (NOTE: IIS MUST be installed before SOL 2000 is installed) Microsoft SQL 2000 (can be shared with WebEOC; MSDE also supported) Tape or NAS Backup recommended Processor Pentium 4, 2 GHz processor or greater Memory: 500MB RAM or greater Hard Drive: 20 GB free disk space (depending on data cached on the local hard drive Floppy Disk Drive: 1.44MB Floppy Drive Operating System: Windows 2000 or Windows XP MS NET Framework 1.1 (not higher). Free download from: http:/ /www microsoft com/ downloads /details.asr)x ?familyid= 262d25e3 -f589- 4842 - 8157 -034d1 e7cf3a3 &displa Ianr=en MDAC 2.7 or higher and Jet Engine These are included with newer PC's running Windows 2000 or XP; older PC users can download free install packs from: http• / /msdn microsoft.com/ data /downloads /updates /defauIt.g&)x EmerGeo Web Browser Client Internet Explorer version 5.x or later High speed Internet /Intranet connection to the EmerGeo server (56Kbps or slower will slow map display refresh times). Note: System requirements are subject to change. Please review your planned hardware and network environment with an EmerGeo representative BEFORE purchasing equipment. 1 of 2 Attachment 5 3740.,,j WebEOC 0'Pro fessional Scope of Work Project Initiation Unless an agency requires a contract be established, the vehicle most often used to procure WebEOC is a Purchase Order. Following Purchase Order receipt, a Project Manager is assigned to your account. S /he will verify products and services ordered and coordinate installation and training dates. Installation — Customer This proposal assumes customer will: • Designate a Project Manager. • Review the WebEOC 6.0 Security Guide for information on how to secure WebEOC. • Designate an IT or EM resource who will accompany ESi during software installation and testing (as required). • Provide server(s) as per ESi hardware specifications attached to this SOW. • Prior to WebEOC installation • Install latest Operating System (Microsoft Windows Server 2000 or 2003) security and service pack updates. • Install IIS on designated web server(s) with all current updates. • Unless Microsoft SQL Server 2005 Express Edition will be installed by WebEOC, install the Standard Edition of Microsoft SQL Server 2000 or 2005 on designated database server or combined web /database server with all latest security and service pack updates. o Install Anti -virus software. • Implement all required network security measures (e.g. hardware firewall) prior to WebEOC installation. Note: Network and physical security are a customer responsibility. • Open port 80 (443 for SSL) when placing the web server behind a firewall. • Open TCP /UDP ports 1100 and 1105 if replicating (using Double -Take) through a firewall. • Open SQL port 1433 if placing a separate web server in a DMZ. • If WebEOC's Messaging component is to be used to pass email, SMTP traffic (Port 25) must be allowed on the network. o Attach servers to the network. o Provide server IP address(es). If internet access to WebEOC is required, obtain and assign a public IP address. • Obtain SSL certificate (if SSL will be implemented) and install on [Web] server. NOTE: If web server will be accessible from the internet, ESi recommends SSL certificate be purchased and installed prior to actual use. • Install and configure WebEOCGISe on the ArcIMS server (if GISe purchased). o If implementing GISe, WebEOC web server must be IP accessible to GISe server. • If implementing EmerGeo and the Smart Client will access the EmerGeo server through a firewall, a port must be opened for FTP communication. Typically, this is port 21. • Provide software and hardware to backup WebEOC's database (as required). Customer is responsible for implementing database backups. • Provide facility where WebEOC Administrator training will occur. 1 of 3 Attachment 6 3740 of Day One: WebEOC User & Administrator Training Part One — WebEOC Overview This session will focus on the basic functionality that should be taught to all WebEOC users. Topics include: Overview • Logging in to WebEOC • Understanding the Control Panel • Displaying information in WebEOC • Adding & modifying information in WebEOC • Understanding Forms, links & Plug -ins • Accessing, displaying and printing a Report • Understanding Chat How to setup and use Chat Rooms internal to WebEOC. • Creating, Using, Deleting Chat Rooms • Setting /Clearing Passwords • Contacts How to manage contact information accessible by authorized users /agencies. • Setting Permissions • How to Add, Edit, View, Search, Sort Contacts • Importing and Exporting Contacts • Checklists Manipulating Checklists within WebEOC. • Accessing, Displaying and Viewing Checklists • Checklist Statuses • Changing the Status of a Step • Adding, Viewing and Editing Remarks • Messages I low to Comi-11unicate aiiiony 'vVebEuC users using VVebELC's internal messaging plug -in. • Accessing Message • Messages Window • Messaging Functions (Sort, Compose, Send, View, Forward, Reply, Delete) • New Message Notification 2of8 WebEOC °Professional 374 0 1 Scope of Work WebEOC Software Support includes 24/7 phone supports and all WebEOC"Professional software updates. Software updates include: • Correction Release: Provided to resolve software anomalies (e.g., v6.0.1, 6.0.2, etc.) • Point Release: Modifications to current generation of software that include enhancements, improvements (e.g. v6.3, to 6.4) • Level Release: New release or new generation of software (e.g., v6.0 to 7.0) For routine WebEOC technical support, U.S. customers call (877) 771 -0911. International customers must dial (706) 823 -0911. U.S. and lnternational customers may also page the on -duty technician by dialing (888) 243 -7204 / (706) 240 -0016 respectively. Alternatively, problems can be emailed to support((oesi91 Lcom. Software updates and their associated release notes are normally downloaded from our website and applied by the customer. Email is used to notify customers when and where new releases are available. Customers must provide and maintain current contact information for those individuals designated to receive these notices. Contact information should include name, title, business mailing address, email address, phone and fax number. Beginning with Year 2, customers may choose to continue software support' or opt for software upgrades /technical support at ESi's then current rates. 8 ESi will field trouble reports for supported GIS interfaces (Resource ManagerGIS, WebEOCGISe, WebEOCGISmp) on a 24/7 basis. However, GIS mapping support is only available 8x5, Monday through Friday. 9 Unless otherwise indicated in the accompanying quote, software support for WebEOC® plug -ins is in addition to Software Support for WebEOC °Professional. Because GISmp is both an interface and a subscription to Microsoft's MapPoint Web Service, customers must renew GISmp software support annually for continued access to mapping data. 3 of 3 Attachment 6 3740•.�� Part Two —Administrator Training Administrator training covers the "mechanics" or how each function in WebEOC works (adding users, groups, building status boards, etc.) in order to setup your emergency management process. Users and Roles User accounts and passwords are used to gain access to WebEOC and are configured through the User Manager. Roles are implemented for users who can be assigned to more than one position within an organization. • Users • Planning a User Profile • Creating, Editing, and Deleting Users • Clearing a Locked User Account • Roles • Adding and Editing a Role • Logging In Using Roles • Deleting a Role Groups Establish a set of access privileges to boards, links, menus, and plug -ins that will appear as links on the Control Panel. • Planning a Group • Adding, Editing and Deleting a Group Links Setup and configuration of hyperlinks to URLs, other systems, or files. • Adding and Editing Links • Deleting Links Menus Provides the ability to group boards, links, plug -ins or other menus, or any combination under a single link (menu) on the Control Panel. • Adding and Editing a Menu • Deleting a Menu • 3740 - 7j Customer: City of El Segundo Quote Address 314 Main St., El Segundo, CA 90245 Number: 032607ELSE -01 Contact: Jeff Robinson OPTIONS CONTACT ESi BEFORE SELECTING OPTIONAL ITEMS. ES! WILL REVIEW REQUIREMENTS AND ISSUE NEW QUOTE AND SCOPE OF WORK AS NECESSARY. Price List - Issue # 1.39 August 17, 2006 Page 2 of 2 Extended Product ID Description QTY Price Price Software Support - Addl Year (As Quoted Above) SS- CIMS -PRS Software Support Renewal - WebEOC ®Professional - Standard Edition 1 $8,100.00 $8,100.00 SS- CIMS -GSE Software Support Renewal - GISe 1 $2,700.00 $2,700.00 Sub -Total $10,800.00 WebEOC Mirroring /Data Replication Solution SW- CIMS -PR2 WebEOCO Second Server Software 1 $5,000.00 $5,000.00 SW- DTSTD -BM Double-Take(E) Standard Server License w1YR1 SA 2 $2,425.15 $4.850.30 Sub -Total $9,850.30 WebEOC Software SW -CIMS -PRE -M WebEOC ®Professional - ENT 0 $59,500.00 $0.00 WebEOC Plug -Ins SW- CIMS -RMB Resource Manager 0 $9,000.00 $0.00 SW- CIMS -RMG Resource ManagerGlS 0 $15,000.00 $0.00 SW -CIMS -GSM WebEOCOGISmp 0 $10,000.00 $0.00 SW- CIMS -TMB Team Management 0 $5,000.00 $0.00 SW -CIMS -CAL Calendar 0 $1,500.00 $0.00 Third Party Software SW- SQL32 -TD Microsoft® SQL Server T1 2005 STD 1 CPU License (32) 0 $5,555.88 $0.00 SW- SQL64 -TD Microsoft® SQL ServerT 2005 STD 1 CPU License (64) 0 $5,693.01 $0.00 SW- SQLKO -TD Microsoft® SQL ServerT STD 2000 Media Kit (32 &64) 0 $27.71 $0.00 SW- S32MK -TD Microsoft® SQL ServerT STD 2005 Media Kit (32) 0 $26.76 $0.00 SW- DTSTD -BM Double -Take® Standard Server License w1YR1 SA 0 $2,425.15 $0.00 SW- DTADV -BM Double -Take® Advanced Server License w/YR1 SA 0 $4,174.30 $0.00 SW- SRV2W -NA ServletExec 5.0 2 -CPU w /Subscription 0 $1,795.00 $0.00 SW- EMRSV -EM EmerGeoT Server License wYR1 Support & Maintenance 0 $15,000.00 $0.00 SW- EMRSC -EM EmerGeoT "Smart Client' License w/YR1 Support & Maintenance 0 $1,500.00 $0.00 SW- EMRBR -EM EmerGeo T'^ "Browser" License" 0 $0.00 $0.00 SW- EMRNA -EM EmerGeoT NAERG2000 Guide plus ALOHA Plume Model Interface 0 $1,000.00 $0.00 SW- EMREQ -EM EmerGeoT^^ Earthquake Model Interface 0 $1,000.00 $0.00 SW- EMRCA -EM EmerGeoTm Community Alert Network Interface 0 $1,000.00 $0.00 WebEOC Software Support SS -CIMS -PRE Software Support Renewal - WebEOC ®Professional - Enterprise Edition 0 $10,000.00 $0.00 SS -CIMS -GSM Software Support Renewal - GISmp 0 $7,500.00 $0.00 SS- CIMS -RMB Software Support Renewal - Resource Manager 0 $1,980.00 $0.00 SS- CIMS -RMG Software Support Renewal - Resource ManagerGlS 0 $3,300.00 $0.00 SS- CIMS -TMB Software Support Renewal - Team Management 0 $1,100.00 $0.00 SS -CIMS -CAL Software Support Renewal - Calendar 0 $300.00 $0.00 Third Party Software Support SS- DTADV -BM Maintenance Renewal - DT -ADV (Per License) 0 $905.45 $0.00 SS- EMRSV -EM Maintenance Renewal - EmerGeo Server (per server /per year) 0 $5,250.00 $0.00 SS- EMRSC -EM Maintenance Renewal - EmerGeo Smart Client (per seat/per year) 0 $525.00 $0.00 SS- EMRNA -EM Maintenance Renewal - EmerGeoT1 NAERG2000 Guide plus ALOHA Plume 0 $500.00 $0.00 SS- EMREQ -EM Maintenance Renewal - EmerGeoT Earthquake Model Interface - per model year 0 $500.00 $0.00 SS- EMRCA -EM Maintenance Renewal - EmerGeoT Community Alert Network Interface 0 $500.00 $0.00 Technical Services TS- PGMNR -ES Technical Services - Normal Hourly Rate (Travel excluded) 40 $125.00 $5,000.00 TS- GSEON -BC WebEOC® GISe Onsite Installation Support (Estimated) 0 $5,466.00 $0.00 TS- INST4 -DE Resource ManagerGlS Installation (Estimated) 0 $9,500.00 $0.00 Price List - Issue # 1.39 August 17, 2006 Page 2 of 2 3 7 4 0 • .� :R,.i Archives Information is stored by incident. The archives database can be accessed and incident data retrieved for viewing and reporting purposes. An archive can also be turned into a simulation that can then be edited an run. • How to archive an incident • Viewing and Printing Archived Data • Simulizing an Archive • Deleting an Archive Audit Log The Audit Log tracks, records and displays, in a pre- defined format, events that have occurred in WebEOC. • Viewing the Audit Log • Audit Log Queries • Clearing the Audit Log Cap Messaging CAP (Common Alerting Protocol) enables users to send and view CAP alert messages through the Disaster Management Interoperability Services (DMIS) CAP Service. • Registering with DMIS as a COG • CAP Messaging Setup and Configuration Dual Commit Allows setup and configuration of remote WebEOC servers to which data from the local WebEOC server can be posted. • Prerequisites • Adding, Editing, and Deleting a Dual Commit Server • Regional Dual Commit General Security permissions /profiles, and Email Server configuration is setup in the General Manager. Email server setup enables users to send WebEOC Messages to any email server or email addressable device through tho Mossages Plug -Iii. • Security Options • Email Server 6of8 3740•:':s p Emergency Services integrators C=1 Products and Services Suite *Crisis Information Management Software (CIMS) Integrated Mapping Solutions *ASP Hosting Services 0 EOC /Public Safety Consulting & Systems Integration Emergency Management and Public Safety Solutions 3740 . Other Plug -Ins Upon completion of administrator training, the balance of time onsite is used to better understand an agency's process, discuss implementation, and assist with user setup. Based on EST's understanding of an organization's internal process, an overview of best practices' adopted by similar agencies can be provided along with any status boards developed by other WebEOC customers. NOTES: At a minimum, training must include one person from Emergency Management. Having an IT representative in attendance is encouraged, but not required. During Administrator training, customers will learn how to locally create Status Boards using WebEOC's Board Builder utility. Status Boards and Forms can also be developed using an HTML editor such as Front Page or Dream Weaver. Agencies may want to have personnel with these skills attend training (if available). Day Two /Three: Process Day two continues Administrator training (if not completed on Day one). Day two (and three if scheduled) are designed to allow you to you describe your process and use what you learned on the previous day(s) to setup your WebEOC system and implement your basic emergency management process elements. The facilitator will provide users with options, tips and lessons learned from other users to find the best way to address your organization's preferences, organizational structure and concept of operations. WebEOCOProfes, Version 6 Crisis Information Management Software provides real-time information to emergency responders Following the events of September 11, 2001, the Department of Justice, National Institute of Justice (NIJ) /Office of Science and Technology (OS &T) conducted an evaluation of what is now known industry-wide as Crisis Information Management Software (CIMS). At the time there existed relatively few software firms providing CIMS — the software used in emergency operations centers (EOCs) to manage crisis information. ESi was one of only ten software firms who subjected its software, WebEOC ®, to DOJ's independent evaluation. Since that time, ESi has become the leading provider of CIMS software nationwide. WebEOC first received industry-wide exposure in the July 1999 edition of the International Association of Emergency Managers (IAEM) Bulletin. In an article written by then IAEM Region IX President B.J. Sibley, WebEOC and the concept of a "virtual" EOC were given widespread recognition. Today, WebEOC is used by agencies within DOD, DOE, DHS, EPA, NASA, state, county, and city EOCs, domestic and international airlines, healthcare associations, corporations, public utilities, and universities. It has also been adopted by government agencies internationally. In DOJ's 2002 evaluation, State and local Emergency Management Agencies indicated that Crisis Information Management Software must: 3740 • ' ■ Be affordable. • Be user friendly • Be easy to maintain by existing EMA Staff with access to vendor's technical support. • Be easy to tailor to the conditions and policies of the agency • Allow for remote access by authorized users located outside the LAN. • Comply with the provisions and standards for Incident Command System (ICS). • Comply with the provisions of the Emergency Support Functions (ESF). • Integrate with other systems such as mapping, other CIMS, and telephonic alert notification systems. • Integrate public health into emergency management. • Operate within a variety of network configurations. • Have a wide range of features. • Offer help desk support 24/7 Why WebEOC? Affordability Unlike other products, there are no recurring costs with WebEOC. WebEOC does not rely on third party products whose licenses must be renewed annually. Nor must additional licenses be purchased as D Public Health WebEOC isn't simply a tool for use by emergency managers. As a tool, it can be used to support almost any operation. Because it can be locally customized and interfaced to other systems, WebEOC has already been adopted by healthcare organizations throughout the United States. Operate with Various Networks WebEOC can be installed on customer equipment residing on a LAN/WAN (Local /Wide Area Network) or it can be a hosted (ASP) solution in which ESi provides the hardware, software and infrastructure needed to run the application. � -- � '., Pfole55ional J s Typical LAN Model Our ASP servers provide customers 99.9% site availability, excluding scheduled outages. ESi provides all hardware, network infrastructure and software to host WebEOC and you pay one low annual fee. ASP Model ASP benefits include: • Rapid Deployment • Minimal demands on in -house IT • Managed Services • Guaranteed availability ESi also offers a hybrid model where the system can be configured to operate in both environments (LAN and ASP). Help Desk Support Year 1 24/7 software support is included with the purchase of any WebEOC core product (i.e., Professional, Air, ST). This includes access to our help desk and all software updates. Toll free numbers are provided for routine technical support and for after - hours, emergency support. Agencies can submit problems by email or through EST's WebEOC user forum. WebEOC's user forum also provides the ability to submit suggestions, post questions, or share ideas with other WebEOC customers. Beginning with Year 2, customers may choose to continue software support Plans or opt for software upgrades and technical support at ESi's then current rates. 3740-4-J Internet/ Intranet Backbone - EO Wa b[ - �`" ,50 r Second Data Center - - - -- - D ONS I 00 7507 Cisco 7507 RND WS D Pros —" -- - - -- -" I - --- -- for Denicalatl 6ervers _ � SDNS NFS NFS I I Dedicated WebEDC Sery er _ rlr 11 / IntarrwV - - ✓�� r� Qs 410E Pnv .Dial Network ESi also offers a hybrid model where the system can be configured to operate in both environments (LAN and ASP). Help Desk Support Year 1 24/7 software support is included with the purchase of any WebEOC core product (i.e., Professional, Air, ST). This includes access to our help desk and all software updates. Toll free numbers are provided for routine technical support and for after - hours, emergency support. Agencies can submit problems by email or through EST's WebEOC user forum. WebEOC's user forum also provides the ability to submit suggestions, post questions, or share ideas with other WebEOC customers. Beginning with Year 2, customers may choose to continue software support Plans or opt for software upgrades and technical support at ESi's then current rates. r 3740 - .11,11 Threats on the Client 13 Windows Update Frequently check for and apply updates and security patches using Windows Update Services. Doing so helps prevent vulnerabilities in other system components that may lead to attackers being able to gain access to WebEOC 6.0 servers with administrator privileges and thereby compromise WebEOC 6.0. Best Practice Keep current with Windows Update. Addressing Threats on the Client While the majority of WebEOC 6.0 security configuration is performed on the server side, you can take steps on the client side to increase security, including: • Use Windows XP SP2 • Apply the concepts in the Windows XP Security Guide at http /hNvN, microsoftcom/technet/ security/ prodtech/ winclnt /secwinxp /xpsLchOLinspx. • Use the Windows Firewall software provided in Windows XP SP2. • Run antivirus software on the client. • Frequently check and apply updates and security patches. • Use strong password best practices. • Use SSL for WebEOC 6.0 communication protocol. • Run only necessary services and applications. You simply tell us what you want 'integrated'. We then work directly with your vendors to understand current or proposed systems and the specific requirements for each application or device. Next we determine how many monitors are necessary at each workstation to support the required number of windows that must be displayed at all times. Based on these results and user input, a specific solution tailored to your operation is recommended. This includes not only the 'systems' integration, but can also include recommendations on computer hardware, furniture, and mounting solutions. A Universal Dispatcher would typically include a console equipped with a single computer and multiple monitors. The monitors themselves would be configured as if they were one display surface. You can then open as many windows as desired, size them as necessary, and position them where needed. You are no longer limited to one application per monitor. Ultimately, our goal is to simplify an operator or dispatcher's job by making all applications available through one input device. Other advantages include: Cost Effectiveness. Because multiple computers are no longer needed at each position, your initial outlay is lower and maintenance costs are reduced. Work Space. An integrated solution can reduce the size and amount of furniture required, resulting in an ergonomic, space saving environment. It can also provide a cleaner desktop which translates to more usable space for the operator. Efficiency. Used in a 911 center where every second counts, an un- cluttered work surface and the absence of multiple input devices can eliminate confusion and optimize response times Fully redundant, integrated, fault tolerant, and secure systems are now available to meet your requirements. 3740.,,E Evaluation /situation assessment Whether you're planning a new facility or upgrading an existing one, ESi can help you make the right choices with experienced, professional guidelines for: Developing and implementing site and user surveys. • Determining required resources to meet your budget and community needs. Designing and building or renovating your facility. Working with fire, police and emergency medical organizations in your region. With the Universal Dispatcher, you can Save money by avoiding costly "trial- and - error" methods to link multiple applications together. Increase reliability by providing rapid access to all the tools and information needed to respond to emergencies efficiently. Cut - over /Start up Our dedicated, field- experienced professionals are on- site to make sure that your cut -over is successful and smoothly executed. Long -term support ESi's technical service professionals are available to provide long -term support through our toll -free, 24/7 help desk. Summary EST's Universal Dispatcher package delivers on the promise that advanced technology can make 9 -1 -1 facilities and Emergency Operations Centers more manageable. The Universal Dispatcher package combines a complete set of consulting, management, hardware and software solutions to ensure you get the advantages of modern technology without the disadvantaqes of disparate and rmmplex systems that are difficult to learn and maintain ESi Acquisition, Inc. WebEOC, MapTac, Universal Dispatcher and ESi are trademarks or 699 Broad Street — Suite 1100 registered trademarks of ESi Acquisition, Inc. Augusta, GA 30901 Office: 706 823 0911 Fax: 706 826 9911 www.esi9ll.com All other trademarks are the property of their respective owners. 3740 , : "71 Appendix A: WebEOC on a Single Server 15 Appendix A: WebEOC on a Single Server This section is included because a single server installation may be the only available option. Due to possible financial restraints, it may be necessary to host WebEOCC on a single server. In this instance, the server would be running both MicrosoftV Internet Information Services (IIS) and MicrosoftCR SQL server or Database Engine (MSDE). Best Practices for a Single Computer Implementation The best practices are: • Apply all patches and updates as they become available. • Ensure a strong password policy is implemented. • Disable any un- necessary services. • Use a industry recognized firewall to limit access to ports 80 and /or 443 • Use SSL encryption • Ensure physical security of the server Normally, implementation requires one Data Display Computer per room where overhead projectors are installed. A display "operator" controls which "windows" are displayed, where they are displayed, and the size of each display. Many factors determine the size of individual displays (e.g., the projector itself, room dimensions, ceiling height, etc). Images approximately eight feet wide by six feet high are common. Multiple projectors aligned to provide contiguous screens provide an even greater display surface. Rather than install projection screens, we recommend displays be projected directly on the surface of a wall or walls treated with paint specifically designed for this purpose. This saves the cost of the projection screen(s) and provides a more useable display surface. ESi can engineer solutions that allow a single operator to centrally manage displays in multiple rooms. This minimizes the number of resources (personnel and equipment) needed to support display operations. 374 0 - . • s Examples of display solutions and recommended projector requirements are provided below. ESi Acquisition, Inc. WebEOC, MapTac and ESi are trademarks or registered trademarks 699 Broad Street — Suite 1100 of ESi Acquisition, Inc. All other trademarks are the property Augusta, GA 30901 Office: 706 823 0911 Fax: 706 826 9911 www.esi9ll.com of their respective owners. I 3740 . ,x:11 Appendix B: Additional Resources 17 Securing Windows 2000 litt : / /www. microsoft. coin /downkridsidetails.as _ x' ?Famil ld=9964CF42-E236-4D73-AEF4- 7f34FDC0A')5F6 &displaylang=en • Internet Information Services (11S) Security Center http / /NwN microsoft coin /lechnet/ security /prodtech /iis /default.msSx Best Practices The following are best practices resources: Secure Network Connectivity Next Steps: Best Practices at http, / /wwN microsoft com/business/ security !network /bestpractices.mspx • Best Practices for Securing Windows Server 2003 at htt : / /N!N,w.microsoft .coin/down1oadsidetails.,Is _ x ?Famil ID=8a2643cl- 0685- 4d89 -b655- 52 1 ea6c7b4db &displaylang =en • Windows Server 2003 Security Best Practices at http / /wNN microsoft com / resources /documentation /WindowsServi2003 /standard /proddocsi en-us/ Defa Lilt. asp? url—/reso urces/dOC Umentat i on/wi ndowsserv/2003 standard/pioddocsien- us'sav�seconceptsbp.asp • Windows Server 2003 IPSec Best Practices at http //N ww microsoft coin/ resources /docrunentation /WindowsSery /2003 /standard /proddocsi en us /Default asp' ? Lit] 4 resources / docu men tation / wmdowssery /2003 /standard /proddocs /en- us /sae ipsecbestpract.asp • Windows Server 2003 Encryption Best Practices at http //www microsoft coin/ resources /documentation'WindowsSery /2003 /standard /proddocs/ en us /Default asl2?url =/ resources /documeutationiwmdowssery /2003 /standard /pi oddocs /en- us /sag_seconceptsimpefsbp. asp • Windows Server 2003 Auditing Best Practices at http /www microsoft coin/ resources / documentation /WindowsSery !2003 /standard/proddocs/ en us /Default asp? Url_/ resources / documentat ion! %window ssery /2003 /standard /proddocs /en- Us/sag seconceptsimpaudbp.asp • Windows Server 2003 Security Templates, Settings, and Configuration Best Practices at http //N N N microsoft com/ resources /documentation /WindowsSery /2003 /standard /proddocsi en us /Default ash ?url = /resourcesidocumentation /wmdowssery /2003 /standard /proddocs /en- us /seconcepts by topnode.asp • Windows Server 2003 Access Control Best Practices at http / /wNw microsoft com /reSOLn•ces /documentation /WindowsSery /2003 /standard /proddocs/ en us /Default asl2?url= /resources 'documentation /widowssery /2003 /standard /proddocs /en- us /aclui by topnode.asp fully adjustable? Comfort and support are key issues during protracted activations. • Have group roles and responsibilities been evaluated with adjacency requirements in mind? • How does information flow into and within a room or facility? How is it documented, tracked, and shared? • Do traffic patterns within a facility hinder operations? 3740•.. These and other topics are examined during every design review. After analyzing the information collected, we discuss our findings with the customer and ultimately provide a summary of recommended improvement areas. Our intent is to enhance a customer's overall emergency response capability. This desire extends beyond a single software product, such as WebEOC. We take a macro view of the entire system to ensure the tools used (i.e., hardware, software, internal processes, etc.) are consistent with sound Conduct of Operation practices. ESi Acquisition, Inc. WebEOC, MapTac and ESi are trademarks or registered trademarks 699 Broad Street — Suite 1100 of ESi Acquisition, Inc. All other trademarks are the property Augusta, GA 30901 Office: 706 823 0911 Fax: 706 826 9911 www.-esi9ll.com of their respective owners. . * 3740 . Appendix B: Additional Resources 19 Key Windows Server 2003 Security Settings • Windows Server 2003 Security Guide at http / /wwN niictosoft com / technet / security/ prodtech /Win2O03 /W2003HG /SGCHOO.mspx • Windows Security Collection at htt : / /www.microsoft. com / Resources /DOCln71eiitation /windowssery /2003 /all /techref /en- us /W2K3TR sec over asp frame =true • Group Policy Collection at htt ://www.microsolt.com/ Resources /DOCLltnentation /windowssery /2003 /all /techref' /en- us /W2K3TR °p over asp frame =true • Networking Collection at hit : / /www.microsoft. com / Resources /Documentation /windowssery /2003 /all /techref %en- us /W2K3TR netwk over asp"frame =true • Security Policy Settings at htt ://www.microsoft.com/ Resources /Documentation/ windowssery /2003 /all /techref /en- us /W2K3TR sepol set asp frame =true • Windows Server 2003 Security Guide at http / /www microsoft com /teclmetl security/ prodtech /Win2003 /W2003HG /SGCHOO.mslix Public Key Infrastructure • Best Practices for Implementing a MicrosoftC) Windows Server 2003 Public Key Infrastructure, at htt : / /'www.microsoft.coinitechneti rodtechnol /windowsserver2003 /technolo *ies /security /ws 3pkibp.mspx • The Certificate Services planning chapter from MSA 2.0 at: htt : / /www.microsoft. com / resources /docLUnentation /msa /2 /all /solution /en- us/hnsa20ik/vmhtm97.mspx • The Certificate Services build chapter from MSA 2.0 at: htt : / /\Arw,,Al.inicrosoft.coin/ resources /documentationfhnsa /2 /all /solution /en- usfhnsa2Oik /vnihtm229.mspx • Windows Server 2003 PKI Operations Guide at: htip r/wv w microsoft com / technet/ prodIecl inol/ windowsserver2003 /technolo>iies /security /ws 03pkot;.tnspx • The current version of the Common Criteria Protection Profile for Certificate Issuing and Management Components at: littp / /niai) nist aov /cc schemeipp /PP CIMCPP SL1 -4 V1.O.pdf • Ken Archival and Management in Windows Server 2003 at: http / /www microsoftcoin/ technet /prodtechnol/windowsseiver20O3 /technologies /securitv/ky acws03.mspx of WebEOC for daily operations. There are also customers who, as they become familiar with WebEOC capabilities, desire to expand those capabilities. ESi Services can address all these configuration needs. Training Training provided by ESi Services can be delivered at the customer's site or at ESi's training facilities in Atlanta or Augusta, GA. Training courses can be individually tailored to the customer's unique WebEOC design or provided as general curriculum subjects such WebEOC administration. 3740 - .'...� Drills and Exercises Drills and exercises are a challenging, but necessary, requirement at all levels of government and within corporations globally. ESi Services can design an operations -based exercise utilizing WebEOC and WebEOC Simulator to deliver all the message injects (MSELs) needed for a four- or eight -hour exercise. For most exercises a two -day event can also be developed. For a hurricane exercise a five -day event can be created. Exercises are custom tailored for the jurisdiction. If needed, ESi Services can assist with the conduct of the exercise, exercise evaluation, and the creation of the improvement plan. All aspects of our service are in accordance with the Homeland Security Exercise and Evaluation Program. For further information or to obtain a quote for ESi Services, please contact: ESi Services Suite1500 400 Galleria Parkway Atlanta, GA 30339 Phone: (866) 9 ESi911 (866 937 4911) Fax: (678) 385 -6788 Email: jcook @esi911.com ESi Acquisition, Inc. WebEOC, MapTac and ESi are trademarks or registered trademarks 699 Broad Street — Suite 1100 of ESi Acquisition, Inc. All other trademarks are the property Augusta, GA 30901 Office: 706 823 0911 Fax: 706 826 9911 www,esi9l l.com of their respective owners. For the Pact sovotal days trio V.S. 5ignancant 1 Homeland 5ocurty Alort Lovel has boon 4d 0s.bla � 0 000.01 Fvonl% Table al High m rlrinlge, bteAemn el actions In and around tho Arabian Peninsula. the San Mato. Count' High School Snonrn Fair Compotdan is underway at tee San Mateo county Lkposmmn center 000016 y Slgnvhcartl and Ib` lend turlgdtg of 11'. camp.hhorl r, Evonts Table taking place this alto noon. Prominent people to science are on hand trom 5laotoul 1.11) C Honkoloy In luJgx the linaksts. For most exercises a two -day event can also be developed. For a hurricane exercise a five -day event can be created. Exercises are custom tailored for the jurisdiction. If needed, ESi Services can assist with the conduct of the exercise, exercise evaluation, and the creation of the improvement plan. All aspects of our service are in accordance with the Homeland Security Exercise and Evaluation Program. For further information or to obtain a quote for ESi Services, please contact: ESi Services Suite1500 400 Galleria Parkway Atlanta, GA 30339 Phone: (866) 9 ESi911 (866 937 4911) Fax: (678) 385 -6788 Email: jcook @esi911.com ESi Acquisition, Inc. WebEOC, MapTac and ESi are trademarks or registered trademarks 699 Broad Street — Suite 1100 of ESi Acquisition, Inc. All other trademarks are the property Augusta, GA 30901 Office: 706 823 0911 Fax: 706 826 9911 www,esi9l l.com of their respective owners. Vir 3740•7173 B: Additional Resources 21 • Windows Server 2003 Certificate Services at: http'www microsoftcom/ technet / prodtechnol/ windowsseivei2003 /proddocsientserverisag CSprocs admin.asp • implementing PKI best practices at htt,2:/ /www iicrosoft com/i-esoru-ce,,/documentation /WindowsSery /2003 /standard / n•oddocs/ en -us /sag C'S BesiPract.asp • Chapter 16 Designing a Public Key Infrastructure Download the Windows Server 2003 Deplovrnent Kit at http / /www microsoft coin /windowssei-vei-2003 /techinfo /reskit /deploykit.msr)x • Securing Wireless LANs - A Windows Server 2003 Certificate Services Solution at: http /'www microsoft com/ technet / security/ prodtech /win2003 /pkiwire /swlan.nispx Windows Update Services • Windows Update Page at httg / /v4 windowsLpdate microsoft com /en /del'ault.asp Miscellaneous Other resources include the following topic resources. Group Policy • For more infonnation about obtaining and using the Group Policy Management Console, see http / /www microsoft coni/ windowsserver 2003 /gpmc /default.mspx • Group Policy Home at httR /'www microsoftcom/ technet /prodtechnol /windowssei-ver2003 /technologies /manaL,eme nt /gp /default.mspx • Group Policy TechNet Page at h_ttp / /www iicrosoft com/ technet�rodtechnol/ windowssei-ver2003 /technologiesimanageme nt /gV /defgU1t.mSpx SQL Server 2000 • The SQL Server 2000 Operations Guide at httR / /www microsoft comrtechnet/ prodtechnol /sql /2000hnaintain /sq]opsOanspx • The Microsoft® SQL Server 2000 Security White Paper at http / /www microsoft com / technet / prodtechnol/ sgl /2000/maintain /sL)3sec00.mspx • The Three -Tier Security in an E- Commerce Environment at htt / /www microsoft com / technet /itsoIutions /ecommercehnaintain /operate /msf3sec.msl2x • The SQL Server 2000 C2 Administrator's and User's Security Guide at http:/ /www microsoft com /Downloads /Release .asp` ?ReleaseID =25503 • The Blueprint for Building Web Sites Using the Microsoft® Windows Platform article at http:/ /www microsoft com /technet /prodtechnol /acs /reskit /aci-kappa.rnspx Atlanta HostCenter Features BUILDING DESCRIPTION AIR CONDITIONING • 92,000 sq. ft. in Atlanta, GA • Separate cooling zones • Class A data center built in • Constant 70oF/45% humidity 2001 • N +1 Trane chillers • Single -story steel, with • Redundant CRAC units masonry exterior • Chilled water piping • 24x7x365 NOC and customer call center FIRE SUPPRESSION POWER PROTECTION FIRE SUPPRESSION • Two 2MW Caterpillar • VESDA smoke detection generators • FM-200 fire suppression • Redundant Liebert UPS, PDU system and static transfer switches • Dry-pipe sprinkler system • 72+ hour fuel supply • Regular testing of systems WATER DETECTION CONNECTIVITY AND WATER DETECTION BANDWIDTH • Automated Logic • Sprint Dual OC -48 Internet Environmental Controls backbone • Third party carriers available • Cisco Gigabit switch routers • Private network available FACILITY SECURITY CUSTOMER AREAS • Onsite personnel 24x7x365 • Briefing and conference rooms • Security guard desk • Customer kitchen and office • Video surveillance space • Man -trap entry, badge -only • Secure shipping, receiving and access staging area 37 4 0'• .: 3 Dallas HostCenter Features BUILDING DESCRIPTION AIR CONDITIONING • 75,000 sq. ft. in Richardson, TX • Separate cooling zones • Class A data center built in • Constant 70oF/45% humidity 2001 • N +1 Trane chillers • Single -story masonry facility • Redundant CRAC units • Roof will withstand 100+ mph • Chilled water piping winds POWER PROTECTION FIRE SUPPRESSION • Two 2MW Caterpillar • VESDA smoke detection generators • FM-200 fire suppression • Redundant Liebert UPS, PDU system and static transfer switches • Dry-pipe sprinkler system • 72+ hour fuel supply • Regular testing of systems CONNECTIVITY AND WATER DETECTION BANDWIDTH • Automated Logic • Sprint Dual OC -48 Internet Environmental Controls backbone • SBC OC3 • Looking Glass OC12 private fiber • Cisco Gigabit switch routers • Private network available FACILITY SECURITY CUSTOMER AREAS • Onsite personnel 24x7x365 • Briefing and conference rooms • Security guard desk • Customer kitchen and office • Video surveillance space • Man -trap entry, badge -only • Secure shipping, receiving and access staging area ESi Acquisition, Inc. WebEOC, MapTac and ESi are trademarks or registered trademarks 699 Broad Street — Suite 1100 of ESi Acquisition, Inc. All other trademarks are the property Augusta, GA 30901 Office: 706 823 0911 Fax: 706 826 9911 www.esi911.con of their respective owners. Database By default, WebEOC installs Microsoft SQL Server 2005 Express. Agencies with 50 or more concurrent users require Microsoft SQL Server 2000/2005. Web Server WebEOC uses Microsoft's Internet Information Server (IIS) 5 or 6. Microsoft SQL Server (or Microsoft SQL Server 2005 Express) and IIS can reside on the same server or be implemented with separate database and web servers. Mirroring Due to the dynamic structure of the WebEOC database, and the dynamic capabilities within WebEOC to create new boards "on the fly" (which creates new tables and fields within the database), standard replication capabilities built into Microsoft SQL do not satisfy replication requirements for WebEOC. Because WebEOC utilizes a dynamic database, it requires a higher level of mirroring to copy the data, structure, and dynamic WebEOC pages to another server. ESi recommends and installs NSI's Double -Take® for replication /mirroring. ESi Acquisition, Inc. 699 Broad Street — Suite 1100 Auausta, GA 30901 Office: 706 823 0911 Fax: 706 826 9911 37 b 0 • : 3740 A. The SOFTWARE is the result of CONSULTANT's sole efforts unless otherwise stipulated as a collaboration; B. Except as otherwise disclosed in writing to CITY, the SOFTWARE is unique and original and does not infringe upon any copyright or patent; C. The SOFTWARE, or its duplicate, has not been accepted for sale elsewhere; and D. All SOFTWARE installed by CONSULTANT will be warranted to be free from defects in material and workmanship for a minimum period of one (1) year from the date CITY accepts the SOFTWARE. CONSULTANT warrants that the SOFTWARE will perform in accordance with and strictly comply with specifications, requirements, standards and representations set forth in this Agreement. Should the SOFTWARE not perform as required, CONSULTANT will promptly correct any such deviations. The correction of any such deviation will be at no cost to the CITY and the work performed will be performed in a timely and professional manner by qualified personnel. 6. YEAR 2000 COMPLIANCE WARRANTY. A. For purposes of this Agreement, "Product" includes, without limitation, any piece or component of equipment; hardware; software; and /or internal components or subroutines therein. B. CONSULTANT warrants that any Product furnished under this Agreement will: i. Calculate, process, display, store, transmit, and /or receive accurate date data from, into, and between the 20`h and 21s` centuries; during the years 1999 and 2000; and leap years without interruption or human intervention. ii. Ensure that all date related functions will include the correct indication of century. iii. Accept two digit year date data in a manner that resolves any ambiguities as to century in a defined manner. 1v Sense, lIPYPrI'n1r1P rPcord� transfer, and p int correct date values and endue that all operations do not result in abnormal terminations and /or outcomes. C. In the event of any decrease in Product functionality or accuracy related to time and /or date data related codes and/or internal subroutines that impede the Product from operating correctly using dates beyond December 31, 1999, CONSULTANT will restore or repair the Product to the same level of functionality as warranted herein, so as to minimize interruption to City's ongoing business processes, time Page 2 of 10 Howard County Uik WDR or y C �� CAr,Pe+Vbwrtid yC? 7 FreClr N&n[hA .G may e 4 Done 3740 URLs can be added to icons that allow - -- users access to related information. In this example, clicking the poison icon ANL (appearing near the map's top left �Sh s� quadrant) opens event - related NAERG 0 101 guide pages. x wih GUFWO- 0— j I li3 Q4 [' ' m i �� _LEJ3 X :lera_aawJsear[hlWb asPiGUiGe -129% V -ENu •• �I Do C& tm Fji look it* 14 11` TOXIC; may be fatal If inhaled or absorbed through skin F re will produce irritating, corrosive and )or toxic gases Contact with gas or liquefied gas may cause burns, severe injury E Runoff from fire control may cause pollution Substance does not burn but will support combustion Vapors from liquefied gas are Initially heavier than air and spread These are strong oxidizers and will react vigorously or explosively materials including fuels May ignite combustibles (wood, paper, oil, clothing, etc Some will react violently witri air, moist air andfor water Containers may explode when heated. Runtured Winders may rocket CALL Emergency Response Telephone Number on 'hinninn Pan- not availahla or nn anawar rotor to a lane F Users (with appropriate privileges) can add markers and label icons as they see fit. These icons can represent the incident scene, show the location of responding units, identify forces assigned to staging, display road blocks, etc. You have the option of showing individual icons for each unit, or one icon, properly labeled, representing many units. With MapTac, GIS professionals can use GIS tools to include the appropriate layers and then present the user with the desired level of detail by saving to a common jpg, gif, or bmp graphic format. Labels can be added at any time and edited as necessary. URLs can be added to icons that allow users access to related information. Once the file is published in MapTac, any authorized user can select the appropriate file from a drop down list and the map is displayed on the screen. J.aeik . 'F - (f t11 12 1 (a y7Feworltes Ok'. j I t6' �4 ® ' +_J SNTALL SPILLS LARGE SPILLS (From a small package or (From a large package a small leak from a large from many small packages) package] First Ther, PROTECI Fist I ThenFROTECT ISOLATE persons ISOLATE persons in all Downwind m all Downwind Iivechons during- Dffecnons durmg- ID NAME OF No. MATERIAL MapTac can be used to display the output of a chemical or radiological dispersion model. Plumes can be published on a map /GIS and then added to MapTac so responders can setup their own tactical layout. MapTac also makes it possible for the average user to input digital photos from an incident scene, annotate the photo with markers from MapTac's pallet, and publish the picture making it available to all authorized users. This is extremely useful in those instances where it is not entirely clear or evident as to what is being shown. While not a GIS product, MapTac offers agencies with or without GIS mapping systems an inexpensive solution for creating, publishing, disseminating and updating tactical information in an easy -to -use graphical format. ESi Acquisition, Inc. WebEOC, MapTac and ESi are trademarks or registered trademarks 699 Broad Street — Suite 1100 of ESi Acquisition, Inc. All other trademarks are the property Augusta, GA 30901 Office: 706 823 0911 Fax: 706 826 9911 www.esi9ll.com of their respective owners. 3740 -.971 event or control of someone other than Client. C. "Malicious Code" means any virus, "spyware," "Trojan horse," "worm," "Easter egg," "cancelbot," .. trapdoor," or other unapproved or malicious software routine, code, command, device, technique, or instruction or other contaminant intended to Permit unauthorized access to, detection of, modification of, or monitoring of any code, system, or data; ii. Alter, supplement, disable, erase, limit, threaten, infect, assault, vandalize, defraud, disrupt, damage, disable, shut down or delete, threaten, slow or otherwise inhibit the functioning of, or otherwise harm any of the code, documentation or data or any computer system, software or other property; iii. Render any data irretrievable, modified, or disrupted so as to be unreliable in any regard; iv. Perform any other unauthorized action, or prevent, limit, condition or inhibit performance of authorized actions or any function including, without limitation, to its security or end user data. 8. LAWS AND REGULATIONS. CONSULTANT is responsible for complying with any and all applicable Federal, State, County, and Municipal laws and regulations and the conditions of any required licenses and permits before entering into this Agreement. Such compliance will be at CONSULTANT's sole cost and without any increase in price or time on account of such compliance, regardless of whether compliance would require additional labor, equipment, and /or materials not expressly provided for in the Agreement or CONSULTANT's proposal. 9. CONFIDENTIALITY. CONSULTANT agrees that any and all data, reports and documentation supplied by CITY or its affiliates or third parties on CITY's behalf, which are confidential and which are clearly designated as confidential, are, subject only to the disclosure required for the performance of CONSULTANT's obligations hereunder, held in strict confidence and may not be disclosed or otherwise disseminated by CONSULTANT without CITY's consent. 10. PUBLIC RECORDS ACT. The Parties to this Agreement understand and agree that data affected by this Agreement are subject to the requirements, exceptions and exemptions set forth in the California Public Records Act. 11. INDEMNIFICATION. A. CONSULTANT agrees to the following: i. Indemnification for Professional Services. CONSULTANT will save harmless and indemnify and at CITY's request defend CITY from Page 4 of 10 WebEOC's basic and GIS Resource Manager require: ESi's WebEOC version 6.2 or higher (Professional, AT, Air, or ST). The GIS component for Resource Manager also requires • ESRI ArcIMS ESRI ArcSDE ArcIMS Active X Connector (enabled) ArcIMS requires a webserver, JavaVM, and servlet engine. 3740.110 A program that contains the functions of the GIS Resources Module is installed on the server. This program utilizes MapObjects. Minimum system requirements for Resource ManagerGlS are listed below. WebEOCO Product The GIS data must be in ESRI format (shapefile or SDE). A data layer must be added to the data repository that is a union of city, county, and ZIP code boundaries and must include U.S. Census demographic information. There Operating System must be a geocodable street centerline data file. Web Server Web Browser: Supported Servlet Engine Version 6.2 or higher (Professional, AT, Air, or ST) ESRI' ArcIMS"' 9.0 or 9.1 with Active X Connector (32 -bit) ESRIN' ArcSDE'�j 9.0 with SQL Server and a geocoding service OR Street centerline data in ESRI shapefile format with geocodable attributes ESi WebEOC& Professional with Resource ManagerGlS Module Microsoft Windows 2000, SP4 OR Microsoft® Windows 2003 (32 -bit, 64 -bit), SP1 (64 -bit for Itanium servers not supported) Internet Information Server (IIS) 5.0 or higher Internet Explorer 6.0 or higher New Atlanta ServletExec"' 4.2 or higher ESi Acquisition, Inc. WebEOC, MapTac and ESi are trademarks or registered trademarks 699 Broad Street — Suite 1100 of ESi Acquisition, Inc. All other trademarks are the property Augusta, GA 30901 Office: 706 823 0911 Fax: 706 826 9911 www.esigll.com of their respective owners. 3740•.�� B. Commercial general liability insurance will meet or exceed the requirements of the most current ISO -CGL Form. The amount of insurance set forth above will be a combined single limit per occurrence for bodily injury, personal injury, and property damage for the policy coverage. Liability policies will be endorsed to name City, its officials, and employees as "additional insureds" under said insurance coverage and to state that such insurance will be deemed "primary" such that any other insurance that may be carried by City will be excess thereto. Such insurance will be on an "occurrence," not a "claims made," basis and will not be cancelable or subject to reduction except upon thirty (30) days prior written notice to City. C. Professional liability coverage will be on an "occurrence basis" if such coverage is available, or on a "claims made" basis if not available. When coverage is provided on a "claims made basis," Consultant will continue to maintain the insurance in effect for a period of three (3) years after this Agreement expires or is terminated ( "extended insurance "). Such extended insurance will have the same coverage and limits as the policy that was in effect during the term of this Agreement, and will cover Consultant for all claims made by City arising out of any errors or omissions of Consultant, or its officers, employees or agents during the time this Agreement was in effect. D. Consultant will furnish to City duly authenticated Certificates of Insurance evidencing maintenance of the insurance required under this Agreement, endorsements as required herein, and such other evidence of insurance or copies of policies as may be reasonably required by City from time to time. Insurance must be placed with insurers with a current A.M. Best Company Rating equivalent to at least a Rating of "A:VII." E. Should Consultant, for any reason, fail to obtain and maintain the insurance required by this Agreement, City may obtain such coverage at Consultant's expense and deduct the cost of such insurance from payments due to Consultant under this Agreement or terminate. 13. TERMINATION OF AGREEMENT A. During the term of this Agreement, CITY may, in its sole discretion, terminate this Agreement with or without cause by giving written notice to CONSULTANT. TP_,rY i-mition will he orne,, effective. 1TY1TY1Pdiate�y 111 on t11P_. o3vino, of nntiop as provided in this section of the Agreement. The City Manager may exercise such right of termination on behalf of CITY. B. Except as otherwise provided, upon termination of this Agreement, CITY will be liable to CONSULTANT only for all work done by CONSULTANT up to and including the date of termination of this Agreement unless the termination is for cause, in which event CONSULTANT need be compensated only to the extent Page 6 of 10 Team Management Plug -in Record and Track Team Member Credentials and Deployment Information (Option) With Team Management 2006, WebEOC users can administratively manage and deploy response personnel within their organization. The array of features in Team Management allows an agency to: • Maintain member credentials such as training, languages (and other skills) /proficiency, and attach an image file to the member record. • Activate and deploy team members. • Track disbursements, travel details, assigned equipment, maintain detailed time records, etc. for each team member. • Search and filter team member information. ESi Acquisition, Inc. 699 Broad Street — Suite 1100 Augusta, GA 30901 Office: 706 823 0911 Fax: 706 826 9911 www.esi911.com 3740 • �'l • Configure the data fields that will be displayed in certain screens. • Pre - populate a host of drop -down lists based on local operations and nomenclature. • Create pre- defined templates for importing and exporting Team Management data residing in the database. • Assign read /write permissions to specific functions and screens in Team Management. To schedule an online demo, contact ESi. WebEOC, MapTac and ESi are trademarks or registered trademarks of ESi Acquisition, Inc. All other trademarks are the property of their respective owners. 3740 �•� 16. NON - APPROPRIATION OF FUNDS. Payments due and payable to CONSULTANT for current services are within the current budget and within an available, unexhausted and unencumbered appropriation of the CITY. In the event the CITY has not appropriated sufficient funds for payment of CONSULTANT services beyond the current fiscal year, this Agreement will cover only those costs incurred up to the conclusion of the current fiscal year. 17. INDEPENDENT CONTRACTOR. CONSULTANT, CONSULTANT's subconsultants, employees, agents, and representatives, will act as independent contractors while performing the SERVICES and will have control of CONSULTANT's work and the manner in which it is performed, except as is otherwise provided herein. CONSULTANT will be free to contract for other services performed during the term of this Agreement. CONSULTANT is not an agent or employee of CITY and is not entitled to participate in any pension plan, insurance, bonus or similar benefits CITY provides for its employees. 18. ASSIGNMENT. An essential element of this Agreement is the skill and creativity of CONSULTANT. CONSULTANT may not, therefore, assign the creative portions of the work to a third party for the production of the work without CITY's prior written consent. Failure to conform to this provision may result in termination of the Agreement. 19. CONSISTENCY. In interpreting this Agreement and resolving any ambiguities, the main body of this Agreement takes precedence over the attached Exhibits; this Agreement supersedes any conflicting provisions. Any inconsistency between the Exhibits will be resolved in the order in which the Exhibits appear below: A. Exhibit A: SERVICES. 20. ENTIRE AGREEMENT. This Agreement, and its Attachments, sets forth the Parties' entire understanding. There are no other understandings, terms or other agreements expressed or implied, oral or written. There are two (2) attachments to this Agreement. Except as otherwise provided, this Agreement will bind and inure to the benefit of the Parties to this Agreement and any subsequent successors and assigns. 21. MODIFICATION. No alteration, change or modification of the terms of the Agreement will be valid unless made in writing and signed by both Parties hereto and approved by appropriate action of CITY. The city manager may exercise this authority on behalf of CITY. 22. FACSIMILE SIGNATURES FOR SUBSEQUENT AGREEMENTS. The Parties agree that agreements ancillary to this Agreement, and relate? documents to be entered i :to in connection with this Agreement will be considered signed when the signature of a party is delivered by facsimile transmission. Such facsimile signature will be treated in all respects as having the same effect as an original signature. 23. TAXPAYER IDENTIFICATION NUMBER. CONSULTANT will provide CITY with CONSULTANT's Taxpayer Identification Number. Page 8 of 10 �o WebEOC @ ST Crisis Incident Management Software For Surface Transportation WebEOC ®ST (Surface Transportation) builds upon the features of WebEOCProfessional and adds functionality specifically designed for the Surface Transportation Sector. -Manage and share real -time information -Allow remote access by authorized users. -Supports interoperability -Affordable and easy to use. WebEOC ®ST Supports: • Passenger Rail Incidents — WebEOCST has the capability of capturing and providing detailed, up- to -date information regarding Passenger Rail incidents. Rail Car Data Sheets are also included which provides information and schematics on specific passenger rail cars. Freight Rail Incidents — WebEOCST has the capability of capturing and providing detailed, up- to -date information regarding Freight Rail incidents. Support for Hazmat incidents are also part of the WebEOCST system. • Public Transit — WebEOCST includes many emergency responses procedures and protocols established by the FTA. Users also have the ability to track service disruptions and detours. • Emergency Support Function 1 (Transportation) • FTA Top 20 Security Program Action Items for Transit Agencies — The FTA identified the top 3740 • � EEMM twenty (20) most important elements that transit agencies should incorporate into their System Security Program Plans. These elements are based on good security practices identified through FTA's Security Assessments and Technical Assistance Program. WebEOCST addresses several of these elements as listed below: o #3 — Incident Management Organization: WebEOCST provides ICS boards and forms. o #16 —Tabletop and functional drills are conducted at least once every six months. WebEOCST provides a Drill Simulator automating the exercise and drill process. o #20 — Protocols to respond to Office of Homeland Security Threat Advisory Levels. WebEOCST includes the FTA Transit Threat Level Response Recommendations. Public Transit's Capabilities to Assist Community Response to Emergency Events — WebEOCST provides a solution to assist in sharing transit resources with local responders. This allows the transit agency to identify and communicate the resources that they have available to support community response to an emergency event. This is a practice encouraged by the FTA. Jun 12 2007 3:58PM 706 - 826 -9911 p.2 3740 • :"I IN WITNESS WHEREOF the parties hereto have executed this contract the day and year first hereinabove written. ATTEST: q#�� Cindy Mortesen, City Clerk APPROVED AS TO FORM: MARK D. HENSLEY, City torney By: 7 Karl . Berger, Assistant City Attorney Taxpayer ID No.r Page 10 of 10 71 IKI -1 ")- �nRr -2 1 A ! R'7 17nr- P'7- qQ1 1 Qom % P nD C =1� EM Assist An emergency management tool and centralized reference library at your fingertips EM Assist is an exhaustive library of emergency management knowledge and resource base that provides rapid access to information through a CD- based, extensively cross - indexed program of information and reference materials. Both a product and a service, EM Assist harnesses the power of the Internet, greatly reducing search time and rapidly leading the user to specific areas in emergency management critical to mitigation, preparedness, response and recovery. EM- related and how -to reference materials stored on the CD are immediately accessible without the use of the Internet. The service includes updates to information, terms, tools, and an industry watch on new emergency management concepts, technology, and methods. Benefits of EM Assist: Provides the best information and tools for emergency preparedness and response readily available; Contact EM Assist, Inc. for an online demo: 1400 Commerce Blvd., Suite 15 Anniston, AL 36207 4U- 1** AUW ■ • Minimizes searching and waiting time on the internet by centralizing information; • Improved communications through standardized definitions and concepts; • Improved productivity and proficiency; • Improved awareness of EM case studies and examples; • Improved response capability; • Improved recovery; • Improved mitigation; and • Improved skill areas Add EM Assist to your organization's emergency management library and provide your WebEOC users single -click access from their control panel. Office: 256 832 0350 WebEOC, MapTac and ESi are trademarks or registered trademarks Cell: 256 282 1781 of ESi Acquisition, Inc. All other trademarks are the property of their respective owners. Fax: 256 831 8728 3 7 4 0 Page 2 • Additional products (computer hardware, software, projectors, etc.) or services can be quoted upon request. Selection of optional items will change the Scope of Work and could require additional time onsite. • Where customers purchase a second WebEOC license, we assume both servers are co- located. If these servers are geographically separated (e.g., another city), technical services and travel may need to increase to account for longer than planned installation activities. • Implementation of the ESRI -GIS mapping interface also requires further discussion before final pricing can be provided. This proposal assumes El Segundo GIS personnel will install and configure WebEOCGISe on the City'sArcIMS server. Remote technical support by ESi has been quoted to support this effort. Onsite installation can be quoted if desired. Taxes are not included. If your agency is tax exempt, we request a tax - exempt certificate accompany your purchase order. There are no hidden or recurring costs with WebEOC. WebEOC does not rely on third party products whose licenses must be renewed annually. Nor must additional licenses be purchased as the number of responders needed to manage an event increase. WebEOC is sold on a per server basis (unlimited users). If elected, GISmp support must be renewed annually in order to continue subscription services (i.e., access) to the MapPoint Web Service. After you have had an opportunity to review this proposal and the accompanying information, please contact our office should you have additional questions or desire any changes. Thank you for considering ESi for your Emergency Management and Public Safety needs. Sincerely, Curtis R. MacDonald Vice President, Operations Atch: 1. Implementing WebEOC 2. System Requirements — WebEOCProfessional 3. System Requirements — Resource ManagerGIS 4. System Requirements — WebEOCGISe 5. System Requirements — EmerGeo 6. WebEOCProfessional Scope of Work 7. Quote:032607ELSE -01 8. WebEOC 6.0 Security Guide (Transmitted Separately) 9. WebEOC Baseline Process (Transmitted Separately) 10. WebEOC Training Syllabus (Transmitted Separately) Necessary Components WebEOCGISe requires ESi's WebEOCProfessional, different data formats are available. Examples of data types include: Air, or STand ESRI's ArcIMS. WebEOC requirements Shapefiles are published separately. ArclMS requires a Web ArcSDE (SQL ServerTA4 Oracle°, DB2®, Informix ) server, JavaVM, and a servlet engine. The ' WebEOCG /Se Viewer uses the Arc IMS ActiveX For a complete listing of supported data types and Connector. other ArclMS requirements, refer to ESRI's website A wide variety of data sources are available for use www.esri.com or contact an ESRI representative. with ArclMS. Depending on the type of service, i , Optional Components ESRI ArcIMSO Route Server Extension with Data Pack (GDT or Tele Atlas) (if street centerline data unavailable) ESi Acquisition, Inc. WebEOC, MapTac and ESi are trademarks or registered trademarks of ESi Acquisition, Inc. All other trademarks are the property 699 Broad Street —Suite 1100 Augusta, GA 30901 Office: 706 823 0911 Fax: 706 826 9911 www.esi9ll.com of their respective owners. ESRI® ArcIMSG 9.0 or 9.1 with ActiveX Connector (32 -bit) Product: ESi WebEOC ®Professional, Air or ST 6.0 Operating System: Microsoft° Windows° 2000 SP4 or 2003 SP1 (32 bit; 64 -bit) (64 -bit for Itanium servers not supported) Standard Server or Advanced Server Microsoft .NET Framework 1.1 Web Server: Internet Information Server (IIS) 5.0 Web Browser: Internet Explorer 6.0 or higher Supported Servlet Engines: New Atlanta ServletExec 4.2 or higher Tomcat 4.1.29 w /isapi_redirector.dll Jrun 4.0 Optional Components ESRI ArcIMSO Route Server Extension with Data Pack (GDT or Tele Atlas) (if street centerline data unavailable) ESi Acquisition, Inc. WebEOC, MapTac and ESi are trademarks or registered trademarks of ESi Acquisition, Inc. All other trademarks are the property 699 Broad Street —Suite 1100 Augusta, GA 30901 Office: 706 823 0911 Fax: 706 826 9911 www.esi9ll.com of their respective owners. 3740 • ::�# Implementing WebEOC As a web - enabled application, WebEOC requires a TCP /IP connection. Similar to a network appliance, if the server is connected to the internet then anyone in the world, with proper authorization, can login. If the server is connected to the internal LAN /intranet and not accessible from the internet, then only intranet users can access WebEOC. Architecture WebEOC is a standard, three -tier application. • Microsoft°" SQL Server is the backend database. • Microsoft` "' [IS is the Web server • Microsoft'"' Internet Explorer provides the client/user interface. As a web - enabled database application, WebEOC utilizes web pages for data entry and retrieval to a Microsoft SQL database. Users access the application utilizing Internet Explorer 6.0 or later. The web services component of the application is asp and html over port 80 (443 if SSL is implemented). The communication between the web server and the database is TCP /IP over SQL port 1433 via a component object. Access to the database is controlled by setting an identity on the component object which is assigned DBO access to the database. The database is a single SQL database. Both the web server (IIS) and database server (SQL) can reside on a single machine, or on separate machines. WebEOC 6 makes extensive use of XML technology - in particular, the XML parser developed by Microsoft. Much of the business logic is written in Microsoft C# /.Net 2.0 /ASP.Net 2.0. WebEOC 6 also makes use of stored procedures within Microsoft SQL Server 2000 and 2005 to improve performance and scalability. Implementation Although not a requirement of WebEOC, if your agency requires access from the "internet ", then ESi recommends SQL and IIS be installed on separate servers. When deploying separate servers, placing the Web server in a DMZ offers an additional layer of protection. Intamet t3ountlery �X 4 Remote Users i oT DMZ M_ I., ., 2000 2 of 4 Attachment 1 Necessary Components WebEOCG /Smp requires ESi's WebEOCProfessional, Air, or ST and Internet access. WebEOC requirements are published separately. User access is via Microsoft Internet Explorer 6.0 (or higher) MapPoint Web Service The WebEOCG /Smp purchase price includes both the interface and a 12 month subscription to Microsoft's MapPoint Web Service. Customers must renew WebEOCG /Smp software support on an annual basis to continue receiving this service. Availability. Microsoft MapPoint Web Service will be available at least 99.9% of the time during each quarterly period measured inside Microsoft's data centers. The system is designed for full availability during routine maintenance. Microsoft does reserve the ability to schedule downtime of up to one hour per month that will not be counted as downtime, provided that Microsoft provides prior written notice as soon as practical and in no event less than 48 hours before the scheduled downtime. Performance. Microsoft maintains the average SOAP response time for transacting and rendering a single map will be one second or less during each quarterly g e riod measured inside Microsoft's data centers. Service Monitoring. Microsoft will continuously monitor (on a 24 hours per day, 7 days per week basis) the Service and will address any problems noted ESi Acquisition, Inc. 699 Broad Street — Suite 1100 Augusta, GA 30901 Office: 706 823 0911 Fax: 706 826 9911 www.esi911.com 3740•.1 during such monitoring. Monitoring includes: service availability, capacity and throughput, disk space, request/response to application servers, database connectivity, DNS availability, load balancing functionality, network functionality (i.e., firewall, packet loss, and latency), and security attacks (i.e., virus, denial of service). Microsoft operators also monitor system performance around the clock to respond to potential Service- disrupting situations before they occur. Backup. Microsoft will take precautions to ensure the continued availability of the Service. All MapPoint servers that provide mission critical services are configured with hardware redundancy. This hardware redundancy includes redundant (RAID) hard drives, power supplies, and fans. In the event one of these hardware components fails, the server continues to operate and MapPoint operations is alerted so the faulty component can be scheduled repaired without disruption to the Service. Backups will be performed on a separate network so that the backup traffic has no impact on the service traffic. Data center infrastructure. The Service leverages the same data center infrastructure as Microsoft.com, MSN.com and several other high - volume properties. Each data center has multiple levels of redundancy, including uninterruptible power supplies (UPS) and backup generators that can support the entire data center in the event of a commercial power failure. The network architecture is fully redundant and includes multiple internet egress providers. WebEOC, MapTac and ESi are trademarks or registered trademarks of ESi Acquisition, Inc. All other trademarks are the property of their respective owners. 37 4 0 Implementing WebEOC target. Allowing a fully automated failover could result in both SQL servers being active simultaneously and possibly dissimilar data on the servers. Double - Take"' is licensed per server and comes in Standard and Advanced Server editions. • Double -Take Standard is used for servers running Microsoft' Windows ServerTm 2003 or Microsoft' Windows" 2000 Server. • Double -Take Advanced Server is used for servers running Windows Server 2003 Enterprise or Windows 2000 Advanced server. Disaster Recovery Mirroring and replication are different from backing up your data. One does not replace the other. Used in combination, both afford customers a high degree of redundancy. As already noted, Double -Take is used to initially mirror and then replicate changes (byte -level data) from a primary [active] WebEOC database server to a secondary or `target' [passive] database server. Redundant, mirrored servers that constantly replicate data provide `high availability' and minimize the amount of time necessary to recover from an outage. A secondary or `target' server can be activated in seconds or minutes (depending on failover strategy), providing users access to all information entered into WebEOC up to the time of failure /outage. Absent redundant, mirrored database servers, a primary WebEOC database server failure would require agencies to load another server, or at least restore from tape the latest backup job (if tape backups were being accomplished). This takes time, depriving users access to WebEOC while someone is either reloading a server or restoring from tape. Even if daily backups are performed, agencies that suffer a database failure during an emergency would potentially lose any data entered between the time of the last backup and the actual server failure. This could be minutes, hours, or days depending on your backup schedule. If the WebEOC database and system files were properly backed up, a complete system restore should take no longer than an hour assuming the operating system and database software had already been installed. A system that has been imaged would just copy the latest system files and attach the restored database. A word of caution — Agencies implementing redundant database servers should not rely on Double -Take as their sole "backup" strategy. A corrupt database on the primary server would be replicated to each and every target server. If this were to occur, agencies that perform regular tape backups could at least restore data from their most recent backup job. a Database backups can be configured using any available tool that is compatible with Microsoft SQL Server. 4 of 4 Attachment I EmerGeo'" can incorporate high - resolution photos & CCTV. Situation maps shared among web browser and mobile users. 3740•.11:11 Plot WebEOCG Board data through a Control Panel. Unique Features Benefits EASY - WIZARDS & ONLINE GUIDANCE • Minimize reliance on GIS technicians to do emergency mapping SIMPLE STEP -BY -STEP INSTRUCTIONS FOR functions. QUERIES, DRAWING /PLOTTING AND MODELS. • Free -up GIS technicians to focus on technical support matters. OPENGISc' INTERFACES ♦ Leverage existing GIS systems and data. WEB MAP SERVICES CAN BE USED TO CREATE • Avoid data duplication and maintenance. LIVE DATA CONNECTIONS TD ENTERPRISE OR PUBLIC OPENGIS- ENABLED MAPPING SERVERS. • Add free publicly available data layers through OpenGIS® data connectors. EMERGENCY MANAGEMENT WORKFLOW ♦ Controlled data communications between emergency functions AUTOMATES PUBLISHING OF DRAWINGS /PLOTTED and agencies. DATA TO FUNCTIONAL GROUPS AND AGENCIES. ♦ 'Need to know' information displayed in each group's map views. HISTORY LOGGING ♦ Maintain a complete audit trail. PLOTTING, DRAWING, EDITING TRACKED. • Export logs to Excel for analysis and reporting. WEB BROWSER & MOBILE CLIENTS • Simple browser map requires minimal user training. USE SIMPLE MAP BROWSER TO VIEW MAPS OR • Smart (mobile) Client software can continue to be used even SMART CLIENT FOR PLOTTING AND PUBLISHING. when networks or servers fail. HAZARD MODEL INTERFACES ♦ Quick and easy hazard models built -in. MULTI - HAZARD AND VULNERABILITY ASSESSMENT ♦ Options to import or connect to 3`d party models. TOOLS FOR PLANNING. • Avoid importing /maintaining multiple copies of plans. HOTLINKS LINK DOCUMENTS, GRAPHICS, AND WEB PAGES • Integrate data and web applications "on the fly ". TO POINTS, LINES, POLYGON AREAS. CUSTOMIZATION TOOLS • Non - technical staff can tailor and maintain EmerGeo. TAILOR USER INTERFACE, SYMBOL BEHAVIORS, • Adapt to organizational /EOC processes. TOOLS AND MAP LAYERS. STANDARD MAP SYMBOLS & TEMPLATES ♦ Prevent data corruption by end - users. HOMELAND SECURITY SYMBOLS BUILT -IN. ♦ Save start -up time. EMERGENCY STAFF CREATE NEW MAP PROJECTS FOR AN EVENT FROM STANDARD TEMPLATES. ♦ Promote standardization. • Use existing map symbol libraries if required. FREE MAP VIEWER ♦ Scale -up more quickly. EMERGED SERVER COMES WITH FREE WEB MAP ♦ Minimize cost and simplify budgeting for growth. VIEWER CLIENT LICENSES. ♦ Expand the potential range of users and groups that can safely SECURITY MULTIPLE PERMISSION LEVELS ENSURE EACH use the software. USER WORKS WITH RELEVANT DATA AND TOOLS. SYSTEM /DATA REPLICATION • Reduce administration overhead. AUTO- DOWNLOADS PATCHES /UPGRADES AND • Enhance business continuity: A self - healing system NEW DATA LAYERS TO SMART CLIENT PC S. (Smart Client can re -build map projects on new servers). W ebEOC ®Professional 374 System Requirements Minimum System Requirements (User) Any PC running Microsoft Internet Explorer 6.0 or higher NOTE: Microsoft's recommended system configuration for Internet Explorer 6 SP 1 is Microsoft Windows 2000, Windows Millennium Edition (Windows ME), or Microsoft Windows NTOO 4.0 with the high encryption version of Service Pack 6a (SP6a) and higher, Windows 2000, or Windows XP on a computer with a Pentium III processor and 128MB of RAM. Minimum requirements can be found on Microsoft's Web site. Minimum System Requirements (PDA) Microsoft Pocket Internet Explorer 3.02 2 of 2 Attachment 2 3740 • . ESi & Visual Risk Technologies Create a Cutting Edge Interface Between Their Leading Emergency Management Software Systems For over a decade, emergency managers across the country have relied on ESi and Visual Risk Technologies for technical solutions in their EOCs. Now these two industry leaders have joined forces to provide this integrated solution for Crisis Information Management Systems. Developed specifically in response to requests from local emergency managers, this interface brings together the power and functionality of WebEOC ®, a web -based emergency management communications system developed by ESi, and VRiskMAPT°°, an incident planning and emergency management mapping software created by Visual Risk Technologies. The interface gives the emergency manager one seamlessly integrated system to serve as the technology backbone for EOC operations. With this interface, WebEOC status boards can be directly linked to the detailed geographic information system (GIS) maps created by VRiskMAPTII Whenever a new WebEOC entry is marked for mapping, then Status, Type and Location information is automatically passed to VRiskMAPTm in real time. The address data is "geo-coded" using VRiskMAP's proprietary tools and locally produced street data to determine the latitude and longitude of the location. User defined Status and Type codes determine the appropriate icons and colors for the map based on the situation's urgency. As incidents unfold and data is modified, the map continually updates to reflect the revised status board ESi Acquisition, Inc. 699 Broad Street — Suite 1100 Augusta, GA 30901 Office: 706 823 0911 Fax: 706 826 9911 www.esi911 Com f � FIXAd Raj. Situation Status (SitStat)i Map — VIRIskMAP entry. After information is processed by the interface, situation status maps can be instantly created in VRiskMAPTM, saved as jpeg images for upload into WebEOC's MapTac, and published through the internet/intranet for all users to see. For more information about VRiskMAPTM, visit Visual Risk's website at www.vrisk.com or email at sales @vrisk.com. WebEOC, MapTac and ESi are trademarks or registered trademarks of ESi Acquisition, Inc. All other trademarks are the property of their respective owners. 3 7 4 0•,' -: j WebEOC °GISe System Requirements (Options) WebEOC" GISe is the Geographic Information System (GIS) interface between EST's WebEOC and ESRI4' ArcIMS"' • WebEOCGISe requires WebEOC "Professional and ArcIMSC' • ArcIMS system requirements are based on your platform and Web server configuration. The ArcIMS component must be installed on a separate server. It cannot be installed on the WebEOC server(s), even if separate web and database servers are employed. • ArcIMS system requirements can be found at lhttp / /SU port esi-i coin/index cfin'?fa= knowledgebase systemRegUirements .matrix &pName= ArcIMS &Prod uctlD= l6 &pvName =9 2 &PID= 16 &version1D= 115 &PVID =351 • Minimum system requirements for ESi's WebEOCGISe interface are listed below. NOTE: WebEOC users must have direct access to the GISe server. If an organization intends to build layers of information into the GIS system that may contain sensitive information, understand that access through the WebEOC interface is unsecured and unauthenticated. ESi recommends that the user configure ArcIMS to use SSL if necessary to add an additional layer of security. Product: ESRI"' ArcIMS"' 9.2 with ActiveX Connector ESi WebEOC`k'Professional, ST, or Air 6.0 Operating System: Microsoft`' Windows® 2000 (SP4) or 2003 (SP 1, 32 -bit; 64- bit) Standard Server or Advanced Server NOTE: IA64 is not supported Microsoft .NET Framework 2.0 Web Server: Internet Information Server (IIS) 5.0 Web Browser: Internet Explorer 6.0 or higher Supported Servlet Engines: New Atlanta ServletExeO�' 5.0 1 of l Attachment 4 WebEOC@ 6.0 Security Guide Published: January 2005 37 4 0 , s EmerGeoTM 3740 773 System Requirements (Options) EmerGeoTM Map Data Loading EmerGeo typically quotes a limited amount of time for pre - loading and configuring the base map data from customer's GIS mapping systems. This data should be received at least one month prior to installation of EmerGeoTM and only a limited amount of data configuration will be performed to support the training session. Additional time for data configuration, if required, can be determined following the training or in consultation with EmerGeo. EmerGeoTM OpenGIS® Data Connectors Integration services can be quoted to establish an OpenGIS" based live data connector to the customer's GIS system(s). 2 of 2 Attachment 5 3740 • :'. CONTENTS 3 CONTENTS...................................................................................... .............................. Introduction..................................................... ............................... Overview............................................................................. ............................... Who Should Read This Guide ................................................. ..............................1 Topology ...................................... ....2 Security as a Process ........................ Securing WebEOC® 6.0 ....... ............................... Identifying the Threats ................................................................... ..............................4 Application -Layer Attack .......................................................... ..............................4 Compromised -Key Attack., ......................................................................... Denial -of- Service Attack ....................................... ............................... 5 ............ ............................... Eavesdropping 1111....... . Identity Spoofing (IP Address Spoofing) ......................... ............................... 5 Man -in- the - Middle Attack ........................... ............................... ........................... Sniffing..................................................................................... ..............................5 Virusesand Worms .................................................................. ..............................6 Addressing Threats on the Server ................................................. ..............................6 Antivirus Protection ............................................ ............................... BestPractice .................................................. ............................... Authentication .... ..........................1111. 1111........................... Best Practice ....................... ............................... Authorization .............................. ............................... 7 Connection Management ........................... ............................ ............................... .................................................. Configuring Server -Level Connections ..................... Best Practices ................... ............................... .............................. Defense-in-Depth .................... ............................... .................. ..............................8 Role of the Web Server ..................................................... ..............................8 Role of the Component Object ......................................... ..............................8 Role of the Database Server ........................ ............................... ..................8 Creating the Defense -in -Depth Strategy ....0 .................... .....1111...................... 8 BestPractices ......................................................... ............................... Encryption.................................................................... ............................... Best Practice .............................. Monitoring, Logging, and Tracing ............................... ............................... Monitoring.......................................................................... ..............................9 W ebEOC ®Professional Scope of Work • Trainees should have their own computers (PC or laptop) running Internet Explorer 6.0 (or higher) and be able to access the WebEOC server. • The room where training will occur should have at least one projector connected to a computer with access to the WebEOC server. • Provide or have available upon arrival: o List of User Names and EOC Positions. o Copies of forms and/or status boards used locally for incident management. • Be prepared to discuss organization stricture and provide Event Reporting, Mission Tasking and Situation Reporting procedures (if established). See WebEOC Baseline Processes Map (transmitted separately). Installation — ESi Onsite Installation Technical services assume one person onsite for three days of installation and WebEOC training. Software installation will occur the morning of Day 1. Administrator training will begin the afternoon of Day 1 and will conclude on Day 2. Day 3 is reserved for implementation support and setup to the extent time allows. Remote tech support will be provided as necessary to assist El Segundo GIS personnel install/configure WebEOCGISe on the City's ArcIMS server. • WebEOC Administrator and User training will be provided to the person or persons responsible for administering the system. Administrator training will provide instructions on how to setup and manage WebEOC. • Administrators need not be IT professionals. Customer will ensure that employees or contractors responsible for program implementation and knowledgeable in their agency's emergency response process and procedures attend Administrator Training. Attendance by agency personnel with the authority to dictate how the software will be used during an emergency response is essential to successful implementation. • Class size should not exceed ten students. Although a minimum number is not specified, training should include enough system administrators to ensure one is available for duty during any protracted event. • ESi does not routinely train individual users, nor should users attend administrator training. ESi will provide user training to WebEOC Administrators. Unless ESi is contracted to provide user training, customer's designated administrators will be responsible for this activity. User training should not be scheduled or conducted until an agency's system is fully configured and customized in accordance with local policy. Upon completion of administrator training, the balance of time onsite is used to better understand an agency's process, discuss implementation, and assist with user setup. Based on ESi's understanding of an organization's internal process, an overview of `best practices' adopted by similar agencies can be provided. Additional training days or consulting services can be contracted. WeuEOC JC)I'tW le SiupNuri Year 1 software support is included with the purchase of WebEOC °`Professional. Software support begins on the I" day of the month after the software is shipped to the customer or is installed by ESi. Normally, WebEOC software is hand carried by ESi personnel performing installation and training (I &T). However, software will be shipped in advance if requested. NOTE: Year 1 software support on third party products (e.g. Double -Take, ServletExec, ArcIMS) begins the day the software is shipped by the vendor to ESi. Software assurance /support on third -party products will typically expire prior to that of WebEOC. Similarly, when WebEOCGISmp is elected, the subscription to Microsoft's Web service can also be expected to expire prior to that of ESi's WebEOC software support. 2 of 3 Attachment 6 3740•; Introduction Welcome to the ESi WebEOC' 6.0 Security Guide. This guide discusses how to facilitate securing your WebEOC 6.0 deployment and help maintain its security over time. Overview This guide is provided to help customers take a proactive, rather than only a reactive approach to security within their WebEOC 6.0 implementation. This guide will first introduce the reference WebEOC 6.0 topology that is used for this discussion. Then, the threats to the security of that topology are discussed. Finally, the ways to address the threats on both the server and the client are covered. Who Should Read This Guide The audience for this guide is WebEOC 6.0 administrators, the IT or Network administrator who is responsible for the WebEOC server and the associated network, and anyone else responsible for securing or maintaining security for WebEOC 6.0. Topology WebEOC 6.0 deployments can consist of many different components that might include: WebEOC 6.0 Professional (Standard or Enterprise Editions) AT, Air or ST • WebEOC Plug -ins (Casualty Record, Team Management, MapTac, etc.) Microsoft ' SQL ServerTm 2000 for the back end • • Microsoft' SQL Server 2000 Desktop Engine (MSDE 2000) for the back end • Microsoftc Windows ServerTm 2003 operating system • Microsoft Windows ServerTm 2000 operating system Internet Information Services (IIS) The topology of a WebEOC 6.0 installation depends upon many variables. Regardless of the number of server roles or domains there is a common topology unit as shown in the following figure. ESi Acquisition, Inc. C ='' Augusta, GA 3090 Street, Suite 1100 Aug 3740..7 ;*3, Office: (706) 823 -0911 Toll Free: (800) 596 -0911 Fax: (706) 826 -9911 Website: www.esi9ll.com Customer: City of El Segundo Quote 032607ELSE -01 Address 314 Main St., El Segundo, CA 90245 Number: Contact: Jeff Robinson Phone: (310) 524 -2252 Email: irobinson(aDelsegundo.org $39,500.00 Summary: WebEOC Proposal to City of El Segundo Date: March 26, 2007 WebEOC Plua -Ins Quote Expires: June 25, 2007 Items manufactured by ESi are subject to change. Substitutes will be provided for customer consideration and approval. Disclaimer: not WebEOC ®GISe Product ID Description QTY Price Price WebEOC Software 1 $39,500.00 $39,500.00 SW- CIMS -PRS -M WebEOC ®Professional - STD WebEOC Plua -Ins 1 $7,500.00 $7,500.00 SW- CIMS -GSE WebEOC ®GISe Technical Services 1 $ 0.00 $ 0.00 TS- INST3 -ES WebEOC® 3 -Day Onsite Installation and Training $750.00 $75 $75 0.00 $75 TS- GSERE -BC WebEOC® GISe Remote Installation Support 1 Travel Expenses 1 $2,770.00 $2,770.00 TE- TVLEX -ES Travel and Per Diem PROJECT TOTAL (Excluding Taxes) $55,020.00 Price List - Issue # 1.39 Page 1 of 2 August 17, 2006 3740 • ?l WebEOC 6.0 3 A threat or prevention that applied when this document was written, might not apply when you read it. Even if your WebEOC 6.0 deployment is modest, you probably have components that are the subject of books entirely dedicated to the security of that component. It is unlikely that this document covers all aspects of security for all components and areas that are pertinent to your deployment. Use this document and its companion documents as a starting point to help secure and to help maintain a secure WebEOC 6.0 implementation. This guide provides general guidelines, best practices, and resources in that regard. It is written to be a companion to other documents that discuss the concepts mentioned in this guide in greater detail. As new threats and solutions arise, outdated documents, solutions, and methods should be replaced with new ones. Current companion documents include: • The Securih, Risk Management Guide at http//wwti microsoft corm technet / security/ �-'uidancei'secrisk /default.mspx. • The JVindotivs Server 2003 Securin, Guide at htt : / /wwwanicrosoft.com /technet /securit /')rodteeli "Win2003!W2003HG /SGCHOO.mS)X. ■ Windows Server 2003 Security Guide Chapter 8: Hardening IIS Servers • The Windows Server System Reference Architecture (WSSRA) at htt ; /ww ,\N microsofi com/ technet/ itsolutions %wssra /rasiuide /default.rnst2x. • The SQL Server 2000 SP3 Security Features and Best Practices at http 7//www.mi crosoft coin /technet /prodteelhnol /sql /2000 /maintain /sp3see 00.mspx. Also see the appendix "Additional Resources for Sections in this Guide" for links to additional documents that are pertinent to this discussion. Securing WebEOC 6.0 The ESi security risk management process consists of four phases: 1. Assessing risk. Identify and prioritize risk of attack. 2. Conducting decision support. Identify and evaluate control solutions to reduce risk. 3. Implementing controls. Deploy and operate the control solutions that reduce the risk. 4. Measuring program effectiveness. Analyze the effectiveness of the process in maintaining acceptable risk. Repeat from phase 1 if efficacy is not adequate. The remainder of this guide concentrates on the first, second, and third phases of this process, specific to WebEOC 6.0. For this discussion, two categories of security are used: • Securing the server • Securing the client 37 ' 37 40 Identifying the Threats 5 Denial -of- Service Attack The DOS (denial -of- service) attack occurs when the attacker prevents normal network use and function by valid users. When the attacker successfully gains access to the network the attacker can do the following: • Send invalid data to applications and services running in the attacked network to disrupt their normal function. • Send a large amount of traffic, typically in the form of DNS responses called a DNS -based DOS attack, overloading the system until it stops responding. • Hide the evidence of their successful attack. • Prevent users from accessing network resources. Eavesdropping Eavesdropping can occur when an attacker gains access to the data path in a network and has the ability to monitor and read the traffic. This is also called sniffing or snooping. If the traffic is in plaintext, the attacker is able to read the traffic once the attacker gains access to the path. An example is when the attacker is able to install their own server API extension program. Identity Spoofing (IP Address Spoofing) Spoofing occurs when the attacker determines and uses an IP address of a network, computer, or network component when not authorized to do so. A successful attack allows the attacker to operate as if the attacker were the entity nonnally identified by the IP address. The only time this comes into play for WebEOC 6.0 is when the administrator has configured gateways that only support TCP and the administrator has had to mark their IP addresses as a trusted host. Using TLS (Transport Layer Security) or working with a gateway over a trusted network is a way to resolve this. Man -in- the - Middle Attack A man -in -the- middle attack occurs when an attacker reroutes communication between two users through the attacker's computer without the knowledge of the two communicating users. The attacker can monitor and read the traffic before sending it on to the intended recipient. Each user in the communication unknowingly sends traffic to and receives traffic from the attacker, all while thinking they are communicating only with the intended user. This can happen if an attacker can modify the Active Directory directory service to add their server as a trusted server, or if they can modify DNS to get clients to connect through them on their way to the server. Sniffing A sniffing attack occurs when an attacker gains access to the network TCP /IP traffic path, captures data packets that make up the conversation, and assembles the packets into a format that 3740 -.171 ESi Acquisition, Inc. Emergency Services integrators Who We Are About Us ESi Acquisition, Inc. (www.esi911.com) is a systems integration and software development company specializing in Enhanced 911 and EOC systems for federal, state, and local governments, public utilities, and commercial /private enterprise. ESi provides turnkey start-to- finish E -911 and EOC consulting, engineering and project management services. ESi develops Computer Aided Dispatch and Crisis Information Management Software, designs 911 Centers /EOCs, installs E9 -1 -1 controllers and other E9- 1 -1 /EOC equipment, and integrates 911/EOC systems. Company History ESi Acquisition, Inc. began operations in September 1996 as Emergency Services integrators LLC (ESi). ESi LLC was the first spin -out from Westinghouse Savannah River Company and one of the few success stories under a pilot program launched by the U.S. Department of Energy. ESi Acquisition, Inc. 699 Broad Street— Suite 1100 Augusta, GA 30901 Office: 706 823 0911 Fax 706 826 9911 www.esi9lI.com On October 29, 1999 Emergency Services integrators, LLC (ESi) was purchased and merged with CIVIL Technologies to form CIVIL Emergency Services (CMLes). At that time, ESi LLC became ESi Acquisition, Inc., a Delaware based corporation. On February 8, 2001, the two companies went through a corporate break -up with ESi Acquisition, Inc. refocusing its efforts on business continuity and emergency management while at the same time maintaining its existing customer base in the public safety market. Today, ESi is the industry leader in Crisis Information Management Software (CIMS). WebEOC is used by agencies within DOD, DOE, DHS, DHHS, EPA, NASA, state, county and city EOCs, domestic and international airlines, healthcare associations, corporations, public utilities, and universities. WebEOC, MapTac and ESi are trademarks or registered trademarks of ESi Acquisition, Inc. All other trademarks are the property of their respective owners. n 3740 • .,. Addressing Threats on the Server 7 Authentication Authentication is used to prevent unauthorized access to resources. Users • All users are authenticated by WebEOC 6.0 before access is allowed. • An additional level of security can be employed utilizing windows authentication through the IIS server. Servers Communication between the web server and database server is via component object with an • administrator configured identity. • Communication between additional WebEOC servers via Dual Commit utilizes an administrator configured WebEOC user which is authenticated by WebEOC during the Dual Commit process. Best Practice A strong username /password policy with regular password changes is strongly recommended. Authorization WebEOC 6.0 manages authorization to the various components which make up WebEOC through groups. Only authorized administrators can define group access and which users belong to which group. Connection Management Network connections can be managed by configuring a number of different network components and methods, including: Firewall TCP /IP configuration Configuring Server -level Connections Depending upon your implementation, you must configure certain ports to allow the required communication protocols to pass for desired WebEOCS) 6.0 operation. Ports The following table summarizes the network protocols and port numbers used by WebEOC 6.0. Table 1 Port assignments Protocol Port (Protocol) HTTP 80 WebEOCO Access emergency events unfold. WebEOC is sold on a per server basis (unlimited users) and once purchased, should continue to perform for as long as you own your system. Ease of Use WebEOC has an intuitive interface that even new users can grasp within minutes. In their first use of WebEOC during an actual emergency, the State of Washington's Emergency Management Department "had State and Federal agency liaisons using it in less than 15 minutes and all agreed it was very user friendly ". American Airlines and Atlanta Fulton County made similar comments when they implemented WebEOC as the events of September 11, 2001 began to unfold. Easy to Maintain WebEOC was designed to be administered by an average Emergency Management Director. System maintenance is minimal. Software updates and associated release notes are downloaded from our website. Easily Tailored Although WebEOC includes a suite of default status boards and forms ready for immediate use, agencies have the ability to locally create or customize an unlimited number of status boards using WebEOC's Board Wizard. Agencies can also use an HTML editor such as Front Page or Dream Weaver to create status boards for use in WebEOC. Access from Outside a LAN WebEOC is accessed using a Web browser, whether connecting to a local server or through the internet to a remote server. Given appropriate permissions, user access is possible from any PC running Internet Explorer 6.0 (or higher). ICS Compliant In addition to requirements outlined in NIJ's 2002 CIMS evaluation, the Department of Homeland Security's March 1, 2004 publication of the National Incident Management System (NIMS) made compliance with certain aspects of NIMS, such as adopting the basic tenets of the Incident Command System, a condition for Federal preparedness assistance. WebEOC supports the five major functional areas of Incident Command — Command, Operations, Planning, Logistics and Finance /Administration — and includes a 3740,• .. full suite of ICS Forms. These forms are drawn from the U.S. Department of Agriculture's Forest Service and match those contained in NIMS. Other templates can be developed locally. ESF Compliant Agencies implementing WebEOC have access to Status Boards built around FEMA's twelve Emergency Support Functions. Customers can choose from different examples that have been implemented by various agencies at both the state and local level. Interoperability The 2002 CIMS study and the Department of Homeland Security's NIMS both cite integration with other systems and /or interoperability and compatibility as crucial elements of any Incident Management System. Because WebEOC uses the latest XML (Extensible Markup Language) technology, integration with other products can be more easily achieved. • In March 2004, WebEOC was the Crisis Information Management Software used to manage interagency communications as part of a three state exercise and technology demonstration called Northwest EPAD One. The Emergency Provider Access Director (EPAD), aligned with ComCARE, is a key means of facilitating interoperable data communications between emergency agencies. • In October 2004, ESi successfully demonstrated WebEOC during the 2004 Data Interoperability Demonstration sponsored by ComCARE Alliance and the Emergency Interoperability Consortium. This proof -of- concept demonstration project proved that real data interoperability could be achieved between dissimilar CIMS vendors through DMIS using the XML -based Emergency Data Exchange Language (EDXL) Header and Common Alerting Protocol. Integration WebEOC has existing mapping interfaces to ESRI's AIuliv�J, Mio- 0601L's IVldf)r'Ullll yVti0.7CrVICtr,'vi3Uc71 RIyK Technolgy's VRiskMap, Mapinfo and the EmerGeo OpenGIS® emergency mapping software. In addition, WebEOC 6 provides access to all NWS Watches, Warnings and Advisories using the Common Alerting Protocol (CAP 1.0). Essentially, WebEOC is designed to interface with any system that supports open standards. � d • 3740•.. Threats on the Server 9 Best Practices Use a Defense -in -Depth strategy. Use a certificate issued by a public Certificate Authority (CA) for encrypting data transmitted between the web server and database server. • Use industry recognized firewalls. Encryption Encryption reduces the impact of eavesdropping. SSL is used by WebEOC 6.0 to provide encryption. Server -to- server traffic should be encrypted, both inside and outside of the internal network perimeter. Server -to- client traffic should be encrypted utilizing SSL encryption. Best Practice Configure SSL for communication to provide encryption. Use a certificate issued by a public CA. Monitoring, Logging, and Tracing Monitoring This section describes some of the available monitoring tools. Performance Monitor Using Performance monitor can help you isolate problems causing performance issues. Network Monitor 2.0 Using Network Monitor 2.0, the network monitor included with Microsoft' Systems Management Server (SMS), network traffic can be captured for analysis. For information about Network Monitor 2.0, see About Network Monitor 2.0 on MSDN at http / /msdn microsoft com /library /default asp` Lirl= /libra!l/'en- us /netmon /netmon /about network monitor 2 0.asp?fi-ame —true. Logging WebEOC 6.0 provides the following monitoring features: Audit Logging Error Logging For additional information on the logging provided by WebEOC, refer to the WebEOC 6 Admin Manual. The other components in your implementation might also provide logging features. Microsoft® SQL Server, IIS Server, and Windows Server 2003 are three that do. Tracing One method supported by Windows Server 2003 is tracing, which provides a level of detail beyond that found in Event Logs. For more information about tracing, see How to Enable and Product Suite WebEOC is currently offered in three versions (Professional, ST, and Air). WebEOCProfessional was developed to meet the needs of emergency management organizations everywhere and is available in both Standard and Enterprise Editions. The Enterprise Edition permits an agency to add web servers and is required in server environments in which web servers are clustered for load balancing purposes. WebEOCST and Air are designed specifically for the surface transportation and airline industries. 3740 - ..J'' Reliability As a Microsoft Certified Partner, ESi developed WebEOC based on proven Microsoft technology. ESi's product quality and customer service have enabled us to retain every customer since WebEOC's introduction. Architecture WebEOC is a standard, three tier application. • Microsoft SQL Server is the backend database. • Microsoft IIS is the Web server. • Microsoft Internet Explorer is the user interface. WebEOCProfessional Status Board Suite Significant Events Mission/Task Resources SITREP (ICS & ESF) Position Log Task Assignment Press Release Shelters ICS Forms FEMA Forms ESF Board Set Chat An informal method of communication within WebEOC. Checklists Automate checklists with the capability for users to status and annotate steps. Contacts Maintain and display contact information. Messages Allows users to communicate with each other via an internal messaging system. Board Wizard Build an unlimited number of status boards and forms tailored /customized to local operational needs. Simulator Build, edit, and control delivery of scenario data to WebEOC user screens in real -time. Reporter Generate preformatted or custom reports based on active or archived incidents. NWS Alerts Provides direct access to National Weather' Service watches, warnings, and alerts. File Library Update and share documents and files with other WebEOC users. MapTac Publish and annotate a tactical map, dispersion model, digital photo, etc. •. • . Options 1 \VJVVIVV IV14114yV V4•••IVy u114 VVI./IVy IVVV4I VVV 111 u IIIU1111V1 V0I11l./114111 YYI \111 LIVI/•\J IYIIYIV. VQII 4JG II IIF/ICillllsl nasu (Basic and GIS versions)" with a GIS system. Team Management Administratively manage and deploy response team members, skills, and response activities Calendar Track and send invitations for drills, exercises, and meetings WebEOCG /Se Plug -in for ESRI customers who have their own GIS data. WebEOCG /Smp Plug -in that provides an interface and subscription to Microsoft MapPoint Web Service. r 3740.11 Addressing Threats on the Server 11 these templates, see How to Apply Group Policy and Security Templates with Windows Server 2003 at htti /rww� miCrosoft com /teciinet% security /guidance /secniod129.mspx. Key WebEOC 6 Security Settings In The Admin Manager under General Settings, WebEOC has several security options which should be employed to further harden your installation of WebEOC. • User list on login page? Un -check to prevent the user list from being presented at login. Users will have to type in both user name and password. • Allow users to edit their accounts? Selecting this allows users to set their own password and email address. • Enforce strong passwords? Selecting this enforces upper and lower case, and numeric characters in the password. • Password age. Sets the length of time between when users will be required to change their password. (Recommend 180) • Minimum password length. Sets minimum length of a password. (Recommend 8) • Account lockout threshold. Sets the number of failed attempts before an account is locked out. (Recommend 3) Sets the duration between when an account is locked out, and Account lockout duration. automatically reset. (Recommend 30) Enforce Maximum File Storage Size. Selecting this enforces a limit on the maximum file storage size that can be utilized to upload files into WebEOC. This is set to prevent a denial - of- service attack with the uploading of an exceptionally large amount of file information. • Max Storage Size. This sets the file storage size enforced by selecting Enforce Maximum File Storage Size. (Recommend 500) Key Windows Server 2003 Security Settings Read and apply Windows Server 2003 Security Guide at htt :// www .microsoft.com /technet /securit % rodtech /Win2003 /W2003HG /SGCHOO.ms x. See the following Windows Server 2003 Technical Reference subjects: • Windows Security collection at htt.: / /www.microsoft. com / Resources / Documentation/ windowssery /2003ia11 /techref /en- us /W2K3TR sec over asp`'frame =true. • Group Policy Collection at htt is//www.microsoft.com/ Resources/ Doctunentation /wiudowsservl2003 /all /techrefien- us /W2K3TR gp over. asp "frame =true. Networking Collection at htt : / /www.microsoft. com / Resources /Documentation/ indowssery /2003 /all /tecliref/en- usrW2K�TR netwk ovenasp° frame =true. 3740.; 37 4 0 . ,? 4. WebEOC%lSe requires WebEOCUProfessional, AT, or Air and ArcIMS. WebEOC requirements are published separately. ArcIMS requires a Web server and servlet engine. ArcIMS system requirements are based on your platform and Web server configuration. Note: ArcIMS must be installed on a separate server. It cannot be installed on the WebEDC server(s), even if separate web and database servers are employed. Minimum System Requirements (WebEOCGISO Product: ESRI® ArcIMS® 9.6 with ActiveX Connector ESi Web EOCO'Professional, AT, or Air 6.0 Operating System: Microsoft Windows Server'" 2DO3 Standard, Enterprise, and Small Business Microsoft NET Framework 1.1 Web Server: Internet Information Server (IIS) 6.0 Web Browser: Internet Explorer 6.0 or higher Supported Servlet Engines: New Atlanta ServletExEc 5.0 IMPLEMENTATION QUESTIONS: 1. What version of ArcIMS are you running? 9.2 Other 2. What Servlet Engine is used? 3. What is the Operating System? • Microsoft® Windows°" 2000 Server with Internet Information Service (IIS) 5.0 • Microsoft Windows ServerTm 2003 with Internet Information Service (IIS) 6.0 4. Is the Active X Connector installed? 5. In what format is the mapping data (e.g. Shapefile, ArcSDE, etc.). NOTE: If you don't have mapping data, it will have to be purchased. 6. Do you have ArcIMS Route Server Extension? • If YES, what data pack do you have (GDT or Tele Atlas)? • If NO, do you have street centerline data with address ranges? • If YES, how accurate is the data? • If NO, this product must be purchased E 3740. B: Additional Resources 16 Appendix B: Additional Resources The following resources, grouped by type, contain additional information that is relevant to this document. ESi® WebEOC® 6.0 Documentation The documents as of this writing include: • WebEOC© 6.0 Installation Guide • WebEOC" 6.0 Administrator Manual • WebEOO� 6.0 Users Manual • WebEOC"-� 6.0 Release notes as they become available Security Guides Because WebEOC® is built around Microsoft® products and technology: ESi® recommends the following security guide resources: • The Security Risk Management Guide at httii://www.inicrosoft.coi-n/techne(/seCLiri ly/guidance/secrisl< /defaLI]t.ITISPX • The Microsoft® Security Guidance Center: Windows Server 2003 Index at http •// www.microsofl.coiiVsecurity /guidance/ prodtech /WindowsSei-ver2003.mspx • The Microsoft® Security Guidance Center: Windows XP Index at h!W:/ /www microsoft. com / security / guidance /prodtech/WindowsXP.mspx • The Microsoft® Security Guidance Center: Security Modules Index at http:/ /www microsoft. com /securi!y/auidance /modules /default.mspx • The Microsoft® Security Guidance Center: Server Security Index at http:/ /www microsoft. com /security/g_uidance /topics /ServerSeciui!y.msi2x • The Microsoft® Security Guidance Center: Security Checklists Index at http:/ /www microsoft. com /security/guidance /checklists /default.mspx • The Microsoft® Security Guidance Center: How -to- Articles Index at http://www.microsoft.com/securi!y/guidance/howto/default.msl2x • The Microsoft® Security Guidance Center: Products and Technologies Index at http: // www. microsoft. com /security /guidance /nrodtt-ch /defatlit.mspx • The Microsoft® Security Guidance Center: Recently Published at http:/ /www microsoft .com /security/gLiidance /recent /default.mspx • Windows Server 2003 Security Guide at ht!p://www.microsoft.com/leclliiet/seCLIrity/prodtech/W in2003/W2003 HG/SGC1-100.mspx 3740 • ...1 Standard WebEOC Training Syllabus Overview WebEOC Administrator and User training will be provided to the person or persons responsible for administering the system. ESi does not routinely train individual users, nor should users attend administrator training. ESi will provide user training to WebEOC Administrators. Unless ESi is contracted to provide user training, customer's designated administrators will be responsible for this activity. User training should not be scheduled or conducted until an agency's system is fully configured in accordance with local policy. WebEOC Administrator training is hands -on training structured in a "Train the Trainer" format Administrators need not be IT professionals. Customer will ensure that employees or contractors responsible for EM Program implementation and knowledgeable in their agency's emergency response process and procedures attend Administrator Training. Attendance by senior EM personnel (e.g. Director or Deputy Director) is essential to successful implementation. For maximum effectiveness, trainees should be afforded the opportunity to participate during each day of training without interruption. Trainees repeatedly called away either miss important elements or cause delays when they have to be "caught up" upon their return. Class size should not exceed ten students. Although a minimum number is not specified, training should include enough system administrators to ensure one is available for duty during any protracted event. Pre - Installation Activities: Agencies must provide the following in support of onsite installation and training. • User Names and Positions. • Copies of Forms and /or Status Boards used locally for incident management. • Trainees should have access to a PC or laptop running Internet Explorer 6.0 (or higher), each with connectivity to your WebEOC server. • The room where training will occur should have at least one projector connected to a computer with access to the WebEOC server. 1 of 8 3740. B: Additional Resources 18 Additional Resources for Sections in this Guide This section contains additional resources broken out by section in this security guide. Antivirus Protection • The Antivirus Defense -in -Depth Guide at The Microsoft® Security Guidance Center: Windows Server 2003 Index at http: / /www.niicrosoft. com / technet /security/guidance /avdind O.mspx Authorization • Selecting Secure Passwords at http: / /www.microsoft. com/ smallbusiness/ gtm/ Securityguidanceiarticles /seiect sec password s.msux Connection Management • KB 324270, How to Harden the TCP /IP Stack Against Denial of Service Attacks in Windows Server 2003 at http: / /support.microsoft. com / default .aspx' ?scid= kb;en- us:324270 • KB 816792: How to configure TCP/IP Filtering in Windows Server 2003 at http: / /support.mi crosoft. com /default. aspx ?scid= kb ; en-us ; 816792 • Also, see KB 816514: How to configure IPSec Tunneling in Windows Server 2003 at http: / /support.microsoft. com /default.aspx ?scid= kb ;en- us;816514 Encryption • Windows Server 2003 Encryption Best Practices at http://www.microsoft.com /resources /documentation/ W indowsSery /2003 /standard /r)roddocs/ en -us /Default. asp ?url =/ resources /documentation/w indowssery /2003 /stall dard/proddocs/en- us/sag _s econceptsimpefsbp. asp Monitoring, Logging, Tracing, and Archiving • Windows Server 2003 Security Events TechNet article at http: / /www.microsoft. com / technet /security /guidance /secmod l28.msDx • About Network Monitor 2.0 on MSDN at http: / /msdn. mcrosoft. com/libraa /default. asp ?url =/I ibrary /en- us /netmon /netmon /about network monitor 2 O.asp ?frame =true Operating System and Application Hardening • The Microsoft® Security Web site at http : / /www.microsoft.com/security • The Windows Server 2003 Web site at http: �'y�ww. nlicrasoft .cuit� /wui�luwsseryer2O03 • How to Apply Group Policy and Security Templates with Windows Server 2003 at littp: / /www.microsoft.com/ technet /security /guidance /secmod 129.mspx w 3740 • • File Library Describes how users can add files to a common storage location that can be shared with other WebEOC users. Accessing File Library Adding, Editing, Viewing Deleting Files NWS Alerts How to view weather alerts and forecasts from the National Weather Service's interactive Weather Information Network. Accessing and Viewing NWS Alerts • CAP Post and view CAP messages through the Disaster Management Interoperability Service (DMIS). • Accessing, Viewing, and Sending CAP Messages Pocket PC Accessing WebEOC from a Pocket PC. • Update /View Status Boards, Messages, Contacts, & Checklists • MapTac How maps or images can be displayed and annotated with markers, shapes and labels. • MapTac Components Adding, Editing and Deleting Files, Markers, Tabs Viewing and Printing • Placing, Moving, and Deleting Markers Placing and Deleting Shapes Adding, Clearing Labels to Markers 3of8 . rr 3740•••a Appendix B: Additional Resources 20 • Implementing and Administering Certificate Templates in Windows Server 2003 at: littp: // www. microsoft. com / technet / prodtechnol /windowsserver2003 / technologies /security /ws 03crtm.mspx • Troubleshooting Certificate Status and Revocation at: litlp: // www. microsoft. com /technet /prodtechnol /WinXPPrO /support /tslitcrt.ms m • For the definitive guide for understanding and troubleshooting autoenrollment, see the Certificate Autoenrollment in Windows XP at: http: / /www.microsot.t. com /technet /prodtechnol /winxppro /maintain /defau It. mspx • For more information about advanced scenarios using the Web enrollment pages, see Configuring and Troubleshooting Windows 2000 and Windows Server 2003 Certificate Services Web Enrollment at http: / /www.niicrosoft. com/ technet / prodtechnol /windowsserver2003 /technolo gies /seau•i t y/w ebenroll.mspx • Download the CAMonitor.vbs script from the Technet Script Center at: http: // www. microsoft.com /technet /coinmtinit / /scril2teenter /clefault.mspx • Microsoft Solution for Securing Wireless LANs — A Windows Server 2003 Certificate Services Solution is available at: http: / /go. microsoft .com /fwlink/ ?Linklcl = =14843 • For information about how to plan, configure, and implement your PKI, see Securing Wireless LANs - A Windows Server 2003 Certificate Services Solution at: http: / /www.niicrosaft.com/ technet /security /prodtech /win2003 /pkiwire /swlan.mspx • For more information about additional operational tasks, see the Windows Server 2003 Certificate Services product documentation at: httl2: / /www.microsoft. com / technet / prodtechnol /windowsserver2003 /proddocs /entserver /sag_ CS procs admin.asp • To obtain the PKI Health tool (PKIView.msc) and the Key Recovery Tool (krt.exe), download the Windows Server 2003 Resource Kit Tools at: http: / /www.microsoft.com/ downloads / details. aspx ?FamilvlD= 9d467a69 -5 7ff- 4ae7 -96ee- b 18c4790cffd &DisplayLan =en • See Chapter 16 Designing a Public Key Infrastructure Download the Windows Server 2003 Deployment Kit at hqp: / /www.microsoft. com/ windowsserver2003 /tecbinfo /reski t /deploykit.mspx • Best Practices for Implementing a Microsoft® Windows Server 2003 Public Key Infrastructure, at httl2: / /www.microsoft. coin/ technet / prodtechnol /windowsserver2003 /technologies /security/ws 3pkibp.mWx • Windows Server 2003 PKI Operations Guide at: http: / /www.microsoft. com / technet /prodtechnol /windowsserver2003 /technologies /securi , /ws 03pkog.mspx W 3740 . Incidents Provides the ability to set up individual incidents to track related information. • Setup • Creating and Editing an Incident • Running a Report • Deleting a Report • Archiving an Incident Master Views Multiple, individual incidents can be rolled up for viewing in a common, master view. • Adding and Editing a Master View • Using Master Views • Deleting a Master View Jurisdictions As an option, users can be grouped by function, facility, department, etc., to which incidents and /or master views can then be assigned. Jurisdictions are used to filter the User selection and Incident drop -down lists in the WebEOC Login window. • Adding and Editing a Jurisdiction • Jurisdictional Logins • Deleting a Jurisdiction Reporter Provides the ability to create preformatted or ad hoc reports that can then be added as links to the Control Panel. • Standard Board Reports • Running Board Reports • Deleting Board Reports • Custom (HTML) Reports Admin Profiles Admin Profiles establish a pre - defined set of specific administrator privileges that can then be applied as a template to a group of users. • Planning an Admin Profile • Adding and Editing Admin Profiles • Deleting an Admin Profile 5 of 8 3740 • I at B: Additional Resources 22 Windows 2000 • Cryptography and MicrosoftO Public Key Infrastructure at http: / /www.mict-osoft. com /technet /security /topics /capto /captpki.mst)x • Certificates at littp: / /www.microsoft. com /technet /security /topics /crypto /certs.mspx • Windows 2000 Certificate Services and Public Key Infrastructure at http: / /www.mi crosol't.com/resources/ documentation /Windows /2000iserver /reskit /en- us/DefaulL.asp'?url=/ resources/ documentation /windows /2000 /server /reskit /en- us /distrib /dsci mcs EAKO.asp • Planning Your Public Key Infrastructure at http: / /www.ini crosoft.coin /resources /clocutnentation /Windows /2000 /server /reskit /en- us /deLoy /loch pki odbg.asp 3740' •,•ss Scroller Feature that enables users to view the latest data for a select set of status boards on a timed interval in a single window. • Configuring Scroller Sessions Provides list of users currently logged in to WebEOC with the added capability of terminating a specific user's log -in session. • Session Log -Outs Simulator utility that allows scenario inputs to be configured and then manually or automatically injected during drill or exercise play. • Adding and Editing a Simulation • Running a Simulation • Exporting a Simulation • Importing a Simulation Boards and Lists Board Builder is a system utility that provides the capability to locally design, implement, and maintain an unlimited number of electronic displays (status boards). Lists allow administrators to create and manage lists of items that users can select when updating certain fields on status boards. • Planning a Status Board • About Views • Creating Views • Board Wizard • Board Options • Advanced Board Editor • About Data Linking • Editing Data Links • Importing and Exporting Boards • Importing and Exporting Board Data • Deleting a Status Board • Adding, Editing and Deleting Lists • HTML Conventions o Board Components o Supported HTML Tags o WebEOC- Specific Tags 7of8 MapTacT M WebEOC's Unique Tactical Map Plug-in MapTacTM is a unique tool in WebEOC® that allows an authorized user to "publish" a map, dispersion model, digital photo, etc., from any map /GIS source or digital camera. The user can place markers, shapes and labels on the map from MapTac's palette and using their web browser to share the "tactical map" with authorized users instantly. Created to replace or augment static, paper - based maps and magnetic light boards common in many EOCs, MapTac allows emergency personnel to plot an area of interest (i.e., hot zone) and the location of forces / resources at an incident scene, staging, or other location as necessary. MapTac can be used with any GIS or mapping system that can produce a static picture file Opg, gif, bmp). Existing web -based mapping resources available on the internet can be used to plot virtually any address. These can then be saved into MapTac and shared with responders at geographically separate locations. Maps: Satellite Image Dorrc 3740 . ; j, ANL _.. f Gener��allI �l r� IPA R Internet Incident scenes and areas of interest are easy to create and share with WebEOC users. Maps MapTac Example T. ANL �'. puart Dt5 DU2.L... General P Sh es .arp D120N T �pciW 6 AUP red :w �k'G,. sway'y Labels `" � Clear All �,a I a D50 TWO D124 ® �tlRond df ay Jet L � Done _. _ Internet N c W an W 0 cn O A U A' 3 T) ma3i •� m c a) c n > o O W rn o aa) .O cn U 0)i A n m cm I I N J J A c c c >. O .0 o 0 W .r c a° o ' v C O U c m N O y a) C' � O 3 LL Q c O c •c g E O C ffi C O' a' O ' C a) W' W C M Qr M N U v Oo wa d 3 CD O m a) a c d ;? E n N 3, N m3' T 0- o U' O g o'. 0) @ .c -aa)i oo '� m a) �• 0 J 0 LL L O n W N N U a) m m J o L ?� d (A o F C A °) n O N H a E 0' N O) > C y U U U) W E N L W (n' Z f9 .� • •N (n C.. O E a O Y Q' 2 0 CD U O L 0 cn n VJ ,L^ N C N � >O. C O' O ++ CT M O �. N N O te) ' En (4 C 2'o cy- CL) OU N m `° N N c W an W 0 cn O A U A' 3 T) ma3i •� m c a) c n > o O W rn o aa) .O cn U 0)i A n m cm I I N J J A c c c >. O .0 o 0 W .r c a° o ' v C O U c m N O y a) C' � O 3 LL Q c O c •c g E O C ffi C O' a' O ' C a) W' W C M Qr M N U v Oo wa d II) C Y cu C O c 3740 • .-*a L CD O m a c d ;? E n 0 3' T L) n' aa)) �• L o n W a U m o t- d (A F C �. W n N N H C' E U) = O m .N U) W O cn N L CD f9 .� • •N (n C.. N E a =3 (L) Y Q' 2 0 CD a) L 0 cn n N � >O. CT O �. O te) ' N cy- CL) °� N m `° N > a) N d N' w N cn -C a) m 3 C a m 0 a) N L. N ,., 5 0 o N - m N c) Q L L,... L L L L II) C Y cu C O c 3740 • .-*a I L O c d ;? n 0 3' T CD aa)) �• d o n W a o a) d (A F C �. W Lu m N N H o E U) = O U) W O cn N L CD f9 .� a) •N (n E a =3 (L) 2 0 CD o>''W 0 L 0 >O. O O cy- C O N' 7 r.+ I WebEOC @ Resource Manager (Option) 37 4 0 ►.•._ Totals Number al DmWeq 'x 4 =Q- 0V .D.sPIDV d' 4. Etlimaled Doxl:: $2.11M.00 f CurrontDeployments search ,, "RP:Patai i��,pwdoe AOdlw ,i',. IGhwTRiRY . C;on 1/12m64.34.40PM Pfnade FUpp 1,600 FORREST HIUS RD 1 4mW NP _ _SlapnP,Pn 1/4r2DO64.35.57 PM :Ergs. F.e O'lxma] Slap &"1 i6OO FORREST HILLS RD '.1 1=m No _ 114M064.4123PM PW.*Pura Slaps Neel 600 FORREST HILLS RD 11 100.00 No _. :1 /111/2006 3 48:47PM MMJm (Tym 2) StW*A -1 600 FORREST HILLS RD 1 55000 IN Mp.C.. Rehelh lhn � 4Nae Ile+Requltl � j ..i � IMilIH�1 yM . .�Y1Pf{gt �; y N7 1nNAa16 In100AM Norval ONr A*I RNUn+Oerarauh i �• IPM.60M1 Pmm/M Iltlaeww WACOC i ✓�- All 11fie" Pd) 951il� 'Oxr� NwaRewrSaae 1na7Als.. fnvric py�, NNYegr iW4llINN.e leave 1 ! KU \2/.1iPN Pala! I.NmF/l MNrYYa t In U7ikma Ono WeM00 Mlwca. Crgho;FN Rww�l 1 mT �" �' rmmaM Totals Number al DmWeq 'x 4 =Q- 0V .D.sPIDV d' 4. Etlimaled Doxl:: $2.11M.00 CurrontDeployments search ,, "RP:Patai i��,pwdoe AOdlw ,i',. IGhwTRiRY . C;on 1/12m64.34.40PM Pfnade FUpp 1,600 FORREST HIUS RD 1 4mW NP _ _SlapnP,Pn 1/4r2DO64.35.57 PM :Ergs. F.e O'lxma] Slap &"1 i6OO FORREST HILLS RD '.1 1=m No _ 114M064.4123PM PW.*Pura Slaps Neel 600 FORREST HILLS RD 11 100.00 No _. :1 /111/2006 3 48:47PM MMJm (Tym 2) StW*A -1 600 FORREST HILLS RD 1 55000 IN Mp.C.. WebEOC's basic Resource Manager enables customers to catalog and deploy resources in a manner that is compliant with FEMA's National Incident Management System (NIMS). With Resource Manager, the user can: • Establish a catalog of all available resources that is structured according to the NIMS resource definitions, identifying where the resources are located, who owns them, the costs associated with their deployment, and contact information; • Track and deploy donated goods; • Prepare and track EMAC forms electronically; • Prepare reports and audit logs of resource management activities related to an incident; When implemented with a GIS system, Resource ManagerGIS adds demographic information and resource location, which can be used to: • Establish request hierarchy(ies) based on existing • processes (e.g., city requests from a county, a county requests from another county and /or state). • Manage resources during an incident through resource requests and deployments; • Add resources "on the fly" during an incident with the capability to review, edit and add the resource to the permanent inventory post- incident; Identify the population within an affected area and the riemogranhics of the affected nnni latinn; Identify the resources available within a defined region that can be used to respond to an incident. 3740.,,.141 www.esi911.com ESi Acquisition, Inc. 699 Broad Street WebEOC, MapTac and ESi are trademarks or registered Trademarks Suite 1100 of ESi Acquisition, Inc. All other trademarks are the property of their respective owners. Augusta, GA 30901 (706) 823 -0911 WebEOC@ Calendar Plug -in Create and send appointments through WebEOC® (Option) ccn•nr _ _, With this easy to use plug -in, you can track drill and exercise schedules, training sessions, meetings, etc. through WebEOC. Calendar appointments can be sent to WebEOC users and email accounts /distribution lists external to WebEOC. Is this an ODP -based drill, exercise, or training activity? Then include exercise objectives, provide testing functions, scenario information, and identify the target audience in the invitation. With WebEOC Calendar users will be able to: • Add, edit, and delete appointments. • Manage information pertaining to an appointment. 3740 • :7134 nYM..YIt.w t«: ML'IWtwlL M d1lYYa W { OvM [. ly�s wan Mtp (rr: Mw 1Y)[Y•I� I,r• M1,�r i,BK�- •ros[nMlm�,[YAm� 6YSlw t•luta'[�, •D,v.e Y Ymn.•M Y'tOEtt O9. �C+b 61z letii� ! • Invite and notify users of appointments. • Send appointment notifications via email. Ad hoc email addresses and distribution lists can be added to an appointment "on the fly ". • Control user edit and view permissions. • Create user - defined holidays. • View appointments in daily, weekly, monthly, or annual format. • Filter appointments in the calendar view. Contact ESi to schedule an online demo. ESi Acquisition, Inc. WebEOC, MapTac and ESi are trademarks or registered trademarks 699 Broad Street — Suite 1100 of ESi Acquisition, Inc. All other trademarks are the property Augusta, GA 30901 Office: 706 823 0911 Fax: 706 826 9911 www.esi9ll.com of their respective owners. The Universal DispatcherTM 9 -1 -1 solutions that put technology to work for you ESi revolutionized Public Safety technology in 1996 when we unveiled the first Universal Dispatcher TM. Designed originally to meet the unique needs of E9 -1 -1 Centers, the Universal Dispatcher is ESi's integration platform that can bring control of multiple systems to the fingertips of 911 dispatchers, control room operators, law enforcement, security, or EMS personnel, alarm company operators — almost anyone needing this capability. That's right, one keyboard and one mouse can control multiple systems in any center. We call it the Universal Dispatcher for many reasons: ■ It is Universal because it integrates your computer -based applications onto a single platform. ■ It is Universal because it provides the highest level of redundancy. Every dispatch position can be configured to support any function. Your logon and password determine system access. ■ It is Universal because as vendor - independent integrators, we're not locked into solutions that force you to change the way you do business. 37 4 0 - *I The Problem ... It's quite common for Dispatch workstations to have three or more computers each with their own set of monitors, keyboards, mice, buttons, dials, and switches dedicated to a specific application. During the heat of battle, this makes it difficult for operators to find the `right' input device. For instance, a modern 911 Center usually has CAD, mapping, NCIC, video, and computer based radio, telephony, and recording systems. They are also faced with problems involving telephone /radio headset integration, delivery and control of gate or door controls and alarms, PA Systems, etc. ESi's Solution ... The Universal Dispatcher is much more than a simple hardware solution that you buy and plug in. Instead, it's an engineering concept! We evaluate proposed and /or legacy systems and design a solution that is tailored to meet agency- specific needs. Our ultimate goal is to install and configure your various software applications or systems onto a common or Universal computer platform that can be operated from and controlled by a single keyboard /mouse. 3740. WebEOC@Air Crisis Incident Management Software tailored to the airline industry One of the most daunting challenges facing airlines and other aviation companies in today's tough regulatory and public environment is that of effectively managing all of the information generated in the wake of an aviation disaster. Unfortunately, much of this information is confusing, wrong, contradictory and difficult to disseminate to all who need to know in a timely manner. WebEOC ®Air was designed specifically for airline and aircraft operators to deal effectively with the kinds of information confronting a company after an aviation disaster. WebEOCAir provides support in three main areas: team resource management, real time incident management and passenger and family data management. WebEOCAir features include: • Unlimited status boards & forms for real time event management • Comprehensive Team Management Module for team administration, activation, deployment and tracking • Complete passenger data management system for tracking all activities associated with passengers, families and family assistance activities • Comprehensive checklists, user defined, timed or untimed • Contact Manager • Complete messaging system, including messages to standard e-mail addresses • Concurrent incident management — Allows for management of multiple simultaneous events • Comprehensive report capability • Highly configurable user administration • Full import /export capabilities • WebEOC Simulator • Flexible implementation options • Secure 128 -Bit SSL encryption connections WebEOCAir provides extensive flexibility and easily integrates with other internal systems such as reservations, crew schedules, maintenance and human resources systems. Tu icaro inure, usii Aviem iniernaiionai, inc., ESi's exclusive WebEOCAir reseller, at: www.aviem.com. Contact Aviem International, Inc. for an online demo or visit www.aviem.com Atlanta 2475 Northwinds Parkway London ox 2316 WebEOC, MapTac and ESi are trademarks or registered trademarks Suite 200 Ascot, SL5 oWG of ESi Acquisition, Inc. All other trademarks are the property Alpharaetta, GA 30004 United Kingdom of their respective owners. 770 753 6292 +44 01344 620 219 � C�16 Information Management Display Systems Display System Solutions Offe r Ve rsati I ity 3740•,.) Central to planning any emergency response is the question of how crisis information will be shared among response personnel. For responders who assemble in a single location, an Information Management Display System is often the answer. Implemented alone or in conjunction with individual computers deployed at every EOC position, display systems provide an economic and efficient way to disseminate information facility -wide. Display systems can also transform a seldom used EOC into a multi - purpose briefing center or training facility. Another benefit is that if used on a routine basis, you'll know how the system works and will be proficient in its operation when the next emergency is declared. Essential elements of any display solution typically include computer(s) equipped with special multi - monitor video cards, projectors /cabling, and a display surface. Understanding user requirements is key to engineering each display system. For example, a typical multi- monitor video card can support up to four displays (LCD projectors and /or local monitors in any combination). It can also be equipped with a composite video input and provisioned with a TV tuner allowing CATV to be displayed in a window that can be resized and moved to any screen. Where more than four displays are required, multiple cards can be used. An external video multiplexer and external TV tuner can be added if composite video and TV need to be displayed at the same time. It is also possible to integrate and display external video sources (e.g., DOT video feeds). Configurations of this type allow you to treat multiple projectors as a single display surface operating in a virtual windows environment. The result is an unlimited number of sizable, scalable, movable windows capable of displaying WebEOC° status boards, maps, charts, graphs, reports, forms, checklists, video, and links to other systems and databases. WebEOC windows can even be configured to appear in the same size and place each time they are opened. Existing WebEOC Users — Seamless add -on module available. Transit specific icons for use with MapTac are also included. 3740 •1'111 , • Continued Support — The Business Contingency Group is committed to continuing to support and improve WebEOCSTto better meet the needs of the Surface Transportation Sector. Ma LEW t •YY.Yw�tut.rrwM MWwYY � �, r ':. r. (i ��_'tt tP r tNNlYW1i �V�YIU.. P&- `4. Ma LEW t •YY.Yw�tut.rrwM MWwYY � �, T 'I . f iY6h .3 7rF r ':. r. (i ��_'tt tP i4 t75 tNNlYW1i �V�YIU.. P&- kBx9Wx LM d?IA .15x Ms4.: .tr.+ &cC7S"a Mxnuwii �'rwl. 49:i mlais l:e..YrQ t.t.kd. en ki .... � I�Cth'- :w• n .,m., x>t IFW tl»FiYe SID„ - flHe ryynr.M i+x. d91tllK+i Mxxnnts i,utnYY 3t!t r Srrnr tix VEHICLES: T 'I . f iY6h .3 7rF r ':. r. (i ��_'tt r- r Back To The Ta, UUMContact us for an online demo or visit www .businesscontingencygroup.com Business Contingency Group 18034 Ventura Blvd., #333 ESi Acquisition, Inc. Encino, CA 91316 699 Broad Street - Suite 1100 Telephone: 818 784 3736 Augusta, GA 30901 Office: 706 823 0911 www.esi9ll.com r;Fe 0. � C =1 Facility Design & Consulting In addition to WebEO&, our industry leading Crisis Information Management Software (CIMS), ESi also offers Emergency Operations Center (EOC) and Public Safety design and consulting services. DOE Savannah River, Swiss Air, NASA Dryden, Cobb County, GA and Caddo - Bossier Parish, LA are just a few WebEOC customers who have also taken advantage of our EOC design services. Even with the best systems in the world, a poor facility design can adversely effect EOC operations. ESi can work with you to document requirements, evaluate systems and infrastructure, and recommend process and facility improvements on everything from acoustics to backup power. Whether building a new EOC or renovating an existing facility, we can offer suggestions to you or your A &E firm that will enhance any project. Our onsite design reviews begin with an in -brief of local officials. A facility walk -down normally follows where we document existing systems and equipment and obtain an understanding of their use. Next, we interview personnel to learn how the facility functions during routine and high density operations. Working with the customer, we identify systems and applications that are candidates for integration. The facility itself is evaluated to address the following points: Is it large enough to support planned operations? Can the room be modified to support a large screen projection system? 3740 • *, *lo • Is lighting adequate and appropriate for the task? Depending on the type of display system installed, florescent lighting can degrade or `wash out' projected images. • Is raised access flooring necessary to support electrical or premise wiring? This not only enhances a facility's overall appearance (hides wires, cables, junction boxes, etc.), it also simplifies the process of modifying a room as missions or support systems change. Are power and universal wiring drops adequate? Is the power conditioned? What type of emergency power is available and to what level of redundancy (individual or centralized UPS, backup generators, etc.). Are critical systems, and only critical systems, plugged into emergency power outlets that have been clearly identified for this purpose? Is power transfer automatic or manual? • Is noise an issue during full or partial activations? Sound abatement through carpeting and acoustic wall panels may be appropriate. What is communication like within a room? Do phones ring? Are update briefings conducted via PA, or are voice conferencing systems used? Are there any other audible devices routinely used which may disrupt operations? • Have ergonomics been considered? Is the space allocated to each responder adequate? Is seating WebEmm0C@G1Se Integrate Your GIS System Using WebEOC's GISe Plug -in (Option) WebEOC ®G /Se is the Geographic Information Systems (GIS) interface between ESi's WebEOC and ESRI® ArcIMS®. • WebEOC is ESi's web -based Crisis Information Management Software (CIMS). • ArcIMS is ESRI's solution for delivering maps and GIS data and services via the Web. Together they deliver crisis information to users on your intranet or to external users on the internet. WebEOCG /Se offers a simple, lightweight map viewer that allows WebEOC users to geocode address information from within a WebEOC Status Board. With WebEOCG /Se, geocoding is performed against user entered addresses, with multiple matches presented in a drop -down to allow the user to select the most appropriate match. When accessed from a status board, WebEOC sends a list of points to ArcIMS to draw on the map. When a user identifies a point that originated from within WebEOC, a copy of the appropriate status board entry opens to display information within WebEOC about that point. The unique part of ESi's ESRI integration is that the GIS functions are built into WebEOC's core Board Builder tools. As a result, an average EOC administrator can layout any data entry form with ue+m 3740 • JJ r�. LE narw _.. specific geocoding fields. That means anything that a user wants to design can be linked to a GIS display. For example: An administrator builds a status board to monitor West Nile Virus reports. Location fields in the Status Board's data input form can be configured to allow the average WebEOC user to geocode "on -the- fly". You don't have to be a GIS expert or a WebEOC Administrator. Users granted appropriate permissions can enter address data and then hit a map button on the form that will geocode against the existing ESRI GIS and display an ArcIMS map viewer to confirm the location. If alternative points /addresses are available they are presented in a drop down box. After the entry is saved it displays on a standard status board with all the other entries. If the user presses any of the map buttons on the status board it will center the map on that entry and also display all other points (West Nile Reports) on the map with status colors if lased. The riser can then "drill down" on the Arc!MS map by clicking on the points or zooming in /out as necessary. User access is via Microsoft Internet Explorer version 6.0 (or higher). And because WebEOCG /Se is designed as a generic interface, it is able to work with almost any agency's data. ® � C =1 ESi Services 3740. , ESi's Services Unit provides WebEOC Consulting, Configuration, Training, Drill and Exercise Support ESi Services officially opened its doors on October 1, 2005 with the arrival of Jim Cook, who is coming to ESi Services from his position as Director of the Atlanta - Fulton County Emergency Management Agency and Atlanta's Homeland Security Director. Jim Cook will lead this new business unit as the Director of Services for ESi. As the WebEOC worldwide customer base has expanded and the product itself has become the Crisis Information Management System industry standard, the momentum for after - sales services has been building within the user community. ESi Services will provide WebEOC customers continued after -sales support with consulting services, configuration services, training, and drill and exercise support. Consulting ESi Services offers general consulting regarding WebEOC implementation as it pertains to crisis management practices. ESi Services personnel have expertise in the NIMS, the NRP and many EOC activations where WebEOC was utilized. Customers who desire an assessment of their process beyond that provided at installation may contact ESi Services. ESi will assist customers in refining their processes and identifying how implementation of WebEOC can enhance their efficiency. Configuration WebEOC appeals to emergency managers who desire to maintain the processes they have established and with which everyone is familiar. ReSourCeS GMrrtlm Pubkc TlW A 6 4900 -p- 4iuw Works Porwr Band E.O. Pubkc . 48000 11000 $130000 CkDIOY lhwr CHEMPACK UNCNCE tcDC ] D $D -N- mow CNker 0C EDC 3 0 600 , —Y Fin Tnak Qr sbero 23 0 .41300 DsDkry thew Pump. Pubkc Wad. County DPW 10 3 630 DaMOY _ Vier .. 0 Ton TXANG TXANG H 0 W Dr010Y V =Nm Tnakr .__. .. - . Dump C"nty UrPNmon1 36 0 Cae 30 Pby lhow Truokr at Pubbc Work. PPE T.mp PD PPE 10_...0 t0 DoDbY V�mr Mr.Truck Emrrpncy 5—c'. 4 0 so DBPIOY Wan NumVw. TXANG TXANG J 4300 De6MY V_on Tow $1329M After initial installation and training, ESi leaves its customers with a baseline configuration and with the ability to respond to incidents. In addition customers are shown how they can configure WebEOC themselves. However, many customers prefer to have ESi configure boards for them or would like a more complex process implementation; for example, for use .i / ct 0 WebE0C@G1Smp ESi Partners with Microsoft To Deliver An Integrated Mapping Solution (Option) ESi and Microsoft have partnered to provide basic mapping services to WebEOC® customers who cannot or do not want to maintain their own Geographic Information System (GIS) database. The result is WebEOCG /Smp, ESi's interface between WebEOC and Microsoft's MapPoint® Web Service. ■ WebEOC is ESi's web- based, Crisis Information Management Software (CIMS). MapPoint Web Service is Microsoft's hosted solution for delivering street level maps from anywhere in the United States via the Web. WebEOCG /Smp offers the capability for WebEOC users to geocode address information from within WebEOC. With WebEOCG /Smp, geocoding is performed against user entered addresses, with multiple matches presented in a drop -down to allow the user to select the most appropriate match. Detailed information regarding a specific point on a map can be accessed two ways — from the map itself or from a specific status board entry within WebEOC. When accessed from a status board, WebEOC sends a list of points to MapPoint that are drawn on the map. Conversely, when a user selects a point on a map that originated from within WebEOC, a copy of the appropriate status board opens to display detailed information about that point. As with WebEOCG /Se, our ESRI -based interface, WebEOCG /Smp is unique in that GIS functions are built into WebEOC's core Board Builder tools. As a result, an average EOC administrator can layout any data entry form with specific geocoding fields. That means anything that a user wants to design can be linked to a GIS display. How it works Location fields can be added to the data input form of any WebEOC Status Board and configured to allow the average WebEOC user to geocode "on- the - fly ". Users granted appropriate permissions can enter address data (street name combined with the city or postal code) and then hit a map button on the input form that will geocode against Microsoft's MapPoint. If properly yov..aucu, u SiiiiN c iiiaN VICUVCI' dIJlaldy5 SIIUWIrIg the location. If the user presses a map button from within a WebEOC status board, it will center the map on that point and display other points on the map with their status colors (if used). Users can zoom in /out as necessary. ASP Benefits. ESi provides all hardware, network infrastructure and software to host WebEOC and you pay one low annual fee. Benefits include: ■ Rapid Deployment ■ Minimal demands on in -house IT ■ Carrier -class facilities World -class security • Guaranteed availability WebEOC Availability. Based on our redundant ASP . architecture, WebEOC availability is targeted at 99.9% NSI DoubleTake is used to mirror WebEOC databases between HostCenters. Multi -Level Security Ensures Privacy and Continuous Operation. A combination of physical security measures and ongoing video surveillance is in place to ensure the infrastructure remains safe and secure. Security guards are stationed at building and data center entrances limiting physical access, and only VeriCenter employees and escorted colocation customers can enter secured areas. Access to each HostCenter is further limited by badge -only access, man -trap entries, and biometric readers. Power Guarantee. VeriCenter provides a 100% Power Availability guarantee. The utility infrastructure in each HostCenter includes redundant power sources and UPS backups. Network Availability. Every HostCenter offers redundant Internet connectivity via Tier 1 backbone network providers. This high -speed connectivity enables "private transit" peering that avoids congested public peering points and improves application and system performance. Each data center's architecture provides redundancy against fiber cuts, electronic outages, and Cisco backbone route outages while network engineers monitor all supported services 24x7. Environmental Systems. HostCenters maintain constant temperature and humidity settings, with separate cooling zones for optimum equipment performance. Raised floors in the data centers secure and protect cabling, cooling and various environmental systems. Highly sensitive VESDA smoke and heat detectors, along with automated moisture detectors above and under floors, constantly monitor the environment. Compressed gas fire suppression 3740 systems add protection even in remote mechanical rooms and plenums. Environmental systems are monitored 24x7. Managed Intel Servers. VeriCenter provides policy management and deployment, OS patching, OS upgrades, OS security services, and 24/7/365 Tier 1, 2 and 3 support. ESi remotely manages application and mirroring software. VeriCenter backups include daily incremental / weekly full with offsite tape rotation on a daily basis. Daily incrementals are retained for 14 days, weekly fulls for 8 weeks. Hardware (each server) Each site has separate web and database servers. Dedicated Servers: Intel Dual 2.8GHz CPU, 3GB Ram, 2x36GB HD RAID1; 4x36GB HD RAID5 with hot spare, CD, NIC 10/100 Dedicated Software: Windows 2003 Server, MS SQL Server 2000 STD, WebEOC, Double -Take STD Shared Infrastructure: Includes LAN fabric and port , WAN infrastructure, tape backup and recovery infrastructure, IP KVM, physical security, and datacenter facilities. Geographic Load Balancing. VeriCenter has the ability to load balance customer environments over distributed geographic locations. This provides a high degree of site availability, site performance, and distance sensitivity. Load balancing provides IP failover redundancy for the primary and backup sites. Secure Socket Layer. All WebEOC transactions are encrypted at the Web server with SSL 128 -bit encryption. Certifications. VeriCenter's SAS 70 (Type II) can be provided upon request. For more information on VeriCenter's hosting and managed services, visit their website at www.vericenter.com. C�1 EmerGeo Mapping 3740 444' EmerGeo SOLUTIONS INC. ...__,_..,,,,r,,,r,,� r An Add -On Emergency Mapping Tool That Integrates Your Existing GIS Data With WebEOC® Easrclas: Big Chemical Spill Situation Map I. • Significant Events _ - Admin J EOC plea ne LJoe ouis i-ill '! c>d chemlm c <me. Mann Nap Chlorine Spill at r� ' 0 Venterm l '• EOC Position Log ❑ ❑ Toslc mslorlals and f , Infectioussuhstancas EOC Sign -in ❑ u ie Event Status Board Open Low .,t rci ws Her e ,e Incident Action Plan ❑ O 'Event Dale/Time �90 Rogors9t. Vanciumer 01/17/2006 06:48:00 crvw spu et v-.,. a Mrsswn/Teok ❑ f�1 i • Shelters ❑ L1 EOC Logistics Joe Kilmv EOC actry _• ..IC.S Forma fl .. MapD•COntaRllOadon � � 1 a .` ., ,� , � •• , d �. �- LrnblMape ❑ Trailers Deployed to j N ; a Reports _ ❑.:. .EComm- �i'' -r1�, 4 { .� Resources ❑ =peconlemioalion Unia ��- tL �"ir�� Y_ r 'n _..............> .a> Stroller ❑ Event Dale/frme: .3301 Pander Vancoevar�,` _.. 01/17/1006 22 13 07 St : Easdide ', !Mika I • r �,• ? iMorrow _i,_ ._,�... -. — , 'Y t i6 I ,Major fire has been reported at Plant S °4 ou have Fire.. eceived a now s esge open -. Medium _ Event DatetTime: "312: MdmSt Van., _:._..._ _.,r__._..._.. :.. ____..._ _.__...._._ ._._.___. .. __.. . __..._. ,.. _ g7 Irtxnet �j pone $ . r enernet 111 r>oe kft toneat euWmaar rd-11: od 02:35 . _..,.._...... �_ ......... ... _ . _--. $7 � internM EmerGeoTM was built by emergency management professionals with over 30 years of hands -on experience in applying GIS mapping technologies for emergency planning and response. It is far more than just a GIS system — it is a common operating platform for emergency managers and public safety professionals to share situational information in a =? roYed monnnr Panel allows WebEOC® data to be plotted on maps with controls that help eliminate the display of duplicate or insignificant information. WebEOCO customers simply add EmerGeoTM data fields to WebEOC® Boards and map buttons appear as Board data is plotted. A simple click of a map button opens the EmerGeo web map viewer (browser) window containing a map zoomed onto the plotted record. WebEOC® data represented by one or multiple icons (points), lines or polygons can be set to dynamically change size and color based on status or magnitude changes. EmerGeoTM is a GIS mapping application that "sits between" existing GIS system(s) and the WebEOC® server. It generates WebEOC® map overlays (layers) on GIS data being read directly from customer's existing card, Intergraph, Mapinto, AutoDesk or other mapping systems using OpenGIS® standard interfaces. ESRI Shapefiles and 25+ other map data formats can also be loaded and read directly by EmerGeo TIM. Spatial queries can use this map data and the WebEOC® Board data to support decision - making. For example, generate a report on population or critical infrastructure affected within an emergency planning zone around WebEOC® plotted events or generate hazmat plume /flood forecasts and issue an alert to populations within affected areas.