HomeMy WebLinkAboutresolution.council.078-22ATTACHMENT B
RESOLUTION #078
(Series of 2022)
A RESOLUTION OF THE CITY COUNCIL OF THE CITY OF ASPEN, COLORADO, APPROVING A CONTRACT
BETWEEN REVISION, INC. AND THE CITY OF ASPEN FOR SOFTWARE AND PROFESSIONAL SERVICES,
AUTHORIZING THE CITY MANAGER TO EXECUTE SAID CONTRACT ON BEHALF OF THE CITY OF ASPEN,
COLORADO
WHEREAS, there has been submitted to the City Council a not -to -exceed contract between the City of
Aspen and Revision, Inc. which is attached hereto as Attachment A in the amount of $372,000 for
professional services and fees for developing and deploying an online customer portal for the
HomeTrekTM system; hosting of the portal; and ongoing support and Security as a Service;
NOW, THEREFORE, BE IT RESOLVED BY THE CITY COUNCIL OF THE CITY OF ASPEN, COLORADO,
That the City Council of the City of Aspen hereby approves the contract between the City and Revision,
Inc., a copy of which is incorporated herein, for $372,000 and hereby does authorize the City Manager
to execute said agreement on behalf of the City of Aspen
INTRODUCED AND READ AND ADOPTED BY THE City Council of the City of Aspen on the
12th day of July 2022.
Torre, Mayor
I, Nicole Henning, duly appointed and acting City Clerk do certify that the foregoing is a true and
accurate copy of that resolution adopted by the City Council of the City of Aspen, Colorado, at a meeting
held July 12, 2022.
C--� "
Nicole Henning, City Clerk
DocuSign Envelope ID: EF266D82-F4C8-4919-ABD1-4E3986F48CC5
1p,4I
� MAV
►
CITY OF ASPEN STANDARD FORM OF AGREEMENT v2009 CITY OFASPEN
PROFESSIONAL SERVICES AND SOFTWARE AGREEMENT SAMPLE
City of Aspen Contract No.: 2022-004
AGREEMENT made as of 12th day of July, in the year 2022
BETWEEN the City:
The City of Aspen
c/o Bethany Spitz
18 Truscott Place
Aspen, Colorado 81611
Phone: (970) 920-5137
And Professional:
k�ompany legal name: Revision, Inc.
�/O Khalil Nasser, CEO
1337 Delaware St.
PDenver, CO 80204
I,"hone: 303-618-0799
For the Following Project:
Contract Amount:
Total: $372,000
If this Agreement requires the City to pay
an amount of money in excess of
$50,000.00 it shall not be deemed valid
until it has been approved by the City
Council of the City of Aspen.
City Council Approval:
Date: July 12, 2022
Resolution No. 2022-078
A new HomeTrekTm Customer Portal, includingl) development and deployment of the portal; 2)
hosting; 3) ongoing support; and 4) Security as a Service
Exhibits appended and made a part of this Agreement:
Exhibit A: Scope of Work
Exhibit B: Fee and Expense Schedule
Exhibit C: Revision, Inc. Proposal
Exhibit D: Service Level Agreement
The City and Professional (Revision, Inc.) agree as set forth below.
Agreement Professional Services and Software Page 1
DocuSign Envelope ID: EF266D82-F4C8-4919-ABD1-4E3986F46CC5
1. Scope of Work. Professional shall provide all software indicated in this agreement and perform
in a competent and Professional manner the Statement of Work as set forth at Exhibit A attached hereto
and by this reference incorporated herein,
2. Completion. Standard of Performance. Professional is obligated to fulfill the full Scope of
Work included in this contract. Professional shall commence Work immediately upon receipt of a written
Notice to Proceed from the City and complete all phases of the Scope of Work as expeditiously as is
consistent with Professional skill and care and the orderly progress of the Work in a timely manner. The
parties anticipate that all Work to replace the current APCHA Salesforce HomeTrekTm portal pursuant to
this Agreement shall be completed no later than December 31, 2022, at which point in time ongoing
services will commence. Upon request of the City, Professional shall submit, for the City's approval, a
schedule for the performance of Professional's services which shall be adjusted as required as the project
proceeds, and which shall include allowances for periods of time required by the City's project manager
for review and approval of submissions and for approvals of authorities having jurisdiction over the
project. This schedule, when approved by the City, shall not, except for reasonable cause, be exceeded
by Professional.
Except as may otherwise be provided in a Scope of Work, the City shall have the right to promptly
test and inspect whether each deliverable due under a Scope of Work conforms to the requirements of
this Agreement in all material respects. If a Deliverable does not so conform, the City must give
Professional notice describing the non -conformity ("Rejection Notice"). The City will provide such
Notice within an agreed upon Test Period for each deliverable, the time period of which will be jointly
agreed to by the City and Professional for each deliverable. The City will in a timely manner
collaborate with Professional to establish an Extension to the Test Period should it be anticipated that
the originally agreed to Test Period will be insufficient for any reason. Professional shall not
unreasonably withhold such an Extension of a Test Period. Should no Extension of the Test Period be
requested by the City within the originally agreed to Test Period or a subsequent Extension of the Test
Period and should no Reject Notice be received by Professional from the City within the agreed upon
Test Period or a subsequent Extension Test Period, then the deliverable will be considered to be
accepted. A Request for Extension or a Rejection Notice shall be deemed to be delivered to
Professional at the date and time it is emailed from the City to Professional.
Upon receipt of a Rejection Notice, Professional will use commercially reasonable efforts to cause the
Deliverable to conform to the requirements in all material respects.
The project timelines set forth in this Contract assume that the City and Professional will proceed with
reasonable efforts to provide timely deliverables, and provide timely and reasonable feedback,
decision -making, access, resources and other such support as may be needed to successfully complete
the Scope of Work. Failure to provide such support, on the part of either party, may impact the timing
of the project.
Except as expressly set forth in this agreement, Professional disclaims all warranties, whether express,
implied or statutory. Professional will not be responsible for nonconformities arising from inaccurate,
inauthentic or incomplete data or information provided by or through the City, or for failures or delays
arising from lack of cooperation. Professional disclaims all responsibility for the provision, use and
functionality of third -party services, software and products, including salesforec.coni. Professional,
as the prime contractor, warrants the quality and functionality of its work, including configurations
and customizations it performs as a part of this contract, for a period of 30 days beyond full deployment
of the system, defined as go -live of the last phase of the project. Nothing in this paragraph shall be
Agreement Professional Services and Software Page 2
DocuSign Envelope ID: EF266D82-F4C8-4919-ABD1-4E3986F48CC5
deemed to excuse Professional from any liability or consequences due to negligence, from the
requirements in Section 4, or from the responsibility of any other section of this contract.
Professional shall be fully responsible for all acts and omissions of its subcontractors to the same extent
that Professional is responsible for the acts and omissions of persons directly employed by it.
The final deliverables to be provided by the Professional shall conform to the specifications described
in the Statement of Work and other approved documents developed in the course of this project to
detail final specifications and agreements for work. Where deliverables, including software
functionality and security, are reported as not conforming to the applicable specifications, the
Professional shall correct all such non -conformances that are reported to Professional within a period
of thirty (30) days unless a different time period is mutually agreed upon in writing by the City and
the Professional.
3. Payment. In consideration of the work performed, City shall pay Professional for all work
performed. The fees for work performed by Professional and associated annual software licenses and
services shall not exceed those rates set forth in Exhibit B appended hereto. Except as otherwise mutually
agreed to by the parties the payments made to Professional shall not initially exceed the amount set forth
above. Professional shall submit, in timely fashion, invoices for work performed. The City shall review
such invoices and, if they are considered incorrect or untimely, the City shall review the matter with
Professional within ten (10) days from receipt of Professional's bill.
Professional shall provide detailed milestone invoices to City for work completed. Invoices must
include a description for each line item charged Approved invoices shall be paid in net 30 days from
the date received by the City.
4. Disputed Fees. In the event that City disputes, in good faith, any charges on an invoice, it
shall notify Revision, Inc of such dispute within seven (7) business days of the receipt of the respective
invoice and the parties shall resolve the dispute in good faith within fourteen (14) calendar days
following City's notice to Revision, Inc. thereof. The City shall hold back payment on any disputed
invoice until all issues are fully resolved.
5. Fund Availability. Financial obligations of the City payable after the current fiscal year are
contingent upon funds for that purpose being appropriated, budgeted and otherwise made available.
If this Agreement contemplates the City utilizing state or federal funds to meet its obligations herein,
this Agreement shall be contingent upon the availability of those funds for payment pursuant to the
terms of this Agreement.
6. Non-Assianability. Both parties recognize that this Agreement cannot be transferred, assigned,
or sublet by either party without prior written consent of the other, except to its wholly owned subsidiaries.
Subcontracting, if authorized, shall not relieve Professional of any of the responsibilities or obligations
under this Agreement. Professional shall be and remain solely responsible to the City for the acts, errors,
omissions or neglect of any subcontractors' officers, agents and employees., each of whom shall, for this
purpose be deemed to be an agent or employee of Professional to the extent of the subcontract. The City
shall not be obligated to pay or be liable for payment of any sums due which may be due to any
subcontractor.
Agreement Professional Services and Software Page 3
DocuSign Envelope ID: EF266D82-F4C8-4919-ABD1-4E3986F48CC5
Professional shall fully inform each of its permitted subcontractors hereunder of all of the provisions
and requirements of this Agreement relating to the work to be performed and/or the services or
materials to be furnished under such subcontract. Without limiting the generality of the foregoing,
Professional will not disclose any confidential information of the City to any third party subcontractor
unless and until such subcontractor has agreed in writing to protect the confidentiality of such
confidential information in a manner that is no less restrictive than that required of Professional under
this Agreement, and then only to the extent necessary for such subcontractor to perform the services
subcontracted to it.
7. Successors and Assigns. This Agreement and all of the covenants hereof shall inure to the
benefit of and be binding upon the City and Professional respectively and their agents, representatives,
employee, successors, assigns and legal representatives. Neither the City nor Professional shall have
the right to assign, transfer or sublet its interest or obligations hereunder without the written consent
of the other party.
8. Third Parties. This Agreement does not and shall not be deemed or construed to confer
upon or grant to any third party or parties, except to parties to whom Professional or City may assign
this Agreement in accordance with the specific written permission, any right to claim damages or to
bring any suit, action or other proceeding against either the City or Professional because of any
breach hereof or because of any of the terms, covenants, agreements or conditions herein contained.
9. Termination of Professional Services Hosting, and Security as a Services Professional or
the City may terminate this Agreement, without specifying the reason therefor, by giving notice of 30
days, in writing, addressed to the other party, specifying the effective date of the termination; provided,
however, that neither party will terminate this Agreement for breach without first giving the other party
three (3) days to cure the breach. Upon termination of the Agreement the City will compensate
Professional for fees earned up to the effective date of termination, according to the phasing schedule in
Exhibits A and B. Breach includes but may not be limited to negligence, major defects, or repeated
moderate defects.
Upon any termination, all finished or unfinished deliverables specified in the Scope of Work (such as
documents, data, studies, surveys, drawings, maps, models, photographs, reports or other material
prepared by Professional pursuant to this Agreement) shall become the property of the City and shall be
returned to the City or made available to the City to easily retrieve. Professional may store, but not use
or share, the City data in its system for a period of up to twelve (12) months.
The parties agree that on the termination of the provision of the services, Professional shall, at the
choice of the City, return all the personal data transferred including any data storage media supplied
to Professional, and the copies thereof to the City or shall destroy all the personal data and certify to
the City that it has done so, unless legislation imposed upon Professional prevents it from returning
or destroying all or part of the personal data transferred. In that case, Professional warrants that it
will guarantee the confidentiality of the personal data transferred and will not actively process the
personal data transferred anymore.
10. Indeuendent Contractor Status. It is expressly acknowledged and understood by the parties
that nothing contained in this agreement shall result in or be construed as establishing an employment
relationship. Professional shall be, and shall perform as, an independent Contractor who agrees to use
his or her best efforts to provide the said services on behalf of the City. No agent, employee, or servant
Agreement Professional Services and Software Page 4
DocuSign Envelope ID: EF266D82-F4C8-4919-ABD1-4E3986F48CC5
of Professional shall be, or shall be deemed to be, the employee, agent or servant of the City. City is
interested only in the results obtained under this contract. The manner and means of conducting the
work are under the sole control of Professional. None of the benefits provided by City to its employees
including, but not limited to, workers' compensation insurance and unemployment insurance, are
available from City to the employees, agents or servants of Professional. Professional shall be solely
and entirely responsible for its acts and for the acts of Professional's agents, employees, servants and
subcontractors during the performance of this contract. Professional shall indemnify City against all
liability and loss in connection with, and shall assume full responsibility for payment of all federal, state
and local taxes or contributions imposed or required under unemployment insurance, social security and
income tax law, with respect to Professional and/or Professional's employees engaged in the
performance of the services agreed to herein.
11. Indemnification and Liability Limits. Professional agrees to indemnify and hold harmless the
City, its officers, employees, insurers, and self-insurance pool, from and against all liability, claims, and
demands, on account of injury, loss, or damage, including without limitation claims arising from bodily
injury, personal injury, sickness, disease, death, property loss or damage, or any other loss of any kind
whatsoever, which arise out of or are in any manner connected with this contract, to the extent and for
an amount represented by the degree or percentage such injury, loss, or damage is caused in whole or in
part by, or is claimed to be caused in whole or in part by, the wrongful act, omission, error, professional
error, mistake, negligence, or other fault of the Professional, any subcontractor of the Professional, or
any officer, employee, representative, or agent of the Professional or of any subcontractor of the
Professional, or which arises out of any workmen's compensation claim of any employee of the
Professional or of any employee of any subcontractor of the Professional. The Professional agrees to
investigate, handle, respond to, and to provide defense for and defend against, any such liability, claims
or demands at the sole expense of the Professional, or at the option of the City, agrees to pay the City or
reimburse the City for the defense costs incurred by the City in connection with, any such liability,
claims, or demands. If it is determined by the final judgment of a court of competent jurisdiction that
such injury, loss, or damage was caused in whole or in part by the act, omission, or other fault of the
City, its officers, or its employees, the City shall reimburse the Professional for the portion of the
judgment attributable to such act, omission, or other fault of the City, its officers, or employees.
12. Professional's Insurance.
(a) Professional agrees to procure and maintain, at its own expense, a policy or policies of
insurance sufficient to insure against all liability, claims, demands, and other obligations of
Professional pursuant to Section 14 below (Completeness of Agreement). Such insurance shall be
in addition to any other insurance requirements imposed by this contract or by law. Professional
shall not be relieved of any liability, claims, demands, or other obligations assumed pursuant to
Section 11 (Indemnification) above by reason of its failure to procure or maintain insurance, or
by reason of its failure to procure or maintain insurance in sufficient amounts, duration, or types.
(b) Professional shall procure and maintain and shall cause any subcontractor of Professional
to procure and maintain, the minimum insurance coverages listed below. Such coverages shall be
procured and maintained with reputed insurers/ reinsurers. All coverages shall be continuously
maintained to cover all liability, claims, demands, and other obligations of Professional pursuant
to Section 11 (Indemnification) above. In the case of any claims -made policy, the necessary
retroactive dates and extended reporting periods shall be procured to maintain such continuous
coverage.
Agreement Professional Services and Software Page 5
DocuSign Envelope ID: EF266D82-F4C8-4919-ABD1-4E3986F48CC5
(i) Worker's Compensation insurance to cover obligations imposed by applicable
laws for any employee engaged in the performance of work under this contract, and
Employers' Liability insurance with minimum limits of ONE MILLION DOLLARS
($1,000,000.00) for each accident, ONE MILLION DOLLARS ($1,000,000.00) disease
- policy limit, and ONE MILLION DOLLARS ($1,000,000.00) disease - each employee.
Evidence of qualified self -insured status may be substituted for the Worker's
Compensation requirements of this paragraph.
(ii) Commercial General Liability insurance with minimum combined single limits of
TWO MILLION DOLLARS ($2,000,000.00) each occurrence and THREE MILLION
DOLLARS ($3,000,000.00) aggregate. The policy shall be applicable to all premises and
operations. The policy shall include coverage for bodily injury, broad form property
damage (including completed operations), personal injury (including coverage for
contractual and employee acts), blanket contractual, independent contractors, products,
and completed operations. The policy shall include coverage for explosion, collapse, and
underground hazards. The policy shall contain a severability of interests provision.
(iii) Comprehensive Automobile Liability insurance with minimum combined single
limits for bodily injury and properly damage of not less than ONE MILLION DOLLARS
($1,000,000.00) each occurrence and ONE MILLION DOLLARS ($1,000,000.00)
aggregate with respect to each Professional's owned, hired and non -owned vehicles
assigned to or used in performance of the Scope of Work. The policy shall contain a
severability of interests provision. If the Professional has no owned automobiles, the
requirements of this Section shall be met by each employee of the Professional providing
services to the City under this contract.
(iv) Professional Liability insurance with the minimum limits of ONE MILLION
DOLLARS ($1,000,000) each claim and TWO MILLION DOLLARS ($2,000,000)
aggregate.
(c) The policy or policies required above (except for Workers Compensation, Employer's
Liability and Professional Liability) shall be endorsed to include the City and the City's officers
and employees as additional insureds. Every policy required above shall be primary insurance,
and any insurance carried by the City, its officers or employees, or carried by or provided through
any insurance pool of the City, shall be excess and not contributory insurance to that provided by
Professional. No additional insured endorsement to the policy required above shall contain any
exclusion for bodily injury or property damage arising from completed operations. Professional
shall be solely responsible for any deductible losses under any policy required above.
(d) The certificate of insurance provided to the City shall be completed by Professional's
insurance agent as evidence that policies providing the required coverages, conditions, and
minimum limits are in full force and effect, that Professional confirm that the coverages afforded
under the policies Shall not he canceled, terminated or materially changed until at least thirty (30)
days prior written notice has been given to the City.
(e) Failure on the part of Professional to procure or maintain policies providing the required
coverages, conditions, and minimum limits shall constitute a material breach of contract upon
Agreement Professional Services and Software Page 6
DocuSign Envelope ID: EF266D82-F4C8-4919-ABD1-4E3986F48CC5
which after providing 15 days prior notice to Professional, City may at its discretion procure or
renew any such policy or any extended reporting period thereto and may pay any and all premiums
in connection therewith, and all monies so paid by City shall be repaid by Professional to City
upon demand, or City may offset the cost of the premiums against monies due to Professional
from City.
(f) The parties hereto understand and agree that City is relying on, and does not waive or intend
to waive by any provision of this contract, the monetary limitations (presently $350,000.00 per
person and $990,000 per occurrence) or any other rights, immunities, and protections provided
by the Colorado Governmental Immunity Act, Section 24-10-101 et seq., C.R.S., as from time to
time amended, or otherwise available to City, its officers, or its employees.
13. City's Insurance. The parties hereto understand that the City is a member of the Colorado
Intergovernmental Risk Sharing Agency (CIRSA) and as such participates in the CIRSA Proper-
ty/Casualty Pool. Copies of the CIRSA policies and manual are kept at the City of Aspen Risk
Management Department and are available to Professional for inspection during normal business hours.
City makes no representations whatsoever with respect to specific coverages offered by CIRSA. City
shall provide Professional reasonable notice of any changes in its membership or participation in CIRSA.
14. Completeness of Agreement. It is expressly agreed that this agreement contains the entire
undertaking of the parties relevant to the subject matter thereof and there are no verbal or written
representations, agreements, warranties or promises pertaining to the project matter thereof not expressly
incorporated in this writing. If any of the provisions of this Agreement shall be held invalid, illegal or
unenforceable it shall not affect or impair the validity, legality or enforceability of any other provision.
15. Waiver. The waiver by the City of any term, covenant, or condition hereof shall not operate as
a waiver of any subsequent breach of the same or any other term. No term, covenant, or condition of this
Agreement can be waived except by the written consent of the City, and forbearance or indulgence by the
City in any regard whatsoever shall not constitute a waiver of any term, covenant, or condition to be
performed by Professional to which the same may apply and, until complete performance by Professional
of said term, covenant or condition, the City shall be entitled to invoke any remedy available to it under
this Agreement or by law despite any such forbearance or indulgence.
16. Integration and Modification
This written Agreement along with the Exhibits shall constitute the contract between the parties and
supersedes or incorporates any prior written and oral agreements of the parties.
The parties acknowledge and understand that there are no conditions or limitations to this understanding
except those as contained herein at the time of the execution hereof and that after execution no alteration,
change or modification shall be made except upon a writing signed by the parties.
Modifications to the Statement of Work shall be mutually agreed upon in writing between the parties and
will be governed by the terms and conditions of this Agreement. Changes in scope will include
modifications to the Statement of Work and any applicable milestone payments, with the exception of
clarifications of the details of the scope, or substantially equal substitutions.
Professional shall not be obligated to provide the work required by a change in the Statement of Work
until such time as a change order is agreed to in writing by both Professional and the City. Any work
Agreement Professional Services and Software Page 7
DocuSign Envelope ID: EF266D82-F4C8-4919-ABD1-4E3986F48CC5
outside the scope of the agreement and done so prior to the mutual agreement in writing of a change order
is done at Professional's sole expense. Minor changes associated with the finalization and clarification of
requirements as occurs during the design phase of the project will not result in additional expense to the
City, nor will substantially equal substitutions.
17. Notice. Any written notices as called for herein may be hand delivered or mailed by certified
mail return receipt requested to the respective persons and/or addresses listed herein:
REVISION, INC. City of Aspen
Attn: Khalil Nasser, CEO Attn: Bethany Spitz, APCHA
1337 Delaware St. 18 Truscott Place
Denver, CO 80204 Aspen, CO 81611
Email: Khalil.nasser@revisioninc.com Bethany.spitz@aspen.gov
18. Worker Without Authorization — CRS §8-17.5-101 & §24-76.5-101
Purpose. During the 2021 Colorado legislative session, the legislature passed House Bill 21-1075 that
amended current CRS §8-17.5-102 (1), (2)(a), (2)(b) introductory portion, and (2)(b)(III) as it relates
to the employment of and contracting with a "worker without authorization" which is defined as an
individual who is unable to provide evidence that the individual is authorized by the federal
government to work in the United States. As amended, the current law prohibits all state agencies and
political subdivisions, including the Owner, from knowingly hiring a worker without authorization to
perform work under a contract, or to knowingly contract with a Consultant who knowingly hires with
a worker without authorization to perform work under the contract. The law also requires that all
contracts for services include certain specific language as set forth in the statutes. The following terms
and conditions have been designed to comply with the requirements of this new law.
Definitions. The following terms are defined by this reference are incorporated herein and in any
contract for services entered into with the Owner.
.1 "E-verify program" means the electronic employment verification program created in Public Law
208, 104th Congress, as amended, and expanded in Public Law 156, 108th Congress, as amended, that
is jointly administered by the United States Department of Homeland Security and the social security
Administration, or its successor program.
.2 'Department program" means the employment verification program established pursuant to Section
8-17.5-102(5)(c).
.3 "Public Contract for Services" means this Agreement.
.4 "Services" means the furnishing of labor, time, or effort by a Consultant or a subconsultant not
involving the delivery of a specific end product other than reports that are merely incidental to the
required performance.
.5 "Worker without authorization" means an individual who is unable to provide evidence that the
individual is authorized by the federal government to work in the United States
By signing this document, Consultant certifies and represents that at this time:
Agreement Professional Services and Software Page 8
DocuSign Envelope ID: EF266D82-F4C8-4919-ABDi-4E3986F48CC5
1. Consultant shall confirm the employment eligibility of all employees who are newly hired for
employment to perform work under the public contract for services; and
2. Consultant has participated or attempted to participate in either the e verify program or the
department program in order to verify that new employees are not workers without authorization.
Consultant hereby confirms that:
1. Consultant shall not knowingly employ or contract with a worker without authorization to perform
work under the Public Contract for Services.
2. Consultant shall not enter into a contract with a subconsultant that fails to certify to the Consultant
that the subconsultant shall not knowingly employ or contract with a worker without authorization to
perform work under the Public Contract for Services.
3. Consultant has confirmed the employment eligibility of all employees who are newly hired for
employment to perform work under the public contract for services through participation in either the
e-verify program or the department program.
4. Consultant shall not use the either the e-verify program or the department program procedures to
undertake pre -employment screening of job applicants while the Public Contract for Services is being
performed.
If Consultant obtains actual knowledge that a subconsultant performing work under the Public
Contract for Services knowingly employs or contracts with a worker without authorization, Consultant
shall:
1. Notify such subconsultant and the Owner within three days that Consultant has actual knowledge
that the subconsultant is employing or subcontracting with a worker without authorization: and
2. Terminate the subcontract with the subconsultant if within three days of receiving the notice
required pursuant to this section the subconsultant does not stop employing or contracting with the
worker without authorization; except that Consultant shall not terminate the Public Contract for
Services with the subconsultant if during such three days the subconsultant provides information to
establish that the subconsultant has not knowingly employed or contracted with a worker without
authorization.
Consultant shall comply with any reasonable request by the Colorado Department of Labor and
Employment made in the course of an investigation that the Colorado Department of Labor and
Employment undertakes or is undertaking pursuant to the authority established in Subsection 8-17.5-
102 (5), C.R.S.
If Consultant violates any provision of the Public Contract for Services pertaining to the duties
imposed by Subsection 8-17.5-102, C.R.S. the Owner may terminate this Agreement. If this
Agreement is so terminated, Consultant shall be liable for actual damages to the Owner arising out of
Consultant's violation of Subsection 8-17.5-102, C.R.S.
Agreement Professional Services and Software Page 9
DocuSign Envelope ID: EF266D82-F4C8-4919-ABD1-4E3986F48CC5
It is agreed that neither this agreement nor any of its terms, provisions, conditions, representations or
covenants can be modified, changed, terminated or amended, waived, superseded or extended except
by appropriate written instrument fully executed by the parties.
If any of the provisions of this agreement shall be held invalid, illegal or unenforceable it shall not
affect or impair the validity, legality or enforceability of any other provision.
19. ConfidentialitymadProprietary Rights.
Certain information furnished or disclosed by Professional or the City (the "Disclosing Party") to the
other (the "Receiving Party") in connection with the performance of their respective obligations under
this Agreement may contain or reflect confidential information with respect to the disclosing party.
"Confidential Information" means all information disclosed by the Disclosing Party to the Receiving
Party under this Agreement that is clearly marked or otherwise clearly designated as "confidential" or
that is or should reasonably be understood by the Receiving Party to be confidential. The Disclosing
Party's Confidential Information shall not include any information that: (i) is or becomes part of the
public domain through no act or omission of the other party; (ii) the Receiving Party can demonstrate
was in its lawful possession prior to the disclosure and had not been obtained by it either directly or
indirectly from the Disclosing Party; (iii) the Receiving Party can demonstrate was independently
developed by the Receiving Party without access to the party's Confidential Information; or (iv) the
Receiving Party can demonstrate was received from a third party without breach of any confidentiality
obligation.
To the extent permitted by public disclosure laws, the Receiving Party agrees to hold the Disclosing
Parry's Confidential Information in strict confidence, not to disclose such Confidential Information to
third parties not authorized by the Disclosing Party to receive such Confidential Information, and not
to use such Confidential Information for any purpose except to perform its obligations under this
Agreement. The foregoing prohibition on disclosure of Confidential Information shall not apply to
the extent Confidential Information is required to be disclosed by the Receiving Party as a matter of
law or by order of a court, provided that: (i) the Receiving Party uses reasonable efforts to provide the
Disclosing Party with prior notice of such obligation to disclose to allow the Disclosing Party to
obtaining a protective order from such disclosure; and (ii) the Receiving Party only discloses that
portion of Confidential Information which it reasonably believes, based on the advice of counsel, is
required to be disclosed.
Nothing contained in this Agreement shall restrict either party from the use of any general ideas,
concepts, know-how, methodologies, processes, technologies, algorithms or techniques retained in the
unaided mental impressions of such party's personnel relating to the Services which either party,
individually or jointly, develops or discloses under this Agreement ("Residual Knowledge"); provided,
however, that in doing so such party does not (a) infringe the intellectual property rights of the other
party or third parties who have licensed or provided materials to the other party, or (b) breach its
confidentiality obligations under this Agreement.
20. Technical Support and Per%nnnei
(a) Rerresentative* Professional and City shall each appoint appropriate representatives to deal with
operational services and transitions as may be necessary for the purpose of implementing this
Agreement.
Weement Professional Services and Software Page
DocuSign Envelope ID: EF266D82-F4C8-4919-ABD1-4E3986F48CC5
(b) PersonneI. Professional shall recruit and maintain personnel (i) adequately trained and skilled to
perform its obligations under this Agreement and (ii) possessing at least such training, knowledge and
experience as is regarded as industry standard in the provision of the tasks to which they are assigned.
The City reserves the right to request new personnel at any point during the project at Professional
expense. Professional shall bear the cost to train and/or familiarize new personnel regardless of the
circumstances for having to do so.
21. Work Phases. The details of the work associated with each phase, along with the
deliverables and the duration/delivery dates, are defined in Exhibit A, the Statement of Work.
22. Professional's Res ousibilitics
• To appoint suitable Project Manager(s) and team of consultants as required for the project.
■ To adhere to the time schedules, quality expectations and budget specified.
■ To obtain necessary sign-off/acceptances from the City.
• To report the ongoing status of the project to the City.
• To define standards and procedures to be used
• To effectively communicate requirements and standards to the technical team
• To assure the technical team accurately and efficiently codes/customizes the system
• To assure that solutions meet performance and other requirements of all products involved in
the solution
• To assure that deliverables are ready for user testing prior to sending them to the City
• To resolve bugs and issues in a timely manner, per the parameters of Section 2 of this
agreement
• To maintain historic versions (where applicable)
• To deliver a fully functional, reliable customer portal that meets the Acceptance Criteria in
Section 28, including the work and functionalities described in Exhibit A.
25. City's Responsibilities
• To identify and depute suitable person (s) for co-ordination with Professional.
• To provide information to Professional pertaining to City organization, procedures, and
existing systems wherever applicable.
■ To provide necessary tools/facilities to Professional where mutually agreed upon.
■ To inform Professional immediately about any factors possibly affecting the scope of the
project or its successful implementation.
• To protect Professional proprietary information if applicable
• To collaborate with the Professional to prepare the acceptance plan and perform acceptance
testing
■ To communicate testing success or rejection in a timely manner, per the parameters of Section
2 of this agreement
26. Joint Responsibilities
• To conduct joint reviews of the project at the mutually agreed stages.
Oreement Professional Services and Software Page
DocuSign Envelope ID: EF266D82-F4C8-4919-ABD1-4E3986F48CC5
• To co-operate and ensure timely, free flow of information
• Additional joint responsibilities as specified in Exhibit A, Statement of Work, particularly with
respect to communication and project management
27. System and Network Security, Access, Software and Tools
(a) Security Procedures and practices
Professional is required to implement and maintain security procedures and practices that protect City
owned data and personal identifying information (PII) from unauthorized access, use, modification,
disclosure, or destruction. Professional shall use industry -standard best practices and up to date
security tools, technologies and procedures to protect such data and PIl. Professional shall prevent
the transfer of malicious software that could infect City computers, systems, or networks to City
computers via the connection from the Professional's system. Professional represents that its security
measures do, and will at all times, comply with any security requirements outlined in Section 28 below.
At its discretion, the City may require additional specific security measures to protect its data, network
access, software and tools. Professional agrees to comply with all such provisions in the course of its
work, before and after go -live. After go -live, Professional agrees to provide the Security as a Service
provisions as outlined in Exhibits A and B, and as further specified below.
(b) Data Security Breaches and Reporting Procedures
The City is required by Colorado Statutes (CRS 6-1-716) to notify its residents of a Data Security
Breach involving their personal identifying information. Professional is under a strict obligation to
notify the City of a Data Security Breach within 24 hours of the Professional becoming aware of a
possible breach of their systems. In the event of a breach the Professional is required to provide those
details that are known about the breach to the City. Such details include, but are not limited to the
following:
■ How the breach was stopped and access to the system removed.
• The date and time, estimated date and time, or estimated date range of the security breach;
• A description of all the information that was acquired or potentially acquired as part of the security
breach;
• What format the information would have been in and how likely would it be that information could
become readable by whomever perpetrated the breach.
The Professional's requirement for notifying the City is not to be delayed in order to complete a
forensics investigation or because further research might be needed. Additional information that may
be developed later will be shared with the City as it becomes available. The Professional agrees to
provide any reasonable assistance as is required by the City to facilitate the handling of any Data
Security Breach in an expeditious and compliant manner. The Professional will provide the City a
remediation plan for repair of the system, mitigation of any known vulnerabilities, and prevention of
future beaches.
In the event of a Data Security Breach at City's location, City will alert the Professional about the
Incident within 24 hours of the City becoming aware of the breach. The City will work with the
Professional to determine if any additional security controls are to be implemented.
This provision does not preclude the City from seeking a remedy via court in the State of Colorado.
Oreement Professional Services and Software Page
DocuSign Envelope ID: EF266D82-F4C8-4919-ABD1-4E3986F48CC5
(c) Resolution of disputes regarding Personal Data
In the event of a dispute or claim concerning the processing of Personal Data against either or both
parties, the Parties will inform each other about any such disputes or claims, and will cooperate with
a view to settling them amicably in a timely fashion.
The Parties agree to respond to any generally available non -binding mediation procedure initiated by
either of the parties. If they do participate in the proceedings, the parties may elect to do so remotely
(such as by telephone or other electronic means). The Parties also agree to consider participating in
any other arbitration, mediation or other dispute resolution proceedings developed for data protection
disputes.
Each Party shall abide by a decision of a competent court in the State of Colorado.
28. Warranty.
(a) Professional will provide 30 days of warranty support to address critical (Severity 1) and high severity
(Severity 2) issues only. The warranty period starts immediately on completion of production
deployment (go -live). The completion of the production deployment will be identified by APCHA
confirming, in writing, that the system is ready for promotion to production and that defined User
Acceptance Testing has been completed and defects resolved. The definitions of Severity 1 and
Severity 2 are provided below:
1. Severity 1 - Critical:
• A bug in the REVISION delivered software code or configuration that will result in: A
complete or substantial loss of service functionality or accuracy with no credible
workaround, for one or more core APCHA business services.
2. Severity 2 - High:
• A bug in the Portal delivered software code or configuration that will result in: The
functionality of the software being adversely affected, but can be circumvented, or
Certain functions within the software being disabled, but the Software remains operable
for key APCHA business services.
The Warranty Period warrants that:
• Work performed in connection with the agreement was performed in a competent,
professional and workmanlike manner, and of industry standard quality;
• Work performed and deliverables comply with applicable laws;
• Work performed and deliverables were provided in accordance with and confirm in
materials respects to specifications and requirements set forth in an executed agreement and
any associated Change Orders; and that
• Deliverables perform as expected individually and as a total system.
In addition, the Professional warrants that the system will meet the Acceptance Criteria below.
These criteria will be used by the City to guide its decision -making regarding whether to reject
deliverables, including software functionality and security, but may not be the only basis upon
which rejection occurs. The acceptance criteria include:
■ Successful (error -free) execution of all functional test cases developed for acceptance
testing.
Oreement Professional Services and Software Page
DocuSign Envelope ID: EF266D82-F4C8-4919-ABD1-4E3986F48CC5
• Successful (defect -free) completion of all agreed -upon requirements in Exhibit A, and in
any other documents agreed to and signed in the course of this project.
• System response times that are reasonable, such that time-out or other errors are avoided
and significant delays in processing do not otherwise occur. Reasonable response times
are defined as the portal system reacting in less than or equal to 1.5 seconds. Note that
Salesforce and any other external connector performance is governed by their separate
service level agreements.
• Successful passing of system security tests, as initiated by or requested by the City.
• Successful passing of tests related to individual user permissions and security.
• System stability, as reflected by consistent performance and results over time
The intention of the above Acceptance Criteria is to more specifically capture the attributes of a
system that is functioning without defects. At 30-days post deployment, Professional will provide
a check designed to uncover and address any other technical issues or needed adjustments, and the
formal warranty period will end.
(b) To receive warranty remedies, the City of Aspen must report any deficiencies to REVISION in
writing, within the Warranty Period. If an item is reported by the City of Aspen within the
warranty period, resolution will be completed under the warranty regardless of the delivery date
of the resolution falling outside of the warranty period. REVISION shall correct deficiencies in
the Services or Work identified by the City of Aspen during the Warranty Period, provided that
the defective Services or Work is not caused by any inappropriate, improper or unforeseen usage
of the Work or Services by the City of Aspen, unless such actions are taken at the direction of
REVISION. If the deficiency is related to a software issue beyond the control of REVISION,
REVISION shall work in good faith with the City of Aspen's software or service partners or
providers to resolve the situation or develop a workaround solution that materially meets the City
of Aspen's requirements as defined in an executed agreement.
29. Right to Market HomeTrekTM S stem Professional agrees that APCHA owns the
HomeTrekTM system, including the external customer portal being developed and supported
fit' under this contract. This means that APCHA retains the rights to market the system, including
APCHA's Portal/REVSynch customer portal, to others for a charge. Revision retains all rights
to its REVSynch product and therefore retains the right to charge others for development and
customization of new or modified customer portals integrated with HomeTrekTM, and to charge
for the support. security and maintenance ofany portal developed using Rev Synch and integrated
with HomeTrekTM This provision requires that separate instances of HomeTrekTM be provided
to any entity desiring to use the HomeTrekTM system. For security reasons, under no
circumstances can an additional customer portal for another entity be developed and directly
integrated with APCHA's instance of HomeTrekTM
30. General Terms.
a. Non Discrimination. No discrimination because of race, color, creed, sex, marital status,
affcctional or sexual orientation, family responsibility, national origin, ancestry, handicap, or
religion shall be made in the employment of persons to perform services under this contract.
Professional agrees to meet all of the requirements of City's municipal code, Section 15.04.570,
pertaining to non-discrimination in employment.
freement Professional Services and Software Page
DocuSign Envelope ID: EF266D82-F4C8-491 9-ABD1 -4E3986F48CC5
b. Warranties Against Contingent Fees Gratuities Kickbacks and Conflicts of Interest.
i. Professional warrants that no person or selling agency has been employed or retained
to solicit or secure this Contract upon an agreement or understanding for a commission,
percentage, brokerage, or contingent fee, excepting bona fide employees or bona fide
established commercial or selling agencies maintained by Professional for the purpose
of securing business.
ii. Professional agrees not to give any employee of the City a gratuity or any offer of
employment in connection with any decision, approval, disapproval, recommendation,
preparation of any part of a program requirement or a purchase request, influencing the
content of any specification or procurement standard, rendering advice, investigation,
auditing, or in any other advisory capacity in any proceeding or application, request for
ruling, determination, claim or controversy, or other particular matter, pertaining to this
Agreement, or to any solicitation or proposal therefore.
iii. In addition to other remedies it may have for breach of the prohibitions against
contingent fees, gratuities, kickbacks and conflict of interest, the City shall have the
right to:
1. Cancel this Purchase Agreement without any liability by the City;
2. Debar or suspend the offending parties from being a Professional, contractor or
subcontractor under City contracts;
3. Deduct from the contract price or consideration, or otherwise recover, the value
of anything transferred or received by Professional; and
4. Recover such value from the offending parties.
c. Mediation: Prior to pursuing other legal remedies (i), all disputes shall be submitted to non-
binding mediation by written notice given by either Party to the other Party. Except as
otherwise expressly provided herein, the mediation process will be conducted under the
American Arbitration Association's (the "AAA") Commercial Arbitration Rules and
Mediation Procedures (including Procedures for Large, Complex Commercial Disputes)
(collectively the "AAA Rules"). If the Parties cannot agree on a mediator, a mediator will be
designated by the AAA at the request of a Party. The mediation shall be conducted in
Colorado. The mediation will be treated as a settlement discussion and therefore will be
confidential. The mediator may not testify for either Party in any later proceeding relating to
the dispute. No recording or transcript shall be made of the mediation proceedings. Each Party
will bear its own costs in the mediation. The fees and expenses of the mediator will be shared
equally by the Parties.
d. Governin Law. This Agreement shall be governed by the laws of the State of Colorado as from
time to time in effect. Venue is agreed to be exclusively in the courts of Pitkin County,
Colorado.
e. Taxes VAT. & Service Tax. Professional and the City shall each bear sole responsibility for all
US taxes, assessments, and other real property -related levies or property taxes on its owned
property. The City shall be responsible for Service tax, GST, or Value Added Tax or similar taxes
applicable on the sale of services or goods.
f. Non -Solicitation: Each party agrees that during the term of this Agreement and for a period of
one year thereafter, it will not and will procure that its Affiliate will not directly or indirectly,
either on its own account or in conjunction with or on behalf of any other person, hire solicit
or endeavor to entice away from the other party any person who, during the term of this
Agreement has been an officer, manager, employee, agent or consultant of the other party.
Oreement Professional Services and Software Page
DocuSign Envelope ID: EF266D82-F4C8-4919-ABD1-4E3986F48CC5
31. Records to be Kept by Professional. Professional shall make available to the City if requested,
true and complete records, which support billing statements, reports, deliverables, performance and all
other related documentation to this agreement (the Documentation). The City's authorized
representatives shall have access, at any time during reasonable hours and with reasonable advance notice,
to all records that are deemed appropriate to auditing the Documentation at Professional's offices or via
email and without expense to the City related to copying or document access. The Consultant agrees that
it will keep and preserve for at least seven (7) years all documents related to the Agreement which are
routinely prepared, collected or compiled by Professional during the performance of this Agreement.
32. Attorney's Fees. In the event that legal action is necessary to enforce any of the provisions of
this Agreement, the prevailing party shall be entitled to its costs and reasonable attorney's fees.
33. Waiver of Presumption. This Agreement was negotiated and reviewed through the mutual
efforts of the parties hereto and the parties agree that no construction shall be made or presumption
shall arise for or against either party based on any alleged unequal status of the parties in the
negotiation, review or drafting of the Agreement.
34. Dertiflcation Regarding Debarment Suspension, Ineligibility, and Voluntary Exclusion.
Professional certifies, by acceptance of this Agreement, that neither it nor its principals is presently
debarred, suspended, proposed for debarment, declared ineligible or voluntarily excluded from
participation in any transaction with a Federal or State department or agency. It further certifies that
prior to submitting its Bid that it did include this clause without modification in all lower tier
transactions, solicitations, proposals, contracts and subcontracts. In the event that Professional or any
lower tier participant was unable to certify to the statement, an explanation was attached to this
agreement and was determined by the City to be satisfactory to the City.
35. Electronic Signatures and Electronic Records.
This Agreement and any amendments hereto may be executed in several counterparts, each of which
shall be deemed an original, and all of which together shall constitute one agreement binding on the
Parties, notwithstanding the possible event that all Parties may not have signed the same counterpart.
Furthermore, each Party consents to the use of electronic signatures by either Party. The Scope of
Work, and any other documents requiring a signature hereunder, may be signed electronically in the
manner agreed to by the Parties. The Parties agree not to deny the legal effect or enforceability of the
Agreement solely because it is in electronic form or because an electronic record was used in its
formation. The Parties agree not to object to the admissibility of the Agreement in the form of an
electronic record, or a paper copy of an electronic documents, or a paper copy of a document bearing
an electronic signature, on the grounds that it is an electronic record or electronic signature or that it
is not in its original form or is not an original.
36. Order of Document Precedence. This Professional Services Agreement, together with all
Exhibits, constitutes the entire agreement and contract and shall be considered one contract document.
In the event of conflicting or missing provisions within portions of this contract, the order of
precedence for an item is:
1. the terms as specified in this Professional Services and Software Agreement
2. the terms set forth in Exhibit A, the Statement of Work
Weement Professional Services and Software Page
DocuSign Envelope ID: EF266D82-F4C8-4919-ABD1-4E3986F48CC5
3. the terms set forth in Exhibit B, the Fee Schedule
5. the terms set forth in Exhibit D, the Revision Service Level Agreement
6. the terms set forth in Exhibit C, the Revision Proposal
In the event, however, that the Statement of Work (Exhibit A) omits work or requirements agreed to in
Professional's Proposal and listed in the associated Detailed Requirements, the Proposal (Exhibit C) will
supersede the Statement of Work.
37. Execution of Agreement by City.
This Agreement shall be binding upon all parties hereto and their respective heirs, executors,
administrators, successors, and assigns. Notwithstanding anything to the contrary contained herein, this
Agreement shall not be binding upon the City unless duly executed by the City Manager of the City of
Aspen (or a duly authorized official in their absence).
38. Authorized Representative. The undersigned representative of Revision, Inc., as an
inducement to the City to execute this Agreement, represents that he/she is an authorized
representative of Professional for the purposes of executing this Agreement and that he/she has full
and complete authority to enter into this Agreement for the terms and conditions specified herein.
IN WITNESS WHEREOF, the parties hereto have executed, or caused to be executed by their duly
authorized officials, this Agreement of which shall be deemed an original on the date first written above.
CITY OF ASPt&Q%.ORADO:
[Signature]
By: Sara Ott
[Name]
Title: City Manager
Date: 7/15/2022 1 4:37:38 PM PDT
Approved as to form:
DocuSigned by:
omdy's Office
PROFESSIONAL:
DocuSigned by:
[Signature]
Khalil Nasser
By:
[Name]
Title: President and CEO
Date:6/28/2022 1 11:20:19 AM MDT
6/28/2022 1 1:10:12 PM MDT
Oreement Professional Services and Software Page
Project #2022-004
1
EXHIBIT A:
REVISION, INC. STATEMENT OF WORK
Table of Contents
INTRODUCTION .................................................................................................................................................... 2
OUT OF SCOPE ..................................................................................................................................................... 2
TECHNOLOGY OVERVIEW ..................................................................................................................................... 2
Technology Model Approach ....................................................................................................................... 3
Solution (eBOM) Bill of Materials ................................................................................................................. 7
TECHNICAL PROPOSAL ......................................................................................................................................... 8
Project Management Approach from Kickoff through Post Deployment .................................................... 8
Facilitated Activities ..................................................................................................................................... 8
Approach to clarifying and finalizing processes and requirements ............................................................ 10
Approach to designing, documenting, testing, final UAT and portal implementation ............................... 11
Project communication approach and responsibilities .............................................................................. 13
City and Vendor roles and responsibilities ................................................................................................. 13
Key Functionalities and Performance Features of the Proposed Portal ..................................................... 14
Business Capabilities contributing to the TO-BE Outcome delivered by WordPress .................................. 16
SYSTEM SECURITY FEATURES ............................................................................................................................. 19
APPROACH TO APCHA STAFF TRAINING ............................................................................................................ 21
PROJECT SCHEDULE ........................................................................................................................................... 22
KNOWLEDGE AND SKILLS TRANSFER ................................................................................................................. 24
TABLE A.1: APCHA PORTAL REQUIREMENTS LIST ............................................................................................. 27
SUPPORT, HOSTING, AND SECURITY AS A SERVICE ........................................................................................... 41
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Project #2022-004
2
INTRODUCTION
This Exhibit describes how REVISION, Inc. will approach and complete the scope of work for this project. This
includes the requirements that REVISION has agreed to meet, included in Table A1.
OUT OF SCOPE
REVISION considers the following items out of scope:
Branding and Design
Licensing of all components other than WordPress is not included
Salesforce configuration outside of the data synchronization required in the delivery of this scope
WordPress configuration outside of the HomeTrek™ feature transformation
Any componentry changes including integrations outside of the HomeTrek transformation scope
that may impact APCHA or REVISION team resource availability or level of effort
Optional website build. However, REVISION will provide recommendations for a new website
build, based on a needs analysis, to transform the existing website content and flow to the
WordPress platform.
TECHNOLOGY OVERVIEW
REVISION is primarily a consulting and services organization harboring an agnostic view to specific
technologies in benefit of our clients to ensure transparency in our technology selection processes. In
response to the City of Aspen and APCHA’s RFP #2022-004, we have pre-selected a technology platform that
carries proven integration mechanisms with the City’s IT systems and architecture. Therefore, REVISION
recommends a zero-license-cost secure portal framework that will support and enable the three primary
objectives, in addition to the secondary subproject (future replacement of the Civic Plus Website):
1. Improvements in Ease of Use: from the staff perspective and as well as the perspective of
external customers, improved ease of use is a priority.
2. Reduction in Licensing Costs: APCHA is seeking a solution with limited or no annual licensing
charges for Community Users.
3. Better Options for Communication: APCHA is seeking to broaden the
methods of communication available for APCHA staff and Community Portal
users.
4. Better integrate the functions of the CivicPlus Website and the HomeTrek™ System.
(www.apcha.org and www.apchahometrek.org).
Our Technology Overview provides a high-level description of the proposed technology solution and
the components of which it is comprised. Details regarding the specific scope, timeline and delivery
approach are provided in subsequent sections.
We begin with a high-level “AS-IS”, and the desired “TO-BE” views, as interpreted from the
documentation kindly provided by the City of Aspen. REVISION fully understands the delta between
the “AS-IS” and the “TO-BE” and is confident in the ability to partner with the City of Aspen to realize
the desired state and any optional capabilities or services selected.
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Project #2022-004
3
Technology Model Approach
Our high-level understanding of the existing APCHA ‘AS-IS’ capability model is presented here, as a
baseline to describe where changes shall occur.
1. The ‘AS-IS’ APCHA capability model.
In response to the RFP requirements, REVISION presents here, diagrammatically:
2. The ‘TO-BE’ APCHA capability model.
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Project #2022-004
4
Many of the integration and communication services described already exist, although may be
arranged to take advantage of common control mechanisms in place (firewalls, gateways, route-
handlers, etc.).
Note: Unrepresented are the interval and throttling considerations related to data synchronization (Portal<-
>Salesforce) to ensure that existing APIs and Service connections are not attracting un-necessary
additional subscription costs. These settings are configurable by City Administrators.
REVISION is comfortable ensuring that throttling limits are known to all and the appetite for cost-
control is implemented through approved configuration and security rules.
Both ‘TO-BE’ states presented here (with and without CivicPlus replacement) demonstrate optional
enhancements (Payment Gateway configuration and usable location (map) presentation) yet little to
no change to the existing internal workflow processes, ensuring a manageable business transition.
REVISION recognizes the importance of limiting the need for re-training of internal City Users.
3. The ‘TO-BE’ APCHA capability model including the replacement of the CivicPlus
content management system.
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Project #2022-004
5
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Project #2022-004
6
What is not communicated in this diagrammatic representation are the Content Management features
and capabilities far greater than the existing CivicPlus platform. Not only does this solution provide the
capability of placing absolute content control in the hands of the City, but resilient processes such as
content creation, moderation, review and multi-level approval workflow cycles to prevent in-
appropriate sharing or non-compliant presentation in support of the Americans with Disabilities Act.
At this time, however, full replacement of the CivicPlus website is out of scope.
4. A visual presentation of the components REVISION will deliver for this project.
Above is a diagrammatic representation of the technology elements REVISION intends to introduce into the
City of Aspen’s technology ecosystem. (Existing systems greyed-out are to provide context). The elements
are interoperable with existing City of Aspen systems and are sufficiently flexible to scale and change
should the City’s needs change in the future.
The REVSync file and data synchronization application is capable of exchanging, replicating and
transforming data between multiple platforms, should either of the platforms described here change in the
future. Flexibility is built in, maintaining choice going forward.
This capability is based upon a synchronization and security technique developed some years ago for one of
the largest financial institutions in North America. It is tried and trusted, and can be leveraged for not only
synchronization, but also archiving of data (structured) and files (unstructured).
Of important note is the service-based nature of the TO-BE solution to eliminate dependencies on a
platform or Vendor. For example, should the Portal, or Salesforce™ become a candidate for replacement in
the future, avoidance of “hard-wiring” integrations through the use of services, enables the flexibility to
“swap-out” systems, components and capabilities in the future.
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Project #2022-004
7
Solution (eBOM) Bill of Materials
The table below in this section describes the solution component manifest (“engineering bill of materials”)
that will be configured/delivered as elements of the TO-BE solution. All specific scope/requirements for
these components are contained in the requirement matrix (Table A1). In the event there is a discrepancy
between this list and Table A1, Table A1 will serve as the binding scope for the contract.
Clarifications of deeper detail for specific requirements during the Design phase is anticipated and
planned for inclusion in the initial development sprint(s), should the Agile methodology suit the City of
Aspen. Any clarifications will be incorporated into Table A1, by REVISION, to substantiate the foundation
of knowledge transfer for the City of Aspen. REVISION is also prepared to assist the City in updating the
Salesforce™ Configuration Workbook to ensure supportability in the future.
Component
Platform/Category
Component Description Component Business Value
Salesforce Service Cloud Maintenance, creation/updates to Account
(Personal, Planned/Preferred, Financial)
Management, Application Process, Unit
Management, Case/Request Management,
Submission, monitoring and tracking.
Secure Portal
Framework
(WordPress v5.9)
External Community Portal
Website CMS
Property / Unit information location (map) presentation
(GoogleMaps™ or similar, better serving interested
parties and promoting ease of use).
Customer Self-Service:
Registration (Onboarding, offboarding and
identity management)
Authentication and Authorization
Application submission
Document(s) submission
Payment status
Payment submission
Maintenance request process
Move-out request process
Lease extension/ renewal request
Submission/request status
Approval process
Feedback mechanisms
Any or all of the Portal data can be synchronized, archived
or replicated to City systems, including Salesforce™.
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Project #2022-004
8
Secure Portal
Framework
Add-In Components REVSync data and file synchronization
Paymentus Gateway API Integration
Optional - GoogleMaps™ (or similar) for unit location
Address Verification and/or Validation (Experian, USPS or
similar)
Theme configuration to adopt the City of Aspen style
guide
Revision agrees to meet the requirements of HB 21-
1110 to the best of its abilities. At minimum,
Revision agrees to adhere to WCAG 2.1 Level A and
AA.
Localization (language) control.
Enhanced (simplified) content management.
SEO (Search Engine Optimization) as required, for both
prospective national and International Renters.
Aspen Service
Provider
Conga (may include Docs, Sign,
Trigger, Batch)
Document Creation, Control and Automation.
Aspen Service
Provider
Microsoft® Exchange™ Email, calendar, tasks, attachments, SharePoint®
productivity and repository solutions
Aspen Selected
Service
ArcGIS, other GIS,
GoogleMaps™ and/or
similar
Visualize Salesforce data in map-based presentation
APCHA
Application
Portfolio
OneLogin SSO Provider (requires confirmation) providing a secure
identity management abstraction layer
APCHA
Application
Portfolio
Government & City Brochure
Website Content Management
(CivicPlus)
Potential API/webservice integrations (optional) to
present internal to external data reports/statistics.
TECHNICAL PROPOSAL
Please find here a description of the technical aspects of REVISION’s software and service offering.
Project Management Approach from Kickoff through Post Deployment
For a software implementation and development project such as this, REVISION will follow a proven
blended methodology to ensure alignment with goals and strict budgetary control in benefit of the City
of Aspen. While the software configuration and development are best suited to be delivered using an
Agile approach, the first two phases (Inception and Design) do not attract attendance and effort on
behalf of the City of Aspen team for all Agile ceremonies. This process, employed at kickoff allows the
City of Aspen to determine the responsibilities and cadence of your team to reduce the impact to the
City of Aspen’s regular workload, priorities and commitments.
Facilitated Activities
Inception:
Project Inception will include the following key activities:
Co-authoring the Project Charter
Defining Business objectives and confirming the project organization
Team roles and commitments
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Project #2022-004
9
Responsibilities as Partners, and as a collective team
Identifying the Product Owner
Resolving assumptions
Confirming City team availability, cadence, schedule and important milestones
Defining a communication plan as considered meaningful by the City
The APCHA Stakeholder team is expected to invest up to twenty (cumulative) team hours in this phase.
Design:
Solution Design will include the following key activities:
Workshops to refine the project backlog
Review of As-Is and To-Be processes mapped to the TO-BE technology model
Define the Business Cases and populate the User Stories
Establish phasing, tentative sprint plan and prioritization with business context
Classify backlog into OOB, Configuration, Coding as committed in this response
Determine data migration, cleansing and unknown integration needs
The APCHA Stakeholder and SME team is expected to invest up to forty (cumulative) team hours in this
phase to review and confirm the intentions and clarify nuances of the project goals, including impact to
any additional or competing priorities.
Build:
The construction activity will fuel the sprint plan over three phases and deliver the functional design,
build and STQA (Software Testing and Quality Assurance) in support of Solution Acceptance. All
identified components, configurations and solution deliverables shall be tested for functional capability
and User Acceptance. This testing may require associate team members such as Stakeholders from the
City’s Security organization and GRC (Governance, Risk and Compliance) representatives.
The APCHA team is expected to invest up to thirty cumulative team hours per sprint. Sprints are currently
planned for two week cycles but can be adjusted should the intensity of participation cause interruption to
business-as-usual cadence.
A commitment of twenty team resource hours for Sprint Planning, Sprint Execution, Reviews
and Sprint Retrospective
Up to an additional ten resource hours invested in testing of the delivered functionalities.
STQA, Knowledge Transfer and Training:
Test Strategy: This is one of the most important activities that will detail the strategy that will be
used while testing.
Test Coverage: This is essentially required, and it will provide conformance mapping of the
business needs and the test cases to ensure all system aspects have been tested.
Test Cycles and Durations: Employing the regular iteration process (Agile) development results
ate tested at the end of each sprint cycle.
Pass/Fail Criteria: The criteria will be agreed in order to validate testing results.
Business and Technical Requirements: These artifacts will provide the basis for the test plan
scope.
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Project #2022-004
10
Support:
Post Implementation support is covered in Exhibit D
Approach to clarifying and finalizing processes and requirements
Requirements are typically categorized into two types: functional and non-functional.
Functional requirements relate to a product’s functionality: capabilities, usability, features, and operations
as they relate to the intended purpose. While the project outlines the high-level goals and requirements of
the desired solution, our designs provide a more in-depth elaboration of these requirements.
Non-functional requirements encompass anything not related to the solution’s functionality, for example,
its performance, stability, security, and technical specifications.
REVISION’s approach to clarifying and finalizing requirements relies upon the proven techniques of:
UML (universal modeling language)
Visual Use Cases including prototypes and wire-frames to convey notions and agree expectations.
PoC (proof-of-concept) software frameworks to ensure that not only design but workflow can
be examined and tested.
The two primary UML methods we will employ in this project are:
Behavioral diagrams- representing the functioning of a system. Examples include:
Activity diagram
Use case diagram
State machine diagram
Interaction diagrams- a subset of behavioral diagrams, these are used to visualize the flow between
various use case elements of a system. Interaction diagrams are used to show an interaction
between two entities and how data flows within them. Examples include:
Timing diagram
Sequence diagram
Collaboration diagram
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Project #2022-004
11
Approach to designing, documenting, testing, final UAT and portal implementation
REVISION pursues a five step plan for UAT.
1. Planning
2. Execution
3. Documentation
4. Evaluation
5. Reporting & Lessons Learned
This starts in the design phase to ensure consistency in the implementation cycles. The design confirms the
business requirement, the priority and the audience of the capability. The documentation of these factors
in the backlog results in more efficient and accurate grooming and effort estimates in development. This in
turn reduces risk in any confusion of lack of clarity of the desired outcome and reduces test cycles.
1. Planning
Planning User Acceptance Testing efforts is vital and must cover the following areas:
Scheduling & time management
During the sprint cycles the commitments offered at Inception must be honored. The system to track
requirements shall be used to track testing as the confirmed Use Cases/Stories form the backbone of the
testing scripts. REVISION will present a UAT plan, and the collective team will define the schedule.
Team requirements
The plan will capture, who will test what, and the acceptance criteria will be clear. Ideally testers should
include all Stakeholder teams to ensure engagement and exposure to the project progress. We attempt to
capture this notion in a diagram here below.
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Project #2022-004
12
Communication & Issue strategy
While executing the defined UAT test cases you need to make sure to have a User Acceptance Testing
workflow in place which deals with bugs, issues, and other problems.
How will issues be reported and documented with appropriate severity?
How can testers communicate problems?
REVISION and the City will determine the appropriate platform to promote ease of use, ease of access and
knowledge capture.
UAT checklist
REVISION will provide a User Acceptance Testing checklist template for consideration
2. Execution
The test cases can be executed in person or remote, as long as both quantitative and qualitative data is
captured.
3. Documentation
Documenting User Acceptance test results must occur at test execution. While execution is important
clearly defined templates for capture is a key factor.
4. Evaluation
As a process of continuous improvement, it is important to evaluate if the defined criteria are tested and
met. The quantitative and qualitative data documented must be analyzed and consideration given to:
How many testers completed the test cases?
What was the overall rating of these test cases?
What was the overall subject matter expertise of each tester?
5. Reporting & lessons learned
During the evaluation phase data is collected, aggregated and analyzed. The reporting phase builds the
bigger picture. The goal of this phase is to gather insights and lessons learned which will support
improvement of each subsequent test case and UAT workflows.
User Acceptance Tests are often conducted at the end of a software development phase. REVISION’s
approach is to test iteratively and often as the later problems occur, the more expensive they are to
resolve.
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Project #2022-004
13
Project communication approach and responsibilities
Planning
REVISION schedules a project kickoff meeting with you to launch the project. This provides the opportunity
to introduce REVISION’s Salesforce certified consultants who will be working on your project, and for us to
get to know your team. We ask you to invite your key project stakeholders including the project sponsor
and executive team, subject matter experts and process owners. REVISION’s agenda for this meeting
typically looks like this:
• Introduce Team Members
• Confirm understanding of project scope and work approach
• Confirm business objectives and success factors
• Review how the project will be executed
• Establish a communication schedule for project status meetings and standups.
• Define the overall Project Schedule
• Plan next steps including the Business Process Review workshop.
• Get access to your instance of Salesforce.com
Governance
REVISION strives for a “no-surprises” approach to project delivery and has implemented process and tools
to drive transparency and make it easy for clients to work with us. To keep projects on schedule and clients
engaged we utilize the following practices:
• Recurring Stand-ups: These short, frequent project team meetings with the City of Aspen representatives
are designed to cover what progress has been made, key short term goals and what is needed from the City
of Aspen.
• Weekly Status Reports: Status reports share the project accomplishments for the week with deliverable
level status, action items and key upcoming goals. (See below for additional details regarding Weekly Status
Reports.)
• REVISION’s smartSTATUS Portal: Selected City of Aspen team members will be provided access to
REVISION’s web based portal to view real-time project progress, requirement level status and to
collaborate on requirements, definition, and testing.
• Project Steering Committee Meetings: These meetings, either pre-scheduled or ad-hoc, bring REVISION
and the City of Aspen leadership together to discuss progress at an executive level and make changes or set
direction as required.
Weekly Status Reports
During the course of the project, the REVISION Project Manager, the City of Aspen Project Manager, and
project team members input extensive project management content into REVISION’s online project
management tool, smartSTATUS. On a weekly basis, the REVISION Project Manager will generate a Status
Report directly from smartSTATUS reflecting this comprehensive input.
City and Vendor roles and responsibilities
In keeping with our methodology of diagramming notions, requirements and statements to make them
easy as possible to absorb, we provide a Venn diagram to convey not only the team needs but how they
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Project #2022-004
14
will engage and interact.
The City of Aspen Team roles that REVISION predicts are:
Project Sponsor
Product Owner
HomeTrek™ Subject Matter Expert(s)
Salesforce/Conga Administrator
SharePoint Administrator
Paymentus Administrator
Web Content Design Advocate
IT Security Architect/Representative
The Technology Team roles that REVISION is proposing are:
Client Engagement Manager (key resource)
Solution Architect (key resource)
Scrum Master/Project Manager (key resource)
Salesforce Administrator/Developer
Salesforce Database Developer
Secure Portal Full Stack Developer
Security & Risk Analyst
Key Functionalities and Performance Features of the Proposed Portal
WordPress is a dynamic open-source portal and content management system which is used to power
millions of websites, web applications, and blogs. It currently powers more than 43% of the top 10
million websites on the Internet. WordPress’ usability, extensibility, and mature development
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Project #2022-004
15
community make it a popular and secure choice for websites of all types.
Simplicity - Simplicity makes it possible for Users to implement and use the capabilities, quickly.
Nothing should get in the way of you getting your portal up and your content out there. WordPress
is built to make that happen.
Flexibility - With WordPress, you can create any type of portal you need: a secure portal, a blog, a
business website, a professional portfolio, a government website, a magazine or news website, an
online community, even a network of websites. You can make your website beautiful with themes
and extend it with plugins. You can even build your own application.
Publish with Ease - If you’ve ever created a document, you’re already a whiz at creating content
with WordPress. You can create Posts and Pages, format them easily, insert media, and with the
click of a button your content is live and on the web.
Publishing Tools - WordPress makes it easy for you to manage your content. Create drafts,
schedule publication, and look at your content REVISIONs. Make your content public or private,
and secure posts and pages with a password.
User Management - Not everyone requires the same access to your website. Administrators
manage the site, editors work with content, authors and contributors write that content, and
subscribers have a profile that they can manage. This lets you have a variety of contributors to your
website, and let others simply be part of your community.
Media Management - They say a picture says a thousand words, which is why it’s important for
you to be able to upload images and media quickly and easily to WordPress. Drag and drop your
media into the uploader to add it to your website. Add alt text and captions and insert images and
galleries into your content.
Full Standards Compliance - Every piece of WordPress generated code is in full compliance with
the standards set by the W3C. This means that your website will work in today’s browser, while
maintaining forward compatibility with the next generation of browser.
Easy Theme System - WordPress comes bundled with three default themes, but if they aren’t for
you there’s a theme directory with thousands of themes for you to create a beautiful website.
Extend with Plugins - WordPress comes packed with a lot of features for every user. For every
feature that’s not in WordPress core, there’s a plugin directory with thousands of plugins. Add
complex galleries, social networking, forums, social media widgets, spam protection, calendars,
fine-tune controls for search engine optimization, and forms.
Built-in Comments -Your blog is your home, and comments provide a space for your friends and
followers to engage with your content. WordPress’s comment tools give you everything you need
to be a forum for discussion and to moderate that discussion.
Search Engine Optimized - WordPress is optimized for search engines right out of the box. For
more fine-grained SEO control, there are plenty of SEO plugins to take care of that for you.
Localization - WordPress is available in more than 70 languages. If you would prefer to use
WordPress in a language other than English, that’s easy to do.
Easy Installation and Upgrades - WordPress has always been easy to install and upgrade. Plenty of
web hosts offer one-click WordPress installers that let you install WordPress with just one click.
Hosting choices - Using WordPress means no one has access to your content. Own your data, all of
it — your website, your content, your data.
Freedom - WordPress is licensed under the GPL which was created to protect your freedoms. You
are free to use WordPress in any way you choose: install it, use it, modify it, distribute it. Software
freedom is the foundation that WordPress is built on.
Performance - Several factors can affect the performance of the WordPress portal. These factors
include, but are not limited to, the hosting environment, WordPress configuration, software
versions, number of graphics and their sizes. There are multiple methods to monitor performance
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Project #2022-004
16
and automatically reduce any performance barriers.
Business Capabilities contributing to the TO-BE Outcome delivered by WordPress
Registration
Descriptions and Clarifications
Registration means being a registered user of the system
o Once registered, a user can interact with the system; perform transactions as a Renter,
Owner or other role
A registered user is also recorded as a “Person” account in Salesforce
Need to accommodate users who are registering only for communications / notifications and are
not actually performing a transaction (Subscribers)
Eligibility is the initial step in the qualification process, but not a validated qualification to engage in
a process
Review property listings per eligibility
Descriptions and Clarifications
Any public visiting browser user can view property listings (users do not have to be registered)
If a browser-user attempts to bid or qualify they are required to login and/or register
Eligibility and Qualification are two different things
• Eligibility is high level information about an individual such as whether they work in Pitkin
County. User must work in the City or County to be considered eligible to rent. Being
eligible does not qualify a Registered User to rent a unit
• Qualification is the process of verifying the employment / income / household
status of an individual in comparison to the requirements of the unit they are
interested in renting
Listing search with filter criteria and a graphical presentation (ex: GoogleMaps™)
Revision agrees to meet the requirements of HB 21-1110 to the best of its abilities. At
mimimum, Revision agrees to adhere to WCAG 2.1 - Level A and AA.
Submit applications and supporting artifacts
Descriptions and Clarifications
Partial applications may be saved for completion in a subsequent visit. Subsequent visits to
“Resume Application” shall resume an application at the first incomplete step
Based on the transaction type (rental, sale, etc.), the stages of an application
(questions/documents requested) may vary (contextual presentation based on type).
Approved communications / notifications
Descriptions and Clarifications
Current outbound Salesforce communications will remain in Salesforce as configured
REVISION shall refine the notification process to provide UI enhancements
Community Portal Users can select their notification preference (SMS text messages/email/both) by
notification type (rentals / sales)
Create, Stage, Submit, Remove property listing for Sale
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Project #2022-004
17
Descriptions and Clarifications
All sales listings require a listing checklist (currently on HomeTrek™) which is a form capturing data
for review by an APCHA Sales Manager to subsequently create the listing manually, before
authorizing external browser access
If the listing process involves dividing a Unit for an additional Lessee (ex: renting an un-occupied
bedroom in a 2-room unit), the listing features may be re-used
Provide the ability for Owners to create listings for moderation (review and acceptance) by Internal
Sales team
Provide the ability to add images to listing detail
Create, Stage, Submit, Remove property listing for Rent
Descriptions and Clarifications
Owners can offer their Unit for rent or an un-occupied bedroom in a Unit they own and inhabit
(Owner rental Listing)
An Owner can request the creation of a listing, without becoming a Registered User (un-authenticated
user) or property manager (Third Party listing)
Submit bids on Lottery
Descriptions and Clarifications
Bidding ONLY occurs on units for sale (not for rent)
o Users must have an approved Sales Qualification (verified buyer) in order to “submit
interest for being placed in the lottery for this unit”
To bid, a Registered User must complete the qualification process
o The bid process includes the Offer
▪ There is a maximum bid amount
If exceeded an error condition prevents the User from moving forward. Bid
amount pre-populates with the max amount and can be changed to be
lower. Most bids are submitted at the maximum allowed amount
If a bid amount is lower than the maximum allowed amount, a message is
displayed that notifies the User this amount will have the effect of placing
their bid in a lower priority
There is no bidding/lottery for Unit Rentals
o For APCHA managed units, decisions are based upon the highest qualification (example:
the person with the longest consistent work history in the city/county)
o For non-APCHA managed units, it is up to the property manager and whatever guidelines
they follow
Provide a visible representation available for a user to see their “chance” of winning a bid (graphical)
Ability to view associated Salesforce person/case information
Descriptions and Clarifications
If a user has performed previous transactions in the system, they should be able to view those
transactions (or at least a record ID of the information), or an indication of “archived”.
o It may also be a related record instead of a transaction
Examples include:
o status of application(s)
o previous bids submitted
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Project #2022-004
18
o payment(s) history
o if Owner – current valuation and capital improvements of unit
Ability to submit ‘Report Concern’ (creating a compliance case in Salesforce)
Descriptions and Clarifications
Reporting a concern may be identified as created by the authenticated User or contributed
anonymously
Ability for Users to view compliance case(s)
Descriptions and Clarifications
Once a report (case request) has been submitted, and reviewed, Users should be able to review the
case including status/resolutions
A User should be able to view cases that they submitted and/or are party to or mentioned in, in
relation to their association with APCHA
Provide the ability for Users to contribute to a case through the portal. For example, upload
evidence or requested information
Ability for users to submit electronic payments
Descriptions and Clarifications
APCHA is considering a payment gateway change. A new system may or may not include the
Salesforce platform as integral to the solution, but certainly informed
Any portal framework must include the ability to connect to a payment gateway/service securely
Ability for owners to submit listing ‘contract’ form online
Descriptions and Clarifications
This form is the first step in an Owner starting the bid/lottery process
From this form, a Lottery Listing event (Case) is created in Salesforce
A contract requires completion and signature(s). Today, that process is achieved through manual
interaction (not system generated or automated)
Provide the process to automate contract completion with appropriate Internal review and
authorization
Ability for owners to submit capital improvement information
Descriptions and Clarifications
Similar to submitting interest in a Unit, this capability enables a request for a Capital Improvement
within the APCHA policies
This is a case type (Capital Improvement instead of Application)
Data attributes are specific to the purpose
Ability for APCHA tenant to access online payment and view transactions
Descriptions and Clarifications
This capability applies only to APCHA managed units
Basic payment history and upcoming amounts due and due dates presented (not accounting, no
accruals or aging)
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Project #2022-004
19
Ability for APCHA tenant to submit maintenance requests
Descriptions and Clarifications
A process similar to submitting an application (supporting a case that is created for review and
approval/authorization)
This is a case type (Maintenance Request instead of Application)
Data attributes are specific to the purpose
Ability for APCHA tenants to submit a request to move-out
Descriptions and Clarifications
A process similar to submitting an application (in that a case that is created for review and
approval/authorization)
This is a case type (Move Out instead of Application)
Data attributes are specific to the purpose
Ability for external users to ‘submit interest’ for APCHA managed units
Descriptions and Clarifications
Registered Users can submit interest for APCHA managed units subject to qualification
Note: Non-APCHA managed units may be leased without external Users first qualifying through the
APCHA process
Ability for users to view/search all inventory
Descriptions and Clarifications
Available units are presented
Improve search capabilities and resulting displays (example: upcoming availability).
Enhancement option:
o It may be considered a service to the City of Aspen’s constituency, both permanent and
seasonally engaged to present an increased scope of housing availability in areas adjacent
to Pitkin County.
The WordPress advantages and benefits over competitors is the wealth of support through the huge
community of Users, driving quality, capability and features. More functionality questions have been
answered and extensions been implemented than competing portal technologies with the same or similar
cost-model. Additionally, the skills required to manage and develop for WordPress are more common and
prolific. This means that the City will enjoy more choices in new projects (minor or major) in maintaining
or extending the portal.
No capability in the known or predicted needs of the City cannot be delivered through existing features of
the portal, or extension of the features through development and/or configuration. Please see Exhibit C,
the REVISION proposal, for Example screenshots of deliverables.
SYSTEM SECURITY FEATURES
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Project #2022-004
20
This section describes the security features to delivered, including certification level of data center(s),
data backup capabilities, secondary site availability and disaster recovery RTO and RPO.
WordPress is a dynamic open-source portal and content management system which is used to
power millions of websites, web applications, and blogs. It currently powers more than 43% of the
top 10 million websites on the Internet. WordPress’ usability, extensibility, and mature
development community make it a popular and secure choice for websites of all types. Risk
mitigation for the top ten (OWASP risk list) is provided through:
Injection risk - There is a set of functions and APIs available in WordPress to assist developers in
making sure unauthorized code cannot be injected and help them validate and sanitize data. Best
practices and documentation are available on how to use these APIs to protect, validate, or
sanitize input and output data in HTML, URLs, HTTP headers, and when interacting with the
database and filesystem. Administrators can also further restrict the types of files which can be
uploaded via filters.
Broken Authentication and Session Management risk- WordPress core software manages user
accounts and authentication and details such as the user ID, name, and password are managed on
the server-side, as well as the authentication cookies. Passwords are protected in the database
using standard salting and stretching techniques. Existing sessions are destroyed upon logout.
Cross Site Scripting (XSS) risk- WordPress provides a range of functions which can help ensure that
user-supplied data is safe. Trusted users, that is, administrators and editors on a single WordPress
installation, can post unfiltered HTML or JavaScript as they need to, such as inside a post or
page.Untrusted users and user-submitted content is filtered by default to remove dangerous
entities, using the KSES library through the ‘wp_kses’ function.
Insecure Direct Object Reference risk- WordPress often provides direct object reference, such as
unique numeric identifiers of user accounts or content available in the URL or form fields. While
these identifiers disclose direct system information, WordPress’ rich permissions and access control
system prevent unauthorized requests.
Security Misconfiguration risk- The majority of WordPress security configuration operations are
limited to a single authorized administrator. Default settings for WordPress are continually
evaluated at the core team level, and the WordPress core team provides documentation and best
practices to tighten security for server configuration for running a WordPress site.
Sensitive Data Exposure risk- WordPress user account passwords are salted and hashed based on
the Portable PHP Password Hashing Framework12. WordPress’ permission system is used to
control access to private information such a registered users’ PII, commenters’ email addresses,
privately published content, etc. In WordPress 3.7, a password strength meter was included in the
core software providing additional information to users setting their passwords and hints on
increasing strength. WordPress also has an optional configuration setting for requiring HTTPS.
Missing Function Level Access Control risk- WordPress checks for proper authorization and
permissions for any function level access requests prior to the action being executed. Access or
visualization of administrative URLs, menus, and pages without proper authentication is tightly
integrated with the authentication system to prevent access from unauthorized users.
Cross Site Request Forgery (CSRF) risk- WordPress uses cryptographic tokens, called nonces13, to
validate intent of action requests from authorized users to protect against potential CSRF threats.
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Project #2022-004
21
WordPress provides an API for the generation of these tokens to create and verify unique and
temporary tokens, and the token is limited to a specific user, a specific action, a specific object, and
a specific time period, which can be added to forms and URLs as needed. Additionally, all nonces
are invalidated upon logout.
Using Components with Known Vulnerabilities risk- The WordPress core team closely monitors the
few included libraries and frameworks WordPress integrates with for core functionality. In the past
the core team has made contributions to several third-party components to make them more
secure.
Unvalidated Redirects and Forwards risk- WordPress’ internal access control and authentication
system will protect against attempts to direct users to unwanted destinations or automatic
redirects. This functionality is also made available to plugin developers via an API.
See Exhibit D for the Service Level Agreement, which outlines how REVISION will host the site, provide
security, provide for acceptable RTO and RPO associated with disaster recovery, and provide support for the
first year post-go-live. Should APCHA desire to continue this arrangement into the future, REVISION will do
so; however, REVISION is also open to handing some tasks back to the City as staff become more familiar with
these aspects of managing the system.
APPROACH TO APCHA STAFF TRAINING
The training phase of this project will ensure that the users and system administrators are ready to use,
manage and embrace the new system. REVISION will accomplish this by capturing any use case
modifications during the Scrum process in order to reduce the need for training post implementation.
However, we do describe here a formal training phase included in our estimate. REVISION shall provide End
User Training and Administrative Training.
End user training will focus on the business operations aspect of the system; the daily use and
workflows of the system. REVISION will conduct this training online, in a group session for up to 7 City
team members.
Administrative training will be for staff who will be responsible for administration, maintenance and
enhancements. REVISION will conduct this training in an online group session.
We anticipate the resulting solution to follow the same process as the existing HomeTrek® and REVISION’s
goal is to leverage the knowledge already evident within the APCHA team and reduce the need for training
by presenting any process changes during the spring cycle as the requested enhancements to the
HomeTrek® process. Due to this simplicity in change management, REVISION recommends the following
schedule, as few new features (mostly requested enhancements, therefore expected) will be introduced.
For the HomeTrek® process training REVISION will facilitate two, 2 hour training sessions.
Delivery: Online
Audience: HomeTrek® End Users
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Project #2022-004
22
For the portal administration and settings, REVISION will facilitate four, 1 hour training sessions
Delivery: Online
Audience: Portal Administrators.
PROJECT SCHEDULE
REVISION has defined the period of performance and shall deliver the business capabilities in monthly
milestones.
Our goal is to complete this project in an elapsed four-calendar month period. This is dependent on the
City team’s availability, project priority and the methodology preferred by the City. Our reasoning is that if
the City is comfortable contributing to and integrating with the Agile process and ceremonies (i.e., daily
standups), the cadence shall support the goal. REVISION is not presenting the Agile methodology as the
only delivery mechanism and will work in the context of the City’s preferred methodology.
REVISION is sensitive to APCHA’s priority for this project, other initiatives and the APCHA SME team
availability. A high-level overview of activities is presented here for context, and a full manifest of the
activities and predicted milestones below.
Task'lam6 Q2
Jun Jul
Q3
Apr May Aug Sep
AP:HA Secure Portal I
2 Inception
3
4
5
6
8
Co-authoring the Project Charter •
Defining Business objectives and confirm the project organization
Team roles and commitments
Responsibilities as Partners, and as a collective team
Identify the Product Owner
Resolve assumptions
Confirm schedule and deliverables
Define a communication plan as considered meaningful by the City
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Project #2022-004
23
•
9
10
11 Design l::J
12
13
14
15
16
17
18 Build Sprint 1 ......
19
20
21
22
23
24
25 Build Sprint 2 1-J
26
27
28 Build Sprint 3 1-J
29
30
31
32
33 Build Sprint 4 ......
34
35
36
37
38
39 Build Sprint 5 ,......]
40
41
42
43 Build Sprint 6
44
45
46
47
48
49 STQA, Knowledge, Training l::J
50
•
Workshops to refine the project backlog •
Review of As-ls and To-Be processes mapped to the TO-BE technology model
Define the Business Cases and populate the User Stories
Establish phasing, tentative sprint plan and prioritization with business context
Classify backlog into 008, Configuration, Coding as committed in this response
Determine data migration, cleansing and unknown integration needs
Registration
Eligibility process
Review listings per Eligibility
Ability for Users to view/search/filter all inventory
Abi lity for External Users to 'submit interest' for APCHA managed units
Submit Applications
Submit Application Files/Artifacts, •
Approved Communications I notifications
Create, Stage, Submit Approve, Remove Unit listing for Rent II
Create, Stage, Submit Approve, Remove Unit listing for Sale
Abi lity for APCHA tenant to submit a request to move out
Ability for APCHA tenant to submit maintenance requests
Ability to view associated Salesforce person/case information •
lottery process
Ability to submit bids on lottery
Abi lity to create/submit ''Report Concern" (Salesforce compliance case)
Abilitvfor Users to view Compliance Casefsl detail
Abi lity for APCHA tenant to access online payment II
Abi lity for APCHA tenant to view transaction event history
Abi lity for APCHA tenant to submit electronic payments
Ability for Owners to submit listing 'contract' form
Ability for Owners to create/submit listing request
Abi lity for APCHA Sales to modify/deny/approve listing
Ability for Owner to submit capital improvement information
Ability for Owner to edit capital improvement information
Software Testing and Quality Assurance (collate sprint review testing) •
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Project #2022-004
24
•
51 STQA, Knowledge, Training l::J
52
53
54 STQA, Knowledge, Training i=
55 Provide documentation for User Guide basis •
KNOWLEDGE AND SKILLS TRANSFER
An effective knowledge transfer strategy combines technology, culture, measurement, and infrastructure in
order to share knowledge across multiple areas in your organization. The REVISION Knowledge Transfer
supports the City of Aspen in the following ways:
Accelerates the accumulation and dissemination of knowledge across your organization
Provide easy and rapid knowledge access to your team
Eliminates time and space constraints in communications
Stimulate associates to experience the value of sharing knowledge in providing custom-tailored
service to customers
Respect the dignity of everyone by cultivating an environment that enhances his or her
professional development and recognizes each person as a valued member of a service-
oriented team
The Agile process ensures regular team interaction to discuss and document iterative
builds/releases/changes that shall be documented, resulting in both education/training and knowledge
gathering throughout the project cycle. Typically, this results in a reduced need for a knowledge transfer
event at or near project completion. Our project plan calls out a phase for testing, quality and training, and
this period fills in and formalizes the learning that has occurred throughout the project.
The application of knowledge transfer attracts other benefits including improved company culture,
improved quality of service, faster business processes, increased efficiency, and better use of business
technology and resources. Since knowledge exists in the mind, the best way to transfer knowledge within
an organization is to start with considering how knowledge is transferred from one person to another.
We transfer project knowledge across multiple areas and roles and will employ a variety of approaches
and tools depending on the knowledge recipient’s context.
Capture documentation (business cases, User stories, test history)
Perform Peer Review
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Project #2022-004
25
REVISION has broken the knowledge transfer process into 5 steps, including the applicable tools for
each.
Step 1: Identify & Collect Knowledge
The process starts with the cultivation of knowledge. This takes place in the culture of your
company. This involves:
Brainstorming ideas
Learning new skills
Inviting in experts or other consultants
Seeking solutions to problems
Designing new projects
The result is “intangible” knowledge we need to collect, document, and share with the team. To
create a strong culture of knowledge generation we shall:
Surface technical roadblocks or challenges
Document solutions and implement or backlog the recommendations
Seek input from team members and outsiders
Encourage collaboration and teamwork
Mentor and coach the team where appropriate, on request
Train and develop team comfort with access to knowledge
Our goal is to create a factory of ideas and an environment that encourages innovation – where everyone can
share their ideas, input and expertise.
Step 2: Capture & Store Knowledge
Effective Knowledge Capture and Management is more than just having a file cabinet or folders. The
City must have an infrastructure that makes sense for the business purpose and makes access to that
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Project #2022-004
26
knowledge fast and simple. Having a knowledge base in place will help you manage both tacit and
explicit knowledge.
The knowledge repository shall include:
Reports
Visuals and video
Document libraries
Knowledge portal hyperlinks
Step 3: Transfer & Share Knowledge
Having a central repository (single system or virtual (group of systems)) the City can message
availability to circulate that information to other people and/or departments. This knowledge
transition process is made more efficient and affordable by selecting the most appropriate
technology.
Knowledge Transfer Plan:
A clearly outlined process document for how knowledge is to be shared.
A file repository (like SharePoint or WordPress) that organizes the knowledge and potentially
automates knowledge sharing.
Communication facilities (like Office365) that facilitate collaboration and communication.
A dedicated person or persons to circulate the knowledge to the appropriate department(s).
A follow-up process to confirm that the information was delivered to the right people in the
right way at the right time.
The manifestation of this process will depend on a variety of factors – from your business structure
to the size of the team to the budget available for tools and resources.
Step 4: Apply Knowledge & Measure Results
The next step is to apply this knowledge and measure the results. Assessing success will require tools or
monitoring access events to assemble key performance indicators (KPIs).
Identify the key knowledge holders in your organization. Does the knowledge “trickle down” o
get pushed up? Who are the visionaries? Provide all team members the opportunity to share the
knowledge they have. Motivate sharing. Encourage the internal subject matter experts to share
their knowledge. Provide a platform to do that – whether that be through a communication
channel, by giving them the floor during company meetings, or providing some other medium.
Make sharing easy. Have fast and simple tools available for people and departments to share
information. Measure results consistently. Set standards and benchmarks. Monitor progress.
Communicate the results. Be receptive to input and adjust when necessary.
Apply the knowledge. Offer incentives for team members to be innovative and take initiative.
Encourage taking appropriate risks.
Continue generating knowledge. Bring in industry experts, offer training, hold brainstorm
sessions, and otherwise encourage a community that pursues knowledge
Step 5: Create New Knowledge
As we discover that a new idea, technology, or method is proving successful we can apply this to other areas
of knowledge sharing. Maintaining the knowledge transfer system (process, culture and system) will ensure
that the City’s continuous improvement is never stagnant when it comes to new ideas and problem-solving.
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Project #2022-004
27
TABLE A1: APCHA PORTAL REQUIREMENTS LIST
SECTION 1: SYSTEM INTEGRATIONS AND ACCESS OOB,
Config, or
Coding?
Comments
The system should meet basic standards for integration
1 Conform to open architecture standards. OOB https://developer.w
ordpress.org/coding
-
standards/WordPre
ss s-coding-
standards/ 2 Integrate with other applications via web services, APIs or another
acceptable standard
OOB May require
payload
configuration per
API
3 Have a database that can be accessed by City’s personnel in order to
create connections to other applications (i.e., database is not
proprietary)
OOB MySQL accessible by
City personnel
4 Be based on industry best practices and use common business
process flows
OOB
5 Have applications that are integrated, and modules work cohesively OOB
6 Integrate with all necessary systems without a significant decrease
in system performance and responsiveness
OOB
7 Have clear methods and practices for minimizing the likelihood that
updates to the system or to integrated applications will break
integrations
OOB
8 Have clear methods and practices for identifying integration
breakages
Config
9 Have clear methods and practices for determining the root cause of
integration breakages and repairing them
Config Built in Error Log
and event handling
10 Generate meaningful error messages when integration errors occur OOB
11 Provide the ability to generate reports to allow for easy verification
of accurate data exchange
Config
The portal should integrate seamlessly with the
APCHA'S Salesforce HomeTrek system
12 Accurately and consistently transmit information entered on the
portal into the necessary fields within the backoffice of Salesforce,
on a real time basis
Config REVSync product, is
near-real-time,
depending on
transaction volume
13 Accurately and consistently transmit changes to information from
the back office to the portal on a real time basis
Config REVSync product, is
near-real-time,
depending on
transaction volume
14 Accurately and consistently provide access to selected existing
historical information previously entered by users (such as past
approvals and fields they have entered, but not documents), as
specified by APCHA staff
OOB
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Project #2022-004
28
15 On a real time basis, communicate with Salesforce that a document
has been uploaded or has completed document signatures in Conga
Coding Synchronization of
files to SharePoint
will result in a
hyperlink appearing
in Salesforce to
avoid over-use of
the Salesforce
storage system.
Conga confirmation
requires
Salesforce/Conga
Trigger licensing
The system should integrate with MS SharePoint
16 On a real time basis, send uploaded documents and associated
identification information to a SharePoint location for analysis and
storage, without passing through Salesforce (to avoid Salesforce file
upload size limitations). Within the portal, provide users with
confirmation that such documents have been sent to SharePoint.
Config Synchronization of
files to SharePoint
will result in a
hyperlink appearing
in Salesforce to
avoid over-use of
the Salesforce
storage system.
The system should integrate with the City of Aspen's ESRI GIS system
17 Using web services, integrate with ESRI Arc GIS Platform Config Depending on the
business need for
integration, may
require coding
18 Provide portal users with map views of available units for rent or
sale
Config Effort depends on
selection of source
data (ex:
GoogleMaps)
19 Provide validation of addresses entered by external users of the
system during application and other processes
Config Requires access to
an address
validation source
(USPS, Experian,
etc.)
The system should provide access to additional systems used in HomeTrek
20 Provide access (via easy to find links or another methods) to other
systems currently integrated with, or planned to be integrated with,
HomeTrek, including Paymentus for online payments and Conga for
document signatures and other document management functions
OOB City of Aspen to
provide hyperlinks
and any required
authentication/auth
orizations.
WordPress provides
a built-in payment
gateway integration
interface
SECTION 2: KEY PORTAL ADMIN AND SUPPORT FUNCTIONALITY
NEEDED BY APCHA STAFF
OOB,
Config, or
Coding?
Comments
The system should provide easy to use tools to:
1 Assist in the management of routine portal maintenance, such as
updating portal text and help
OOB Extensive Guides
available (included
in delivery)
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Project #2022-004
29
ments
2 Manage portal users and user groups OOB
3 Manage portal user roles and permissions OOB
4 Manage automation and validation rules Config Depending on the
validation
complexity, may
require coding.
5 Modify work flows and establish new work flows for multiple portal Config
processes
Depending on the
workflow
complexity, may
require coding.
6 Add/modify fields on the portal OOB
7 View and monitor portal activity history OOB Extensiv e event log
8 Create and modify portal forms OOB Requires form
component
9 Perform and check the impact of a) system updates for the portal Config
product and b) Salesforce updates that could impact the portal.
10 Clear delineation of communications and responsibilities for portal Config
updates and verification of portal functions after updates.
11 Reference detailed portal help resources OOB Extensive Guides
available (included
in delivery)
12 Configure and customize the software and develop additional tools OOB
post-implementation without reliance on the vendor via standard
admin tools within the application
13 Generate exception reports on portal functions. OOB Built in Error Log
and event handling
14 Set up user prompts and help text Config
15 Ability to add/delete custom fields to reflect changes in Salesforce Config
fields
Requires data
access component
16 Provide for flexible workflow design, control, and status monitoring OOB
17 Have access to a full live test environment for testing updates and OOB
changes
18 Have a way to refresh the test environment easily to keep it in synch OOB
with the production environment
19 Prevent submission of incomplete applications Config (Require
fields)
d form
20 Prevent submission of applications for which a user does not meet Config
basic eligibility criteria
21 Delete partially completed applications that have set untouched Config
beyond a selected expiry timeframe
22 Log in as a user to provide assistance OOB
23 Post information of interest, such as the results of a sales lottery on OOB
the portal
24 Add images to the detail of unit listing OOB
25 Add video to the detail of a unit listing OOB
26 Create, post, and take down notices of APCHA units for sale or rent OOB
SECTION 3: GENERAL FUNCTIONALITY NEEDED FOR ALL PORTAL OOB,
Com
USERS Config, or
Coding?
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Project #2022-004
30
All portal users need to be able to quickly find the
information they need
1 Allow unregistered use of allowed features of the portal for: 1) a
prospective renter, owner, or other interested party seeking
information on available units and other basic information 2) filing
a complaint, and find links to external URLs for further information.
Config
2 Allow unregistered users to subscribe to receive notice of available
units by type (rental or owned) via text and/or emails. Preferably
such subscriptions would be a function of the portal, however an
alternative would be to provide links to a website with the
subscription option.
OOB
3 For applicants and existing tenants and owners, easily register and
log into a secure system (preferably via OneLogin for internal users)
if applying or a current tenant or owner
OOB
4 Easily navigate to any page to which they have access rights with a
minimum number of clicks
Config
5 Immediately access commonly used information via a dashboard, a
favorites tab, a bookmark or other similar solution
OOB
6 View/edit any field to which they have permissions, based on
individual and group specifics
OOB
7 Find user account details quickly OOB
8 Have clear error messages when something goes wrong OOB
9 Easily find and correct errors in user data entry Config
10 Easily access historical as well as current user information housed
within HomeTrek, including statuses of requests and applications in
process.
OOB
11 Perform robust, fuzzy search capability (for instance, – if incorrect
address or spelling is off, system should offer “do you mean this”
options to choose from.)
Config Clarification
required
(spellcheck or AI-
enabled
componentry, like
address validation
to present optional
selections). Both are
available
12 Easily go back to a previous page, and to restart an application at
the page last completed
Config
13 Ability to start an application at the next page to be completed,
without going through all previously completed pages
Config Requirement
captured and has
been tested/verified
in PoC
14 Quickly find a specific application or other form needed OOB
15 Ability to prevent people from submitting an incorrect application
form for a particular unit
Config Required fields and
value validation
16 Pre-populate new applications with key information from the most
recent previous application
OOB
17 Easily access communications, documents and assigned tasks
attached to a record and/or sent by staff from the system (for
example, Demands for Compliance or other notifications)
OOB
18 Easily access and use checklists for required tasks and documents
associated with applications.
OOB
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Project #2022-004
31
19 Create a dashboard with information of interest to me
specifically (such as rental units available)
Config
20 Have the option to select Spanish as the site language for
certain information guides and for applications
OOB
21 Perform a limited number of queries, or select from and run a
limited number of reports, such as historical payment history,
from the portal
OOB
22 Respond to polls and short surveys of portal users Config Configuration of
polls and surveys
required
23 Have access to a site that incorporates accessible design
principles, striving over time to progress toward meeting new
Colorado accessibility standards and WCAG 2.1. Colorado made
history as the first state to pass a bill requiring government
websites to meet accessibility guidelines. See:
https://leg.colorado.gov/sites/default/files/2021a_1110_signed.p
df for specific requirements. Also, please see Web Content
Accessibility Guidelines (WCAG) 2.1 for compliance guidelines.
https://www.w3.org/TR/WCAG21/
OOB The WordPress community
established best practice to
ensure ADA compliance. A
WordPress accessibility
team is in place, with
Accessibility Coding
Standards outlined to
ensure that new and
updated code for the open
source WordPress core
conforms with Web Content
accessibility Guidelines
(WCAG) at level AA.
Revision agrees to meet the
requirements of HB 21-1110
to the best of its abilities. At
minimum, Revision agrees
to adhere to WCAG 2.1 -
Level A and AA.
All users need to be able to attach and upload or
download documents from sources external to the
system
24 Add photos OOB
25 Add PDFs OOB
26 Add Excel or Word docs OOB
27 Add other file types as may be specified by APCHA staff OOB
All users need to be able to easily communicate with
other users from within the system
28 Select a notification preference (email, SMS, both) for messages
from the Salesforce system, and display such notifications on a
user record
OOB Multi-channel and
protocol
communication
capable
29 Send a note or request between staff and external users
(for example, via SF Chatter or other similar tools)
OOB
30 View and upload documents to a compliance case or other types
of cases
OOB
All users need to be able to easily access help and
support
31 Access a robust context sensitive help within the system and
help online, including videos, manuals, and live help
Config Content required
32 Access high quality training and support materials and opportunities OOB
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Project #2022-004
32
33 Access documents and videos with SOPS and other key APCHA
information
Config Content required
All registered users need to be able to add multiple contacts to an
application
34 Add members of a household and/or roommates to an application Coding
35 Apply jointly with a member of a household or a roommate on a
single application
Coding
36 Assign levels of access to an application and information, based on
the characteristics of a household or other living arrangements
Config
37 Add other contacts associated with an application, such as employer
contact information, bank, lender, emergency contact and others
OOB
SECTION 4: ADDITIONAL FUNCTIONALITY NEEDED TO MANAGE
PRIVATE PROPERTY POSTINGS
OOB,
Config, or
Coding?
Comments
1 Complete and submit a preliminary private property ad for review
by APCHA staff
OOB
2 View and adjust status of all private properties under management
(For instance, an individual that posted a unit as available should be
able to remove it from posting)
OOB
SECTION 5: ADDITIONAL FUNCTIONALITY NEEDED FOR RENTALS
AND PROPERTY MANAGEMENT
OOB,
Config, or
Coding?
Comments
Prospective tenants can easily find information on
units available to rent:
1 Access information of unit availability without signing into the portal OOB
2 Complete a questionnaire to automatically determine whether the
prospective renter is eligible for a unit and if so, which category of
unit
Config
3 Click a button and be presented with a map and list of available
rental units, with key unit characteristics
Config
4 Display available units by owner (APCHA managed, non-APCHA
managed, owner listed, third-party)
Config
5 Display/filter to only those units to those for which the prospective
renter is eligible
Config
6 View detailed unit information with one click on a unit OOB
7 Complete a Rental Interest form for APCHA managed units for which
someone wants to be considered
Config
Prospects to whom a unit has been offered can complete the qualification
process
8 Selected interested parties can easily find and complete the correct
rental qualification application packet for their unit, and upload all
associated documents.
Config
9 Easily delete a qualification form started in error OOB
10 For APCHA managed units, view an estimate of the annual cost of
leasing, including all associated fees (for instance, for parking or
laundry)
Config Requires data
11 Except for requalification’s, be prevented from creating duplicate
qualification forms for the same rental and party of applicants
Config
12 Track the status of their application packet during review. Config Form progress
presentation
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Project #2022-004
33
13 Receive and send communications to APCHA staff during
qualifications review.
OOB
14 At the time of application, download a completed qualification
application forms and documents.
Config
15 Save and return to finish a partially completed qualification
application
Config
16 Access Paymentus to pay any fees associated with qualification Config
Prospects approved to become tenants can manage leases and perform
other tenant duties
17 Easily find and download a lease document to view before and after
signing
Coding
18 Sign a lease document via Conga, by providing access to Conga from
within the portal.
Config
19 Access Paymentus to manage online rent and other payments Config
20 Submit roommate changes Coding
21 Submit a form to terminate a lease early Config
22 Complete and submit a Move In request OOB
23 Complete and submit a Move Out request OOB
24 Easily find and complete the Requalification process Coding
25 Easily find and complete a Maintenance Request Config
26 Track the status of Maintenance Requests Coding
27 Respond to staff inquiries regarding Maintenance Requests OOB
28 Submit responses to Notices of Violations, including uploading
documentation as requested
OOB
SECTION 5: ADDITIONAL FUNCTIONALITY NEEDED FOR
OWNERSHIP UNITS
OOB,
Config, or
Coding?
Comments
Prospective buyers can easily find information on units
for sale:
1 Access information of unit availability without signing into the portal OOB
2 Sign up for notifications of units available for purchase OOB
3 Click a button and be presented with a map and list of available
ownership units, with key unit characteristics and the unit deed
restrictions
Config
4 Display/filter to available units by owner (APCHA managed, non-
APCHA managed, owner listed, third-party)
Config
5 Display/filter to units to those for which the prospective owner is
eligible
Config
6 View detailed unit information with one click on a unit Config
7 Respond to a general questionnaire to automatically determine
whether the prospective buyer is eligible for a unit
Config
Prospective buyers can easily complete the tasks associated with
purchasing a unit
8 Easily find and complete the ownership qualification application
packet for the unit, and upload all associated documents.
Config
9 Easily delete a form started in error OOB
10 Be prevented from creating duplicate qualification forms OOB
11 Track the status of their application packet during review. Config
12 Receive and send communications to APCHA staff during
qualifications review.
OOB
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Project #2022-004
34
13 Download completed qualification application forms and
documents.
OOB
14 View submitted forms and documents OOB
15 Save and return to partially completed qualification applications Config
16 After qualification approval, submit a bid on a unit for sale (join the
lottery for a unit)
Config
17 View the results of the lottery for the purchase of the unit Config
18 Prepare and submit a Sales Contract Packet, including document
attachments. Completing a required sales checklist prior to
submitting the Packet.
Config
19 View any communication from the APCHA sales staff during the
purchase process, such as an Amendment to Extend Deadlines
OOB
20 Access Paymentus to pay any fees associated with qualification for
and purchase of a unit
Config Integrate with
Paymentus service
Existing owners can manage capital improvements, perform other
ownership duties and sell units
21 Easily find and download settlement documents after closing Coding
22 Submit Leave of Absence request and view LOA details (such as end
date) (LOA forms)
Coding
23 Submit an interest form related to renting a room within the home Config
24 Submit a posting or listing related to renting a room within the
home
Config
25 Easily find and complete the appropriate Requalification form Coding
26 Submit responses to Compliance Cases, including uploading
documentation as requested
Config
27 Easily find, start, save and complete the capital improvement
approval request process
Config
28 Easily upload required capital improvement documentation, such as
receipts for expenditures
OOB
29 View valuation based on capital improvements Config
30 View a notification of decision regarding a capital improvement
valuation change
OOB
31 Submit a draft sales listing for review by APCHA staff OOB
32 Easily access Paymentus to pay any application and ownership-
related fees and charges
OOB
33 Ability for current owners to complete biennial ownership affidavit Config
34 Ability for owner affidavit fields to update person accounts, units,
etc.
Coding
SECTION 6: SYSTEM SECURITY AND OTHER BASIC IT REQUIREMENTS
REQUIREMENTS QUESTIONS FOR CLOUD-HOSTED SOLUTIONS C1-C24 YES/NO/NA COMMENTS
C1 Does the solution use any locally installed software, client or agent? NO
C2 Any locally installed software or client is fully compatible with the
latest version of the Windows 10 Pro 64-bit operating system.
NA
C3 Any locally installed software or client is fully compatible with
Microsoft Active Directory Domain Services running in the
customer's network.
NA If the portal is
installed on-premise
support for Active
Directory
integration is OOB
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Project #2022-004
35
C4 Any locally installed software is compatible with Sophos anti-
malware end point protection with Intercept X, running on the local
PC.
NA
C5 Does any local software or client require administrative permission
to install? To use?
NA
C6 What are the minimum PC reequipments for the customer's
desktop/laptop to connect and run the solution?
NA A browser is
required. We
recommend setting
a minimum
supported version
for each browser
type to confirm
SSL/TLS version
capability (prevent
insecure browser
sessions)
C7 The solution is fully compatible with the latest versions of common
client browsers: Microsoft Edge, Mozilla Firefox, Google Chrome,
Apple Safari, etc.
YES
C8 Does the solution require a browser plug-in, extension or player app
such as Adobe Flash, JavaScript Runtime or Silverlight?
NO
C9 The solution is fully compatible with the latest version of Microsoft
Office 365 Office Suite Applications: Outlook, Excel, Word, etc.
YES
C10 The solution is fully compatible with the latest versions of Microsoft
Office 365 Business Applications: Teams, Power BI/BI Pro, etc.
YES
C11 The solution is compatible with networked HP, Ricoh, and Xerox
printers.
YES The solution will
output print formats
in compatible
format.
C12 The solution is compatible with HP, Fujitsu, and Canon scanners. YES The solution will
absorb scanned
documents/images
in compatible
format.
C13 The solution is fully compatible and functional from iPad and iPhone
mobile devices while in the field.
YES Cross-browser
including mobile
compatibility
C14 What is the minimal iOS version required? YES No minimum device
platform is required.
We recommend
setting a minimum
supported browser
version (Safari,
Chrome, etc.) to
confirm SSL/TLS
version capability
(prevent insecure
browser sessions)
C15 What backend database does the solution use? YES Solution can use
SQL, Oracle, Oracle
MySQL
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Project #2022-004
36
C16 Which version of the database is it? YES All Vendor
supported/maintain
ed versions. We
recommend using
the most recent
stable version
published to
increase security
C17 Does the solution send customer generated email using the
vendor's domain address?
YES
C18 If so, does that mail system have SPF, DKIM, and DMARC records in
place?
NA Email can be
generated and sent
through the existing
City of Aspen email
service for
consistency in
journaling, audit
and risk
management
C19 Does the solution allow for sending customer generated email using
a City domain address?
YES
C20 If so, can the vendor supply the mail system's SPF IP addresses and a
DKIM generated certificate to use in the City's DNS records?
YES If preferred
C21 Does the solution require any hybrid cloud architecture or
additional internal City resources, services or connections?
YES The solution
requires trusted
(authenticated/auth
orized) access to
and from services
provided by
Salesforce,
Paymentus,
SharePoint and
potentially other
City
solutions/repositori
es, also possibly
CivicPlus.
C22 If so, please list all requirements for the City's on-premise virtual
servers, firewalls or other systems to accommodate this?
YES Requirements will
include firewall
rules configuration
to enable API
management which
may be best
facilitated using a
single gateway to
reduce individual
risk surfaces
C23 Does the solution have a financial transaction component? YES Not an accounting
solution but a
secure transaction
aggregation
component for
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Project #2022-004
37
storing/synchronizin
g g transactions if
necessary.
(Optional)
C24 If so, how will it interface with the City's cloud-based Oracle
financial system?
YES This optional
component can be
configured to use
City of Aspen
security controls
and
authentication/auth
orization
preferences to
maintain the
necessary
compliance posture
C25 What are the options to interface with other systems? YES API, Shared
references/tables,
message bus,
workflow, secure
messaging, others.
CITY OF ASPEN IT - LOGIN AND AUTHENTICATION FOR CLOUD-
HOSTED SOLUTIONS L1 - L13
REQUIREMENTS QUESTIONS YES/NO/NA COMMENTS
L1 Is the username set to be an email address or can the user create
something unique?
YES Recommend using a
unique identifier
and align with
Salesforce use of
email address. If it
possible for City of
Aspen to enable
username creation
if preferred
L2 Is there a minimum/maximum password length requirement? YES Configurable by City
of Aspen
Administrator
L3 Is there a password strength requirement? YES Configurable by City
of Aspen
Administrator
L4 Can password aging be set? YES Configurable by City
of Aspen
Administrator
L5 What is the lockout policy for too many bad attempts? YES Configurable by City
of Aspen
Administrator
L6 What is the process for a user to reset and login if the password is
forgotten?
YES Configurable by City
of Aspen
Administrator, most
commonly a "forgot
password"
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Project #2022-004
38
procedure with the
options to use MFA
(Multi-Factor
Authentication), TSV
Two Step
Verification and OTC
(One Time Code)
L7 If the login fails what message does the user get? YES Configurable by City
of Aspen
Administrator
L8 Is there an automatic logoff of the account after a set period of
inactivity?
YES Configurable by City
of Aspen
Administrator
L9 Is there an automatic suspension of the account after a
predetermined time of not logging in?
YES Configurable by City
of Aspen
Administrator
L10 Is the solution set up to do, or have the option to set up a 2-step/2-
window username-password login process?
YES Configurable by City
of Aspen
Administrator
L11 Does the system have a 2FA/MFA option for customers/users to
access the system?
YES Configurable by City
of Aspen
Administrator
L12 Does the system have a 2FA/MFA option for administrators to
access the system?
YES Configurable by City
of Aspen
Administrator
L13 Is there an option for using the City's SSO SAML 2.0 based system
(OneLogin) for login access by City staff?
YES
CIT+A217:C241Y OF ASPEN IT - SECURITY FOR CLOUD-HOSTED
SOLUTIONS S1 - S33
REQUIREMENTS YES/NO/NA COMMENTS
S1 Ability for RBAC security at a granular level within the application so
as to provide specified users and groups with a least privilege access
to screens, tables, records and fields as needed.
YES
S2 Ability for private records to be kept confidential, through
assignment of application security and permissions.
YES Require
confirmation of
what constitutes a
record in this
context (database
record, document,
file, etc.)
S3 Ability for administrative users to control edit and validation rules to
ensure data integrity.
YES
S4 Ability to keep log records of all actions executed in the system. YES
S5 Ability to keep a separate audit log of system administrator actions. YES
S6 Ability to keep overall database integrity. YES Best performed by
leveraging a second
data store to
perform integrity
audit upon
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Project #2022-004
39
S7 Ability to prevent a primary record from being deleted if secondary
records exists.
YES
S8 Ability to encrypt all or certain data fields for data that is at rest.
What solution is in use?
YES Data at rest using
database publisher
encryption (no
additional cost)
S9 Ability to encrypt all data in transit from end to end. What solution
is in use?
Data in transit using
SSL/TLS, data at rest
using database
publisher encryption
(no additional cost)
S10 All encryption architectures must use well-known and openly vetted
standards. Please list.
YES Triple DES, AES, RSA
Security, Blowfish
and successor
Twofish.
S11 Browser Transport Layer Security must use the TLS 1.2 protocol or
higher.
YES
S12 Certificates are signed by a well-known and trusted public
certification authority. Please list.
NA Certificates selected
by City of Aspen
S13 Is your system run in a datacenter that meets SOC-2 audit
certification?
NA Datacenter selected
by City of Aspen.
We recommend SOC
2 compliance as the
minimum standard
for considering a
host.
S14 If so, can you provide the audit report? YES Depends on City of
Aspen selection.
S15 Do you have a backup datacenter, and how far away is it from the
primary center?
YES We recommend
using alternate
providers for back-
up which can
include City of
Aspen IT resources.
S16 System provides backup/failover solutions that provides RTO/RPO
times of 24 hours or less.
YES Depends on City of
Aspen selection.
S17 What is your RTO? NA Depends on City of
Aspen selection.
S18 What is your RPO? NA Depends on City of
Aspen selection.
S19 What is your monthly uptime? NA Depends on City of
Aspen selection. We
recommend a
minimum of 4 '9's.
(99.99% uptime).
S20 What was your annual uptime for the past 5 calendar years? NA We can provide
reports for other
portals delivered
using AWS, AZURE,
etc.)
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Project #2022-004
40
S21 Please specify what security measures are used that prevent
unauthorized access/data breaches of the system?
YES Security measures
include a
combination of SSO
(Single Sign On
identity
management),
Certificate trust (ex:
Radius), MFA/TSV,
Hardened OS
(operating system),
hardware controls,
Digital Rights
Management to
support DLP (digital
loss prevention) and
event monitoring.
S22 Has your system ever experienced a DDoS attack? YES
S23 If so, how long were your servers down for? NA Attack was
deflected using an
algorithmic defense
mechanism. Zero
down time, but
impacted
transaction
processing
performance.
S24 What is your current methodology to prevent/mitigate DDoS
attacks?
YES The methodology
employed may vary
based on Cloud vs
On-Premise
implementation, but
presents a layered
approach to detect
both high and low
volume (ex: SLOW
POST) attacks. This
includes traffic
decryption to
increase detection.
S25 Who is considered the owner of all City data placed in the system? YES The City is the
Owner of all City
data
S26 In what format(s) can the data be exported out in the event of
contract termination?
YES Multiple to suit the
City's purpose.
S27 Does the system's coding use secure software development
standards in order to mitigate the OWASP top 10 vulnerability risks?
YES
S28 Has all backdoor developer/admin access commonly used during
software development been removed from the production system?
YES
S29 Can the vendor provide an attestation statement from a reputable
security audit/penetration testing company that the system meets
current standards and best practices for providing data
confidentiality, integrity and availability?
YES
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Project #2022-004
41
S30 Component purchases from approved vendors are tightly controlled
and prequalified. Software from other vendors is inspected,
reviewed and validated before being accepted as part of the
solution.
YES
S31 Can you provide the City with an SBOM? YES
S32 Colorado's personal identifying information protection law CRS 24-
73-102 places certain requirements on the City and third-party
service providers working for the City. Vendor must agree in the
contract that they are maintaining reasonable security procedures
and practices as listed in the statutory requirements.
YES
S33 Colorado's data protection law CRS 6-1-713 places certain
notification requirements on the City. Vendor must agree in the
contract to notify the City in the event of a data breach as soon as
one is suspected to have occurred, regardless of the need for
further investigation or forensics examinations to verify such
breach.
YES
SUPPORT, HOSTING, AND SECURITY AS A SERVICE
Upon go-live, REVISION will provide first year support, hosting and Security as a Service according to the
provisions of Exhibit D, the Service Level Agreement.
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
1
EXHIBIT B: FEE SCHEDULE
This exhibit presents the fees and other costs associated with this project.
Initial Costs
Initial costs include those associated with project delivery (from inception through go-live). For
this project, the only initial cost is the cost of REVISION’s professional services associated with
implementation.
REVISION IMPLEMENTATION SERVICES: $ 289,500 TOTAL, NOT TO EXCEED
These services will be paid for on a milestone basis, with the final 10% paid after go-live. The
implementation services involve using WordPress (which is no cost), REVISION’s REVSync
file and data synchronization application (which is capable of exchanging, replicating and
transforming data between multiple platforms), and existing APCHA HomeTrekTM software and
other related existing software systems. There is no additional licensing cost associated with the
solution, and Salesforce Community license costs are anticipated to be reduced or eliminated.
Clarifications and verifications of requirements are within the scope of the project and will not
result in change orders. However, items such as new uses cases that were previously
undocumented, or functional changes introduced due to APCHA infrastructure changes, would
be handled as change orders.
Ongoing Costs
Support
For the first year post-go-live, REVISION will provide a block of 400 support hours for APCHA
to access as deemed necessary.
Based on an average of 100 hours of support per quarter, REVISION will collaborate with
APCHA to develop a work backlog for each upcoming quarter. The work backlog will
include a preliminary estimate of time needed to complete known key priorities. Four (4)
hours per week will be reserved for on-going, unanticipated support needs and to maintain
flexibility to increase hours on planned tasks should it be needed.
Quarterly support needs assessment:
o Should support use trends show a need for more support than was originally planned,
on a quarterly basis APCHA and Revision will collaborate to: 1) remove an item from
the work backlog to reduce support demand, 2) shift support hours between quarters
(increase hours for a period of time), and/or 3) increase the total bank of support
hours (increasing the support budget). Revision may not be able to guarantee
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
2
resource hours above an average of 100 hours per quarter, nor to provide an increase
in the total number of hours of support purchased for the year, however.
o Should support use trends show a need for less support than was planned, on a
quarterly basis APCHA and Revision will collaborate to 1) add an item to the work
backlog, 2) shift support hours to a future quarter, and/or 3) decrease the total bank of
support hours available in the future (reduce the budget for support).
Payments for support will be made in advance on a quarterly basis, based on the quarterly
support needs assessments. Unused hours are anticipated to be minimal and will roll over to
subsequent quarters during the first three quarters of the year. At the end of the support year,
unused hours exceeding 40 will be lost and not refunded; hours totaling 40 or less will be
rolled over to support for the next coming year.
Year One Support Hours Available: 400 hours total (100 hours per quarter)
Charge per hour: $150, minimum 30 minute charge per call/issue.
Total support charge for year one: $60,000
After Year 1, APCHA and Revision will revisit this support model, after there has been time to
review past history as a base. Thereafter, the two entities will collaborate to either continue the
support model above or to select a different best practice support model.
Hours of support and other support details are in Exhibit D, the Service Level Agreement.
Hosting and Security as a Service
For 12 months post-go-live, and at the City’s discretion annually thereafter, Revision will
provide services for hosting and security. The services shall include those elements described in
Table 2 below. The details of the hosting arrangements (including where the hosting will occur),
as well as the detailed tasks associated with security as a service, will be finalized during the
initial project discovery phase. The level of detail is anticipated to be similar to that in the
sample Information Security Analysis Workbook provided to APCHA by Revision on May 25,
2022. The agreements for hosting and Security as a Service must meet requirements already
spelled out in this contract as well as receive final approval by the APCHA Director. Each year
REVISION will collaborate with APCHA to reassess hosting and security needs, and the parties
may agree to augment and/or discontinue some or all of these services for the upcoming year.
Total Annual Hosting and Security as a Service Fee: $22,500
Table 2: First Year Costs for Hosting and Security as a Service
BASIS MONTHLY
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
3
HOSTING
Dedicated Virtual Machines (Application, Database, API Services).
$1500.00
Bandwidth 200GB/month
Storage included 25GB
Operating System LINUX and/or Windows Server
Database ORACLE (Aurora) MySQL
SECURITY-AS-A-SERVICE $375.00
MONITORING
(Availability ping and event monitoring)
$25.00
FRAMEWORK UPDATE MAINTENANCE
(Core framework)
$250.00
ADD-IN UPDATE MAINTENANCE
(Hometrek™2 only- Optional non-Core Plugins not included)
$0.00
WEB APPLICATION FIREWALL (WAF) SECURITY $100.00
SUPPORT (Included in proposed annual
support fee)
TOTAL $1875.00
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
4
Pricing Assumptions, Risks, Exclusions
General Assumptions:
General Assumptions for REVISION
▪ Project will be executed in Agile methodology with the REVISION and the APCHA team
working remotely. Our assumption is that all identified business Use Cases will be
completed within the planned number of two-weekly sprint cycles, defined in our project
plan. REVISION’s cost estimate is based on a 22 week maximum period of performance,
extensions to that period of performance, due to City resources (team, infrastructure, other
licensing, City Vendor capabilities) may impact the period of performance estimated.
▪ We assume that remote collaboration will be delivered using Microsoft® Teams™, or
Aspen’s preferred online meeting tool that the REVISION team is able to access.
▪ Travel is not anticipated, but in the event that it is required, REVISION will be
reimbursed for project-related expenses including but not limited to parking
expenses, as well as any required travel by out-of-town resources including but
not limited to hotel, mileage and/or a trip charge, food per diem and parking
costs.
▪ We assume that any necessary integrations (Paymentus, SharePoint, Salesforce
data exchange) are enabled by City of Aspen licensing and configurations.
Any additional integrations will be costed outside of the scope of this project.
▪ REVISION assumes that the portal solution shall be WordPress. Should the City
select an alternative portal platform, the scope of our response shall be re-defined
and re-estimated.
▪ REVISION’s cost estimate is based on the proposed architectural/functional components
herein. Any changes to the componentry or architectural model may attract cost changes.
▪ The 8 hours of training included in the Knowledge Transfer statement (not including the
knowledge transferred during the Sprint cycles (acceptance) will be provided to key
Users. Training will be conducted via Teams online demonstrations and systems
walkthrough. System guides to the capabilities delivered will provide the basis of City
training documentation, created by the City.
▪ If Knowledge Transfer or Training identify any functional or interface changes or new
Use Cases not identified during the Design phase, REVISION will maintain a backlog on
behalf of the City for consideration, and REVISION will provide an estimate for delivery
of the backlog items at the request of the City.
▪ REVISION’s system documentation will be comprised of a configuration workbook
and visual use case descriptions.
▪ Hourly rates will automatically increase 3% annually beginning 12 months after effective
date.
▪ Acceptance tasks and activities will be performed by the City during each sprint cycle
for business capabilities presented at the close of each cycle.
▪ Deliverables are assumed to be accepted after 5 business days unless rejected by the
identified City of Aspen Decision Maker in writing with reasonable details defining the
issues to be corrected.
General Assumptions for City of Aspen
▪ City of Aspen will provide copies of current documentation including any process,
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
5
design or architecture documents already created.
▪ Aspen will provide the appropriate project team members for the project, and commits to
performing their responsibilities in a timely manner. Aspen will provide test data for all the
testing stages for all environments (development, test, full sandbox) in the form of Excel,
.csvfiles. Test data may include actual data.
▪ Maximum number of City of Aspen training sessions is limited to 6, as described in the
Statement of Work (Exhibit A).
▪ Upon notification by REVISION that updates have been deployed in the test environment:
City of Aspen will promptly perform testing and shall provide findings of such testing to
REVISION within 5 business days.
▪ City of Aspen shall provide REVISION with timely access to the sandbox(es)
environment to investigate and troubleshoot identified issues.
▪ Aspen will provide REVISION with a single point of contact within a week of starting the
engagement, and will assist in getting the meetings scheduled without delays, as this
would extend the timelines and cost of the exercise
▪ City of Aspen will provide design assets for the new system, including marketing and
branding assets.
▪ City of Aspen will be responsible for all software license procurement and cost.
▪ If City of Aspen requests REVISION to assist in the technical documentation,
troubleshooting and fix resolution of any Salesforce, Conga or non-WordPress system
bug, the work effort for this additional support will require a Change Request.
▪ Any change in scope, efforts, and/or timeline by City of Aspen will be discussed
during sprint planning and grooming meetings.
▪ Any significant delay in the project caused by the City of Aspen will be addressed through
a change request, per the provisions of the PSSA.
▪ City of Aspen is responsible for hosting developed applications and providing server(s)
with all necessary licensed software which should be installed and configured. City of
Aspen is responsible for configuring firewalls to enable Internet, file, database, and
interface access.
▪ Members of City of Aspen management and staff directly vested in the success of this
project will be available to participate in ad-hoc workshops and scheduled daily
meetings.
▪ Deliverables are assumed to be accepted after 5 business days unless rejected by City
of Aspen Decision.
General Assumptions for Both Parties
▪ Efforts needed for any value adds will be discussed in sprint planning
sessions and will be considered as an input to the backlog for the City to
discuss independently with the Change Control Board.
It is assumed that a Monday will be selected for sprint start date
The project design phase is the mitigation plan for design or functional changes,
that could be considered a change order versus a clarification of requirements.
Examples of changes are:
o New Use Cases (previously undocumented).
o Functional changes introduced due to City infrastructure changes.
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
YOUR DIGITAL TRANSFORMATION PARTNER
Proposal to
City of Aspen
For
RFP for Community Platform
Project # 2022-004
Proposal Due Date & Time
February 28, 2022 @ 2:00pm (MTN)
REVISION, Inc.
1337 Delaware Street
Denver, CO 80204
Contact: Pam Neal
T: 303.478.6878
Pam.neal@REVISIONinc.com
www.REVISIONinc.com
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Table of Contents
EXHIBIT F: BID PROPOSAL FORM ....................................................................................................................... 3
Cover Letter ....................................................................................................................................................... 5
Section 1 – Executive Summary ......................................................................................................................... 6
Company Introduction ................................................................................................................................... 6
Primary REVISION Contact for this Procurement .......................................................................................... 8
Technology Overview ..................................................................................................................................... 8
Technology Model Approach ..................................................................................................................... 9
Solution (eBOM) Bill of Materials ................................................................................................................ 12
Section 2 – Technical Proposal......................................................................................................................... 14
Project Management Approach from Kickoff through Post Deployment ................................................... 14
Facilitated Activities ..................................................................................................................................... 14
Approach to clarifying and finalizing processes and requirements ............................................................. 15
Approach to designing, documenting, testing, final UAT and portal implementation .................................. 0
1. Planning.............................................................................................................................................. 0
2. Execution ............................................................................................................................................ 1
3. Documentation .................................................................................................................................. 1
4. Evaluation .......................................................................................................................................... 1
5. Reporting & lessons learned .............................................................................................................. 1
Project communication approach and responsibilities ................................................................................. 1
City and Vendor roles and responsibilities .................................................................................................... 2
The Technology Team roles that REVISION is proposing are: ....................................................................... 4
Key Functionalities and Performance Features of the Proposed Portal ........................................................ 4
Business Capabilities contributing to the TO-BE Outcome delivered by WordPress ................................ 5
Portal Screen-captures ................................................................................................................................... 9
System security features, including certification level of data center(s), data backup capabilities,
secondary site availability and disaster recovery RTO and RPO. ................................................................. 16
Business Resilience .................................................................................................................................. 18
Approach to APCHA staff training, including number of days and types of on-site training and online
training, and staff required to attend .......................................................................................................... 21
Approach to First Year Support Post-Go Live .............................................................................................. 21
Approach to Ongoing Support ..................................................................................................................... 22
Warranty Term and Coverage ...................................................................................................................... 22
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Out of Scope ................................................................................................................................................. 23
Project Schedule .......................................................................................................................................... 23
Subproject: Optional Website Build............................................................................................................. 25
Section 3 – Qualifications................................................................................................................................. 25
Qualifications and Expertise ........................................................................................................................ 25
Knowledge and Skills Transfer ..................................................................................................................... 27
Section 4 – References ..................................................................................................................................... 30
Section 5 – Pricing ............................................................................................................................................ 32
Initial Costs ................................................................................................................................................... 32
Charges Associated with Change Orders ..................................................................................................... 32
Ongoing Costs .............................................................................................................................................. 32
Schedule for Project Charges ....................................................................................................................... 32
Appendix ...................................................................................................................................................... 35
Landing page after authentication: .......................................................................................................... 35
Check Lottery Results ............................................................................................................................... 35
View Upcoming Lotteries ......................................................................................................................... 36
Rent/Apply ............................................................................................................................................... 37
Buy/Apply ................................................................................................................................................. 46
Pay Online: ............................................................................................................................................... 56
Sell / My Ownership ................................................................................................................................. 57
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
EXHIBIT F: BID PROPOSAL FORM
PROJECT NO.: PROJECT # 2022-004
BID DATE: February 28, 2022 - 2:00pm, Mountain Time
PROJECT: Community Online Platform
PROPOSAL SUBMITTED BY: REVISION Inc.
BIDDER
BIDDER’S BID PROPOSAL
TO: The Governing Body of the City of Aspen, Colorado
The undersigned responsible bidder declares and stipulates that this proposal is made in good
faith, without collusion or connection with any other person or persons bidding for the same item,
and that it is made in pursuance of and subject to all the terms an d conditions of the
advertisement for bid, the invitation to bid and request for bid, all the requirements of the bid
documents including the specifications for this bid, all of which have been read and examined
prior to signature. The bidder agrees to keep this bid open for Sixty (60) consecutive
calendar days from the date of bid opening.
The City of Aspen reserves the right to make the award on the basis of the bid deemed most
favorable to the City, to waive any informalities or to reject any or all bids.
By signing this document, Bidder certifies and represents that at this time:
(i) Professional shall confirm the employment eligibility of all employees who
are newly hired for employment in the United States; and
(ii) Professional has participated or attempted to participate in the Basic Pilot
Program in order to verify that it does not employ illegal aliens.
I hereby acknowledge receipt of ADDENDUM(s) numbered 1 through
KN
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Description of Item(s) to Be Purchased
Description Quantity Cost Per Total
Secure Portal Framework
(WordPress v5.9) External Community Portal
Website CMS
2
(Acceptance/Test
and Production)
GPL License
(zero cost basis)
$0.00
Hosting 4 Virtual Machines Recommended
to be City IT
infrastructure
$0.00
REVSync data and file synchronization
module
2
(Acceptance/Test
and Production)
Included in
project award
$0.00
Optional - GoogleMaps™ API for WordPress
Plugin v 8.1.20
2
(Acceptance/Test
and Production)
Standard key optional
Implementation services 1 $289,500.00
Year 1 (Tier 2 – Tier 4) support services 400 $150/hr $60,000.00
$349,500.00
Total Bid in Numbers: $349,500.00
Total Bid in Words: Three hundred forty nine thousand and five hundred dollars.
I acknowledge that in submitting this bid it is understood that the right to reject any and all
bids has been reserved by the owner.
Authorized Officer: Khalil Nasser ,
Title: President & CEO
Full name signature:
Company address: 1337 Delaware Street, Denver, CO 80204
Telephone number: 303-618-0799
Email: khalil.nasser@revisioninc.com
Attested by:
John “Zack” Rozga, COO KN
Contractor’s Initials
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Cover Letter
February 28, 2022
Dear Ms. Voidani and Proposal Evaluation Team:
Re: RFP # 2022-004 – Community Platform
REVISION is pleased to provide a proposal to the City of Aspen for the implementation of a new online
Community Platform for the Aspen Pitkin County Housing Authority (APCHA). REVISION brings decades
of experience designing and implementing frameworks and custom-developed, fully integrated solutions
for our clients, to enable them to achieve cost savings, improve ease of use and increase communication
and productivity across all constituents.
As evidenced in the content of this response to the City of Aspen, REVISION is uniquely qualified to serve
the City of Aspen and APCHA for this project for the following key reasons:
• Our team has a detailed and documented understanding of the existing HomeTrek solution, its
components and integrations, strengths and areas considered for improvement, and can effectively
implement a fresh solution without a lengthy discovery phase. The benefit to the City of Aspen is
reduced project period, reduced impact to City of Aspen teams and reduced cost.
• We have proven and demonstrated experience implementing community portals for other clients that
communicate and synchronize data and files with Salesforce® and the ecosystem of partner
technologies such as Sharepoint™ Conga® AdobeSign™, Docusign®, Experian®, USPS, OKTA™ and
others. Our past performance on similar projects has provided significant cost savings and return on
investment for our Clients. The benefit to the City of Aspen is minimized risk in re-using proven
methods and experience delivered by team members who have ‘walked this exact walk’.
• REVISION’s practice areas provide cover for not only all the technology process needs voiced in the
City’s Request for Proposal, but as importantly the business, security and compliance aspects known,
predicted and mentioned in the Technical Requirements Exhibit.
• We possess the skills ‘in-house’ in all practice areas to support this vital implementation including
integration inter-dependencies, business continuity and disaster recovery best practices and
organizational change management, knowledge transfer and training. The benefit to the City of Aspen
is optimal risk-management, achievable expectations, solution adoption and removal of un-necessary
business friction.
REVISION is proud of our past performance working with the City of Aspen and APCHA. We are passionate
about this project and stand ready to help your team achieve the goals and objectives for this initiative.
We look forward to serving as your partner and trusted advisor on this opportunity. Thank you for your
consideration of REVISION Inc.
Warmest Regards,
Pam Neal
Client Engagement Manager
REVISION Inc.
303-478-6878
Pam.Neal@revisioninc.com
www.revisioninc.com
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Section 1 – Executive Summary
Company Introduction
REVISION Inc. (REVISION) has been in business for over 23 years and was founded in 1998. REVISION is a
privately-held business and is incorporated Colorado, in Good Standing with Colorado’s Secretary of State.
REVISION’s focus is on providing IT Solutions and Management Consulting Services to public sector
organizations at all levels. Our website is found by: www.revisioninc.com
REVISION’s headquarters are located at 1337 Delaware Street, Denver, CO 80204. Our office phone
number is 1-877-803-8220. Our employee teams are based in Denver, Washington, DC., Virginia, Maryland,
New York and California. REVISION prides itself on providing clients with best of breed software solutions
and superior customer service. This is apparent in the long term relationships that have developed with
our clients over the years. REVISION builds trust with our clients through: Transparency, Responsibility,
Accountability and Quality.
REVISION Service Offerings:
REVISION estimates, based on the information provided in the RFP, a project period of performance for the
primary project, of 22 weeks. This proposed period of performance will be validated with APCHA during the
project inception phase. We respect the availability of City team members.
This period is dependent on several factors, elaborated in our project assumptions, including:
City of Aspen stakeholders, subject matter experts and team remaining consistently engaged
actioning decisions, required sandbox environments, existing documentation, software licensing,
componentry, add-ins, access to integrated platforms and communications with authorized integration
partners.
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
REVISION Organization ‘at-a-glance’
Strategic Partnerships
REVISION remains fiercely agnostic of technology preference, always providing technology
recommendations in an unbiased manner, with no reward from service or software publishers. However,
we maintain a handful of partnerships that provide us with strategic insight, industry best practice findings,
training, direction and cooperative purchasing benefits, where our Clients have already determined a fit.
(REVISION does not sell or resell software). The partnerships we maintain include:
Additionally, we maintain certifications within our team to advise on various compliances to standards and
statutes in benefit of our Clients.
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Client Testimonials
REVISION strives for long term, meaningful partnerships with our clients. Find here are a few testimonials
from our client list:
“...The REVISION team successfully delivered this project within a very tight timeframe, and within a
limited budget, enabling my organization to become fully operational in a matter of months.”
Sophia A., Director
Colorado Office of Public Guardianship
“I have worked with REVISION on a number of different initiatives over the years. Most recently was
their assistance in providing support for the Salesforce platform and the successful delivery of
numerous applications for our customers. They provided requirements, development and strategic
support and delivered on time and on budget.”
Michael W.
Senior Director, Platform Services at Colorado Governor's Office of Information Technology
“REVISION has been a trusted partner since 2020. They are very agile in their approach to help meet
our needs in an ever-changing data world. The staff have been extremely knowledgeable and
professional and have helped us successfully launch our enterprise data governance program. We
aren’t stopping there, and we have engaged REVISION again to help us create a production enterprise
data warehouse environment and begin onboarding our data for high-profile projects.”
Gail U., Analytics & Information Management Manager
Central Arizona Project
Primary REVISION Contact for this Procurement
Ms. Pam Neal
Client Engagement Manager
1337 Delaware Street
Denver, CO 80204
Phone: 303-478-6878
Email: Pam.Neal@revisioninc.com
Technology Overview
REVISION is primarily a consulting and services organization harboring an agnostic view to specific
technologies in benefit of our clients to ensure transparency in our technology selection processes. In
response to the City of Aspen and APCHA’s RFP #2022-004, we have pre-selected a technology platform
that carries proven integration mechanisms with the City’s IT systems and architecture. Therefore,
REVISION recommends a zero-license-cost secure portal framework that will support and enable the three
primary objectives, in addition to the secondary subproject:
1. Improvements in Ease of Use: from the staff perspective and as well as the perspective of
external customers, improved ease of use is a priority.
2. Reduction in Licensing Costs: APCHA is seeking a solution with limited or no annual licensing
charges for Community Users.
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
3. Better Options for Communication: APCHA is seeking to broaden the methods of
communication available for APCHA staff and Community Portal users.
4. Better integrate the functions of the CivicPlus Website and the HomeTrek™ System.
(www.apcha.org and www.apchahometrek.org).
Note: Although the portal recommended can facilitate the secondary subproject, this capability can be
enabled at any time in the future. Our goal has been to select a technology capable of many future
technology needs and integrations. Elsewhere in this proposal we provide a Risk Analysis to substantiate
the selection criteria.
Our Technology Overview provides a high-level description of the proposed technology solution and the
components of which it is comprised. Details regarding the specific scope, timeline and delivery approach
are provided in subsequent sections.
We begin with a high-level “AS-IS”, and the desired “TO-BE” views, as interpreted from the documentation
kindly provided by the City of Aspen. REVISION fully understands the delta between the “AS-IS” and the
“TO-BE” and is confident in the ability to partner with the City of Aspen to realize the desired state and any
optional capabilities or services selected.
Technology Model Approach
Our high-level understanding of the existing APCHA ‘AS-IS’ capability model is presented here, as a baseline
to describe where changes shall occur.
1. The ‘AS-IS’ APCHA capability model.
As mentioned in our approach to requirements elaboration, REVISION believes in presenting ideas, notions,
solutions and questions diagrammatically, which we have found facilitates meaningful and more swift
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
resolution to alignment of understanding. Hopefully this facilitates an understanding of our responsiveness
to the City’s request, but we welcome any questions or requests for clarification in an alternative medium.
In response to the RFP requirements (found in Exhibit A), REVISION presents here, diagrammatically:
2. The ‘TO-BE’ APCHA capability model.
Many of the integration and communication services described already exist, although may be arranged to
take advantage of common control mechanisms in place (firewalls, gateways, route-handlers, etc.).
Note: Unrepresented are the interval and throttling considerations related to data synchronization (Portal<-
>Salesforce) to ensure that existing APIs and Service connections are not attracting un-necessary additional
subscription costs. These settings are configurable by City Administrators.
REVISION is comfortable ensuring that throttling limits are known to all and the appetite for cost-control is
implemented through approved configuration and security rules.
Both ‘TO-BE’ states presented here (with and without CivicPlus replacement) demonstrate optional
enhancements (Payment Gateway configuration and usable location (map) presentation) yet little to no
change to the existing internal workflow processes, ensuring a manageable business transition. REVISION
recognizes the importance of limiting the need for re-training of internal City Users.
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
3. The ‘TO-BE’ APCHA capability model including the replacement of the CivicPlus content
management system.
What is not communicated in this diagrammatic representation are the Content Management features and
capabilities far greater than the existing CivicPlus platform. Not only does this solution provide the
capability of placing absolute content control in the hands of the City, but resilient processes such as
content creation, moderation, review and multi-level approval workflow cycles to prevent in-appropriate
sharing or non-compliant presentation in support of the Americans with Disabilities Act.
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
4. A visual presentation of the components REVISION will deliver for this project.
Above is a diagrammatic representation of the technology elements REVISION intends to introduce into the
City of Aspen’s technology ecosystem. (Existing systems greyed-out are to provide context). The elements
are interoperable with existing City of Aspen systems and are sufficiently flexible to scale and change
should the City’s needs change in the future.
The REVSync file and data synchronization application is capable of exchanging, replicating and
transforming data between multiple platforms, should either of the platforms described here change in the
future. Flexibility is built in, maintaining choice going forward.
This capability is based upon a synchronization and security technique developed some years ago for one of
the largest financial institutions in North America. It is tried and trusted, and can be leveraged for not only
synchronization, but also archiving of data (structured) and files (unstructured).
Of important note is the service-based nature of the TO-BE solution to eliminate dependencies on a
platform or Vendor. For example, should the Portal, or Salesforce™ become a candidate for replacement in
the future, avoidance of “hard-wiring” integrations through the use of services, enables the flexibility to
“swap-out” systems, components and capabilities in the future.
Solution (eBOM) Bill of Materials
The table below in this section describes the solution component manifest (“engineering bill of materials”)
that will be configured/delivered as elements of the TO-BE solution. All specific scope/requirements for
these components are contained in the requirement matrix (Exhibit A Technical Requirements). In the
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
event there is a discrepancy between this list and Exhibit A, Exhibit A will serve as the binding scope for the
contract.
Clarifications of deeper detail for specific requirements during the Design phase is anticipated and planned
for inclusion in the initial development sprint(s), should the Agile methodology suit the City of Aspen. Any
clarifications will be incorporated into Exhibit A, by REVISION, to substantiate the foundation of knowledge
transfer for the City of Aspen. REVISION is also prepared to assist the City in updating the Salesforce™
Configuration Workbook to ensure supportability in the future.
Component
Platform/Category
Component Description Component Business Value
Salesforce Service Cloud Maintenance, creation/updates to Account
(Personal, Planned/Preferred, Financial)
Management, Application Process, Unit
Management, Case/Request Management,
Submission, monitoring and tracking.
Secure Portal
Framework
(WordPress v5.9)
External Community Portal
Website CMS
Property / Unit information location (map) presentation
(GoogleMaps™ or similar, better serving interested
parties and promoting ease of use).
Customer Self-Service:
• Registration (Onboarding, offboarding and
identity management)
• Authentication and Authorization
• Application submission
• Document(s) submission
• Payment status
• Payment submission
• Maintenance request process
• Move-out request process
• Lease extension/ renewal request
• Submission/request status
• Approval process
• Feedback mechanisms
Any or all of the Portal data can be synchronized, archived
or replicated to City systems, including Salesforce™.
Secure Portal
Framework
Add-In Components REVSync data and file synchronization
Paymentus Gateway API Integration
Optional - GoogleMaps™ (or similar) for unit location
Address Verification and/or Validation (Experian, USPS or
similar)
Theme configuration to adopt the City of Aspen style
guide
Section 508 ADA Compliance.
Localization (language) control.
Enhanced (simplified) content management.
SEO (Search Engine Optimization) as required, for both
prospective national and International Renters.
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Aspen Service
Provider
Conga (may include Docs, Sign,
Trigger, Batch)
Document Creation, Control and Automation.
Aspen Service
Provider
Microsoft® Exchange™ Email, calendar, tasks, attachments, SharePoint®
productivity and repository solutions
Aspen Selected
Service
ArcGIS, other GIS,
GoogleMaps™ and/or
similar
Visualize Salesforce data in map-based presentation
APCHA
Application
Portfolio
OKTA SSO Provider (requires confirmation) providing a secure
identity management abstraction layer
APCHA
Application
Portfolio
Government & City Brochure
Website Content Management
(CivicPlus)
Potential API/webservice integrations (optional) to
present internal to external data reports/statistics.
Section 2 – Technical Proposal
Please find here a description of the technical aspects of REVISION’s software and service offering.
Project Management Approach from Kickoff through Post Deployment
For a software implementation and development project such as this, REVISION will follow a proven
blended methodology to ensure alignment with goals and strict budgetary control in benefit of the City of
Aspen. While the software configuration and development are best suited to be delivered using an Agile
approach, the first two phases (Inception and Design) do not attract attendance and effort on behalf of the
City of Aspen team for all Agile ceremonies. This process, employed at kickoff allows the City of Aspen to
determine the responsibilities and cadence of your team to reduce the impact to the City of Aspen’s regular
workload, priorities and commitments.
Facilitated Activities
Inception:
Project Inception will include the following key activities:
• Co-authoring the Project Charter
• Defining Business objectives and confirming the project organization
• Team roles and commitments
• Responsibilities as Partners, and as a collective team
• Identifying the Product Owner
• Resolving assumptions
• Confirming City team availability, cadence, schedule and important milestones
• Defining a communication plan as considered meaningful by the City
The APCHA Stakeholder team is expected to invest up to twenty (cumulative) team hours in this phase.
Design:
Solution Design will include the following key activities:
• Workshops to refine the project backlog
• Review of As-Is and To-Be processes mapped to the TO-BE technology model
• Define the Business Cases and populate the User Stories
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
• Establish phasing, tentative sprint plan and prioritization with business context
• Classify backlog into OOB, Configuration, Coding as committed in this response
• Determine data migration, cleansing and unknown integration needs
The APCHA Stakeholder and SME team is expected to invest up to forty (cumulative) team hours in this
phase to review and confirm the intentions and clarify nuances of the project goals, including impact to
any additional or competing priorities.
Build:
The construction activity will fuel the sprint plan over three phases and deliver the functional design,
build and STQA (Software Testing and Quality Assurance) in support of Solution Acceptance. All
identified components, configurations and solution deliverables shall be tested for functional capability
and User Acceptance. This testing may require associate team members such as Stakeholders from the
City’s Security organization and GRC (Governance, Risk and Compliance) representatives.
The APCHA team is expected to invest up to thirty cumulative team hours per sprint. Sprints are currently
planned for two week cycles but can be adjusted should the intensity of participation cause interruption to
business-as-usual cadence.
• A commitment of twenty team resource hours for Sprint Planning, Sprint Execution, Reviews
and Sprint Retrospective
• Up to an additional ten resource hours invested in testing of the delivered functionalities.
STQA, Knowledge Transfer and Training:
• Test Strategy: This is one of the most important activities that will detail the strategy that will be
used while testing.
• Test Coverage: This is essentially required and it will provide conformance mapping of the
business needs and the test cases to ensure all system aspects have been tested.
• Test Cycles and Durations: Employing the regular iteration process (Agile) development results
ate tested at the end of each sprint cycle.
• Pass/Fail Criteria: The criteria will be agreed in order to validate testing results.
• Business and Technical Requirements: These artifacts will provide the basis for the test plan
scope.
Support:
Post Implementation support is covered elsewhere in this document.
Approach to clarifying and finalizing processes and requirements
Requirements are typically categorized into two types: functional and non-functional.
Functional requirements relate to a product’s functionality: capabilities, usability, features, and operations
as they relate to the intended purpose. While the project outlines the high-level goals and requirements of
the desired solution, our designs provide a more in-depth elaboration of these requirements.
Non-functional requirements encompass anything not related to the solution’s functionality, for example,
its performance, stability, security, and technical specifications.
REVISION’s approach to clarifying and finalizing requirements relies upon the proven techniques of:
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
• UML (universal modeling language)
• Visual Use Cases including prototypes and wire-frames to convey notions and agree expectations.
• PoC (proof-of-concept) software frameworks to ensure that not only design but workflow can be
examined and tested.
The two primary UML methods we will employ in this project are:
Behavioral diagrams- representing the functioning of a system. Examples include:
• Activity diagram
• Use case diagram
• State machine diagram
Interaction diagrams- a subset of behavioral diagrams, these are used to visualize the flow between
various use case elements of a system. Interaction diagrams are used to show an interaction between two
entities and how data flows within them. Examples include:
• Timing diagram
• Sequence diagram
• Collaboration diagram
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Approach to designing, documenting, testing, final UAT and portal implementation
REVISION pursues a five step plan for UAT.
1. Planning
2. Execution
3. Documentation
4. Evaluation
5. Reporting & Lessons Learned
This starts in the design phase to ensure consistency in the implementation cycles. The design confirms the
business requirement, the priority and the audience of the capability. The documentation of these factors
in the backlog results in more efficient and accurate grooming and effort estimates in development. This in
turn reduces risk in any confusion of lack of clarity of the desired outcome, and reduces test cycles.
1. Planning
Planning User Acceptance Testing efforts is vital and must cover the following areas:
Scheduling & time management
During the sprint cycles the commitments offered at Inception must be honored. The system to track
requirements shall be used to track testing as the confirmed Use Cases/Stories form the backbone of the
testing scripts. REVISION will present a UAT plan and the collective team will define the schedule.
Team requirements
The plan will capture, who will test what, and the acceptance criteria will be clear. Ideally testers should
include all Stakeholder teams to ensure engagement and exposure to the project progress. We attempt to
capture this notion in a diagram here below.
Communication & Issue strategy
While executing the defined UAT test cases you need to make sure to have a User Acceptance Testing
workflow in place which deals with bugs, issues, and other problems.
• How will issues be reported and documented with appropriate severity?
• How can testers communicate problems?
REVISION and the City will determine the appropriate platform to promote ease of use, ease of access and
knowledge capture.
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
UAT checklist
REVISION will provide a User Acceptance Testing checklist template for consideration
2. Execution
The test cases can be executed in person or remote, as long as both quantitative and qualitative data is
captured.
3. Documentation
Documenting User Acceptance test results must occur at test execution. While execution is important
clearly defined templates for capture is a key factor.
4. Evaluation
As a process of continuous improvement it is important to evaluate if the defined criteria are tested and
met. The quantitative and qualitative data documented must be analyzed and consideration given to:
• How many testers completed the test cases?
• What was the overall rating of these test cases?
• What was the overall subject matter expertise of each tester?
5. Reporting & lessons learned
During the evaluation phase data is collected, aggregated and analyzed. The reporting phase builds the
bigger picture. The goal of this phase is to gather insights and lessons learned which will support
improvement of each subsequent test case and UAT workflows.
User Acceptance Tests are often conducted at the end of a software development phase. REVISION’s
approach is to test iteratively and often as the later problems occur, the more expensive they are to
resolve.
Project communication approach and responsibilities
Planning
REVISION schedules a project kickoff meeting with you to launch the project. This provides the opportunity
to introduce REVISION’s Salesforce certified consultants who will be working on your project, and for us to
get to know your team. We ask you to invite your key project stakeholders including the project sponsor
and executive team, subject matter experts and process owners. REVISION’s agenda for this meeting
typically looks like this:
• Introduce Team Members
• Confirm understanding of project scope and work approach
• Confirm business objectives and success factors
• Review how the project will be executed
• Establish a communication schedule for project status meetings and standups.
• Define the overall Project Schedule
• Plan next steps including the Business Process Review workshop.
• Get access to your instance of Salesforce.com
Governance
REVISION strives for a “no-surprises” approach to project delivery and has implemented process and tools
to drive transparency and make it easy for clients to work with us. To keep projects on schedule and clients
engaged we utilize the following practices:
• Recurring Stand-ups: These short, frequent project team meetings with the City of Aspen representatives
are designed to cover what progress has been made, key short term goals and what is needed from the City
of Aspen.
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
• Weekly Status Reports: Status reports share the project accomplishments for the week with deliverable
level status, action items and key upcoming goals. (See below for additional details regarding Weekly Status
Reports.)
• REVISION’s smartSTATUS Portal: Selected City of Aspen team members will be provided access to
REVISION’s web based portal to view real-time project progress, requirement level status and to
collaborate on requirements, definition, and testing.
• Project Steering Committee Meetings: These meetings, either pre-scheduled or ad-hoc, bring REVISION
and the City of Aspen leadership together to discuss progress at an executive level and make changes or set
direction as required.
Weekly Status Reports
During the course of the project, the REVISION Project Manager, the City of Aspen Project Manager, and
project team members input extensive project management content into REVISION’s online project
management tool, smartSTATUS. On a weekly basis, the REVISION Project Manager will generate a Status
Report directly from smartSTATUS reflecting this comprehensive input.
City and Vendor roles and responsibilities
In keeping with our methodology of diagramming notions, requirements and statements to make them
easy as possible to absorb, we provide a Venn diagram to convey not only the team needs but how they
will engage and interact.
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
The City of Aspen Team roles that REVISION predicts are:
• Project Sponsor
• Product Owner
• HomeTrek™ Subject Matter Expert(s)
• Salesforce/Conga Administrator
• SharePoint Administrator
• Paymentus Administrator
• Web Content Design Advocate
• IT Security Architect/Representative
The Technology Team roles that REVISION is proposing are:
• Client Engagement Manager (key resource)
• Solution Architect (key resource)
• Scrum Master/Project Manager (key resource)
• Salesforce Administrator/Developer
• Salesforce Database Developer
• Secure Portal Full Stack Developer
• Security & Risk Analyst
Key Functionalities and Performance Features of the Proposed Portal
WordPress is a dynamic open-source portal and content management system which is used to power
millions of websites, web applications, and blogs. It currently powers more than 43% of the top 10
million websites on the Internet. WordPress’ usability, extensibility, and mature development
community make it a popular and secure choice for websites of all types.
• Simplicity - Simplicity makes it possible for Users to implement and use the capabilities, quickly.
Nothing should get in the way of you getting your portal up and your content out there. WordPress
is built to make that happen.
• Flexibility - With WordPress, you can create any type of portal you need: a secure portal, a blog, a
business website, a professional portfolio, a government website, a magazine or news website, an
online community, even a network of websites. You can make your website beautiful with themes
and extend it with plugins. You can even build your own application.
• Publish with Ease - If you’ve ever created a document, you’re already a whiz at creating content
with WordPress. You can create Posts and Pages, format them easily, insert media, and with the
click of a button your content is live and on the web.
• Publishing Tools - WordPress makes it easy for you to manage your content. Create drafts,
schedule publication, and look at your content revisions. Make your content public or private, and
secure posts and pages with a password.
• User Management - Not everyone requires the same access to your website. Administrators
manage the site, editors work with content, authors and contributors write that content, and
subscribers have a profile that they can manage. This lets you have a variety of contributors to your
website, and let others simply be part of your community.
• Media Management - They say a picture says a thousand words, which is why it’s important for
you to be able to upload images and media quickly and easily to WordPress. Drag and drop your
media into the uploader to add it to your website. Add alt text and captions and insert images and
galleries into your content.
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
• Full Standards Compliance - Every piece of WordPress generated code is in full compliance with
the standards set by the W3C. This means that your website will work in today’s browser, while
maintaining forward compatibility with the next generation of browser.
• Easy Theme System - WordPress comes bundled with three default themes, but if they aren’t for
you there’s a theme directory with thousands of themes for you to create a beautiful website.
• Extend with Plugins - WordPress comes packed with a lot of features for every user. For every
feature that’s not in WordPress core, there’s a plugin directory with thousands of plugins. Add
complex galleries, social networking, forums, social media widgets, spam protection, calendars,
fine-tune controls for search engine optimization, and forms.
• Built-in Comments -Your blog is your home, and comments provide a space for your friends and
followers to engage with your content. WordPress’s comment tools give you everything you need
to be a forum for discussion and to moderate that discussion.
• Search Engine Optimized - WordPress is optimized for search engines right out of the box. For
more fine-grained SEO control, there are plenty of SEO plugins to take care of that for you.
• Localization - WordPress is available in more than 70 languages. If you would prefer to use
WordPress in a language other than English, that’s easy to do.
• Easy Installation and Upgrades - WordPress has always been easy to install and upgrade. Plenty of
web hosts offer one-click WordPress installers that let you install WordPress with just one click.
• Hosting choices - Using WordPress means no one has access to your content. Own your data, all of
it — your website, your content, your data.
• Freedom - WordPress is licensed under the GPL which was created to protect your freedoms. You
are free to use WordPress in any way you choose: install it, use it, modify it, distribute it. Software
freedom is the foundation that WordPress is built on.
• Performance - Several factors can affect the performance of the WordPress portal. These factors
include, but are not limited to, the hosting environment, WordPress configuration, software
versions, number of graphics and their sizes. There are multiple methods to monitor performance
and automatically reduce any performance barriers.
Business Capabilities contributing to the TO-BE Outcome delivered by WordPress
Registration
Descriptions and Clarifications
• Registration means being a registered user of the system
o Once registered, a user can interact with the system; perform transactions as a Renter,
Owner or other role
• A registered user is also recorded as a “Person” account in Salesforce
• Need to accommodate users who are registering only for communications / notifications and are
not actually performing a transaction (Subscribers)
• Eligibility is the initial step in the qualification process, but not a validated qualification to engage in
a process
Review property listings per eligibility
Descriptions and Clarifications
• Any public visiting browser user can view property listings (users do not have to be registered)
• If a browser-user attempts to bid or qualify they are required to login and/or register
• Eligibility and Qualification are two different things
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
• Eligibility is high level information about an individual such as whether they work in Pitkin County.
User must work in the City or County to be considered eligible to rent. Being eligible does not
qualify a Registered User to rent a unit
• Qualification is the process of verifying the employment / income / household status of an
individual in comparison to the requirements of the unit they are interested in renting
• Listing search with filter criteria and a graphical presentation (ex: GoogleMaps™)
• ADA compliant presentation (Section 508)
Submit applications and supporting artifacts
Descriptions and Clarifications
• Partial applications may be saved for completion in a subsequent visit. Subsequent visits to
“Resume Application” shall resume an application at the first incomplete step
• Based on the transaction type (rental, sale, etc.), the stages of an application
(questions/documents requested) may vary (contextual presentation based on type).
Approved communications / notifications
Descriptions and Clarifications
• Current outbound Salesforce communications will remain in Salesforce as configured
• REVISION shall refine the notification process to provide UI enhancements
• Community Portal Users can select their notification preference (SMS text messages/email/both) by
notification type (rentals / sales)
Create, Stage, Submit, Remove property listing for Sale
Descriptions and Clarifications
• All sales listings require a listing checklist (currently on HomeTrek™) which is a form capturing data
for review by an APCHA Sales Manager to subsequently create the listing manually, before
authorizing external browser access
• If the listing process involves dividing a Unit for an additional Lessee (ex: renting an un-occupied
bedroom in a 2-room unit), the listing features may be re-used
• Provide the ability for Owners to create listings for moderation (review and acceptance) by Internal
Sales team
• Provide the ability to add images to listing detail
Create, Stage, Submit, Remove property listing for Rent
Descriptions and Clarifications
• Owners can offer their Unit for rent or an un-occupied bedroom in a Unit they own and inhabit
(Owner rental Listing)
• An Owner can request the creation of a listing, without becoming a Registered User (un-authenticated
user) or property manager (Third Party listing)
Submit bids on Lottery
Descriptions and Clarifications
• Bidding ONLY occurs on units for sale (not for rent)
o Users must have an approved Sales Qualification (verified buyer) in order to “submit
interest for being placed in the lottery for this unit”
• To bid, a Registered User must complete the qualification process
o The bid process includes the Offer
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
▪ There is a maximum bid amount
• If exceeded an error condition prevents the User from moving forward. Bid
amount pre-populates with the max amount and can be changed to be
lower. Most bids are submitted at the maximum allowed amount
• If a bid amount is lower than the maximum allowed amount, a message is
displayed that notifies the User this amount will have the effect of placing
their bid in a lower priority
• There is no bidding/lottery for Unit Rentals
o For APCHA managed units, decisions are based upon the highest qualification (example:
the person with the longest consistent work history in the city/county)
o For non-APCHA managed units, it is up to the property manager and whatever guidelines
they follow
• Provide a visible representation available for a user to see their “chance” of winning a bid (graphical)
Ability to view associated Salesforce person/case information
Descriptions and Clarifications
• If a user has performed previous transactions in the system, they should be able to view those
transactions (or at least a record ID of the information), or an indication of “archived”.
o It may also be a related record instead of a transaction
• Examples include:
o status of application(s)
o previous bids submitted
o payment(s) history
o if Owner – current valuation and capital improvements of unit
Ability to submit ‘Report Concern’ (creating a compliance case in Salesforce)
Descriptions and Clarifications
• Reporting a concern may be identified as created by the authenticated User or contributed
anonymously
Ability for Users to view compliance case(s)
Descriptions and Clarifications
• Once a report (case request) has been submitted, and reviewed, Users should be able to review the
case including status/resolutions
• A User should be able to view cases that they submitted and/or are party to or mentioned in, in
relation to their association with APCHA
• Provide the ability for Users to contribute to a case through the portal. For example, upload
evidence or requested information
Ability for users to submit electronic payments
Descriptions and Clarifications
• APCHA is considering a payment gateway change. A new system may or may not include the
Salesforce platform as integral to the solution, but certainly informed
• Any portal framework must include the ability to connect to a payment gateway/service securely
Ability for owners to submit listing ‘contract’ form online
Descriptions and Clarifications
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
• This form is the first step in an Owner starting the bid/lottery process
• From this form, a Lottery Listing event (Case) is created in Salesforce
• A contract requires completion and signature(s). Today, that process is achieved through manual
interaction (not system generated or automated)
• Provide the process to automate contract completion with appropriate Internal review and
authorization
Ability for owners to submit capital improvement information
Descriptions and Clarifications
• Similar to submitting interest in a Unit, this capability enables a request for a Capital Improvement
within the APCHA policies
• This is a case type (Capital Improvement instead of Application)
• Data attributes are specific to the purpose
Ability for APCHA tenant to access online payment and view transactions
Descriptions and Clarifications
• This capability applies only to APCHA managed units
• Basic payment history and upcoming amounts due and due dates presented (not accounting, no
accruals or aging)
Ability for APCHA tenant to submit maintenance requests
Descriptions and Clarifications
• A process similar to submitting an application (supporting a case that is created for review and
approval/authorization)
• This is a case type (Maintenance Request instead of Application)
• Data attributes are specific to the purpose
Ability for APCHA tenants to submit a request to move-out
Descriptions and Clarifications
• A process similar to submitting an application (in that a case that is created for review and
approval/authorization)
• This is a case type (Move Out instead of Application)
• Data attributes are specific to the purpose
Ability for external users to ‘submit interest’ for APCHA managed units
Descriptions and Clarifications
• Registered Users can submit interest for APCHA managed units subject to qualification
• Note: Non-APCHA managed units may be leased without external Users first qualifying through the
APCHA process
Ability for users to view/search all inventory
Descriptions and Clarifications
• Available units are presented
• Improve search capabilities and resulting displays (example: upcoming availability).
• Enhancement option:
o It may be considered a service to the City of Aspen’s constituency, both permanent and
seasonally engaged to present an increased scope of housing availability in areas adjacent
to Pitkin County.
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Please find here below a comparison matrix created by an independent review of WordPress and 4 other
zero/low cost portal technologies that could fulfill the City of Aspen’s needs and requirements
The WordPress advantages and benefits over competitors is the wealth of support through the huge
community of Users, driving quality, capability and features. More functionality questions have been
answered and extensions been implemented than competing portal technologies with the same or similar
cost-model. Additionally, the skills required to manage and develop for WordPress are more common and
prolific. This means that the City will enjoy more choices in new projects (minor or major) in maintaining or
extending the portal.
No capability in the known or predicted needs of the City cannot be delivered through existing features of
the portal, or extension of the features through development and/or configuration.
Portal Screen-captures
Please find here below a number of screen-captures of key dashboards, screens and available reports.
REVISION has create a PoC (Proof of Concept) portal in order to best understand the applicability of
WordPress as the portal technology. This choice relies on acceptance by the City of Aspen. There is
opportunity to discuss alternatives, including headless CRM/CMS technologies for which implementation
would not be a dis-similar effort.
PoC home page:
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Continuing an application (rather than restarting):
Capturing the Use Cases described in the technical requirements (Exhibit A):
Predicted capability navigation:
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
WordPress Dashboard
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Listing Management:
Unit Listing Management capabilities:
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Dashboard Example, contextual (customizable) per User with drag-and-drop Widgets:
Simple Media Gallery view:
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Page Management view:
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Additional Administrative Features (note payment integration)
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
User Management (simple view)
Additional project related screen-captures are provided in an Appendix to this response.
System security features, including certification level of data center(s), data backup
capabilities, secondary site availability and disaster recovery RTO and RPO.
WordPress is a dynamic open-source portal and content management system which is used to power
millions of websites, web applications, and blogs. It currently powers more than 43% of the top 10 million
websites on the Internet. WordPress’ usability, extensibility, and mature development community make it
a popular and secure choice for websites of all types. Risk mitigation for the top ten (OWASP risk list) is
provided through:
• Injection risk - There is a set of functions and APIs available in WordPress to assist developers in
making sure unauthorized code cannot be injected and help them validate and sanitize data. Best
practices and documentation are available9 on how to use these APIs to protect, validate, or
sanitize input and output data in HTML, URLs, HTTP headers, and when interacting with the
database and filesystem. Administrators can also further restrict the types of file which can be
uploaded via filters.
• Broken Authentication and Session Management risk- WordPress core software manages user
accounts and authentication and details such as the user ID, name, and password are managed on
the server-side, as well as the authentication cookies. Passwords are protected in the database
using standard salting and stretching techniques. Existing sessions are destroyed upon logout.
• Cross Site Scripting (XSS) risk- WordPress provides a range of functions which can help ensure that
user-supplied data is safe. Trusted users, that is administrators and editors on a single WordPress
installation, can post unfiltered HTML or JavaScript as they need to, such as inside a post or page.
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Untrusted users and user-submitted content is filtered by default to remove dangerous entities,
using the KSES library through the ‘wp_kses’ function.
• Insecure Direct Object Reference risk- WordPress often provides direct object reference, such as
unique numeric identifiers of user accounts or content available in the URL or form fields. While
these identifiers disclose direct system information, WordPress’ rich permissions and access control
system prevent unauthorized requests.
• Security Misconfiguration risk- The majority of WordPress security configuration operations are
limited to a single authorized administrator. Default settings for WordPress are continually
evaluated at the core team level, and the WordPress core team provides documentation and best
practices to tighten security for server configuration for running a WordPress site.
• Sensitive Data Exposure risk- WordPress user account passwords are salted and hashed based on
the Portable PHP Password Hashing Framework12. WordPress’ permission system is used to
control access to private information such an registered users’ PII, commenters’ email addresses,
privately published content, etc. In WordPress 3.7, a password strength meter was included in the
core software providing additional information to users setting their passwords and hints on
increasing strength. WordPress also has an optional configuration setting for requiring HTTPS.
• Missing Function Level Access Control risk- WordPress checks for proper authorization and
permissions for any function level access requests prior to the action being executed. Access or
visualization of administrative URLs, menus, and pages without proper authentication is tightly
integrated with the authentication system to prevent access from unauthorized users.
• Cross Site Request Forgery (CSRF) risk- WordPress uses cryptographic tokens, called nonces13, to
validate intent of action requests from authorized users to protect against potential CSRF threats.
WordPress provides an API for the generation of these tokens to create and verify unique and
temporary tokens, and the token is limited to a specific user, a specific action, a specific object, and
a specific time period, which can be added to forms and URLs as needed. Additionally, all nonces
are invalidated upon logout.
• Using Components with Known Vulnerabilities risk- The WordPress core team closely monitors the
few included libraries and frameworks WordPress integrates with for core functionality. In the past
the core team has made contributions to several third-party components to make them more
secure.
• Unvalidated Redirects and Forwards risk- WordPress’ internal access control and authentication
system will protect against attempts to direct users to unwanted destinations or automatic
redirects. This functionality is also made available to plugin developers via an API.
Due to the flexibility of the lightweight platform presented, it can be implemented on infrastructure
preferred by the City of Aspen. The choices include:
• Amazon Web Services (North America location group, the same as Salesforce).
• Microsoft Azure (North America location group, to take advantage of slightly less complexity in
leveraging existing use of Office365, DevOps, PowerBI, etc.).
• Other preferred hosting partner(s).
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
• On-Premise (City of Aspen) infrastructure.
The choice will drive the level of certification to various compliances. During the Inception phase, the team
will determine the compliance baseline to select a host or hosts.
Business Resilience
This flexibility also offers selection by resilience and business-continuity criteria, including disaster recovery
RTO and RPO. It is not REVIISION’s intention to appear evasive with regard to a recommendation but given
that the portal has very simple hosting requirements, the choices open to the City of Aspen are very broad,
and can change in the future without un-necessary business interruption.
Here below find an example of the Disaster recovery requirements for a LAMP stack application.
The two key metrics that define the requirements for a DR solution are: recovery time objective (RTO) and
recovery point objective (RPO):
• RTO is the targeted duration of time and a service level within which a system must be restored
after a disaster to avoid unacceptable consequences associated with a break in business continuity.
• RPO is the maximum targeted period in which data (transactions) might be lost from a system due
to a disaster.
Continuity is an important part of DR, as a disaster can disrupt not only a single, isolated system but an
entire datacenter or colocation facility. In this case, the effort to acquire a new system at an alternate
location increases downtime, potentially pushing it beyond the key RTO metric.
LAMP stack applications including WordPress store user content such as blog posts and comments in a
MySQL database, while uploads are stored in the file system. Additionally, WordPress can update its own
code, plugins, and themes, thus the relevant PHP files are part of the solution. The entire data set must be
backed up and restored as a unit in order to be consistent.
Data in a MySQL database and the file system have to be backed up at exactly the same time to maintain a
consistent dataset, but it may be hard to achieve as these two data stores may not be co-located and could
be backed up with different systems at different intervals. Restoring the latest pair of these disparate
backups may cause issues from the wrong content being displayed to re-introducing security vulnerabilities
that were patched at the primary site after the backup was taken. This may necessitate restoring from
earlier backups until parity is achieved, which increases data loss and recovery time.
▪ Example: On-premises WordPress/LAMP application DR solution on AWS
The DR solution for WordPress uses continuous replication of MySQL databases and file systems to deliver
durable and highly available storage in AWS and keeps a replacement system in standby, reducing the
running costs and reducing RPO and RTO from hours or days to minutes.
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Figure 1: DR solution in standby
To implement this DR solution, a File Gateway virtual machine must first be deployed on premises, along
with an NFS share on the File Gateway. This must then be mounted on the Web server and the file system
data moved to the NFS share. The File Gateway maintains a local copy of this data for low-latency access
and asynchronously uploads it to Amazon S3.
The next step is to create a multi-AZ database in Amazon RDS as a replication target for the primary MySQL
database using either binary logs or global transaction identifiers (GTIDs), depending on the version of
MySQL. Scheduled backups should be enabled in Amazon RDS. To encrypt the replication traffic, an IPSec
VPN connection should be deployed between the on-premises environment and AWS. An existing VPN
gateway hardware can be used for this purpose or a Virtual Machine can be used as a VPN gateway
software appliance.
The solution deploys a File Gateway on an Amazon EC2 instance and exposes the Amazon S3 bucket
containing data replicated from the on-premises file system as an NFS share. Then a Web server is set up
on an Amazon EC2 instance and mounts the NFS share from the File Gateway. Then both instances are
stopped to prevent them from incurring compute costs while they are in standby.
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
DNS records point the website domain name to the IP address of the primary webserver. A health check
monitors the primary web server; if downtime exceeds a set threshold then an alarm can be triggered in
Amazon CloudWatch, sending a notification, which triggers an AWS Lambda function to perform failover. It
also starts resolving the website domain name to the elastic IP address of the web server in Amazon EC2,
redirecting the website traffic from users to the DR environment in the AWS Cloud.
When an event triggers failover, a notification is sent to the administrator in an email and the AWS Lambda
function orchestrates the following steps:
1. Retrieve RDS database credentials and VPC parameters from AWS Systems Manager (SSM).
2. Detach the VPN Gateway from the VPC to stop replication traffic and prevent the RDS database
from becoming inconsistent.
3. Invert and disable the health check in Route 53 to prevent the failback in the event of the primary
Web server coming back online with state that may be out of date.
4. Retrieve the wp-config.php configuration file from Amazon S3 and replace the on-premises
database credentials with those of the database running in RDS and write the updated file back to
S3.
5. Start the File Gateway and the Web server EC2 instances.
6. Wait for the File Gateway to become available and trigger the cache refresh, so that up-to-date
files are presented to the Web server instance.
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Figure 2: DR solution in failover
At this stage, the failover is complete and the DR website is up and running with up-to-date data. With this
solution, it is straightforward to achieve RTO of 200 seconds and RPO of near-zero, as well as a consistent
dataset after recovery.
Security of data at rest is provided by enabling encryption of the S3 bucket, RDS database, and Elastic Block
Storage (EBS) volumes. Data in transit is encrypted with SSL for file uploads to Amazon S3 and with IPSec
VPN for MySQL replication. Network perimeter is enforced by security groups on Amazon EC2 and Amazon
RDS instances and by keeping the RDS database in private subnets. Database credentials are kept in SSM
parameter store and not hard-coded. If either of the EC2 instances fails, the system checks for a preset
amount of time before an Amazon CloudWatch alarm triggers automatic recovery. This solution is
extendable to multiple co-located systems and may require minor changes to existing applications.
Approach to APCHA staff training, including number of days and types of on-site training
and online training, and staff required to attend
The training phase of this project will ensure that the users and system administrators are ready to use,
manage and embrace the new system. REVISION will accomplish this by capturing any use case
modifications during the Scrum process in order to reduce the need for training post implementation.
However, we do describe here a formal training phase included in our estimate. REVISION shall provide End
User Training and Administrative Training.
• End user training will focus on the business operations aspect of the system; the daily use and
workflows of the system. REVISION will conduct this training online, in a group session for up to 7 City
team members.
• Administrative training will be for staff who will be responsible for administration, maintenance and
enhancements. REVISION will conduct this training in an online group session.
We anticipate the resulting solution to follow the same process as the existing HomeTrek® and REVISION’s
goal is to leverage the knowledge already evident within the APCHA team and reduce the need for training
by presenting any process changes during the spring cycle as the requested enhancements to the
HomeTrek® process. Due to this simplicity in change management, REVISION recommends the following
schedule, as few new features (mostly requested enhancements, therefore expected) will be introduced.
For the HomeTrek® process training REVISION will facilitate two, 2 hour training sessions.
Delivery: Online
Audience: HomeTrek® End Users
For the portal administration and settings, REVISION will facilitate four, 1 hour training sessions
Delivery: Online
Audience: Portal Administrators.
Approach to First Year Support Post-Go Live
REVISION provides support to multiple clients for portals of very similar complexity, and have found that
the optimal approach is delivery of effort simply defined as a block of hours. Our goal is to ensure that a
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
support structure involves a client tier one support team of super users and subject matter experts that
work directly with the end-users. REVISION shall provide the Tier 2 to Tier 4 technical support to the City
Tier 1 response team.
Approach to Ongoing Support
Ongoing support is provided as an optional commitment by REVISION of a support team familiar with the
City’s solution. As above, the method in which we deliver this support is a block of hours configured as
monthly ‘use or lose’ for lowest cost. Should the City require aggregation of unused hours, REVISION can
refine an estimate for same.
Warranty Term and Coverage
REVISION will provide 4 weeks of warranty support to address critical (Severity 1) and high severity
(Severity 2) issues only. The warranty period starts immediately on completion of production deployment
(go-live). The completion of the production deployment will be identified by APCHA confirming, in writing,
that the system is ready for promotion to production and that defined User Acceptance Testing has been
completed and defects resolved. The definitions of Severity 1 and Severity 2 are provided below:
1. Severity 1 - Critical: A bug in the REVISION delivered software code
or configuration that will result in:
• A complete or substantial loss of service functionality or accuracy with no credible workaround, for
one or more core APCHA business services.
2. Severity 2 - High: A bug in the Portal delivered software code or configuration that
will result in:
• The functionality of the software being adversely affected, but can be circumvented, or
• Certain functions within the software being disabled, but the Software remains operable for key
APCHA business services.
The Warranty Period warrants that:
• Work performed in connection with the agreement was performed in a competent, professional
and workmanlike manner, and of industry standard quality;
• Work performed and deliverables comply with applicable laws;
• Work performed and deliverables were provided in accordance with and confirm in materials
respects to specifications and requirements set forth in an executed agreement and any associated
Change Orders; and that
• Deliverables perform as expected individually and as a total system.
To receive warranty remedies, the City of Aspen must report any deficiencies to REVISION in writing, within
the Warranty Period. If an item is reported by the City of Aspen within the warranty period, resolution will
be completed under the warranty regardless of the delivery date of the resolution falling outside of the
warranty period. REVISION shall correct deficiencies in the Services or Work identified by the City of Aspen
during the Warranty Period, provided that the defective Services or Work is not caused by any
inappropriate, improper or unforeseen usage of the Work or Services by the City of Aspen, unless such
actions are taken at the direction of REVISION. If the deficiency is related to a software issue beyond the
control of REVISION, REVISION shall work in good faith with the City of Aspen’s software or service partners
or providers to resolve the situation or develop a workaround solution that materially meets the City of
Aspen’s requirements as defined in an executed agreement.
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Out of Scope
REVISION considers the following items out of scope for the estimate delivered in this response:
• Solution hosting; can be fulfilled using existing City infrastructure
• Branding and Design
• Licensing; licensing of all components other than WordPress are not included
• Salesforce configuration outside of the data synchronization required in the delivery of this scope
• WordPress configuration outside of the HomeTrek™ feature transformation
• Any componentry changes including integrations outside of the HomeTrek transformation scope
that may impact City of REVISION team resource availability or level of effort
Project Schedule
REVISION has defined the period of performance and shall deliver the business capabilities in monthly
milestones.
Our goal is to complete this project in an elapsed four-calendar month period. This is dependent on the City
team’s availability, project priority and the methodology preferred by the City. Our reasoning is that if the
City is comfortable contributing to and integrating with the Agile process and ceremonies (i.e. daily
standups), the cadence shall support the goal. REVISION is not presenting the Agile methodology as the
only delivery mechanism and will work in the context of the City’s preferred methodology.
REVISION is sensitive to APCHA’s priority for this project, other initiatives and the APCHA SME team
availability. A high-level overview of activities is presented here for context, and a full manifest of the
activities and predicted milestones below.
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Subproject: Optional Website Build
In the interest of lowered expense for the City, REVISION is most comfortable providing recommendations,
based on a needs analysis, for transforming the existing website content and flow to the WordPress
platform such that the staff and community user experiences are more holistic, technical complexity is
reduced, subscription costs are reduced, the security attack surface is reduced and User training needs are
more focused.
Section 3 – Qualifications
REVISION is uniquely qualified to serve the City of Aspen and APCHA for this project for the following key
reasons:
• Our team has a detailed and documented understanding of the existing HomeTrek™ solution, its
components and integrations, strengths and areas considered for improvement, and can effectively
implement a fresh solution without a lengthy discovery phase. The benefit to the City of Aspen is
reduced project period, reduced impact to City of Aspen teams and reduced cost.
• We have proven and demonstrated experience implementing community portals for other clients
that communicate and synchronize with Salesforce® and the ecosystem of partner technologies
such as Conga® AdobeSign™, Docusign®, Experian, USPS, OKTA and others. Our past performance
on similar projects has provided significant cost savings and return on investment for our Clients.
The benefit to the City of Aspen is minimized risk in re-using proven methods and experience
delivered by team members who have ‘walked this exact walk’.
• REVISION’s practice areas provide cover for not only all of the technology process needs voiced in
the City’s Request for Proposal, but as importantly the business, security and compliance aspects
known, predicted and mentioned in the Technical Requirements Exhibit A. We possess the skills ‘in-
house’ in all areas to support this vital implementation including integration inter-dependencies,
business continuity and disaster recovery best practices, organizational change management and
training. The benefit to the City of Aspen is optimal risk-management, achievable expectations,
solution adoption and removal of un-necessary business friction.
Qualifications and Expertise
REVISION has deep experience implementing Salesforce solutions, as well as designing and implementing
portals that integrate with Salesforce, for a variety of public sector clients – large and small. REVISION was
recently retained by APCHA to conduct an alternative license model analysis, aimed at reducing license
costs, improving ease of use and communications. This project gave us a unique understanding of the
current capabilities that exist for Community Portal users via HomeTrek™, and provided us with a unique
opportunity to document use cases as well as identify a number of optional opportunities for improving the
process and user experience. The key personnel we are proposing for this project include the project team
who were involved in the APCHA alternative license model analysis project.
Key personnel
Project Manager/Business Analyst – John Berkley
Principal Consultant with over 30 years’ experience in information technology and 10 years’
experience in successfully delivering high-profile portfolios, programs, and projects. Experience
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
managing projects from inception to closure including planning, scheduling, budget management, risk
/issue mitigation and vendor management. Industry experience includes Retail, Financial, State and
Local Government, Supply Chain, and Healthcare. Demonstrated experience in business analysis,
process improvement, user training and bridging gaps between business and IT organizations.
Experienced with Agile and Waterfall methodologies. Experience leading the following REVISION
projects:
• APCHA - Alternative License Model Analysis Project
• Colorado Office of Public Guardian Case Management (similar scope and size to Aspen’s
Community Platform project)
• Judicial Department of Colorado Technology Transformation
• El Paso County Document Management Analysis
• Department of Education
• Department of Natural Resources
• Colorado Attorney General’s Office
• Restorative Justice
Solution Architect – Matt Sully
Over 20 years of experience and a diverse Solutions Architecture background with extensive
experience in Salesforce, enterprise system integration, interface development and
documentation, Mobile Strategy, Privacy & Security as well as BC/DR expertise. Responsible for
creating & delivering solutions using Salesforce/Apex, Force, Visualforce and J2EE technologies,
as well as application design, development and support of Salesforce related projects.
• Develops and articulates IT solutions based on the enterprise’s compliance posture, strategic
business and technical requirements.
• Experience managing and architecting for multiple technical integration project SDLCs
• Systems integration enabling enterprise agility and architectural alternatives
• Business Continuity Planning/Disaster Recovery Planning for Government Agencies
• Business Impact Analysis for Government Agencies
• In-depth understanding of disaster recovery and business continuity planning and testing in a
cloud environment
• Software architecture design and development experience, from system to component level,
using RUP (Rational Unified Process), Agile and Scrum methodologies.
• Salesforce Lightning needs assessment expertise
Experience leading the following REVISION projects:
• APCHA - Alternative License Model Analysis Project
• Colorado Office of Public Guardian (similar scope and size to Aspen’s Community
Platform project)
• Colorado Judicial Branch
• Department of Natural Resources
• Department of Education
• Denver International Airport
• City of Aspen
• Colorado Child Protection Ombudsman
• Colorado Attorney General’s Office
• Restorative Justice
Client Engagement Manager – Pam Neal
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
20-year track record of demonstrated success delivering technology and transformation
solutions to her clients. Extensive experience working with Public Sector Clients, as an
Engagement Manager, Delivery Manager, Project Manager, Management Consultant and
Business Analyst. Has overseen many, large scale Salesforce engagements with REVISION’s
clients, ensuring customer success. Serves as the primary point of contact for REVISION’s largest
clients; responsible for ensuring the proper scoping, scheduling, resource loading, and cost
estimating of projects. Will serve as the primary point of contact for the client and will work with
REVISION executive management to ensure project success.
Experience leading the following REVISION projects:
• APCHA - Alternative License Model Analysis Project
• Colorado Judicial Branch
• Department of Natural Resources
• Department of Education
• Denver International Airport
• City of Aspen
• Colorado Child Protection Ombudsman
• Colorado Office of Public Guardian
• Restorative Justice
• Colorado Attorney General’s Office
Knowledge and Skills Transfer
An effective knowledge transfer strategy combines technology, culture, measurement, and infrastructure
in order to share knowledge across multiple areas in your organization. The REVISION Knowledge Transfer
supports the City of Aspen in the following ways:
• Accelerates the accumulation and dissemination of knowledge across your organization
• Provide easy and rapid knowledge access to your team
• Eliminates time and space constraints in communications
• Stimulate associates to experience the value of sharing knowledge in providing custom-tailored
service to customers
• Respect the dignity of everyone by cultivating an environment that enhances his or her
professional development and recognizes each person as a valued member of a service-
oriented team
The Agile process ensures regular team interaction to discuss and document iterative
builds/releases/changes that shall be documented, resulting in both education/training and knowledge
gathering throughout the project cycle. Typically this results in a reduced need for a knowledge transfer
event at or near project completion. Our project plan calls out a phase for testing, quality and training, and
this period fills in and formalizes the learning that has occurred throughout the project.
The application of knowledge transfer attracts other benefits including improved company culture,
improved quality of service, faster business processes, increased efficiency, and better use of business
technology and resources. Since knowledge exists in the mind, the best way to transfer knowledge within
an organization is to start with considering how knowledge is transferred from one person to another.
We transfer project knowledge across multiple areas and roles, and will employ a variety of approaches
and tools depending on the knowledge recipient’s context.
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
REVISION has broken the knowledge transfer process into 5 steps, including the applicable tools for each.
Step 1: Identify & Collect Knowledge
The process starts with the cultivation of knowledge. This takes place in the culture of your company.
This involves:
• Brainstorming ideas
• Learning new skills
• Inviting in experts or other consultants
• Seeking solutions to problems
• Designing new projects
The result is “intangible” knowledge we need to collect, document, and share with the team. To create a
strong culture of knowledge generation we shall:
• Surface technical roadblocks or challenges
• Document solutions and implement or backlog the recommendations
• Seek input from team members and outsiders
• Encourage collaboration and teamwork
• Mentor and coach the team where appropriate, on request
• Train and develop team comfort with access to knowledge
Our goal is to create a factory of ideas and an environment that encourages innovation – where everyone
can share their ideas, input, and expertise.
Step 2: Capture & Store Knowledge
Effective Knowledge Capture and Management is more than just having a file cabinet or folders. The City
must have an infrastructure that makes sense for the business purpose and makes access to that
knowledge fast and simple. Having a knowledge base in place will help you manage both tacit and explicit
knowledge.
The knowledge repository shall include:
• Reports
• Visuals and videos
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
• Document libraries
• Knowledge portal hyperlinks
Step 3: Transfer & Share Knowledge
Having a central repository (single system or virtual (group of systems)) the City can message availability to
circulate that information to other people and/or departments. This knowledge transition process is made
more efficient and affordable by selecting the most appropriate technology.
Knowledge Transfer Plan:
• A clearly outlined process document for how knowledge is to be shared.
• A file repository (like SharePoint or WordPress) that organizes the knowledge and potentially
automates knowledge sharing.
• Communication facilities (like Office365) that facilitate collaboration and communication.
• A dedicated person or persons to circulate the knowledge to the appropriate department(s).
• A follow-up process to confirm that the information was delivered to the right people in the
right way at the right time.
The manifestation of this process will depend on a variety of factors – from your business structure to the
size of the team to the budget available for tools and resources.
Step 4: Apply Knowledge & Measure Results
The next step is to apply this knowledge and measure the results. Assessing success will require tools or
monitoring access events to assemble key performance indicators (KPIs).
Identify the key knowledge holders in your organization. Does the knowledge “trickle down” o get pushed
up? Who are the visionaries? Provide all team members the opportunity to share the knowledge they have.
Motivate sharing. Encourage the internal subject matter experts to share their knowledge. Provide a
platform to do that – whether that be through a communication channel, by giving them the floor during
company meetings, or providing some other medium.
Make sharing easy. Have fast and simple tools available for people and departments to share information.
Measure results consistently. Set standards and benchmarks. Monitor progress. Communicate the results.
Be receptive to input and adjust when necessary.
Apply the knowledge. Offer incentives for team members to be innovative and take initiative. Encourage
taking appropriate risks.
Continue generating knowledge. Bring in industry experts, offer training, hold brainstorm sessions, and
otherwise encourage a community that pursues knowledge
Step 5: Create New Knowledge
As we discover that a new idea, technology, or method is proving successful we can apply this to other
areas of knowledge sharing. Maintaining the knowledge transfer system (process, culture and system) will
ensure that the City’s continuous improvement is never stagnant when it comes to new ideas and problem-
solving.
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Section 4 – References
Colorado Office of Public Guardian
Project Name: Case Management System, Website and Portal Implementation
Year: 2019 - Present
Contact: Ms. Sophia Alvarez
Email: sophia.alvarez@colorado-opg.org
Phone: 720.471.9145
Project Status: Project Complete; REVISION continues to provide enhancements & support
Project Description/REVISION Roles & Responsibilities:
The Office of Public Guardianship (COPG) provides guardianship services for indigent and incapacitated
adults, within the targeted judicial district, when other guardianship possibilities and exhausted.
REVISION designed and implemented a solution for COPG to meet the needs of a scalable case
management system allied to a brochure website and interactive portal, enabling this newly formed
organization to be fully operational in 3 months. The resulting solution enabled COPG staff to track
caseloads for appointed Guardians, who have responsibility for overseeing legal, medical and housing
decisions for each Ward under their care. The scope of work also included visualization of recording
application intake, intake association to Guardian Users, assessment data capture, artifact collection,
decision capture, automated email distribution and reporting to meet legislative Statutes
Salesforce licensing costs savings were achieved by reducing the need to provide licensing for an
unknown volume of Provider/Practitioner Contributors, yet still maintain a User Store and validation
of identity. This application of ‘fitness-for-purpose’ and controlled licensing costs have ensured CRM
costs scale for this client. Two technology platforms were identified to meet stringent security
controls: simple, predictable maintenance and interoperability. REVISION recognizes the challenge of
identifying cost-control for all of our clients and will always provide design with system and technology
platform agnosticism, yet still ensure best practice and enviable security controls.
City and County of Denver, Technology Services
Project Name: Salesforce Implementation and Configuration
Year: 2017
Contact: Michael Wright
Email: michaelrogerwright@hotmail.com
Phone: 720-320-5985
Project Status: Completed on time and on budget
Project Description/REVISION Roles & Responsibilities:
Over the three years, REVISION supported the City and County of Denver with their Salesforce 311
initiative, accepting and adapting to a previous Vendor’s configuration. REVISION provided the
architecture, configuration, development, administration/business analysis, training, support and
thought leadership for the City’s Salesforce implementation through our on-call contract with the
City. Working on behalf of the CCD’s Technology Services Division, REVISION has supported many
of CCD’s agencies with their Salesforce implementation, including:
• 311
• Elections
• Office of Children’s Affairs
• Boards & Commissions
• Hearings Office
• Public Works Street Maintenance (Access replacement)
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
• National Western Center
• Parks & Recreation
• Payroll Help
• Peak Academy
• DIA (Text to Case, Live Chat)
• Elections
• Board of Adjustment
…and many more
Port Authority of NY/NJ (PANYNJ)
Project Name: Airline Billing System Portal
Year: 2021 - present
Contact: Brian Levine
Manager, Strategic Analysis & Forecasting
Email: blevine@panynj.gov
Phone: 212-435-3764
Project Status: Providing ongoing development, enhancements and support
Project Description/REVISION Roles & Responsibilities:
PANYNJ Airline Data Entry Portal (ADEP) Project
REVISION developed a web-based, password-protected data entry portal for PANYNJ to allow airline
carriers to enter monthly passenger, operation and cargo data. The Forecasting & Traffic Statistics
group within the Aviation Strategy Unit of PANYNJ was previously collecting this data through
emailed Excel spreadsheets or faxed documents from the airlines, which were then entered
manually through an Oracle Forms based data entry system, known as Air Traffic Statistics System
(ATSS). As a result, there was a significant lag between when the data was received to when it was
completely entered and verified. Since this data is used for numerous purposes, including planning,
forecasting, revenue management, and analytics, it was critical that it be available as quickly as
possible. This portal allowed data to be directly ingested into the Port Authority’s new ADEP Azure
cloud database. The main advantages of this solution were the ease-of-use, flexibility, ability to
manage quality assurance, reduction in lag time between when the airlines submitted the data and
the data being available to all PANUNJ partners and collaborators. This also allowed the Forecasting
& Traffic Statistics group to focus on data accuracy and availability instead of data entry; being that
landing fees are one of the largest sources of revenues for the airports, this solution provided the
opportunity for more accurate and increased revenue streams. ADEP provided a much easier and
much more streamlined solution for PANYNJ airline carrier customers to submit their data,
enhancing their overall experience and making it easier for carriers to do business with PANYNJ.
Furthermore, online data submittal increased PANYNJ’s operational excellence by decreasing the
time lag from data capture to final reporting and increasing accuracy in the resulting monthly and
annual traffic reports. Finally, this project provided the client with the capability to leverage and
build upon efforts with the larger Aviation Data Analytics Warehouse (ADAW) and Governance
initiatives at PANYNJ; airport passenger, operations, and cargo data now flow seamlessly into ADAW
for department-wide dashboards, visualizations and KPIs. REVISION designed this system to
automate and simplify workflows with an architecture that minimizes per user cost. After providing
implementation and training services and managing adoption, etc. REVISION now provides ongoing
support. The portal is available 24/7/365 and is being used by over 100 airlines doing business at
PANYNJ with over 200 users around the world.
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Section 5 – Pricing
Initial Costs
• The first year subscription and licensing costs of WordPress are zero ($0).
• Maintenance of the WordPress portal is an administrative capability requiring no REVISION
resources.
• Support is optional and presented in another section of this proposal.
• REVISION’s implementation, including development and professional services costs are $
• During the inception phase, REVISION will support the City in identifying the most advantageous
cost model for implementation of equipment the city may choose to purchase or subscribe to.
• REVISION’s estimate above represents the total costs associated with REVISION’s responsibility to
deliver the project (inception through go-live).
Charges Associated with Change Orders
• The project design phase is the mitigation plan for design or functional changes, that could be
considered a change order versus a clarification of requirements. Examples of changes are:
o New Use Cases (previously undocumented).
o Functional changes introduced due to City infrastructure changes.
Ongoing Costs
Describe all on-going costs:
Annual licensing and/or subscription costs will not be increased through the implementation and use of
WordPress. The primary goal of the project is to reduce subscription costs through the use of WordPress to
reduce the business capabilities currently fulfilled by the Salesforce Community Portal. REVISION does not
predict any escalation of these costs over time.
REVISION has provided a cost effective support model to minimize ongoing costs. These have been
determined to be most efficiently consumed as a block of hours.
Schedule for Project Charges
REVISION has defined the period of performance in the project schedule, and shall deliver the business
capabilities in monthly milestones as indicated. REVISION shall invoice monthly charges for this project per
milestones delivered. Should the City be comfortable with the arrangement of business capability delivery
in the schedule proposed, REVISION can detail monthly charges derived from the project plan. In our
experience, prioritization and consumption of the business capabilities rarely if ever match the project plan
as the business capabilities become rearranged in the backlog during the inception and design phases.
Therefore, REVISION’s schedule for charges can most simply be understood as the overall estimate divided
by the period of performance.
Pricing Assumptions, Risks, Exclusions
General Assumptions:
General Assumptions for REVISION
▪ Project will be executed in Agile methodology with the REVISION and the APCHA team working
remotely. Our assumption is that all identified business Use Cases will be completed within the
planned number of two-weekly sprint cycles, defined in our project plan.
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
▪ REVISION’s cost estimate is based on a 22 week maximum period of performance, extensions to that
period of performance, due to City resources (team, infrastructure, other licensing, City Vendor
capabilities) may impact the period of performance estimated.
▪ We assume that remote collaboration will be delivered using Microsoft® Teams™, or Aspen’s
preferred online meeting tool that the REVISION team is able to access.
▪ Travel is not anticipated, but in the event that it is required, REVISION will be reimbursed
for project-related expenses including but not limited to parking expenses, as well as any
required travel by out-of-town resources including but not limited to hotel, mileage
and/or a trip charge, food per diem and parking costs.
▪ We assume that any necessary integrations (Paymentus, SharePoint, Salesforce data
exchange) are enabled by City of Aspen licensing and configurations. Any additional
integrations will be costed outside of the scope of this project.
▪ REVISION assumes that the portal solution shall be WordPress. Should the City select an
alternative portal platform, the scope of our response shall be re-defined and re-
estimated.
▪ REVISION’s cost estimate is based on the proposed architectural/functional components
herein. Any changes to the componentry or architectural model may attract cost changes.
▪ The 8 hours of training included in the Knowledge Transfer statement above (not including the
knowledge transferred during the Sprint cycles (acceptance) will be provided to key Users. Training
will be conducted via Teams online demonstrations and systems walkthrough. System guides to the
capabilities delivered will provide the basis of City training documentation, created by the City.
▪ If Knowledge Transfer or Training identify any functional or interface changes or new Use Cases not
identified during the Design phase, REVISION will maintain a backlog on behalf of the City for
consideration, and REVISION will provide an estimate for delivery of the backlog items at the
request of the City.
▪ REVISION’s system documentation will be comprised of a configuration workbook and visual use
case descriptions.
▪ Hourly rates will automatically increase 3% annually beginning 12 months after effective date.
▪ Acceptance tasks and activities will be performed by the City during each sprint cycle for business
capabilities presented at the close of each cycle.
▪ Deliverables are assumed to be accepted after 5 business days unless rejected by the identified City
of Aspen Decision Maker in writing with reasonable details defining the issues to be corrected.
General Assumptions for City of Aspen
▪ City of Aspen will provide copies of current documentation including any process, design or
architecture documents already created.
▪ Aspen will provide the appropriate project team members for the project, and commits to
performing their responsibilities in a timely manner. Aspen will provide test data for all the testing
stages for all environments (development, test, full sandbox) in the form of Excel, .csv files. Test data
may include actual data.
▪ Maximum number of City of Aspen training sessions is limited to 6.
▪ Upon notification by REVISION that updates have been deployed in the test environment: City of
Aspen will promptly perform testing and shall provide findings of such testing to REVISION within 5
business days.
▪ City of Aspen shall provide REVISION with timely access to the sandbox(es) environment to
investigate and troubleshoot identified issues.
▪ Aspen will provide REVISION with a single point of contact within a week of starting the
engagement, and will assist in getting the meetings scheduled without delays, as this would extend
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
the timelines and cost of the exercise
▪ City of Aspen will provide design assets for the new system, including marketing and branding
assets.
▪ City of Aspen will be responsible for all software license procurement and cost.
▪ If City of Aspen requests REVISION to assist in the technical documentation, troubleshooting and fix
resolution of any Salesforce, Conga or non-WordPress system bug, the work effort for this
additional support will require a Change Request.
▪ Any change in scope, efforts, and/or timeline by City of Aspen will be discussed during sprint
planning and grooming meetings.
▪ Any significant delay in the project caused by the City of Aspen will be addressed through a change
request.
▪ City of Aspen is responsible for hosting developed applications and providing server(s) with all
necessary licensed software which should be installed and configured. City of Aspen is responsible
for configuring firewalls to enable Internet, file, database, and interface access.
▪ Members of City of Aspen management and staff directly vested in the success of this project will
be available to participate in ad-hoc workshops and scheduled daily meetings.
▪ Deliverables are assumed to be accepted after 5 business days unless rejected by City of Aspen
Decision.
General Assumptions for Both Parties
▪ Efforts needed for any value adds will be discussed in sprint planning sessions and
will be considered as an input to the backlog for the City to discuss independently
with the Change Control Board.
▪ It is assumed that a Monday will be selected for sprint start dates.
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Appendix
Additional screen-captures confirming REVISION’s understanding of the APCHA business process.
Landing page after authentication:
Check Lottery Results
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
View Upcoming Lotteries
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Rent/Apply
Map display is from City of Aspen ESRI/GIS and is not flexible or performant.
User can select from 4 property types:
The 4 types display differently. Some have a type title and empty grid, some have no grid, some have
different white-space between the header and the ESRI/GIS display.
There is no option to “Display All” for all types or all properties of a single type (the latter may exist if there
were available properties to display. These could be UAT issues.
View Listing reveals:
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Submit Interest:
It is not very clear that to proceed, the first REQUIRED step is to [Check Eligibility]
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Check and/or Check Eligibility: Launches a brief questionnaire for 4 types of eligibility (4 branches).
Basically these provide gate-keeping to the process of business rules. You cannot proceed in one of the
branches without satisfying the appropriate form.
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Long Term Rental launches a Pop-Over:
Tax Credit Rental Launches a Pop-Over:
Seasonal Rental Launches a Pop-Over:
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Sales Ownership launches a Pop-Over:
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
If eligibility criteria are met, (for one of the 4 types) the next step in submitting (rental) interest is:
Case submitted – successful condition presents:
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Explore: Launches a Guide document in a new Browser session
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Buy/Apply
View Unit Details: (UAT portal may not be configured to present details correctly).
View presents:
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Submit Bid:
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
As far as I understand bids for less or more than the listed price will not be considered. The bidder with the
greater qualification of need will win.
Sales Qualification:
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Issues:
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Pay Online:
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Sell / My Ownership
5 function options are presented:
Sell
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Submit Capital Improvement:
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Create Listing:
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
Unit Management:
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
EXHIBIT A: APCHA PORTAL REQUIREMENTS LIST
SECTION 1: SYSTEM INTEGRATIONS AND ACCESS OOB,
Config, or
Coding?
Comments
The system should meet basic standards for integration
1 Conform to open architecture standards. OOB https://developer.w
ordpress.org/coding
-
standards/wordpres
s-coding-standards/
2 Integrate with other applications via web services, APIs or another
acceptable standard
OOB May require
payload
configuration per
API
3 Have a database that can be accessed by City’s personnel in order to
create connections to other applications (i.e. database is not
proprietary)
OOB MySQL accessible by
City personnel
4 Be based on industry best practices and use common business
process flows
OOB
5 Have applications that are integrated and modules work cohesively OOB
6 Integrate with all necessary systems without a significant decrease
in system performance and responsiveness
OOB
7 Have clear methods and practices for minimizing the likelihood that
updates to the system or to integrated applications will break
integrations
OOB
8 Have clear methods and practices for identifying integration
breakages
Config
9 Have clear methods and practices for determining the root cause of
integration breakages and repairing them
Config Built in Error Log
and event handling
10 Generate meaningful error messages when integration errors occur OOB
11 Provide the ability to generate reports to allow for easy verification
of accurate data exchange
Config
The portal should integrate seamlessly with the
APCHA'S Salesforce HomeTrek system
12 Accurately and consistently transmit information entered on the
portal into the necessary fields within the backoffice of Salesforce,
on a realtime basis
Config REVSync product, is
near-real-time,
depending on
transaction volume
13 Accurately and consistently transmit changes to information from
the back office to the portal on a realtime basis
Config REVSync product, is
near-real-time,
depending on
transaction volume
14 Accurately and consistently provide access to selected existing
historical information previously entered by users (such as past
approvals and fields they have entered, but not documents), as
specified by APCHA staff
OOB
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
15 On a realtime basis, communicate with Salesforce that a document
has been uploaded or has completed document signatures in Conga
Coding Synchonization of
files to SharePoint
will result in a
hyperlink appearing
in Salesforce to
avoid over-use of
the Salesforce
storage system.
Conga confirmation
requires
Salesforce/Conga
Trigger licensing
The system should integrate with MS SharePoint
16 On a real time basis, send uploaded documents and associated
identification information to a SharePoint location for analysis and
storage, without passing through Salesforce (to avoid Salesforce file
upload size limitations). Within the portal, provide users with
confirmation that such documents have been sent to SharePoint.
Config Synchonization of
files to SharePoint
will result in a
hyperlink appearing
in Salesforce to
avoid over-use of
the Salesforce
storage system.
The system should integrate with the City of Aspen's ESRI GIS system
17 Using web services, integrate with ESRI Arc GIS Platform Config Depending on the
business need for
integration, may
require coding
18 Provide portal users with map views of available units for rent or
sale
Config Effort depends on
selection of source
data (ex:
GoogleMaps)
19 Provide validation of addresses entered by external users of the
system during application and other processes
Config Requires access to
an address
validation source
(USPS, Experian,
etc.)
The system should provide access to additional systems used in HomeTrek
20 Provide access (via easy to find links or another methods) to other
systems currently integrated with, or planned to be integrated wit,
HomeTrek, including Paymentus for online payments and Conga for
document signatures and other document management functi ons
OOB City of Aspen to
provide hyperlinks
and any required
authentication/auth
orizations.
WordPress provides
a built-in payment
gateway integration
interface
SECTION 2: KEY PORTAL ADMIN AND SUPPORT FUNCTIONALITY
NEEDED BY APCHA STAFF
OOB,
Config, or
Coding?
Comments
The system should provide easy to use tools to:
1 Assist in the management of routine portal maintenance, such as
updating portal text and help
OOB Extensive Guides
available (included
in delivery)
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
2 Manage portal users and user groups OOB
3 Manage portal user roles and permissions OOB
4 Manage automation and validation rules Config Depending on the
validation
complexity, may
require coding.
5 Modify work flows and establish new work flows for multiple portal
processes
Config Depending on the
workflow
complexity, may
require coding.
6 Add/modify fields on the portal OOB
7 View and monitor portal activity history OOB Extensive event log
8 Create and modify portal forms OOB Requires form
component
9 Perform and check the impact of a) system updates for the portal
product and b) Salesforce updates that could impact the portal.
Config
10 Clear delineation of communications and responsibilities for portal
updates and verification of portal functions after updates.
Config
11 Reference detailed portal help resources OOB Extensive Guides
available (included
in delivery)
12 Configure and customize the software and develop additional tools
post-implementation without reliance on the vendor via standard
admin tools within the application
OOB
13 Generate exception reports on portal functions. OOB Built in Error Log
and event handling
14 Set up user prompts and help text Config
15 Ability to add/delete custom fields to reflect changes in Salesforce
fields
Config Requires data
access component
16 Provide for flexible workflow design, control, and status monitoring OOB
17 Have access to a full live test environment for testing updates and
changes
OOB
18 Have a way to refresh the test environment easily to keep it in synch
with the production environment
OOB
19 Prevent submission of incomplete applications Config (Required form
fields)
20 Prevent submission of applications for which a user does not meet
basic eligibility criteria
Config
21 Delete partially completed applications that have set untouched
beyond a selected expiry timeframe
Config
22 Log in as a user to provide assistance OOB
23 Post information of interest, such as the results of a sales lottery on
the portal
OOB
24 Add images to the detail of unit listing OOB
25 Add video to the detail of a unit listing OOB
26 Create, post, and take down notices of APCHA units for sale or rent OOB
SECTION 3: GENERAL FUNCTIONALITY NEEDED FOR ALL PORTAL
USERS
OOB,
Config, or
Coding?
Comments
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
All portal users need to be able to quickly find the
information they need
1 Allow unregistered use of allowed features of the portal for : 1) a
prospective renter, owner, or other interested party seeking
information on available units and other basic information 2) filing
a complaint, and find links to external URLs for further information.
Config
2 Allow unregistered users to subscribe to receive notice of available
units by type (rental or owned) via text and/or emails. Preferably
such subscriptions would be a function of the portal, however an
alternative would be to provide links to a website with the
subscription option.
OOB
3 For applicants and existing tenants and owners, easily register and
log into a secure system (preferably via OneLogin for internal users)
if applying or a current tenant or owner
OOB
4 Easily navigate to any page to which they have access rights with a
minimum number of clicks
Config
5 Immediately access commonly used information via a dashboard, a
favorites tab, a bookmark or other similar solution
OOB
6 View/edit any field to which they have permissions, based on
individual and group specifics
OOB
7 Find user account details quickly OOB
8 Have clear error messages when something goes wrong OOB
9 Easily find and correct errors in user data entry Config
10 Easily access historical as well as current user information housed
within HomeTrek, including statuses of requests and applications in
process.
OOB
11 Perform robust, fuzzy search capability (for instance, – if incorrect
address or spelling is off, system should offer “do you mean this”
options to choose from.)
Config Clarification
required
(spellcheck or AI-
enabled
componentry, like
address validation
to present optional
selections). Both are
available
12 Easily go back to a previous page, and to restart an application at
the page last completed
Config
13 Ability to start an application at the next page to be completed,
without going through the all previously completed pages
Config Requirement
captured and has
been tested/verified
in PoC
14 Quickly find a specific application or other form needed OOB
15 Ability to prevent people from submitting an incorrect application
form for a particular unit
Config Required fields and
value validation
16 Pre-populate new applications with key information from the most
recent previous application
OOB
17 Easily access communications, documents and assigned tasks
attached to a record and/or sent by staff from the system (for
example, Demands for Compliance or other notifications)
OOB
18 Easily access and use checklists for required tasks and documents
associated with applications.
OOB
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
19 Create a dashboard with information of interest to me specifically
(such as rental units available)
Config
20 Have the option to select Spanish as the site language for certain
information guides and for applications
OOB
21 Perform a limited number of queries, or select from and run a
limited number of reports, such as historical payment history, from
the portal
OOB
22 Respond to polls and short surveys of portal users Config Configuration of
polls and surveys
required
23 Have access to a site that incorporates accessible design principles,
striving over time to progress toward meeting new Colorado
accessibility standards and WCAG 2.1. Colorado made history as the
first state to pass a bill requiring government websites to meet
accessibility guidelines. See:
https://leg.colorado.gov/sites/default/files/2021a_1110_signed.pdf
for specific requirements. Also, please see Web Content
Accessibility Guidelines(WCAG) 2.1 for compliance guidelines.
https://www.w3.org/TR/WCAG21/
OOB The WordPress
community
established best
practice to ensure
ADA compliance. A
WordPress
accessibility team is
in place, with
Accessibility Coding
Standards outlined
to ensure that new
and updated code
for the open source
WordPress core
conforms with Web
Content accessibility
Guidelines (WCAG)
at level AA
All users need to be able to attach and upload or
download documents from sources external to the
system
24 Add photos OOB
25 Add PDFs OOB
26 Add Excel or Word docs OOB
27 Add other file types as may be specified by APCHA staff OOB
All users need to be able to easily communicate with
other users from within the system
28 Select a notification preference (email, SMS, both) for messages
from the Salesforce system, and display such notifications on a user
record
OOB Multi-channel and
protocol
communication
capable
29 Send a note or request between staff and external users (for
example, via SF Chatter or other similar tools)
OOB
30 View and upload documents to a compliance case or other types of
cases
OOB
All users need to be able to easily access help and
support
31 Access a robust context sensitive help within the system and help
online, including videos, manuals, and live help
Config Content required
32 Access high quality training and support materials and opportunities OOB
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
33 Access documents and videos with SOPS and other key APCHA
information
Config Content required
All registered users need to be able to add multiple contacts to an
application
34 Add members of a household and/or roommates to an application Coding
35 Apply jointly with a member of a household or a roommate on a
single application
Coding
36 Assign levels of access to an application and information, based on
the characteristics of a household or other living arrangements
Config
37 Add other contacts associated with an application, such as employer
contact information, bank, lender, emergency contact and others
OOB
SECTION 4: ADDITIONAL FUNCTIONALITY NEEDED TO MANAGE
PRIVATE PROPERTY POSTINGS
OOB,
Config, or
Coding?
Comments
1 Complete and submit a preliminary private property ad for review
by APCHA staff
OOB
2 View and adjust status of all private properties under management
(For instance, an individual that posted a unit as available should be
able to remove it from posting)
OOB
SECTION 5: ADDITIONAL FUNCTIONALITY NEEDED FOR RENTALS
AND PROPERTY MANAGEMENT
OOB,
Config, or
Coding?
Comments
Prospective tenants can easily find information on
units available to rent:
1 Access information of unit availability without signing into the portal OOB
2 Complete a questionnaire to automatically determine whether the
prospective renter is eligible for a unit and if so, which category of
unit
Config
3 Click a button and be presented with a map and list of available
rental units, with key unit characteristics
Config
4 Display available units by owner (APCHA managed, non-APCHA
managed, owner listed, third-party)
Config
5 Display/filter to only those units to those for which the prospective
renter is eligible
Config
6 View detailed unit information with one click on a unit OOB
7 Complete a Rental Interest form for APCHA managed units for which
someone wants to be considered
Config
Prospects to whom a unit has been offered can complete the qualification
process
8 Selected interested parties can easily find and complete the correct
rental qualification application packet for their unit, and upload all
associated documents.
Config
9 Easily delete a qualification form started in error OOB
10 For APCHA managed units, view an estimate of the annual cost of
leasing, including all associated fees (for instance, for parking or
laundry)
Config Requires data
11 Except for requalification’s, be prevented from creating duplicate
qualification forms for the same rental and party of applicants
Config
12 Track the status of their application packet during review. Config Form progress
presentation
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
13 Receive and send communications to APCHA staff during
qualifications review.
OOB
14 At the time of application, download a completed qualification
application forms and documents.
Config
15 Save and return to finish a partially completed qualification
application
Config
16 Access Paymentus to pay any fees associated with qualification Config
Prospects approved to become tenants can manage leases and perform
other tenant duties
17 Easily find and download a lease document to view before and after
signing
Coding
18 Sign a lease document via Conga, by providing access to Conga from
within the portal.
Config
19 Access Paymentus to manage online rent and other payments Config
20 Submit roommate changes Coding
21 Submit a form to terminate a lease early Config
22 Complete and submit a Move In request OOB
23 Complete and submit a Move Out request OOB
24 Easily find and complete the Requalification process Coding
25 Easily find and complete a Maintenance Request Config
26 Track the status of Maintenance Requests Coding
27 Respond to staff inquiries regarding Maintenance Requests OOB
28 Submit responses to Notices of Violations, including uploading
documentation as requested
OOB
SECTION 5: ADDITIONAL FUNCTIONALITY NEEDED FOR
OWNERSHIP UNITS
OOB,
Config, or
Coding?
Comments
Prospective buyers can easily find information on units
for sale:
1 Access information of unit availability without signing into the portal OOB
2 Sign up for notifications of units available for purchase OOB
3 Click a button and be presented with a map and list of available
ownership units, with key unit characteristics and the unit deed
restrictions
Config
4 Display/filter to available units by owner (APCHA managed, non-
APCHA managed, owner listed, third-party)
Config
5 Display/filter to units to those for which the prospective owner is
eligible
Config
6 View detailed unit information with one click on a unit Config
7 Respond to a general questionnaire to automatically determine
whether the prospective buyer is eligible for a unit
Config
Prospective buyers can easily complete the tasks associated with
purchasing a unit
8 Easily find and complete the ownership qualification application
packet for the unit, and upload all associated documents.
Config
9 Easily delete a form started in error OOB
10 Be prevented from creating duplicate qualification forms OOB
11 Track the status of their application packet during review. Config
12 Receive and send communications to APCHA staff during
qualifications review.
OOB
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
13 Download completed qualification application forms and
documents.
OOB
14 View submitted forms and documents OOB
15 Save and return to partially completed qualification applications Config
16 After qualification approval, submit a bid on a unit for sale (join the
lottery for a unit)
Config
17 View the results of the lottery for the purchase of the unit Config
18 Prepare and submit a Sales Contract Packet, including document
attachments. Completing a required sales checklist prior to
submitting the Packet.
Config
19 View any communication from the APCHA sales staff during the
purchase process, such as an Amendment to Extend Deadlines
OOB
20 Access Paymentus to pay any fees associated with qualification for
and purchase of a unit
Config Integrate with
Paymentus service
Existing owners can manage capital improvements, perform other
ownership duties and sell units
21 Easily find and download settlement documents after closing Coding
22 Submit Leave of Absence request and view LOA details (such as end
date) (LOA forms)
Coding
23 Submit an interest form related to renting a room within the home Config
24 Submit a posting or listing related to renting a room within the
home
Config
25 Easily find and complete the appropriate Requalification form Coding
26 Submit responses to Compliance Cases, including uploading
documentation as requested
Config
27 Easily find, start, save and complete the capital improvement
approval request process
Config
28 Easily upload required capital improvement documentation, such as
receipts for expenditures
OOB
29 View valuation based on capital improvements Config
30 View a notification of decision regarding a capital improvement
valuation change
OOB
31 Submit a draft sales listing for review by APCHA staff OOB
32 Easily access Paymentus to pay any application and ownership -
related fees and charges
OOB
33 Ability for current owners to complete biennial ownership affidavit Config
34 Ability for owner affidavit fields to update person accounts, units,
etc.
Coding
SECTION 6: SYSTEM SECURITY AND OTHER BASIC IT REQUIREMENTS
REQUIREMENTS QUESTIONS FOR CLOUD-HOSTED SOLUTIONS C1-C24 YES/NO/NA COMMENTS
C1 Does the solution use any locally installed software, client or agent? NO
C2 Any locally installed software or client is fully compatible with the
latest version of the Windows 10 Pro 64-bit operating system.
NA
C3 Any locally installed software or client is fully compatible with
Microsoft Active Directory Domain Services running in the
customer's network.
NA If the portal is
installed on-premise
support for Active
Directory
integration is OOB
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
C4 Any locally installed software is compatible with Sophos anti-
malware end point protection with Intercept X, running on the local
PC.
NA
C5 Does any local software or client require administrative permission
to install? To use?
NA
C6 What are the minimum PC reequipments for the customer's
desktop/laptop to connect and run the solution?
NA A browser is
required. We
recommend setting
a minimum
supported version
for each browser
type to confirm
SSL/TLS version
capability (prevent
insecure browser
sessions)
C7 The solution is fully compatible with the latest versions of common
client browsers: Microsoft Edge, Mozilla Firefox, Google Chrome,
Apple Safari, etc.
YES
C8 Does the solution require a browser plug-in, extension or player app
such as Adobe Flash, JavaScript Runtime or Silverlight?
NO
C9 The solution is fully compatible with the latest version of Microsoft
Office 365 Office Suite Applications: Outlook, Excel, Word, etc.
YES
C10 The solution is fully compatible with the latest versions of Microsoft
Office 365 Business Applications: Teams, Power BI/BI Pro, etc.
YES
C11 The solution is compatible with networked HP, Ricoh, and Xerox
printers.
YES The solution will
output print formats
in compatible
format.
C12 The solution is compatible with HP, Fujitsu, and Canon scanners. YES The solution will
absorb scanned
documents/images
in compatible
format.
C13 The solution is fully compatible and functional from iPad and iPhone
mobile devices while in the field.
YES Cross-browser
including mobile
compatibility
C14 What is the minimal iOS version required? YES No minimum device
platform is required.
We recommend
setting a minimum
supported browser
version (Safari,
Chrome, etc.) to
confirm SSL/TLS
version capability
(prevent insecure
browser sessions)
C15 What backend database does the solution use? YES Solution can use
SQL, Oracle, Oracle
MySQL
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
C16 Which version of the database is it? YES All Vendor
supported/maintain
ed versions. We
recommend using
the most recent
stable version
published to
increase security
C17 Does the solution send customer generated email using the
vendor's domain address?
YES
C18 If so, does that mail system have SPF, DKIM, and DMARC records in
place?
NA Email can be
generated and sent
through the existing
City of Aspen email
service for
consistency in
journaling, audit
and risk
management
C19 Does the solution allow for sending customer generated email using
a City domain address?
YES
C20 If so, can the vendor supply the mail system's SPF IP addresses and a
DKIM generated certificate to use in the City's DNS records?
YES If preferred
C21 Does the solution require any hybrid cloud architecture or
additional internal City resources, services or connections?
YES The solution
requires trusted
(authenticated/auth
orized) access to
and from services
provided by
Salesforce,
Paymentus,
Sharepoint and
potentially other
City
solutions/repositori
es, also possibly
CivicPlus.
C22 If so, please list all requirements for the City's on-premise virtual
servers, firewalls or other systems to accommodate this?
YES Requirements will
include firewall
rules configuration
to enable API
management which
may be best
facilitated using a
single gateway to
reduce individual
risk surfaces
C23 Does the solution have a financial transaction component? YES Not an accounting
solution but a
secure transaction
aggregation
component for
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
storing/synchronizin
g transactions if
necessary.
(Optional)
C24 If so, how will it interface with the City's cloud-based Oracle
financial system?
YES This optional
component can be
configured to use
City of Aspen
security controls
and
authentication/auth
orization
preferences to
maintain the
necessary
compliance posture
C25 What are the options to interface with other systems? YES API, Shared
references/tables,
message bus,
workflow, secure
messaging, others.
CITY OF ASPEN IT - LOGIN AND AUTHENTICATION FOR CLOUD-
HOSTED SOLUTIONS L1 - L13
REQUIREMENTS QUESTIONS YES/NO/NA COMMENTS
L1 Is the username set to be an email address or can the user create
something unique?
YES Recommend using a
unique identifier
and align with
Salesforce use of
email address. If it
possible for City of
Aspen to enable
username creation
if preferred
L2 Is there a minimum/maximum password length requirement? YES Configurable by City
of Aspen
Administrator
L3 Is there a password strength requirement? YES Configurable by City
of Aspen
Administrator
L4 Can password aging be set? YES Configurable by City
of Aspen
Administrator
L5 What is the lockout policy for too many bad attempts? YES Configurable by City
of Aspen
Administrator
L6 What is the process for a user to reset and login if the password is
forgotten?
YES Configurable by City
of Aspen
Administrator, most
commonly a "forgot
password"
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
procedure with the
options to use MFA
(Multi-Factor
Authentication), TSV
Two Step
Verification and OTC
(One Time Code)
L7 If the login fails what message does the user get? YES Configurable by City
of Aspen
Administrator
L8 Is there an automatic logoff of the account after a set period of
inactivity?
YES Configurable by City
of Aspen
Administrator
L9 Is there an automatic suspension of the account after a
predetermined time of not logging in?
YES Configurable by City
of Aspen
Administrator
L10 Is the solution set up to do, or have the option to set up a 2-step/2-
window username-password login process?
YES Configurable by City
of Aspen
Administrator
L11 Does the system have a 2FA/MFA option for customers/users to
access the system?
YES Configurable by City
of Aspen
Administrator
L12 Does the system have a 2FA/MFA option for administrators to
access the system?
YES Configurable by City
of Aspen
Administrator
L13 Is there an option for using the City's SSO SAML 2.0 based system
(OneLogin) for login access by City staff?
YES
CIT+A217:C241Y OF ASPEN IT - SECURITY FOR CLOUD-HOSTED
SOLUTIONS S1 - S33
REQUIREMENTS YES/NO/NA COMMENTS
S1 Ability for RBAC security at a granular level within the application so
as to provide specified users and groups with a least privilege access
to screens, tables, records and fields as needed.
YES
S2 Ability for private records to be kept confidential, through
assignment of application security and permissions.
YES Require
confirmation of
what constitutes a
record in this
context (database
record, document,
file, etc.)
S3 Ability for administrative users to control edit and validation rules to
ensure data integrity.
YES
S4 Ability to keep log records of all actions executed in the system. YES
S5 Ability to keep a separate audit log of system administrator actions. YES
S6 Ability to keep overall database integrity. YES Best performed by
leveraging a second
data store to
perform integrity
audit upon
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
S7 Ability to prevent a primary record from being deleted if secondary
records exists.
YES
S8 Ability to encrypt all or certain data fields for data that is at rest.
What solution is in use?
YES Data at rest using
database publisher
encryption (no
additional cost)
S9 Ability to encrypt all data in transit from end to end. What solution
is in use?
Data in transit using
SSL/TLS, data at rest
using database
publisher encryption
(no additional cost)
S10 All encryption architectures must use well-known and openly vetted
standards. Please list.
YES Triple DES, AES, RSA
Security, Blowfish
and successor
Twofish.
S11 Browser Transport Layer Security must use the TLS 1.2 protocol or
higher.
YES
S12 Certificates are signed by a well-known and trusted public
certification authority. Please list.
NA Certificates selected
by City of Aspen
S13 Is your system run in a datacenter that meets SOC-2 audit
certification?
NA Datacenter selected
by City of Aspen.
We recommend
SOC 2 compliance as
the minimum
standard for
considering a host.
S14 If so, can you provide the audit report? YES Depends on City of
Aspen selection.
S15 Do you have a backup datacenter, and how far away is it from the
primary center?
YES We recommend
using alternate
providers for back-
up which can
include City of
Aspen IT resources.
S16 System provides backup/failover solutions that provides RTO/RPO
times of 24 hours or less.
YES Depends on City of
Aspen selection.
S17 What is your RTO? NA Depends on City of
Aspen selection.
S18 What is your RPO? NA Depends on City of
Aspen selection.
S19 What is your monthly uptime? NA Depends on City of
Aspen selection. We
recommend a
minimum of 4 '9's.
(99.99% uptime).
S20 What was your annual uptime for the past 5 calendar years? NA We can provide
reports for other
portals delivered
using AWS, AZURE,
etc.)
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
S21 Please specify what security measures are used that prevent
unauthorized access/data breaches of the system?
YES Security measures
include a
combination of SSO
(Single Sign On
identity
management),
Certificate trust (ex:
Radius), MFA/TSV,
Hardened OS
(operating system),
hardware controls,
Digital Rights
Management to
support DLP (digital
loss prevention) and
event monitoring.
S22 Has your system ever experienced a DDoS attack? YES
S23 If so, how long were your servers down for? NA Attack was
deflected using an
algorithmic defense
mechanism. Zero
down time, but
impacted
transaction
processing
performance.
S24 What is your current methodology to prevent/mitigate DDoS
attacks?
YES The methodology
employed may vary
based on Cloud vs
On-Premise
implementation, but
presents a layered
approach to detect
both high and low
volume (ex: SLOW
POST) attacks. This
includes traffic
decryption to
increase detection.
S25 Who is considered the owner of all City data placed in the system? YES The City is the
Owner of all City
data
S26 In what format(s) can the data be exported out in the event of
contract termination?
YES Multiple to suit the
City's purpose.
S27 Does the system's coding uses secure software development
standards in order to mitigate the OWASP top 10 vulnerability risks?
YES
S28 Has all backdoor developer/admin access commonly used during
software development been removed from the production system?
YES
S29 Can the vendor provide an attestation statement from a reputable
security audit/penetration testing company that the system meets
current standards and best practices for providing data
confidentiality, integrity and availability?
YES
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
S30 Component purchases from approved vendors are tightly controlled
and prequalified. Software from other vendors is inspected,
reviewed and validated before being accepted as part of the
solution.
YES
S31 Can you provide the City with an SBOM? YES
S32 Colorado's personal identifying information protection law CRS 24 -
73-102 places certain requirements on the City and third-party
service providers working for the City. Vendor must agree in the
contract that they are maintaining reasonable security procedures
and practices as listed in the statutory requirements.
YES
S33 Colorado's data protection law CRS 6-1-713 places certain
notification requirements on the City. Vendor must agree in the
contract to notify the City in the event of a data breach as soon as
one is suspected to have occurred, regardless of the need for
further investigation or forensics examinations to verify such
breach.
YES
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
1
EXHIBIT D: REVISION SERVICE LEVEL AGREEMENT
Introduction
This agreement specifies the types and levels of services REVISION will provide to APCHA on
an on-going basis, beginning immediately post-go-live. At APCHA’s discretion these services
will be renewed on an annual basis, on the date the solution was fully deployed and live.
The type and amounts of services may vary year to year, depending on APCHA needs. APCHA
and REVISION agree to review needs and to renew or revise this agreement collaboratively,
with the intention to finalize changes in services and pricing at least 30 days prior to the annual
renewal date. APCHA is not under an obligation to renew services, however.
Hosting
REVISION agrees to provide secure hosting services that include the elements outlined in Table
D1 below. Hosting charges are in Exhibit B.
TABLE D1. – REVISION HOSTING
Dedicated Virtual Machines (Application, Database, API Services).
Bandwidth 200GB/month
Storage included 25GB
Operating System LINUX and/or Windows Server
Database ORACLE (Aurora) MySQL
Support
Support approach
Exhibit B contains a description of the support approach and costs.
Support Priorities and Expectations
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
2
REVISION shall provide Tier 2 to Tier 4 technical support to a APCHA Tier 1 response
team. This means that APCHA “super-users” will provide the first point of contact with end
users (Tier 1 support). Should APCHA super-users be unable to answer a question or resolve
a problem, such users can escalate to REVISION for resolution. Table D2 details the support
expectations for escalated issues.
Table D2: REVISION Support Priorities and Expectations
Tier Description Response Expectation
Tier 2 Minor issue: APCHA staff need
assistance to resolve, even though few
customers are affected and a
workaround may exist
Initial response within 2 business
days; then a target to resolve within
10 business days using
commercially reasonable efforts
Tier 3 Moderate issue: portal is not correctly
handling one or more business processes
on a repeated basis, or a temporary work
around is available for an otherwise Tier
4 problem
Initial response within 1 business
day; then a target to resolve within 5
business days using commercially
reasonable efforts
Tier 4 Critical issue: portal solution is
unavailable to customers, or there is a
widespread loss of multiple system
functions, or data is being corrupted,
affecting many users, with no
workaround
Initial response within 2 business
hours; then a target to resolve within
1 business day using commercially
reasonable efforts.
Accessing Support
To access support, APCHA staff may call or email Revision at a number and email address to
be provided and kept updated by the company. Support will be available from 8:00 am-5:00
pm Monday through Friday, Mountain Time. No support will be available on Federal
Holidays.
After-hours support is typically only available for Tier 4 issues, except that on at least a
quarterly basis, REVISION will collaborate with APCHA to ascertain whether after-hours
time is needed to pro-actively apply patches or address issues that may soon arise due to
updates to the software applications integral to the solution.
Monitoring Support Hours Used
REVISION will send APCHA a quarterly summary of hours consumed and for what they
were used.
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D
3
Security as a Service
REVISION agrees to provide Security as a Service that include the elements outlined in
Table D2 below. This service must meet the security expectations included in the terms of
the Professional Services and Software Agreement for this contract, as well as address the
more specific requirements as outlined in Table A1 in Exhibit A (the Requirements Table).
REVISION will detail the approach to be taken in an Information Security Analysis
Notebook, similar to the example provided to APCHA on May 25, 2022. This Notebook will
be collaboratively developed and finalized with APCHA and City of Aspen IT staff, and
approved by the APCHA Director, during the initial phase of this project. It may be updated
or modified as mutually agreed upon from time to time.
Table D2. Security as a Service Components
SECURITY-AS-A-SERVICE
MONITORING
(Availability ping and event monitoring)
FRAMEWORK UPDATE MAINTENANCE
(Core framework)
ADD-IN UPDATE MAINTENANCE
(Hometrek™2 only- Optional non-Core Plugins not included)
WEB APPLICATION FIREWALL (WAF) SECURITY
SUPPORT
DocuSign Envelope ID: 9B365E1E-8C53-42AF-A657-74B55079722D