SEATTLE IT AND SPD

NRMS ACCOUNTABILITY REPORT

CONTENTS

PROJECT SCOPE 1

BACKGROUND 1

SCOPE 1

SCOPE BOUNDARY DETAILS 2

BUSINESS REQUIREMENTS 3

FIT GAP ANALYSIS 6

PROJECT PLANNING 7

PROJECT SCHEDULE 8

KEY MILESTONE OVERVIEW 8

CONFIGURATION 9

INTERFACES 9

DATA CONVERSION 9

BUSINESS PROCESS 9

ACCEPTANCE TESTING 9

TRAINING 9

CUTOVER 10

PROJECT BUDGET 10

CONTINGENCY ESTIMATES 10

PROJECT CONTROLS 11

ONGOING ACCOUNTABILITY FRAMEWORK 11

CHANGE MANAGEMENT 11

SCHEDULE MANAGEMENT 11

BUDGET MANAGEMENT 11

CONTRACT MANAGEMENT 11

RISK MANAGEMENT 12

ISSUE MANAGEMENT 12

RESOURCE MANAGEMENT 12

QUALITY MANAGEMENT 12

DATA CONVERSION AND MIGRATION STRATEGY 12

STAGE 1: PLAN 13

STAGE 2: UNDERSTAND 14

STAGE 3: DESIGN AND BUILD 14

STAGE 4: EXECUTE 14

STAGE 5: TESTING AND VALIDATION 14

FINAL EXECUTION TO PRODUCTION 15

DATA GOVERNANCE 15

DATA OWNERSHIP 15

DATA CONTROLS OVERVIEW 15

SAFEGUARDS 16

STANDARDS 16

PRIVACY IMPACT AND SURVEILLANCE REPORTING 16

APPENDIX 17

PROJECT SCOPE

BACKGROUND

In 2015, The City of Seattle Police Department (SPD) conducted an internal review and assessment of its existing record management technology and processes. The review confirmed that the existing system, provided by Versaterm and implemented in 2007, frustrated front-end users and lacked modern capabilities, including mobile deployment. The system was difficult to use in collecting various types of information and identifying key performance metrics. SPD Leadership surveyed the field to identify advancements in the records management marketplace.

The leadership team's desire was to identify an option built on a modern platform with adaptability providing ease of use for report writing, and information collection resulting in analysis capabilities to inform management.

To these aims, the New Records Management System (NRMS) project was launched to procure a new Records Management System (RMS) solution and implement the law enforcement/criminal justice RMS ecosystem for the Seattle Police.

SCOPE

The NRMS project is implementing the law enforcement/criminal justice RMS ecosystem for the Seattle Police Department. The solution selected by SPD and Seattle IT to deliver this RMS ecosystem for the City of Seattle is Mark43, a vendor transforming the RMS market with the introduction of their Software as a Service (SAAS) solution. This work includes configuration, integration, data migration and data extraction. Activities required to prepare for the new RMS ecosystem include: assessment and planning for implementation, planning and executing organizational change readiness, conducting project quality assurance, updating policy & procedures, updating the existing continuity of operations, training all impacted employees, and planning for a detailed organized launch, including two-way feedback loop post-launch.

SCOPE BOUNDARY DETAILS

In Scope Out of Scope

Impact Analysis

Final Fit/Gap

Contract with Mark43

Business Process Reform

Implementation of New RMS

Modern Integration of RMS ecosystem

Convert & Migrate appropriate Information

Data Extracting

Rationalize Existing

o Databases

o Applications

o Reports

Employee information management independence of RMS

Update Organization Information

o Policy & Procedures Updates

o Continuity of Operations Updates

Train Approximately 1600 Users

Accept & Adopt

o Acceptance Testing

o Readiness through Organizational Change Management (OCM)

o Service Acceptance Criteria (SAC)

o Knowledge Transfer Overall Mobile Technology for Police Operations

Legacy RMS Data Migration

BUSINESS REQUIREMENTS

The NRMS project is designed to meet the following objectives and requirements described by the business:

Objective Requirements

Business "Improve organizational performance"

ID

1. Users will experience equal to if not improved uptime

2. Workflows are built-in to the solution for cross unit collaboration on functions.

3. Business policy, process, and procedures are well defined, streamlined, and compliment the use of the cloud record management.

4. The solution provides adaptability through self-serve configuration.

5. Reduce the need for searching records across multiple data sources.

6. Police employees will have faster and more readily accessible field awareness by searching the RMS to better inform operational actions

7. Records will have a minimum of 60% pre-population of data from NIBRS/UCR mapping especially for the routine reports.

8. Records will have a full report audit history.

9. Records will have context-sensitive reporting and export formats.

Business "Improve user experience"

ID

10. Writing police reports will be logical and intuitive, based on a modern user interface that takes advantage of advances in technology to prompt users to enter correct information at the correct time.

11. Police report entries will have active error detection at the time of entry March 2019 go live.

12. Ability for information entered into reports to propagate into other systems (use of force, etc.) to minimize duplicate data where possible

13. Profiles of known entities (people, vehicles, locations) will be suggested to reduce duplicative data entry.

14. CAD events will autofill the beginnings of the police report if a CAD event occurred.

Business "Collect information near real time"

ID

15. Reports in draft status will be identified in search results.

16. Sergeants can review reports and approve or return to the officer for clarification or additional information.

17. Investigators can update cases directly in RMS.

18. Search returns inclusive results of reports recently entered.

Business "Increase information quality"

ID Objectives

19. Technology active error checking will increase data quality.

20. Patrol policies will require police report accuracy from inception with quality control procedures.

21. Active NIBRS/UCR systematic code checking to reduce NIBRS monthly errors and/or reduce staff time to validate.

22. Officers must search for existing entities before adding new ones to eliminate duplicate entity information.

Business "Decrease time to train"

ID Objectives

23. Reduction in time spent training new employees on use of RMS system.

24. Self-service training will reduce the need for classroom refresher training.

Business "Reduce infrastructure costs on-premise"

ID Objectives

25. By decommissioning the infrastructure parts, Cloud-based infrastructure will eliminate internal support costs for isolated Versaterm RMS infrastructure.

26. Remove support costs for isolated Versaterm RMS.

Business "Provide capabilities for evidence control"

ID Objectives

27. Automate evidence control functions with technology capabilities.

28. Process clearances and evidence disposition efficiently based on technology notifications reducing person to person approvals.

29. Self-serve the management of the evidence facility locations.

30. Use mobile devices inside the evidence warehouse for real time updating of information.

31. Conduct cycle counting of evidence throughout the year.

32. Patrol officers will automatically generate custodial property reports.

33. Patrol officers will upload images for new RMS property profiles.

34. Patrol officers will be able to use advanced property search for field awareness.

35. Evidence controllers will have bulk item filtering with actions.

36. Evidence controllers will have mobile phones for property scanning & audits.

37. Evidence controllers will maintain ability to tie department personnel by linking chain of custody.

38. Evidence Sergeant will have configurable barcode labels.

39. Evidence Sergeant will have real time inventory management reports.

40. Evidence Sergeant will have preset disposition notifications on E-Mail.

Business "Improve data analysis results"

ID Objectives

41. Increase the ability to match "CAD Event#" and "General Offense# (GO)" across the law enforcement application ecosystem.

42. Ability to report on Mark43 system data in the departments Data Analytics Platform

43. Records will have integrated workspace for NIBRS/UCR report exports.

44. Records can identify & correct error within a single interface.

45. Crime analysts can rely on uniform near real time data collection.

46. An open API for 3rd party platform publishing.

Business "Maintain ability to use various state and federal databases"

ID Objectives

47. The Mark43 cloud solution provides the entry, update, clearance, and cancelation of NCIC/WACIC for License Plates, Vehicles (Stolen, wanted), Wanted Persons (warrants), Missing Persons, Protection Orders, Person of Interest, Violent Person, Unidentified Person, Stolen Guns, Recovered Guns, Lost Guns, Stolen Articles, Recovered Articles, Stolen Securities, Stolen Boats, Stolen Vehicle Parts.

48. The communication center, officers, and investigations is able to search NCIC/WACIC through the Mark43 cloud solution.

Business "Improve quality and consistency of case management investigations"

ID Objectives

49. Case management is consistent across investigative units with varying data point captures for unique case information.

50. Detectives will have unlimited attachments & full WORD processing.

51. Detectives will be able to automatically link master entity profiles from reports.

52. Detectives will be able to search & view cases within their authority.

53. Investigations will be able to easily assign open reports to cases without the need for paper files.

54. Investigations will have dashboards for tracking investigations.

55. Investigations can use context-sensitive case export formats.

56. Detective Sergeants can preset units, permissions & task lists by case type.

57. Detective Sergeants can assign tasks to detectives & view status updates without paper files.

58. Detective Sergeants will have full case audit history.

Business "Improve reliability of arrest data"

ID Objectives

59. Capture full event chronology from inception to final bookings and disposition.

60. Capture all happenings centered around one event with unlimited number of cards describing the happenings including arrest dispositions for individual charges and arrest reports for a single suspect in a multiple suspect offense.

Business "Maintain the ability to comply with the City's standard GIS"

ID Objectives

61. Records management information is provided to the City's standard ESRI Geographic Information Systems (GIS) in the X/Y coordinates.

62. Blurring of addresses for public consumption such as data.seattle.gov occurs from the cloud technology to ESRI without translation.

63. Mapping information continues to be maintained with the City departments, the police department and King County using the most accurate mapping in the ESRI products.

Technical "Improve integration methods"

ID Objectives

64. Use the latest technology (open Application Programming Interface (API)) provided through Mark43 for integration into the Mark43 cloud solution.

65. Use the latest technology in preparing the information for the integration.

66. Permissions and associated fields are configurable.

67. Internal notifications & alerts are configurable.

Security "Pass security assessments and CJIS security policy compliance audits"

ID Objectives

68. Pass the "CJIS Security Policy Compliance (NCIC/WACIC)" audit with no exceptions

69. Ensure the Seattle IT security assessments are passed before "Go Live" and after "Go Live" as defined in the Contract.

Support "Ensure users have support 24x7x365"

ID Objectives

70. Support groups in the cloud on on-premise will be available 24x7x365 with Service Level Agreements (SLA).

FIT GAP ANALYSIS

The planning stage included a Fit Gap Analysis to identify gaps between SPD's requirements and vendor capabilities. Of the 617 requirements presented to Mark43, 11 were identified as high-priority gaps, meaning that the gap would impair SPD operations. Mark43 committed to fulfilling 10 of the 11 gaps by the second quarter of 2018. The project's executive steering committee elected to proceed. One requirement, an integration with Datamaxx was not originally promised. However, that integration is now on Mark43's Roadmap for the 4th quarter of 2018, leaving no remaining high-priority gaps. Many of the requirements classified as low to medium gaps are solved by business process and/or policy changes . The remainder were deemed as "nice to have" or optional by SPD and most do not exist in current technology.

While Mark43 meets SPD's requirements, complete successful adoption of the new system will require extensive policy and business process changes. Therefore, the City has contracted Accenture to develop a strategy for Organizational Change Management, which will be executed by the Project team with oversight from Accenture through go-live.

PROJECT PLANNING

Seattle IT's delivery of technology projects follows a 5 Stage Gate process (as shown in the diagram below). To successfully progress to the next stage, the project must demonstrate completeness of required deliverables.

In 2015, the Chief of Police requested a new RMS system citing the business needs outlined above. The original timeline envisioned go-live in the Fourth Quarter of 2017. The preliminary Budget Issue Paper was drafted to procure the new system and approved by Council in November 2016 for the 2017-2018 budget. The initial schedule and budget represented high level estimates based on the information available at that time.

Typical of large complex IT projects, there is a high degree of uncertainty underlying the preliminary cost and schedule estimates during Concept and Initiation stages of projects. Additionally, the project was planned pre-consolidation and executed post-consolidation, which added to the uncertainty and some delays in implementation. Finally, at the planning stage, requirements included all aspects of what the department would want in an ideal RMS system, rather than what would be necessary for the department to conduct business.

While this project began prior to Seattle IT's adoption of this formal process, the NRMS project has moved through 3 of the 5 Stage Gates. In 2015 this project would have been in what is now called the Concept stage. Initiation began in March 2017; the NRMS project successfully entered the Planning stage in May 2017. The project was formally approved to enter the Execution Stage in March 2018.

Per Seattle IT's process, detailed requirements-gathering, planning, option analysis, fit-gap analysis, and contract negotiation are now complete. In partnership with our vendor, we have re-baselined to produce a detailed schedule and revised budget estimates. We have a high degree of confidence that current forecasts are accurate and realistic.

In January 2018 Gartner started their independent Project Quality Assurance (PQA) work to measure and monitor the performance of the project and tracking the work against the objectives of SPD. Gartner will report on a monthly basis and discuss performance of the project with the Project Steering and Executive Steering Committee members.

The schedule and budget outlined in this document now reflect current projections with improved information, based on actual vendor contracts.

PROJECT SCHEDULE

As stated in the October 2017 Memo to Council, the NRMS project was estimated to go-live in either the fourth quarter of 2018 or first quarter of 2019.

Consistent with this estimate, the current go-live date for the NRMS project is March 2019. This date is based upon detailed planning with the vendor, SPD, and Seattle IT. Following go live, the stabilization phase will begin and remain in place until the scheduled project completion date of August 2019. While the March 2019 date is agreed to by Mark43, the project team and the vendor continue to work to identify opportunities to go-live earlier and will continue to work collaboratively to pull that date in if possible while respecting SPD's operational change black-out period between early December and mid-January.

The cost estimate detailed in the budget section has been updated to reflect the new schedule and remains within budget authority.

KEY MILESTONE OVERVIEW

Milestone Start Date/Target Start Date Target Completion

Configuration February 5, 2018 June 8, 2018

Interfaces February 19, 2018 October 12, 2018

Data Conversion February 5, 2018 February 28, 2019

Business Process September 17, 2018 October 15, 2018

Acceptance Testing October 29, 2018 December 28, 2018

Training January 7, 2019 January 18, 2019

Cutover March 15, 2019 March 19, 2019

Go Live March 19, 2019 March 19, 2019

Stabilization March 19, 2019 August 30, 2019

CONFIGURATION

Configuration began February 5, 2018 and is expected to complete in Q2, 2018.

Full National Incident Based Reporting System (NIBRS) mapping of Seattle Municipal Code and verification of Revised Code of Washington may extend this task to the end of July. Note: The validation of NIBRS with the State is scheduled to occur in the testing phase.

INTERFACES

Interface development began February 19, 2018 and is expected to complete in Q4 2018. The prioritized list of system integrations includes:

Booking and Arrest System (BARS) bi-directional (counts as two, one inbound/one outbound)

Computer Aided Dispatch (CAD) Events

CopLogic citizen-based reporting system

SECTOR (based on ESB access specifically not a new onboarding cycle with WACIC)

EQI (based on "simplified" platform development internal to the City)

Staging Bridge for data consumption (note that this covers Workstream 5 including DAP and several consumption points listed in Workstream 2)

JEMS

DATA CONVERSION

Data Conversion efforts began February 5, 2018. Mark43 is planning for a phased development. Evidence and Reports (including Persons/Vehicles) has been prioritized as the preliminary focus. Data conversion is expected to be complete within 6-8 months, with testing planned for the end of September 2018. Data Conversion is included in the contract with Mark43.

BUSINESS PROCESS

Policy, procedure, and task definitions and final process workflow confirmations are based on actual product pre-acceptance testing. SPD is scheduled to complete by October 2018.

ACCEPTANCE TESTING

Acceptance Testing begins Q4, 2018 with an expected completion date before the end of 2018. It is important to note that two holiday periods fall within the testing time frame (Thanksgiving and Christmas into the New Year) which requires extreme focus from all participants in the testing process, particularly with regard to any rework or fixes that may be necessary to complete testing.

TRAINING

Approximately 1600 users will be impacted by the NRMS project and require training. Mark43 will provide training guidance, including overall strategy, as well as "Train the Trainer." Train the Trainer for all disciplines will begin Q1 2019.

The City will provide end-user training based on role-specific business processes with guidance from Mark43. End user training will begin and be completed in Q1 2019. This includes make-up training sessions; however, staging for production readiness may cause adjustments to this schedule. Additionally, this schedule may require dual or concurrent training tracks.

CUTOVER

Cutover/go live is scheduled for Q1 2019.

PROJECT BUDGET

Mark43 (subscription cost for 1 year) $1,055,520

Project Quality Assurance: Gartner $359,490

Organizational Change Management: Accenture (OCM) $194,760

Project Management $296,000

Hardware $14,802

Labor $1,599,199

Training $475,776

PROJECT BUDGET $3,995,547

Contingency $675,576

TOTAL BUDGET WITH CONTINGENCY $4,736,659

Actual Cost (Spend to Date)* $464,157

CONTINGENCY ESTIMATES

Contingency estimates are based upon specific line items associated with identified high risks and cost estimates of labor, professional services, and associated hardware/software costs. Because of the high-risk nature of this project, the original contingency planned for the project was 20% of total budget. This is commensurate with other projects with this degree of complexity.

The 2018 Proposed Budget increased the total project budget from $3.2M to $5.1M. Part of that increase included contingency of $974,621, which represented 24% of the new project budget.

The Council green sheets 24-1-A-1 and 25-10-A-1 collectively reduced the project budget by $311,359 to $4.7M. As the project has moved to the Execution Stage and costs have become more certain, overall contingency can be reduced to absorb this cut. As of March 2018, only a 17% contingency of $675,576 remains on labor and external costs not related to subscription services or ongoing operations sustainment costs.

Current contingency estimates account for mitigating risks that may be incurred during the development, testing, and cutover as new capabilities are released by the vendor. While the project team is making great progress against the schedule, any project which aligns go live with new product development efforts by the vendor has increased risk over deploying what is already available in the market. The project will maintain the contingency at 17% until code is in production and go live date is achieved. The contingency funds may also be necessary to complete the effort required to bring Mark43 data into the Data Analytics Platform (DAP).

PROJECT CONTROLS

Seattle IT follows these control measures to ensure projects are managing against their plan baseline:

ONGOING ACCOUNTABILITY FRAMEWORK

To ensure accountability to stakeholders and the public, these matters are regularly discussed in the following venues at the cadence described:

TechStat Project Review: monthly meeting

Executive steering committee: monthly meeting

Project steering committee: bi-weekly meeting

Project status report: weekly publication

A copy of the most recent project status report is included in the appendix and these will be provided to the council staff monthly through the conclusion of the project.

CHANGE MANAGEMENT

The NRMS Project Manager manages changes to the project, including presenting value and impact assessments to the Project Sponsor. Individual change orders are tracked using change management lists. The Project Sponsors are the final authority on project Change Orders.

SCHEDULE MANAGEMENT

The NRMS Project Manager monitors and updates the schedule on a weekly basis, reviewing any changes with the Project Sponsor and other stakeholders as appropriate.

BUDGET MANAGEMENT

Monthly, the Project Manager compares budgeted cost and schedule to actual cost and schedule using the City's standard financial workbook and data collected from the Vendor and from City resources. Accounting codes have been setup for charging billable and non-billable time and resources are asked to track time spent on the project using their timesheet. The escalation process when actual cost exceeds budget has been specified by the Project Sponsor as follows:

1. If actual cost and/or schedule exceed budgeted cost and/or schedule for the current reporting period by over 10%, the project manager reports to Project Sponsor so that corrective actions may be taken or mitigating decisions initiated.

Corrective actions and mitigating decisions may include any or a combination of the following steps

Reducing or eliminating baseline scope elements

Increasing the project budget via the change management process

Lengthening the project schedule via the change management process

Cancelling the project (decided by the Executive Steering Committee) if agreed upon shutdown conditions are met

CONTRACT MANAGEMENT

The NRMS Project Manager manages the Vendor's contract in accordance with existing City of Seattle standards and agreements.

RISK MANAGEMENT

Project risks are tracked using a tool for logging, assessing, quantifying, applying mitigation strategy, backup plans, journaling, assigning, tracking, and reporting.

ISSUE MANAGEMENT

Project issues are tracked using a tool for logging, assigning, journaling, resolving and reporting. If project issues are unresolvable at the project manager level, the issue is escalated to the project sponsor and vendor account executive, and lastly to the steering committee for resolution.

RESOURCE MANAGEMENT

The NRMS Project Manager monitors activities weekly and staff requirements thereof. An initial forecast was communicated at the beginning of the project to raise awareness of effort for key staff members and has since been refined as work has progressed.

QUALITY MANAGEMENT

Due to the size and complexity of this project, the City has contracted Gartner to provide independent oversight of the project.

DATA CONVERSION AND MIGRATION STRATEGY

Mark43's Data Migration Strategy allows for identification and migration of critical legacy data into the new RMS system. Once data is migrated, Officers, Detectives, and Records staff, can search for and continue investigations on reports, persons, and property captured in their legacy system. Data conversion and migration are included in the City's subscription contract with Mark43. Should Mark43 be unsuccessful in migrating required data, the City will renegotiate and/or cancel the subscription contract.

Mark43's Data Migration Strategy consists of 5 stages, each of which contains success criteria that must be satisfied before the next stage can be executed. An overview of the strategy can be found in the diagram and sections below.

Benefits of the migration strategy include:

Maximized ROI from enterprise applications

Efficient and effective business processes

Reduced uncertainty and risk

Reduced delays and wasted time

An accurate view of data

Improved customer service

Better accountability and ability to meet compliance targets

Additional value for shareholders and stakeholders

Diagram: Mark43 Data Migration Phases

STAGE 1: PLAN

Mark43 meets with both IT and Business Subject Matter Experts (SMEs) to understand functional migration needs of the department as well as what is captured in the legacy system. Due to both high time and labor cost migrations, as well as inherent complexities, the aim is to migrate data needed for the business and retention needs of the department. Seldom is all source data required, so scoping is approached firmly to filter out surplus data.

Data scoping is determined through a series of extensive due diligence research sessions with business and technical users. Participation in the due diligence sessions is limited to those directly affected by the migration process and who have in-depth knowledge of both business and technical considerations.

Determinations include:

? Level of data migration is required (full, just names and locations)

? How users currently access legacy data

? Locations of backups and/or alternative means of access of reports (i.e. a PDF version)

? The volume of data (approximate number of records in the largest table, number of reports created per day/year)

? SQL Server version is your application running on and other systems are involved?

? Attachment migration

? Previous data import for most recent change of system:

? Who performed migration, validation

? How data is accessed by users

? Whether stat reports for migrated data run off the legacy system or the current system

? How cut-over was handled (one-day, phased by division, etc)

Outcomes of due diligence research sessions include an agreed upon migration scope that will be presented to project steering committee for signoff and a migration schedule and timeline.

Additionally, within the "plan stage" Mark43 also works with project manager and Project Steering Committee to set up a migration working group comprising of business and technical team members. This group is responsible for making "low level" decisions about the migration and communicating risks and bigger decision points to leadership for remediation. This working group meets on a weekly or bi-weekly cadence.

STAGE 2: UNDERSTAND

In Stage 2, Mark43 and the department work in collaboration to take a deeper dive into the legacy data. Objectives include a better understanding of the data to be migrated and various database schemas. Detecting possible conflicts and resolving any data issues and inconsistencies is crucial to expedite later migration stages (catch and resolve issues early when they can be easily remedied).

Benefits of the understand phase are:

? Gain clear visibility into and access to all data problems, with the ability to investigate anomalies to any required depth

? Identify unknown data issues by making it easy for non-technical staff to find the answers to questions they didn't know they needed to ask

? View any inconsistency across the full scope of the data to be migrated and assess its impact on the whole migration project

? Establish a single way of conducting analysis across the project

? Remove dependence on technical source system owners and their time

STAGE 3: DESIGN AND BUILD

The design and build stage consists of two distinct parts: (1) mapping and (2) incremental development of data migration software and tool set.

During the mapping step, department SMEs map legacy data fields to Mark43's migration schema. A weekly meeting is established between department SMEs and Mark43 POCs to ensure mapping is accurate and mapping questions are addressed. A finalized mapping document is generated by the department and signed off on by technical and project leadership.

Once mapping specifications have been created, Mark43 kicks off incremental development of ETL (Extract, Transform, Load) scripts to run the migration. Mark43 advocates migrating data a section at a time by category - as opposed to one large migration of all data. Migrations should occur over several rounds until all agreed upon data has been migrated into Mark43. Each round will focus on a specific category of the migration. ETL scripts are created for each section of data to be migrated. Scripts are tested and validated before they are run.

STAGE 4: EXECUTE

During the execute phase, data is extracted from the legacy system, transformed, cleansed, and loaded into the test environment. The execute phase will be performed for each round of the data migration determined.

STAGE 5: TESTING AND VALIDATION

After each consecutive execute round, the department will perform testing and validation of data migrated to the test environment. Key testing and validation actions include:

? Application Functionality testing: Perform regression tests on a sample reports

? Identifier Validation: Make sure all key identifiers match across systems (e.g. All serial numbers are migrated, all reports are migrated)

? Sample Validation: Compare a sample of reports across the systems manually to look for discrepancies

Upon completion of testing and validation the migration working group will either sign off on the round or identify what needs to be corrected. Corrections will be grouped into the next round until final sign off is received.

FINAL EXECUTION TO PRODUCTION

Upon final sign off, Data is extracted from the client legacy system, transformed, cleansed, and loaded into the target system using all the migration rules.

DATA GOVERNANCE

DATA OWNERSHIP

The City of Seattle retains ownership of all data, information, content and other materials stored or transmitted by the City and its Authorized Users in the Authorized User accounts, in the City's configuration, and on any Third-Party Application, excluding any Third-Party Data (i.e. data owned by a Third Party) and Vendor Data (i.e., the Cloud Software Service for Law Enforcement, Documentation, etc.). This is per Sections 4 and 53 of the contract.

SPD and Seattle IT have submitted new language to the City Attorney's Office for review and approval for sections 53.3 and 54.d of our contract with Mark43. This will address the concerns raised by Council. The modified language is expected to be included in an amendment to the contract which we anticipate signing with Mark43 in early May.

DATA CONTROLS OVERVIEW

The Mark43 Production network is a virtual private cloud, entirely separate from all other Mark43 development environments. Server access to the Mark43 Production network is controlled by an IP restricted SSH bastion server which requires public/private key authentication. Mark43 supports FIPS 140-2 compliant TLS 1.2 encryption between customers and the application. Traffic between Mark43 Application servers and Databases is encrypted.

City Data is stored encrypted in AWS GovCloud. Access to the data centers is restricted to Amazon personnel. Amazon provides power, security, and fire protection controls, database backups, and operates over multiple availability zones.

A host based intrusion detection system is installed on all Mark43 servers. Privileged commands in the Mark43 production server environment generate real time alerts to authorized personnel.

User access to Mark43 Applications requires usernames and passwords and accounts lock out after too many failed attempts. Two factor advanced authentication can be enabled and customized to fit customer needs.

SAFEGUARDS

At a minimum, Mark43's safeguards for the protection of the City's Data and Personal Information include:

1. Limiting access of Data and Personal Information to Authorized Persons;

2. Securing business facilities, data centers, files, servers, back-up systems, mobile devices, and other equipment with information storage capability;

3. Implementing network, device application, database and platform security (including vulnerability management);

4. Securing information transmission, storage and disposal;

5. Implementing authentication and access controls within media, applications, operating systems and equipment;

6. Encrypting Data and Personal Information stored on any mobile media;

7. Encrypting sensitive Data and Personal Information transmitted over public or wireless networks;

8. Ensuring that the City's Data is not commingled with any other types of information;

9. Implementing appropriate personnel security and integrity procedures and practices, such as background checks

10. Providing appropriate privacy and information security training to personnel.

STANDARDS

Mark43 will store the City's Data in an environment that meets the following Regulatory Requirements and Industry Standards:

Criminal Justice Information Security Policy (CJIS),

International Organization for Standardization's standards: ISO/IEC 27001:2005 - Information Security Management Systems - Requirements,

Information Technology Library (ITIL) standards,

Control Objectives for Information and related Technology (COBIT) standards,

National Institute of Standards and Technology's (NIST) Federal Information Processing Standards (FIPS) 140-2 (Security Requirements for Cryptographic Modules),

NIST SP 800-53A Rev 4,

City of Seattle IT Security Policies.

PRIVACY IMPACT AND SURVEILLANCE REPORTING

An initial Privacy Impact Assessment was completed in May of 2017, prior to the surveillance ordinance. In the summer of 2017, concerns were raised about the Mark43 system and referenced in the green sheet sponsored by Councilmember Gonzalez. In May of 2018 Seattle IT expects to complete their contract modifications to address those concerns with Mark43. Following those modifications, SPD and Seattle IT will repeat the Surveillance Master List Questionnaire and confirm that the Mark43 services continues to not be identified as surveillance technology. In addition, a second Privacy Impact Assessment is scheduled for July of 2018 to validate that this software continues to meet City of Seattle IT Privacy standards. If Seattle IT determines a Surveillance Impact Report is required, it will be submitted to Council in September of 2018. We respectfully request Council take action on the report no later than October 31st, 2018 in order to meet our go-live time-line and within our existing budget.

APPENDIX

PROJECT SCHEDULE DETAIL

Task Name Finish

MILESTONE: Project Planning Complete Approval to Proceed Thu 1/25/18

MILESTONE: OCM RFP Process & Contract Complete Mon 1/29/18

MILESTONE: PQA (3rd Party) RFP Process & Contract Complete Tue 1/30/18

Finish: Thu 2/1/18 - Wed 2/28/18 Tue 2/13/18

MILESTONE: OCM Vendor Onboarded Thu 2/8/18

MILESTONE: PQA (3rd Party) Vendor Onboarded Tue 2/13/18

Finish: Thu 3/1/18 - Sat 3/31/18 Fri 3/30/18

MILESTONE: Deliver First Change Readiness Scorecard Fri 3/9/18

MILESTONE: Backgrounding Complete for Accelerated Group Fri 3/9/18

MILESTONE: Equipment & Server Planning, Purchase, Install Complete Tue 3/20/18

MILESTONE: Council Required Accountability Report for 2018 Proviso Complete Mon 3/26/18

MILESTONE: Council Actions Complete (as known) Mon 3/26/18

MILESTONE: Finalize Impact Identification Fri 3/30/18

Finish: Sun 4/1/18 - Mon 4/30/18 Thu 4/19/18

MILESTONE: WS2: Rebaseline after REPOSIT Analysis Mon 4/2/18

MILESTONE: WS2: REPOSIT Database and "Uses" Documentation Complete Mon 4/2/18

MILESTONE: Mark43 Contract Amendments Complete Tue 4/3/18

MILESTONE: Mark43 Kickoff & Project Baseline Complete Mon 4/9/18

MILESTONE: Begin Targeted Engagement Strategy Thu 4/12/18

MILESTONE: Review/Revise Report for Final Report Agreement Thu 4/19/18

Finish: Tue 5/1/18 - Thu 5/31/18 Wed 5/9/18

MILESTONE: Backgrounding Complete for Mark43 Team Fri 5/4/18

MILESTONE: Mark43 Security Compliance Complete Fri 5/4/18

MILESTONE: Begin First Round Mitigations Wed 5/9/18

Finish: Fri 6/1/18 - Sat 6/30/18 Fri 6/8/18

MILESTONE: Data Conversion Planning Complete Wed 6/6/18

MILESTONE: WS2: 11.1 Booking-to BARS from NRMS Complete Fri 6/8/18

MILESTONE: WS5 (or WS2) Crisis Intervention-From NRMS to Ridealong Complete Fri 6/8/18

Finish: Sun 7/1/18 - Tue 7/31/18 Mon 7/30/18

MILESTONE: WS2: 15.2 Police Report-From NRMS to Seattle Law (PDF) Complete Mon 7/2/18

MILESTONE: WS2: 21 City Data Warehouse (CDW)-Socrata (data.seattle.gov) Complete Mon 7/2/18

MILESTONE: WS2: 8.1 CAD Events-to NRMS from CAD Complete Fri 7/6/18

MILESTONE: Data Extracting Database & Pipeline Training Complete Fri 7/6/18

MILESTONE: WS5: General Tableau Dashboards Complete Thu 7/12/18

MILESTONE: WS5: Crime Investigation Information Database (CIID)-Import RMS Complete Thu 7/19/18

MILESTONE:WS1: New RMS Configured for Feature Cycle 2 Complete Fri 7/27/18

MILESTONE:WS1: New RMS Configured for Feature Cycle 1 Complete Mon 7/30/18

Finish: Wed 8/1/18 - Fri 8/31/18 Fri 8/31/18

MILESTONE: WS2: 6 Mugshots-From JEM to NRMS Complete Thu 8/9/18

MILESTONE: WS2: 11.2 Booking-from Jail (SeaKing) to NRMS Complete Thu 8/9/18

MILESTONE:WS1: New RMS Fully Configured & Tested Complete Wed 8/22/18

MILESTONE: Workstream 1: Configuration Complete Wed 8/22/18

MILESTONE: WS2: 18 Case Information-From NRMS to Seattle Law (Data) Complete Fri 8/31/18

MILESTONE: WS2: 14.1 City Data Warehouse (CDW)-My Neighborhood Maps Complete Fri 8/31/18

MILESTONE: WS2: 14.2 City Data Warehouse (CDW)-Web Released Police Rpts Complete Fri 8/31/18

Finish: Sat 9/1/18 - Sun 9/30/18 Wed 9/26/18

MILESTONE: WS5: SEAStat Dashboards (internal / external) Complete Tue 9/4/18

MILESTONE: WS5: Data Analytics Platform (DAP) - Import RMS & EQI Complete Wed 9/5/18

MILESTONE: WS2: 9 Community & Retail Theft Reports-From CopLogic to NRMS Complete Thu 9/6/18

MILESTONE: Bargaining Unit Review & Approval of Policy & Procedure Cycle 1 Complete Wed 9/26/18

Finish: Mon 10/1/18 - Wed 10/31/18 Fri 10/26/18

MILESTONE: Data Conversion Complete Thu 10/4/18

MILESTONE: Workstream 3: Data Conversion/Migration Complete Thu 10/4/18

MILESTONE: Policy & Procedures Order Review Cycle 1 Complete Tue 10/9/18

MILESTONE: Continuity of Operations (COOP) Revisions Cycle 1 Complete Tue 10/9/18

MILESTONE: Policy & Procedures Order Review Cycle 1 Complete Tue 10/9/18

MILESTONE: WS2: 7 Employee Qualifying Information User Profiles-from EQI to NRMS Complete Wed 10/10/18

MILESTONE: WS2: 17 SECTOR Collision/Infraction-from JINDX to NRMS Complete Wed 10/10/18

MILESTONE: Acceptance Testing Test Plan Complete Tue 10/16/18

MILESTONE: WS5: City FTP-to Safe Neighborhoods from NRMS Complete Wed 10/17/18

MILESTONE: WS5: Academic Researchers Data Feeds Complete Wed 10/17/18

MILESTONE: Data Extracting Complete Wed 10/17/18

MILESTONE:WS4: Approval to Cutover Employee Qualifying Information (EQI) Complete Mon 10/22/18

MILESTONE:WS4: EQI "Go Live" Complete Tue 10/23/18

MILESTONE: WS4: EQI Activities Complete Tue 10/23/18

MILESTONE: Workstream 4: Employee Qualifying Information (EQI) Complete Tue 10/23/18

MILESTONE: Acceptance Testing Use Cases Complete Fri 10/26/18

Finish: Sat 12/1/18 - Mon 12/31/18 Fri 12/28/18

MILESTONE: Acceptance Testing Complete Fri 12/28/18

Finish: Tue 1/1/19 - Thu 1/31/19 Fri 1/18/19

MILESTONE: Pre-OCM Training Plan Complete Wed 1/2/19

MILESTONE: Mark43 Train the Trainer Complete Fri 1/18/19

Finish: Fri 3/1/19 - Sun 3/31/19 Tue 3/19/19

MILESTONE: Training Complete Fri 3/1/19

MILESTONE: Training Complete with Makeup Classes Fri 3/15/19

MILESTONE: Prepare to Launch New RMS Fri 3/15/19

MILESTONE: New RMS (Mark43) Launched Tue 3/19/19

MILESTONE: New RMS (Mark43) "Go Live" Tue 3/19/19

Finish: Mon 4/1/19 - Tue 4/30/19 Tue 4/16/19

MILESTONE: Knowledge Transfer Complete Tue 4/16/19

Finish: Wed 5/1/19 - Fri 5/31/19 Wed 5/22/19

MILESTONE: Launch New RMS (Mark43) & Its Side Systems Complete Tue 5/7/19

MILESTONE: WS2: 13 Super Search/Common Query-from Various to NRMS Complete Wed 5/22/19

MILESTONE: Workstream 2: Interfaces Complete Wed 5/22/19

Finish: Sat 6/1/19 - Sun 6/30/19 Thu 6/20/19

MILESTONE: Final PQA Assessment Thu 6/6/19

MILESTONE: PQA Process Complete Thu 6/6/19

MILESTONE: Cutover Plan Thu 6/6/19

MILESTONE: Operational RMS SPO Site Wed 6/12/19

MILESTONE: eDirectives Complete Thu 6/13/19

MILESTONE: Service Acceptance Criteria (SAC) Final Wed 6/19/19

MILESTONE: Change Management Approval Thu 6/20/19

Finish: Mon 7/1/19 - Wed 7/31/19 Tue 7/9/19

MILESTONE: OCM Essentials Complete Tue 7/9/19

Finish: Thu 8/1/19 - Sat 8/31/19 Fri 8/30/19

MILESTONE: Project Execution Complete Approval to Proceed Wed 8/14/19

MILESTONE: Project Execution Complete Wed 8/21/19

MILESTONE: Project Archived Wed 8/28/19

MILESTONE: Implementation Closeout Wed 8/28/19

MILESTONE: Project Closeout Stage Complete Thu 8/29/19

MILESTONE: Project Closeout Complete Approval to Close Thu 8/29/19

MILESTONE: Phase B Implementation Complete Fri 8/30/19