The URL can be used to link to this page

CammsCamms 140 Broadway, 46th Floor, New York, NY 10005 T +1 (603) 438 6360 E sales@cammsgroup.com Camms Proposal Document Project Management Software City of La Quinta Camms. Content Contents Firms Background, Qualifications, and Experience 4 (a) Number of Years in Business 4 (b) Taxpayer Identification Number 4 (c) Number of Years Performing Software Management 4 (d) Firm Ownership and Incorporation Details 6 (e)Parent Company 7 Camms Project Team Roles and Responsibilities Error! Bookmark not defined. Camms Personnel 13 Specialized Experience and Professional Qualifications: 16 References and Client List Error! Bookmark not defined. Complete Pricing List ( Fee Schedule) 17 Annual Subscription 17 Implementation Services 17 Customer Care Powered by Camms.College 17 Scope of Services Error! Bookmark not defined. List of Complementary Services Offered by Proposer along with Corresponding Prices 39 Setup and Training Options/Procedure 41 Integration Services/Options 43 Disclosures 44 Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com 2 Camms. Cover Letter Camms affirms that all information and pricing provided in this proposal is valid for at least ninety (90) days, and Camms affirms that any individual who will perform work on this project is free of any conflict of interest. Camms is pleased to provide the following proposal to the City of La Quinta for your Project Management program requirements. The City of La Quinta seeks to transition its Project Management programs onto a leading purpose- built software platform to support its next phase of growth. The City of La Quinta seeks a world-class integrated Project Management software platform designed to address its immediate needs and near-term goals and provide flexibility and breadth/depth of capabilities to readily accommodate future requirements. In addition, to general functionality including ease of use, configurability& flexibility, workflows, notifications, reporting & dashboarding, and self -administration, all on a highly secure and reliable solution, the City of La Quinta requires specific capabilities for Project Management. Effectively managing a comprehensive Project Management program is now imperative for every enterprise organization. Taking an integrated approach is critical to achieving success across a global organization. Camms helps companies do just that. Having implemented similar solutions for organizations throughout the world (USAP, Ramsey County, Union County, and more), Camms will truly ensure a successful implementation by bringing a blend of technical and domain expertise and a dedication to effectively and efficiently transfer knowledge to your team. Our world-class solution and our team of experts ensure your success every step of the way. Our powerful suite of solutions on a world-class cloud computing platform enables our customers to elevate their programs for management of all risks across the enterprise and supply chain with unparalleled efficiency. Camms users attest to the performance and ease of use of the platform. Reports, dashboards, queries are available with the latest data almost immediately. We are confident Camms will provide the City of La Quinta with the advanced and robust platform required to support your long-term strategy. We welcome the opportunity to provide additional information to the City of La Quinta regarding the solutions discussed within our proposal documents. Whp'VBovntir Zachary Burner— Business Development Manager 330 N Wabash Ave, 23rd Floor Chicago, IL 60611 817-455-4753 Zachary.burner@cammsgroup.com Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com 3 Camms. Firms Background, Qualifications, and Experience (a) Number of Years in Business Camms has evolved from a two -person consultative business, into a world leader in the enterprise performance management SaaS marketplace. The evolution of Camms allows us to provide a solution that seamlessly intertwines our foundations in specialist domain knowledge and practical experience, with state-of-the-art technical design principles. Our 28+ year journey which commenced in 1996 has seen us grow to have 400+ staff across 9 locations, servicing tens of thousands of users across the globe. With customers spanning across the Public, Private, Government, and corporate sectors, Camms has a uniquely broad cross-section of experience to leverage for every customer engagement. (b) Taxpayer Identification Number Camms Tax identification number is 83-3667224 (c) Number of Years Performing Software Management Since the inception of Camms, we provide our services as a global leader in integrated SaaS Solutions for GRC, Project Management Incident, Strategy, Business continuity plan solutions. We demonstrate industry -proven best practices, innovate to address challenges, and support organization's in improving their businesses while maintaining our global leadership position. Camms is a holistic solution, enabling linkage capabilities between all modules and records. GRC Platform 1 A Comprehensive & Scalable GRC Solution .o z `a �Jc RaggkrtaIq Change Poirot Meolth Safely ashb Cyber& Audi's& Irflsr Inspections 8 ( 6d Reolateis & Workflow: s3a eA orf s third Parr, Risk 0perationul Management Ea.. \ ■ 1 00 nesil fence Compliance Mono ge room aanaaem enr GRCC Platform Online Customer Success Platform Camms.Callege ESG Strategy 1U�I Pbnning Protect Monogomom 0 Risk Management Incident Reporting & Monitoring Identify. track and manage risk with confidence. Build risk registers, conduct risk a.sessrments and set controls & KRPs. Report actual incidents and near misses, conduct investigations, determine impact, and monitor cases until closed. Compliance Management Health & Safely Setup an obligations library and ensure compliance with regulations, policies and processes. Manage regulatory charge. Maintain health and safety registers, identify and deal with hazards and record actions to rneet compliance. IT Risk Management Third Party Risk Management Ma nage your exposure to IT risks with integrated risk registers and workflow tools specihoally for IT. Manage vendor onboarding, risk assessments, contracts, performance and SLA's. Audits & Inspections Flexible Registers & Workflows Schedule and manage internal and external Keep track of whatever register you need audits and effectively deal with findings and (staff checks, gifts, safety, equipment) recommendations. with integrated, automated workflows. Operational Resilience ESG Build a library of all your critical proccssc perform BINS, create BCPs, and carry out business process modelling. Plan and execute your ESG strategy and confidently report on the progress of key metrics and initiatives. Strategy Planning Project Management Plan and e•erute your strategy by breaking it down into smaller tasks, projects and actions with clear deadlines to easily track progress - all linked to your GRC program Effectively plan and manage projects in a collaborative way with clear deadlines and actions. In regards to our Camms.Project module, the proposed solution has been developed in 2006 and has been deployed to customers across the globe as a SaaS based solution from its inception. Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com 4 Camms. The solution was initially introduced as IPM built on .NET framework 2.0 and was deployed on Camms virtual servers as opposed to our current service provider, Azure cloud. In terms of the database server, Caroms has upgraded the Windows SQL server services from 2005 and the latest being the 2019 SQL Server services. In addition to this along with the years the mobile application was also introduced in latter stages of the development process. The application was then rebranded to Camms.Project in later 2019 and the current application is undergoing a modernization process for the latest feature releases, towards the latter part of the year 2024. Please note that this is an indicative timeframe of the platform upgrade and the team is currently working towards achieving the target. It is worth to note that the proposed application was built by Camms and is the sole owner of the solution and as such no ownership transfers have taken place. Camms' dedication to innovation and market leadership is evident in our growth and continuous systems development, rolled out as part of annual subscriptions through quarterly release cycles. Additionally, our commitment to staying ahead of the curve is upheld through our dedicated 'Futures Group,' responsible for maintaining and delivering our evolving product roadmap. This roadmap undergoes thorough internal research and scrutiny to ensure its alignment with international market trends and requirements. Camms actively engages its customer base to shape the direction of its roadmap, emphasizing collaboration and partnership. With a strong track record of customer collaboration, we leverage forums such as user groups and our online support portal to gather feedback and enhancement requests. Customers can log their suggestions and vote on desired features, which are then incorporated into our product roadmap. This interactive dashboard, accessible through our online portal, serves as a central platform for customer input, ensuring that our product direction aligns with customer needs and preferences Camms has consistently focused on innovation - delivering new ideas and technology to support our customers to address key challenges, and maximizing the opportunities made available to them through the Governance, Risk, and Compliance function. Camms is an industry leader in research and development and sets the benchmark for reinvestment in R&D, with a significant portion of retained earnings committed by our executives each year for development and innovation. In more recent times, this sentiment has been reflected in several different analyst reports. Validating our status as a global leader, with a unique enterprise performance management offering. A brief history of our analyst recognition is provided below. In 2017, Caroms was recognized by Gartner relating to Strategic Corporate Performance Management Solutions. In 2019, Camms was included in Gartner's most recent Magic Quadrant for Integrated Risk Management Solutions. From 2019 through to today, Camms has been consistently recognized (currently 12 consecutive quarters) by G2 crowd as a 'High Performer' and a 'Leader' in relation to the Governance Risk and Compliance, in their quarterly Grid reports. This trend continued into 2021, with Chartis Research naming Camms a Leader in their 2021 Market Update and Vendor Landscape Report. In September 2021, Caroms made its debut on The Forrester WaveTM Governance, Risk & Compliance Platforms, as a 'Strong Performer'. The Forrester Wave is an analyst report that compares the top 15 GRC vendors in the market. This recognition cements Caroms as one of the leading GRC vendors globally. Further, we have been named a 'Strong Performer' in The Forrester WaveTM: Governance, Risk, and Compliance Platforms, Q4, 2023. Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com 5 Camms. Here is an overview of what we should be saying about our citation in the Wave: "Forrester's assessment, based on a rigorous evaluation of their Top 15 market -leading vendors, recognizes Camms as a 'complete GRC workhorse,' showcasing a 'substantial innovation strategy.' Our dedication to a 'feature -rich approach to ERM' and the commitment to providing a centralized experience for stakeholders at all levels to engage in GRC have been highlighted as key strengths." Common themes in all of these reports reference capabilities such as; Commitment to Innovation Ease of Use Breadth of Offering - through one truly integrated platform Linkage back to strategic planning objective - providing a more meaningful way to analyze and manage risk. Camms is incredibly proud of the recognition we have received to date but is heavily focused on ensuring it continues - and ultimately this will only occur if we continue to help our customers achieve successful outcomes. Furthermore, Camms enterprise incident module has been operational since its initiation in 2016 and has been launched globally to our extensive client base, spanning across both the public and private sector, including along with a range of organizations from Education, Health, Local Government, State Government, Banking and Finance, Health, Not -for -Profit, Utilities, Real Estate, Health and Safety and Emergency Services sectors alike. (d) Firm Ownership and Incorporation Details Camms was incorporated in the USA on 14th of February 2019 in New York. Camms is a wholly owned subsidiary of Riskonnect Active Risk Pty Ltd, which holds 100% of Camms stock. Camms operate solely in providing its service and does not provide its services through partnerships , joint ventures or any other sub- contractors. Below depicts the current organizational structure at Camms. Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com 6 Camms. POM Emily Napier People, Performance & Culture Advisor Keely Kither Payroll Advisor Donna Cooper Head of PPC Niresh Samarenayake Payroll Advisor Kim Sharma CCO Lachy Collins Global Support Manager Mitchell Humphris Head of Project Management Office Kieran Offord Payroll Advisor Kimi Sharma Customer Experience Manager Goran Saric Principal Consultant Brad Smith Regional VP Implementation Services Mayurangi Hereth Head of Camms college Manesha Jayasoodya (e)Parent Company Finance Director Kahl Ryan Legal Officer Darla Gelius-Martinenko Group Financial Controller Damian Tay General Manager Performance Management Wayne Wright CEO - Adam Collin CPO Thomas Kern Head of Product & Strategy Jack Flynn Head of Product, GRC Shaun Mahon Head of Presales GSDC Amani Gunawardhene Ul/UX Manager Ranil Perera Pre -Sales Consultant, Regional Lead Hayden Joyce Regional Manager, Pre Sales Yusuf Sulaiman VP EMEA Daniel Kandola VP APAC Jason Were Program Manager Liam Scanlon Manager, Product Consultant, NA Jonathan Lindhe Regional Sales Director Jonathon Andersen CMO Suzanne Degun NA & EMEA Marketing Tracy Miller Global Digital Marketing Adam Allcock Marketing & Inside Sales Casey Cammans Manager—Marketing Trisha Dias Channel and Marketing Manager Wyomi Abeywickrama Regional VP, Solutions Sukith Nanayakkara Regional VP, Product Engineering Yasith Fernando General Manager - Operations Gehan Madhanayake Head of Information Security Dulan Femando J Camms is a wholly owned subsidiary of Riskonnect Active Risk Pty Ltd Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com 7 Camms. References of California government agencies Camms has a wealth of experience in the implementation of our software solutions and the provision of consulting and training services globally. Camms has implemented the solution for a large number of critical organizations, including Transportation, State government, defense, healthcare, and other government bodies. Some key clients with similar operational importance include: • Union County North Carolina • United States Antarctic Program (USAP) • District of North Vancouver Please refer to our customer overviews in the references and client list for customers size and software products offered by Camms to our above-mentioned clients. Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com 8 Camms. Union County North Carolina Contact name Luke Fawcett Address Email Telephone 500 N Main St, Monroe, NC 28112 luke.fawcett@unioncountync.gov 704-296-4237 Relevant Experience Union County . __. _.I Carolii _. Drivers Union County's public work lacks a consistent and transparent approach when it comes to tracking projects through their life -cycle. It was difficult to coordinate and communicate across the organisation regarding developer projects, capital projects, or even internal projects and new initiatives that support the Utility . Individual groups use a mix of software (PIMS, MUNIS, spreadsheets) to meet individual task needs but there is no resource in place to support communication and decision needs across the organisation . Requires a project management software system that provides a central and secure SQL database, cloud solution, direct access to SQL with web and mobile access, can be integrated with 3rd party systems and is scalable for new workflow . Outcomes — With the implementation of Camms .Project Union county was able to develop and establish a consistent and direct approach for their project management . — Union County was also able to experience from the end-user simplicity that our solution provides . — Union County was also able to benefit from the speed and agility of the Camms team implementation . Ca is. 0 0 0 Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com Union County is a thriving county in the greater Charlotte Metropolitan Area. It is located to the east of Mecklenburg County/Charlotte and borders the South Carolina state line. The current population is approximately 240 ,000 and has grown significantly over the last two decades . As the eighth largest county in the state of North Carolina, there are no indications that population growth and the general prosperity will slow down . The County provides its citizens with a full array of services that include public safety, water/wastewater utilities and sanitation, human services, cultural and recreational activities, and general government administration . C NN[ONCONNTY Timeline: June 2021 Staff: 5,000 Solution(s): Camms .Project Cammm eros .Strategy Cas .insights wgenv«uawm�ion 9 Camms. United States Antarctic Program (USAP) Contact name Tommy Dodson Address 2415 Eisenhower Avenue, Suite W7100 Alexandria, VA Email tommy.dodson.contractor@usap.gov Telephone 720- 636- 4143 Relevant Experience United States Antarctic Program (USAP) Drivers — Needed to build a fully functioning, sustainable ERM program . Inefficient practices and an onerous process due to a reliance on manual and basic systems to collate information and produce reports . Spreadsheets and SharePoint approach to manage their risk & compliance requirements . Improve governance and leadership decision making as timely, accurate and visually compelling project information to drive better decision making . Outcomes Implemented a comprehensive best -practice ERM program that aligns with their strategy and manage projects in a more robust and user-friendly way. — Significantly improved oversight and reporting and transformed large volumed of data into information for actionable insights . Integrated all data for one source of truth . — Use customised dashboards to easily monitor financial and operational performance . Camms . © 0 0 Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com . = � The United States Antarctic Program (or USAP; formerly known as the United States Antarctic Research Program or USARP and the United States Antarctic Service or USAS) is an organisation of the United States government which has presence in the Antarctica continent . Founded in 1959, the USAP manages all U.S. scientific research and related logistics in Antarctica as well as aboard ships in the Southern Ocean . Timeline: September 2021 Staff: 501-1,000 Solution(s): Camms .Project Camms .Insights 10 Camms. District of North Vancouver Contact name Address Email Telephone Larry Davis 355 West Queens Road, North Vancouver BC V7N 4N5 604-990-2311 Relevant Experience District of North Vancouver Drivers The district didn't have a centralised software solution to support delivery of a range of infrastructure projects . Project Managers currently plan and execute their projects using an array of disjointed electronics tools, with decentralised documentation archives . Requires a software solution that would support centralisation of the range of project tools and documentation (project risk registers, total estimated cost spreadsheets, cost -tracking spreadsheets, change control logs, change order templates, project schedule Gantt charts, project RACI's), integrate with existing financial systems, and ensure project documentation is retrievable, standardised, consistent & achievable . Required a project management software that could be integrated with other software such as, JD Edwards (JDE)—Enterprise Resource Planning (ERP)System, OSharePoint, Hubble and Geographical Information System (GIS Software) etc. utcomes Shift from manual data entry into spreadsheets which often resulted in duplicated and inconsistent data to a more user-friendly suite of integrated products . Improved visibility of actions and progress against the strategic plan as well as specific remediation action plans against risk/incident records . Improve reporting and transparency of data. Camms' planning and performance management capability and Camms' other integrated solutions have provided the management with an enterprise view of organisational performance through live dashboards and traffic light views. s. © ® C) Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com The District of North Vancouver is a district municipality in British Columbia, Canada, and is part of Metro Vancouver . It surrounds the City of North Vancouver on three sides. As of 2016, the District stands as the second wealthiest city in Canada, with neighbouring West Vancouver the richest . The municipality is largely characterised as being a relatively quiet, affluent suburban hub home to many middle and upper -middle -class families . Homes in the District generally range from mid -sized family bungalows to very large luxury houses. Several dense multi -family and mixed -use developments have popped up across the district in recent years; however, the District remains a primarily suburban municipality . CISRILT74 June 2022 VANCOL Staff: 501-100 Solution(s): Camms Project Camms .Strategy Performance Merowned 11 Camms. Please refer to the below organizational structure of our proposed Camms project team for this engagement with City of La Quinta. Applicable Organizational Structure 1 1 1 0—)\ 0CTO) *RD) Global Practice ead in Product Strategy and Development Alexander Greer (.Project Consultant in product strategy and Development) [Product Consultant] Camms Occo) 1 General Marag x-Ope in Toch iology [-• Tumor (Seniorr Support Engineer) [Technical Consultant] Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com Head of Prow ,: Managorn en Office Senior Project Manager in Customer Enablement 1 Braden Decker (Project Manager) [Project Manager] Thivanka Pnuruddha (Senior Product Consultant in Customer Enablement) [Implementation Consultant] Zachary Burner (Business Development Manager) [Project Sponsor] Camrns Proposed Project Tean 12 Camms. Camms Personnel Please refer to our below proposed Key personnel CVS's for this engagement with CITY OF LA QUINTA. They will be working closely as the project team for this engagement. Camms Key Personnel Zachary Burner Designation: Business Development Manager Role: Project Sponsor Summary Zach leads our business development and solutions team across the North American Region and works directly with our key customers across North and South America . Through his partnerships with customers over the last 7 years, Zach is able to facilitate discussions on best practice use of the Camms products, and how organizations use them to drive strategic business outcomes. Zach is an experienced GRC professional who also has a strong background in EHSQ, ESG, Business Resiliency and account management. His expertise lies in, Strategic and Business Planning, Performance Management and Reporting, and solutioning for complex use cases that business have. Education and Qualifications — Bachelor of Arts — Psychology Duke University Camms . 0 0 0 Camms Key Personnel Experience • Zach has led our North America function of customer acquisition and solutions to grow and establish a major foothold in NA. Both directly and via his team, Camms has seen 50% year or year growth in customer numbers and increasing product adoption seeing a rising number of more users per customer each year. Zach has also been a significant contributor to the design and development of the Camms product suite including Camms Performance Measurement, Executive Reporting Solutions, Performance Evaluation System, Integrated Risk Management, Integrated Project Management and Reporting Solutions, as well as a Business Resilience solution. Zach has been in the broader GRC industry for over 8 years now working in areas of expertise such as: • EHSQ • ESG • ERM • BCP • DRP He's helped clients across every industry and region globally achieve success in automating and achieving critical business insights. ;pe ne. 9h Braden Decker Project Manager Role: Project Manager Summary Braden brings over 6 years of software implementation delivery experience. He has a passion for client onboarding and making sure to capture each client's unique needs during their implementation journey with Camms. As Camms' Project Manager for North America, Braden is responsible for overseeing all projects in the region. Education and Qualifications Bachelor of Arts, Human Relations University of Oklahoma Master of Educations, Higher Education Administration University of Oklahoma Camms . 0 0 0 Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com Experience 1 Braden has worked with a variety of clients from different industries including local governments, insurance, gaming, and many more which has given him the experience to be a great asset managing projects. Prior to joining Camms, Braden also has experience working in education technology companies and commercial real estate. 13 Camms. Camms Key Personnel Thivanka Anuruddha Implementation Consultant Role: Product/Solution Consultant Summary Thivanka had the opportunity to work with different industry sectors and business verticals, in the capacity of Implementation Consultant/Business Analyst over a number of years. He's been a vital part of numerous implementation projects and has gained lot of exposure as an implementation specialist. During his carrier, he had played the roles of Business analyst, Project manager, IFS Implementation consultant in Manufacturing, Product owner and Camms Implementation consultant. Thivanka is driven, hardworking and focused on high- quality project deliveries who is willing to take up on challenges to ensure a successful project completion. Education and Qualifications — BSc (Hons) Information Science & Technology — Missouri University of Science and Technology Camms . 0 ® 0 Camms Key Personnel Experience Prior to joining CAMMS, Thivanka had worked as an IFS Consultant, specializing in implementing the Supply Chain and Manufacturing modules on the ERP, providing both onsite and remote services to a wide range of clients around the globe. Thivanka had worked as a CAMMS Lead Implementation Consultant on a multiple projects, deploying Camms Product suites for both public and private sector clients, carrying out the following tasks. — Leading business requirement gathering/ scoping sessions with different stakeholders. — Managing and implementing different software modules of CAMMS product suite across a variety of industries and sectors. — Conducting client training sessions. — Configuring the software to match with client's business requirements . — Managing UAT phases of implementation projects. — Providing product support during the implementation and post go live. Clients Include — Royal Bank and Canada — Genentech — Astra Zeneca — Pfizer — United Therapeutics — United States Antarctic Program — Carlisle Group — BP — Cummins — City of Cambridge — NHS — Siemens Energy — Shell 4 rt x Durell Turner Senior Support Engineer Role: Technical Consultant Summary Durell has provided technical services and infrastructure solutions to organizations across the USA and Canada. As an expert within the Camms Infrastructure and Cloud services area Durell guides clients and their IT Teams through Cloud Identity efforts (Azure / PingOne / OKTA / etc) and supports system modifications, and feature additions as welt as handles all Infrastructure concerns to ensure the Camms Platform is meeting customers expectations. Durell's DevOps experience helps further solidify his ability to meet customer needs regarding platform requirements Education and Qualifications — Associates of Arts — North West Florida State College — Associates of Science — Remington College — Networking & Telecommunications — Microsoft Certified Professional (MCP) — Security+ CE — Network+ Camms . 0 0 0 Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com Experience Durell has assumed multiple key assignments throughout his tenure including Project Manager, Lead On -Premise Implementation Engineer, and Customer Service Solution Engineer. Durell has successfully led the On -Premise deployment of the Camms GRC Platform for a client supporting the United States Antarctic Program. Durell was able to meet the security requirements and alleviate concerns throughout the 2yr+ implementation and establish a strong reputation with the client. Durell has worked with the following clients to implement Identify solutions for clients such as: • NCAA • Genentech • Royal Bank of Canada (RBC) • First Canadian financial Group • Pfizer • Tulane University • District of North Vancouver Durell has several years of US Defense industry experience and performed in several compacities such as disaster recovery, IT vulnerability management, budgeting duties, and stakeholder management during his tenure with General Dynamics Ordnance and Tactical Systems. • Worked for General Dynamics Ordnance OTS as a Systems Administrator for more than a decade. Durell brings industry experience from the banking sector as a Systems Engineer and is able to work well with IT Teams that have deep concerns regarding security requirements . • Worked for First Commerce Credit Union as a Systems Engineer to deliver highly available and secure solutions to support a fast growing financial institution. 14 Camms. Camms Key Personnel 01 Alexander Greer Senior Project Consultant Role: Project Support Officer Summary Alex is a highly skilled IT professional with strong interpersonal skills, having worked in several executive -facing roles in the last 5 years, with the last 2 years being directed towards providing high-level subject matter knowledge to clients in a range of sectors. Alex's expertise lies in effective project management at all stages of the implementation cycle, providing high-level product knowledge & best practice advice, and understanding client requirements and developing appropriate software that aligns with client expectations. Education and Qualifications — Bachelor of Engineering (B.Eng.) (Mechanical Engineering), Lancaster University Camms . © 0 0 Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com Experience Alex has played the role of Product Manager & SME on several Camms software implementations to a variety of state clients in a range of sectors, during which he has: — Demonstrated technical solutions to senior managers and executives. — Configured databases and demonstrated how technology could meet prospect's business requirements by proactively and quickly learning the software's technical functionality. — Re -vamped and delivered client product training and improved client feedback Alex joined Camms in January 2020 with 3 years of Executive -level recruitment experience, following which Alex has provided solution and subject matter expertise consultation for the following projects: — FRP Advisory Financial Conduct Authority (FCA) — Royal Air Force (RAF) — Local Pensions Partnership (LPP) Local Pensions Fund Authority (LPFA) — Local Pensions Partnership Administration (LPPA) — Financial Services Compensation Scheme (FSCS) — Healthcare Safety Investigation Branch (HSIB) — Irish Rugby Football Union (IRFU) — The Wise Group — Coralisle Group — Betway — Liberata — GMFRS — Salford City Council — University of Leeds — Derivco — DFS 15 Camms. Specialized Experience and Professional Qualifications: Camms is an 28+ years IT success story that has been built from a foundation of specialist domain knowledge and management consulting origins, with practical GRC, Health and Safety Management expertise and strong executive level private and public sector experience. As a result, Camms consultants are highly skilled and experienced management consultants who can provide specialist consulting advice on GRC, Health and Safety Management in addition to software implementation support. This consulting expertise extends to other management areas including Strategic, Operational and Service Planning and Management, Risk Management, Project Management, Business Continuity as well as more technical elements, such as Business Intelligence and Data Warehousing. This consulting expertise is a crucial and unique aspect of Camms service offering, as it allows for practical and conceptual business advice to be provided, on top of the technical advice aligned to our platform. From an implementation perspective, Camms adopts a blended implementation delivery model utilizing both local and global resources to ensure the right skill sets are available to meet the requirements of the customer from the beginning to the end of implementation of the project. This provides Camms and our customers the flexibility to meet different scopes and timeframes through leveraging our global resource pool, whilst also ensuring we are well resourced to meet any support demands/requirements during any stage of the implementation process. As mentioned, a dedicated project team will be assigned to the delivery of this project, and throughout the implementation, each of these team members will become very familiar with the requirements of this project. As such, they are best equipped to support the go -live phase. A dedicated support team is typically made available 24/7 throughout this period also, to provide as much support as required during this process. On top of our support function, Camms also has a well-established 'Customer Success' account management strategy. Once an implementation is finalized, the ongoing support of any Camms customer is transferred to a locally based member of the Customer Success Team, who will be best resourced to support customers on an ongoing basis. In contrast to the Support Service the Customer Success Consultant's role is to understand the intricate requirements of the customer and provide ongoing Subject Matter Expertise on best practice use of the Camms platform to drive strong ROI and the desired short- and longer-term business outcomes. The dedicated Customer Success Consultant (Account Manager) will maintain regular contact and will act as a central point of contact should the organization encounter any difficulties or have any enquiries. In this way, Camms provides our customers with the best people with the best fit, to maximize our support to you. Please note this role is independent of our Support Team, who are available to provide over the phone and email support at all times. We would welcome the opportunity to provide further assurance on our value adding implementation support methods that will be put into place, in order to eliminate implementation delays and risk of additional costs for CITY OF LA QUINTA. Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com 16 Camms. Complete Pricing List ( Fee Schedule) An engagement with Camms consists of an Annual Subscription, Implementation Services and Customer Care (Camms.College) investment. Annual Subscription • Pricing reflects a modular, user -based approach • Fees typically includes all updates, upgrades, technical support and hosting Implementation Services • Professional services required for the implementation of our software • Fee is based on a customer's specific requirements but typically includes configuration, training, data migration, integration and project management • Fee is based on a detailed Scope Statement Customer Care Powered by Camms.College • Comprehensive support platform • Fee typically includes access to eLearning courses (product and subject matter), monthly calendar of events (expert webinars, product refresher meeting, tips & tricks session, third party expert presentations, etc.), access to Reporting Hub and invitation to regular User Group Meetings (UGMs). • This program also includes access to Camms Subject Matter Experts, for the purposes of consulting and reporting assistance each year (subject to any annual limit). Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com 17 Camms. Annual License Fees Camms annual license fees include Software Modules, Platform Features, and Camms.College Customer Care. Camms Software Modules Users Year 1 Year 2 Year 3 Project Management 20 Contract Management 20 Construction Management 20 Camms.College (Silver) N/A $50,000 $50,000 $50,000 TOTAL $50,000 $50,000 $50,000 • Annual Subscription Fees — includes software licensing, maintenance, hosting and support • Term — Three-year contract with option to renew annually following contract expiration • Payment Terms — 1st year subscription fees payable upon contract execution. • Hosting — Camms solutions will be hosted on Camms' Shared Cloud Hosting environment by Microsoft Azure • Currency — all prices are quoted in USD and exclusive of tax Implementation Fee Camms implementation fees include work effort to configure and deploy your Camms solution and enable your success. These implementation fees are indicative only, to be confirmed on the completion of the scoping and design exercise. Camms Implementation Program Days Day Rate Total Fees Design and Scoping 4 Project Management 13 Deployment & Configuration 10 Project Support (inc. UAT) 4 Training 4 $1,600 $6,400 $20,800 $16,000 $6,400 $6,400 Total Implementation Cost 35 $ 56,00 • Implementation has been quoted based on Camms current understanding of the scope of works • All prices are quoted in USD • All pricing is exclusive of applicable taxes, travel, travel time and accommodation costs • Optional extras to be quoted following a detailed scoping session Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com 18 Camms. Terms and conditions Commercial Statement The information contained in this proposal is confidential and is submitted by Camms on the understanding that only the staff of City of La Quinta will use it. All information not already in the public domain provided by the Client will be treated as confidential and not disclosed to any person who is not an employee of the Camms group without the express written permission of the organisation. Equally, all information provided by Camms - about the company, its products and its services should be treated as confidential. Camms has made every effort to ensure all statements and information contained herein is accurate. The proposal has been prepared by Camms in good faith and is based upon our assumptions and understanding of the invitation to submit a proposal. Terms and Conditions- https://cammsgroup.com/contract-terms-and-conditions/ Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com 19 Camms. Scope of Services Requirement Camms Response Construction Management The Camms.Project platform is specifically designed to meet all organizational project management requirements, including those related to construction management. The platform features a fully configurable workflow engine that allows administrators to design and configure workflows, templates, register views, and forms tailored to the specific business processes established for different project types, including construction projects. Administrators can specify which registers and data fields are applicable based on the project type, ensuring that all necessary information is captured at every stage of the project lifecycle. This flexibility supports the establishment of unique delivery modules, reporting structures, and approval workflows for various project types, whether large construction projects or smaller non - construction projects. The solution's configurability is unlimited, allowing for the creation of custom project types (e.g., IT Projects, Large, Medium, Small), ensuring that the platform can be scaled and adapted to fit the unique needs of different project types within your framework. Furthermore, Camms' contract management service workflow offers extensive capabilities designed to handle all stages of contract lifecycle management, from initiation and negotiation to execution. The system facilitates the seamless management of contracts, ensuring that all contractual obligations are met and that quality improvements, strategic plans, inspections, are integrated into the broader project management process. Project Management Camms.Project is a comprehensive project, program, and portfolio management solution designed to cater to the diverse needs of organizations of any size and complexity. One of the unique features of the Camms Platform is its ability to seamlessly align an organization's Risk and Governance framework with its business strategy and broader corporate objectives. This alignment ultimately provides management and executive users with a contextually meaningful reporting platform that supports informed decision-making practices. The solution offers an intuitive user interface, powerful project planning and scheduling tools, as well as real-time reporting and analytics features. Camms.Project ensures that your teams remain aligned with your overall business goals while managing projects efficiently. Camms.Project is scalable to meet the needs of large, complex organizations, offering a wide range of project management capabilities. In addition to its core features, Camms.Project provides complementary tools and modules such as risk management, resource allocation, Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com 20 Camms. Requirement Camms Response budget tracking, and portfolio management, helping organizations optimize their project delivery process. The Camms suite includes a full lifecycle Project and Portfolio Management Solution that allows organizations to build and automate the delivery of their project management framework. This ensures appropriate reporting on progress, budget, and risks across the organization. The solution is designed to assist organizations in developing, assessing, selecting, managing, and evaluating programs and projects consistently and effectively throughout their entire lifecycle, from commencement to post -implementation review. Project Register The project register page displays the entire project list of the organization by default. Project personnel can effortlessly navigate through pages and projects faster and enjoy heightened functionality and a concise view of all project details with a best -practice, modern user experience. The information displayed in the view can be customized as per your requirements. Users can switch between the two views available by using the 'Show Hierarchy' toggle available on the top toolbar of the Project Register. You will see a hierarchy with two levels (Program at the topmost level, followed by projects) in your project register. If the portfolio level is activated, you will see a hierarchy with three levels in your project register (Portfolio projects will be shown at the topmost level of the hierarchy. Programs will be shown at the next level, followed by projects at the bottom level). m • ® .... .....� ^� ▪ ..,. •.,. •- _. _ ___ __ .9 ------- .9• .a.. .a.. •� ...w .... ....` _.�. • ...... •... 141111r- "11111111r - Flexible Workflows Not every project has the same workflow — sometimes things are complicated, and other times you need to be nimble. Our flexible workflow configuration allows organizations to configure workflows that resonate with all kinds of projects, big and small, in one system W-1 Project Hub for Planning and Management Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com 21 Camms. Requirement Camms Response The Project Hub is the central location which displays projects relevant to the logged in user (mainly for Project Managers to do the project activities within one area). This provides you with a central hub to undertake key project related activities such as to view key Project Activities, Project History, Quick Updates such as tasks, risks, issues, estimated budgets, approvals, document uploads and project summary details. This area also has the Project Current Schedule, Actual Budgets and Project Dashboards. • 0 capes a•peecza Camms would welcome the opportunity to further provide more visualizations and demonstration of the platform and its capabilities as this process continues. We are confident that Camms.Project can help your organization achieve its project management goals. Contract Management Camms' flexible workflow solution part of Camms.Service, allows organizations to capture a variety of records, linked to several different processes and workflow structures — all within a centralized and simple to use management platform. There are a number of ways that Contract Management can be undertaken within the solution. For simpler register -level requirements, the workflow module provides the facility to define a variety of incident types for classification and reporting and analysis. Contracts relating to data controller & data processor contracts can be registered on a simple form, and the system will enable the users to create and keep track of addendums if and when the need arises. On top of this, the user can also leverage the workflow actions feature to keep track of essential information (due dates, any actions) of contracts and addendums with triggers for notifications. Caroms solution enables the lodgment, management, and ongoing review of all contracts engaged with a supplier. Utilising the configurable workflow engine, the contract review process can be tailored to the contract or supplier type ensuring the correct procedure is followed. This extends the ability to enable a vendor contract and / or funding contract to be captured within the system following the correct decision points (business rules). Caroms is confident in our capability to fulfil the council's contract management needs through our highly customizable workflow. However, we would welcome the opportunity to dive deeper into the specific requirements and specifics of the use case for a contract management system to ensure a better understanding and successful implementation. Camms would welcome the opportunity to confirm full compliance with a potential to offer a Contract Management system. The visual representation of the custom workflow and features of the above module of the proposed solution is provided below. Contractor Inductions Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com 22 Camms. Requirement Budget Tracking (Progress Payments, Different funding sources, Invoice tracking) Camms Response xy• rii rskv Pi Flexible Form Configuration WOW Workflow Engine a a. Gl m..nrcaw..w• External portal . +r6 Contractor Induction Checklist Portal �r� ■ =.� rte"" Visitor Induction Checklist Portal 1111 ar �� Take 5 Checklist Portal • 1.1111111 ■ Inspection Checklist Portal} a e - —tom Document Management Portal Camms offers a sophisticated budget management capability designed to enable project managers to effectively track and manage costs throughout the entire lifecycle of a project. This includes various essential features such as: Estimating Costs: The solution allows for detailed tracking of cost estimates as part of its budgeting capabilities. Project managers can set initial budgets and monitor them as the project progresses. Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com 23 Camms. Requirement Camms Response Multiple Funding Sources: The platform supports the tracking of multiple funding sources individually, ensuring that each source is monitored and reported on separately. Income and Expenditure Tracking: Users can manually enter and track income, expenditure, year-to-date (YTD) budgets, variances, forecasts, and sources of funds. This can be done both in the preliminary budgeting phase and during project delivery. Modification and Change Order Cost Tracking: Leveraging the configurable workflow, users can modify and track costs associated with change orders as required. This flexibility ensures that any changes in project scope or budget are accurately reflected in the financial data. Invoice Tracking and Progress Payments: Invoices can be created against purchase orders, with invoiced -to -date amounts automatically updated. This feature streamlines the invoicing process and ensures accurate tracking of financial commitments. In addition to these features, Camms provides reporting options, including standard reporting outputs. For more advanced reporting needs, Camms.Insights can be utilized, or a custom report can be developed to meet specific requirements. Camms often integrates with customer source systems to ensure seamless data flow and reporting. We would welcome the opportunity to analyze your organization's technical ecosystem to provide further recommendations on how best to integrate our solution with your existing financial systems. With these capabilities, Camms is confident that our solution meets the requirements for budget tracking, including progress payments, managing different funding sources, and tracking invoices. We look forward to the opportunity to demonstrate how Camms can support City of La Quinta's financial management needs throughout your projects. Scheduling (Critical Path Method, MS Project) Camms.Project allows Project Managers to undertake full project scheduling using the in-built Gantt Chart control within the solution. It incorporates all expected functionality for project scheduling including Parent / Child Tasks, Milestones, Predecessors, Critical Path and Resource Management. Tasks can be assigned to users set as Project Team Members as either Primary or Secondary Responsible Officers. Through appropriate configuration, this Work Breakdown Structure will align to the phases and stage gates as defined by your organization. On top of this, Camms.Project has a native MS Project plug-in that allows users to import and export Gantt Chart's from the solution as appropriate. Camms.Project also has an in-built email notification system which allows administrators to setup, control and action email alerts for users to be notified of assigned tasks, outstanding updates, overdue dates etc. These can be set with trigger rules which allows for emails to be set on certain frequencies. Task Tracking Camms.Project offers a robust task tracking feature that allows Project Managers to efficiently manage and monitor project schedules using an in-built Gantt Chart. This feature supports all essential project scheduling functionalities, including Parent/Child Tasks, Milestones, Predecessors, Critical Path, and Resource Management. Tasks can be assigned to Project Team Members with clear designation as either Primary or Secondary Responsible Officers. To facilitate effective monitoring, administrative users have the ability to set customizable thresholds that determine what constitutes an 'On Track', 'Off Track', or 'Monitor' status for tasks. These labels can be tailored to suit your organization's specific terminology. The system offers flexibility in tracking progress, typically based on one of two business rules: Manual Progress Updates: Project Managers can update the percentage of completion for a project based on their assessment of the project schedule and deliverables. Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com 24 Camms. Requirement Camms Response Automated Progress Calculation: Progress can be automatically calculated based on the performance of all underlying project tasks, offering a data -driven approach to progress tracking. This functionality extends to tracking the progress of overall projects, programs, portfolios, as well as individual milestones and tasks against the project plan. Additionally, Camms.Project includes an in-built email notification system, which enables administrators to set up and manage email alerts. This ensures that users are notified of their assigned tasks, upcoming deadlines, and any overdue tasks, thereby enhancing task accountability and timely completion. Task allocation and management are further supported by the Gantt chart, which allows Project Managers to allocate tasks, manage dependencies, and link related tasks across project or program records. The system also features a user -specific dashboard, "My Quick Update," which provides a personalized view of all tasks assigned to an individual user, promoting effective task management and tracking across the team. Workflow One of the primary objectives of the Camms. The project product team is to provide our customers with a highly configurable platform that allows appropriate users to tailor the solution according to the particulars of their unique requirements and a broader project management framework. Administrative users complete this configuration through the settings panel within the application interface. The workflow engine, which underpins the platform, is highly configurable. It allows administrative users to build any number of workflows and all associated forms and templates to ensure all relevant data is captured and an appropriate process is followed depending on the type of project. This includes managing all system labels —to ensure the appropriate taxonomy and nomenclature are leveraged throughout the solution- and defining the exact format in which users are asked to present information (i.e. text fields, pick -lists, tables, and many more). If more sophisticated processes require it, administrative users can build 'decision points' into the relevant workflows to guide a user down a particular path pertinent to the inputs they have previously made. In combination with the use of Camms.College (our online customer support and training platform) administrative users can manage this process simply and easily, independently of any Camms assistance. This allows customers to be largely self-sufficient — managing iterative changes in the solution design to ensure it remains relevant and meaningful within the context of the always -evolving operational landscape of the organization. Ability to develop workflows with different project management methodologies and approval stages, enabling you to establish an enterprise project management framework for application enterprise -wise, with the flexibility to cater for projects of different sizes, type, costs, etc Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com 25 Camms. Requirement Camms Response RI Pr.* Elm Document Control (Keeping track of Submittals, RFI's, Reviews, Plans and Specs, Correspondence, Inspection logs, Photos, Reports, Bid Documentation, Council Reports, Contracts and Agreements, Utilities, Environmental, Invoices, Meetings, Change Orders/Work Directives, Maintenance Files, Outreach — Notices, Exhibits) The Camms platform allows users to attach supporting documents to a relevant record in a range of formats including (but not limited to); PDF, Word, Excel, and JPEG. These records can be uploaded through the 'Document Attachment' function built into the forms and templates of the relevant workflow. This out of the box functionality also supports the documentation of URL linkages to document management platforms (such as SharePoint). Please note that whilst both options are available out of the box, Camms typically recommends the establishment of a linkage to a document management platform, where one is in place within City of La Quinta. This allows organizations to maintain and manage strict access controls, as well as appropriate version control practices, in a centralized and consistent fashion. From a functional perspective, this URL typically provides a single-click access to the relevant record, or the appropriate file structure where it is stored, directly from the Camms platform. Furthermore , The solution has a workflow driven in-built email notification system for particular events and trigger criteria which allows administrators to setup, control and action notifications and alerts to support appropriate and desirable business reporting processes such as keeping track of submittals, RFI's, reviews, Plans and specs etc. as required by the City. System administrators have access to a range of out of the box email triggers and are able to align these to a number of custom notification templates to support automated, communications to relevant user(s) as required. Additional 'custom' criteria can be configured as needed. Please note that both SMS and Email formats are supported. As Such, Camms confirms that through the document attachment and URL functionality, City of La Quinta can store all documents as required in this use case. Ability to have different file system templates Our platform can be configured to a certain extent to accommodate different file system templates as required. However, we recommend integrating with La Quinta's existing document management system, if one is in place. This approach ensures a more streamlined and efficient document management process through URL links attached in the document attachment functionality in the Camms solution. In terms of functionality, Camms' solution offers Comprehensive configurability, allowing system administrators to create, configure, and define various file system templates to suit different processes or scenarios. Administrators can make ongoing amendments to existing templates or create new ones as needed, without requiring assistance from Camms. This flexibility ensures that all relevant project information is appropriately captured and managed. Additionally, users can create project templates with all the necessary information and easily duplicate them to generate new projects with relevant data. There are no limitations on the number of templates, complex activities, dependencies, or resources that can be managed within the system. Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com 26 Camms. Requirement Camms Response Camms would be pleased to offer an interactive demonstration to provide further insight into these capabilities. Ability to export reporting in formats readable by Microsoft Excel, text files, csv, and/or Portable Document Formats. Camms reports, including those from our standard reporting suite and those developed using Camms.lnsights, can be exported, printed, and shared in various file formats. These formats include Microsoft Excel (XLS/XLSX), Microsoft Word (DOC/DOCX), Adobe PDF, CSV, XML, HTML, Tiff File, and MPP. While numerous export options are available, it is important to note that each report is typically best suited to a specific format depending on its content. Integration with other software The proposed solution has been designed to support a high level of interoperability across all customer source systems, to provide a truly integrated platform. We have experience working with multiple organizations that required integration with external software applications. As such, Camms offers customers a range of technical integration services to ensure our solutions are fully integrated into existing operational systems and business processes seamlessly as part of any implementation. Camms has standard APIs developed for both the import and export of data for our solutions with other web -based systems used by customers. Some of these APIs are formally documented and accessible for IT staff to be able to utilize without the need for Camms' Integration Services Team to be involved as part of the integration approach. Further to this, Camms solutions also have the capability to utilize both Web Service and Web APIs for application integration. Integration can be undertaken through Direct Database Access, Application API's, Web Services or Excel/CSV Flat Files or Json objects. Camms supports web services as well in SOAP format. The typical mechanisms used to integrate the proposed solution with other key systems include APIs / Web Services, ETL Connectors and CSV / Excel uploads scheduled to run on a set frequency. With the above capabilities and our previous experience in integrating with other third -party software's, Camms is confident that an integration can be established between the proposed solution and the external software applications as required by City of La Quinta. however, the exact approach to this integration will be confirmed and agreed upon post a detailed scoping and analysis of the required proposed third -party solution, and its application to the customer. Train city staff on software As part of the solution implementation super -user training and train -the -trainer training will be included as part of the implementation. There are also a variety of training courses that have been developed for the implementation of the Camms Product suite and that are targeted specifically to meet the training needs of the audience (e.g. administrators, technical contributors, and general users). These include both technical (i.e. feature / function) and conceptual (i.e. theory) courses. These are summarized below: Administrator / Super User Training / Train -the -Trainer Classroom -style training is mainly designed for system champions and administrators whereby enabling users to understand the system functions efficiently and effectively within a training session. Approaches practiced by Camms under this style are: • Administrator / Super User Training, where Camms consultants conduct initial administrator training virtually in all key system functions, including configuration and ongoing maintenance of the system. • Train -the -trainer, where selected key staff are trained and then they are expected to transfer this training down the line, as relevant. Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com 27 Camms. Requirement Software setup and customizations Camms Response Overall, Camms provides you with a learning experience that promotes interactive in -class instruction as well as technically and functionally relevant exercises. From demonstrations to hands-on training, this training delivers a comprehensive and meaningful learning experience. General User Training (Camms.College) Camms.College is our state-of-the-art training and customer onboarding portal. The self-service / on -demand platform contains a range of set (out of the box) learning solutions, designed and delivered by both product and subject matter experts. Camms.College not only provides convenient, click -of -a -button solution training, but also the opportunity to participate in theoretical training courses - expanding the conceptual and technical knowledge of your users (both super users and general users). Camms involvement in implementation extends much more than simply 'software implementation'; Camms firmly believes that to properly implement a software solution at an organization, effective communication, change management and education strategies need to be implemented. Camms has the consulting expertise and background to support this approach and would work with the implementation team at your organization to ensure the best outcomes from this partnership. The introduction of any Camms solution will be undertaken on a partnership basis and will include the utilization of our expertise and implementation actions to ensure a smooth transition, as well as maximizing the value of our solutions. As the requirements of each client can be different, we provide a 'tailored' solution which incorporates business rules, implementation strategy and planning and regular reviews. This is a proven system which maximizes outcomes while ensuring time -poor staff, have optimal involvement in the process Caroms follows a 7 Stage Implementation Process which is described below. DISCOVER Discover & design Build & iterate Stage 3 System cuntlgu ration CONFIGURE Test & initiate Training EXECUTE Operate & refine Post implementation - Gums customer ...steam Ongoing Customer Care 0 Powered by Camms.College Governance and control Kick off meeting 96 Contract sign off Document reviewed Configuration review & minor amendments Client uploads data b 6 q b Configuration &inn off 4 Training complete HAT renews Golrzta,nning mpleo live complete sigm te Gnpff 69 6 69 HAT Hand oyes in sign as „GUMS support Camms.College Stage 1:Pre-Implementation The objective of Pre -Implementation is to ensure that the customer has a high-level understanding of the implementation process. The customer then has an opportunity to define their internal implementation team and look to gain 'buy in' from members and stakeholders. Preparation for the implementation process is undertaken, which includes ensuring all appropriate commercial agreements are signed and understood. At this time, customers are typically introduced to the Caroms project team, and a formal project plan and delivery timeframe is typically agreed. Stage 2:Discovery and Planning This phase typically includes the following: Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com 28 Camms. Requirement Camms Response • Review of all existing documentation and requirements defined, to support the formulation of an accurate and meaningful Business Requirements document, which forms the basis of Camms delivery requirements. • This document supports the oversight and translation of system functionality relative to process steps as identified by your organization of conceptual framework to support the roll-out of the product. • Engagement with your organization's project team to ensure appropriate buy -in and understanding of the Business Requirements document is generated with your senior's staff. Stage 3:System Establishment and Configuration During this phase, Camms will: • Configure the solution in line with agreed functional designs. • Manage timelines and application of configurations as identified in the business requirements document. • Facilitate regular project status meetings with appropriate stakeholders to ensure there is strong communication on progress. • Where appropriate, this phase will also include the establishment of all integration points. Stage 4:Testing and Validation (User Acceptance Testing) During this phase, Camms will: • Provide Administrator Training to appropriate users • Support your organization's staff during testing with issue documentation, formulation of change requests if required and alterations to configurations. • Tracking and updates of all defects and configuration alterations with your organization's staff. • Providing theoretical understanding of system processes and high-level QA processes to support the broader reporting and data gathering requirements. • Training and ad-hoc assistance to staff within the UAT period over the phone, virtual meetings and in person. Stage 5:Training With administrator training provided, our Customers leverage the use of Camms.College to deliver training across the broader team. Stage 6:Deployment and Operational Handover Immediately Prior to 'Go Live', Camms will transition a customer from the implementation team, but introducing them to our Support and Customer Success Teams, who are responsible for servicing our live customers. On a day-to-day basis, Level 1 support is provided to our customers through Regional Help Desk functions, available for email and over the phone support as required. On top of this, Caroms has a well-established 'Customer Success' Account Management strategy where a dedicated Customer Success Consultant, is assigned as the key contact point for Camms, in relation to all aspects requiring subject matter expertise or advice. Stage 7:Post Implementation Through the customer success program, regular touch points will be established as needed, (typically 3, 6 and 12 months post -implementation) with the dedicated consultant to ensure the solution is appropriately meeting the needs of the organization. The quoted amount will include a once of implementation cost, which includes the 7 Stage methodology as described. Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com 29 Camms. Requirement Camms Response Furthermore, the Camms platform is a highly configurable and dynamic enterprise -class system, designed to grow and evolve with the changing needs of any organization, whether large or small. It is largely 'self-service,' allowing administrative users to configure workflows, forms, user roles, and other administrative functions without requiring support from Camms. This flexibility ensures that the platform can be tailored to specific client requirements with only light configuration. Customization Options: No Customization: The platform's workflow engine allows system administrators to design and configure all necessary templates and processes, ensuring that the solution meets organizational needs without requiring any customization. Minimum Customization: The platform is highly configurable, providing the flexibility to make minor adjustments to align with specific business processes. System administrators can modify forms, workflows, and data fields to ensure all relevant information is captured appropriately, meeting organizational needs with minimal changes. Complete Customization: For more extensive customization, Camms offers a structured change management process. Customizations can be agreed upon during the pre -implementation phase or through post -implementation change requests. These modifications are developed, tested, and deployed with client approval. Customizations are designed to be user-friendly and accessible to staff with minimal IT experience, covering aspects such as user interface, workflow configuration, data field customization, and reporting and dashboard design. User -Friendly Customization Features: • User Interface: Users can easily modify the appearance and layout, including custom branding and color schemes, without extensive technical knowledge. • Workflow Configuration: Set up approval processes, task assignments, and automated notifications with ease. • Data Field Customization: Add, modify, or remove data fields to align with specific business requirements, enabling relevant information to be captured without the need for coding. • Reporting and Dashboard Configuration: Users can configure reports and dashboards to visualize and analyze data according to their needs, selecting desired data fields, applying filters, and designing layouts to generate meaningful insights. Scalability and Performance: The Camms platform is designed for scalability and flexibility. Load balancing is achieved by horizontally scaling out multiple application servers with a software load balancer or hardware appliance, ensuring the system can handle increasing (and decreasing) loads as the organization grows in terms of users and data volumes. This makes the proposed solution highly scalable and capable of meeting future organizational needs without significantly impacting system performance. In summary, the Camms platform is versatile, adaptable, and capable of meeting various levels of customization, ensuring that your organization's specific requirements are addressed, whether with no customization, minimal adjustments, or more extensive customization. This flexibility, combined with the platform's user-friendly design, empowers your staff to make enhancements and tailor the solution to meet specific needs without relying on experienced developers. If software does not meet one of the listed minimum requirements, please describe in proposal and response to RFP Caroms is fully compliant with all the minimum requirements provided in the RFP. Our platform has been designed to meet and exceed industry standards, ensuring that all specified requirements are addressed effectively. Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com 30 Camms. Requirement Camms Response Describe the software, its platform and/or its delivery: Camms specializes in providing SaaS (Software as a Service) solutions tailored to meet the evolving needs of diverse industries. Our cloud -based platforms offer comprehensive functionalities and tools designed to address specific challenges, including Project Management, Governance, Risk, and Compliance (GRC), and Incident Reporting. We prioritize innovation, reliability, and scalability, ensuring that our clients have access to cutting-edge technology while benefiting from the flexibility and accessibility that cloud -based solutions offer. Camms follows a 7 stage standard implementation plan. The stages that represent the are : Stage 1:Pre-Implementation Stage 2:Discovery and Planning Stage 3:System Establishment and Configuration Stage 4:Testing and Validation (User Acceptance Testing) Stage 5:Training Stage 6:Deployment and Operational Handover Stage 7:Post Implementation If required by the customer, Camms can provide a tailored implementation plan of rollout based on the organization structure. Camms would like to welcome the opportunity to further discuss this requirement. Is software desktop/local or cloud - based? Our commercial proposal reflects a SaaS offering, with the proposed instance to be hosted on the Camms Shared Cloud (Mircrosoft Azure). This SaaS offering incorporates all software, license, support, maintenance and hosting costs. Our SaaS offering is web -based application which can be accessed via any secured Internet connection. Caroms solution includes three main hosting options: 1. Camms Public cloud (can be accessed anywhere at any time). 2. Camms private cloud (dedicated environment for City of La Quinta, which can be accessed through VPN or restricted IP range). 3. On -premise Hosting. Although currently, option 1 is assumed to be preferable and therefore within scope, Camms would welcome the opportunity to explore options 2 and 3 should these options be required How frequently is the software updated? As part of our SaaS offering, all the software updates and releases are fully managed and delivered by Camms. To bring the strategic product roadmap to life, our product teams manage a quarterly sprint release program. This allows us to ensure our updates are delivered in a timely and consistent fashion. Camms release management policy supports two types of releases, as highlighted by the below: Feature Release (FR) — Feature releases happen once a quarter and consist of all features developed through multiple sprints within that quarter. Maintenance Release (MR) — This will be an interim patch release that contains issue fixes and stability improvements. It can consist of fixes that have been developed and tested via either the AM or UAT support teams. The above release framework is supported by a formal communication process - which involves sharing details of what changes are to be made and (where appropriate) detailed release notes on how to activate, configure and get the most out of any new feature. Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com 31 Camms. Requirement Camms Response It is relevant to note here that almost all feature upgrades are deployed in an 'inactive' state. Administrative users will be required to activate the new features (typically through the activation of a parameter) of sorts, and Camms often recommends activating this feature through either your test or train environment — to allow you to familiarize yourself with the function before taking it to your live environment. Please note that all releases are conducted after business hours, and significant lead notification is provided to our customers to ensure that no business impact is felt but the maintenance and upgrade program. Describe the technology or system requirements including servers/memory/storage if applicable. Camms' product suite is composed of web -based applications, designed to be accessed easily through common web browsers from any location with Internet access. The platform leverages the latest HTML5 technology, ensuring responsiveness across various devices and screen types. For optimal performance, the following minimum system requirements are generally recommended: - Operating System: Windows 8 and above - Browser: Google Chrome or Microsoft Edge - PDF Reader: Latest version of Adobe PDF Reader As a cloud -hosted solution, Camms does not impose additional mandatory system requirements. The solution is operational as long as the desktop used to access the platform has sufficient memory and access to common web browsers. Additionally, Camms offers flexible data storage options, capable of supporting varying storage needs, including hot and cold storage if required. If cloud-based/hosted, please list how many times over the past two years the system was unavailable to clients. Describe the back-up system in place, including disaster recovery or business continuity plans. Camms is a cloud -based solution, and we are pleased to report that over the past two years, our system has had zero instances of unavailability to clients. We prioritize system reliability and have robust backup systems in place to ensure business continuity. As part of standard practice, Camms will share all relevant disaster recovery information with appropriate customer representatives at the onset of this engagement. However, relevant to the items listed below, some summary points for discussion are referenced here. Firstly, it is worth noting that Camms has a documented BCP, which will be activated during a service disruption. This documentation is tested periodically and includes several core elements, including but not limited to: A risk management plan - includes several proactive strategies and structures designed to prevent the likelihood of the onset of a disaster event. This risk management plan includes several risks and relevant mitigating activities, each owned by staff at Camms. An offsite (secondary) data centre supports our backup and retention practices. Camms' cloud has regular nightly backups to ensure the data is protected, and these backups are transferred to the offsite Azure Data centre at 9 pm daily and retained for 12 weeks. The disaster recovery process will be activated if a business disruption affects one or more of Camms clients. Data will be restored at the data entre, and the most recent data will be recovered. A process workflow - with clear steps, roles and responsibilities outlined for key Camms staff relating to the declaration, ongoing communication to customers, and the resolution of the root cause or underpinning issue. Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com 32 Camms. Requirement Camms Response Regular testing schedules and test plans - to analyze and ensure the relevance and appropriateness of the planning framework. Camms testing cycle is conducted bi-annually, generally during June and December. Camms strives to maintain strong Business Continuity (BC) and Disaster Recovery (DR) capabilities to ensure that the effect on our customers is minimized in the event of any disruptions to our operations. Camms stores a minimum of 90 Days of nightly back-ups per customer. This can be higher in some instances where specific record keeping regulations require it. In the event of a business disruption, affecting one or more of Camms client's, the disaster recovery process will be active, the data will be restored at the Azure data centre and it is ensured the most recent data is recovered. Our standard RPO and RTO are outlined below. • Recovery Point Objective (RPO) - 24 hours • Recovery Time Objective (RTO) - 6 hours Business Continuity Recovery point (RPO) Recovery time (RTO) How much data can you afford to What .s the maximum downtime? recreate or lose? RTO WRT 24 5 Hours ,4- Hour ,,, .... -. Mln l Hours6 Holm r ,... ... i.,..rn ,n.LnYumitll�unu.mwe. r.n,e.wni,..n.menn.unu..nu..un...n.nnu.w•uw.runIIIIP. 1 Data Loss Disaster F Down Time 1 Resume Product on Figure: Business Continuity Plan Please refer to the attached Camms Technical Document for more information on our disaster recovery / business continuity approach Describe all security measures and disclose any hosting partners if applicable. Camms is committed to ensuring the highest levels of security for our clients. We partner with Microsoft Azure, a leading provider in cloud services, to host our applications in state-of-the-art data centers that are designed to protect mission -critical systems. These data centers feature fully redundant subsystems and compartmentalized security zones, adhering to the strictest physical security measures, including: • Multiple layers of authentication for server area access • Two -factor biometric authentication for critical areas • Camera surveillance systems at key internal and external entry points • 24/7 monitoring by security personnel • 100% redundant UPS Dual Power • Dedicated, highly redundant firewall protection All physical access to the data centers is highly restricted and stringently regulated, ensuring that only authorized personnel can access the servers. Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com 33 Camms. Requirement Camms Response Microsoft Azure data centers comply with key industry standards, such as ISO/IEC 27001:2013 and NIST SP 800-53, which are designed to meet a broad set of international and industry -specific compliance standards, including HIPAA, FedRAMP, SOC 1, and SOC 2. This ensures that our hosting environment is secure, reliable, and compliant with all relevant regulations. From a data security perspective, Camms solutions use HTTPS with 2048 -bit encryption for all communications between the server and client machines. Servers are protected by Tier 1 firewalls to prevent unauthorized access. The proposed solution's database, when hosted on the cloud, is accessible only to authorized database administrators, with application users authenticated via the application and database. Camms also utilizes Sophos Antivirus real-time monitoring and Sophos Endpoint protection on all laptops, workstations, and servers. This includes signature -based malware detection, with Host Intrusion Detection Systems (HIDS) and real-time alerts for any malicious activities. Camms ensures that all our solutions are compliant with national and government information security protocols, meeting the regulatory standards required to host our solutions in physically secure data centers. For further details on our security measures, please refer to the attached Camms Information Security Policy Document or visit this link: Microsoft Azure Physical Security. Describe the historical data the software maintains Camms recognizes the importance of maintaining comprehensive historical data to support robust governance practices. The Camms platform ensures that audit trails are meticulously recorded and easily accessible to users. This capability allows for detailed comparisons between past and current records, providing critical insights for decision-making and compliance. The platform offers a full audit trail for key screens and functions, capturing timestamps and logging any changes made to records within the application. Users can view these audit logs in real-time with a simple click, tailored specifically to the screen they are currently viewing. This streamlined approach ensures that users can quickly access relevant historical data, including details such as user IDs, dates, and timestamps across all modules. Moreover, Camms provides an intuitive interface for accessing and interpreting audit trails. Whether it's tracking data entry, amendments, or deletions, the solution ensures that all historical actions are comprehensively recorded and easily retrievable. Additionally, reports can be generated to display system -wide changes, further enhancing the visibility and usability of historical data. The system also supports the archiving of historical data through the front end of the solution. Users can filter registers and reporting views to access any archived information, ensuring that historical records remain accessible as needed. Audit logs, including both system and application logs, are retained for 90 days and are monitored using AlienVault (SIEM) for security purposes. These logs capture detailed information, including the time stamps and changes made by users, ensuring that all critical actions within the system are thoroughly documented. Access to audit logs is restricted to authorized personnel, specifically the L3 Level Infrastructure Support Senior Engineer, maintaining strict control over sensitive historical data. However, customers can review application logs directly through the audit history feature available within the platform, allowing them to monitor and analyze historical activities independently. As such, Camms provides a comprehensive and user-friendly system for maintaining and accessing historical data, with comprehensive audit trails and secure, controlled access. This ensures that organizations can rely on Camms to support their governance, compliance, and operational needs effectively. Provide an estimated implementation timeline and describe how existing data will be imported into the software. Camms confirms that an indicative implementation plan has being provided with our response, please refer to the CLC_Indicative Implementation Plan for your reference. With significant experience in handling various complexity levels of data migration, Camms is confident that we can support data migration from other systems and confirm it is feasible. Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com 34 Camms. Requirement Camms Response In general, Camms supports multiple strategies to complete the migration of data from existing source systems into the Camms platform. For example, through an integration service, data can be extracted from external sources and input directly into the system. Alternatively, data can also be exported from an external source system into an excel file and then loaded into the system via a SSIS package, aligned with Camms standard upload template. In either approach, the initial data will be uploaded to a staging database and post -data verification and cleansing will be uploaded to the test environment for customer review. Once this review process is completed, the data will be migrated into the live operating environment. Further, Camms has a variety of documented APIs developed to support a seamless transfer of data (both one and two-way) between Camms solutions and other corporate systems within a customer's technical ecosystem. Many of these APIs are documented in a manner that can be shared with customers to facilitate the transfer of data, and Camms is actively building this document library as a specific initiative of our product teams. Please note that given the different options available, Camms has not included this within the scope. We would welcome the opportunity to workshop this requirement in more detail with City of La Quintato better understand the scope and extent of data migration required and include it within our offering. What integrations are a part of the service, and which require additional fee Camms prides itself on delivering a seamless integration experience, allowing for bidirectional data feeds. Our solution is designed with a strong emphasis on interoperability, ensuring a fully integrated platform across all customer source systems. To enable smooth integration into existing operational systems and business processes, Camms offers a range of technical integration services. Our standardized APIs facilitate the import and export of data between our solutions and other web -based systems, providing a convenient and accessible integration approach for IT staff. These APIs are well-documented, empowering your team to utilize them without relying on Camms' Integration Services Team. For application integration, Camms leverages Web Service and Web APIs. Our APIs are built on the REST protocol, enabling seamless communication with other APIs. Additionally, we support SOAP -based APIs for third -party application integration. Integration options include Direct Database Access, Application APIs, Web Services, as well as Excel/CSV Flat Files or JSON objects. Depending on your requirements, we can employ various mechanisms such as APIs/Web Services, ETL Connectors, and scheduled CSV/Excel uploads. With these robust integration capabilities, Camms is confident in delivering bidirectional integration. The exact approach for integration will be determined through a thorough scoping and analysis process in collaboration with City of La Quinta. The following represents a selection of established third -party integrations that have undergone comprehensive testing and validation with the Camms solution, including but not limited to: • Aurion • Windows AD • Azure SCIM • Chris2l • Workday Please be aware that our solution supports integrations with numerous other systems beyond those listed above. For more technical details, please refer to the Camms Technical Document. You can also explore our Camms.Connect (Integration) portal at Products: List - Camms.Connect Portal (cammsconnect.com.au) to learn about the current integration functionality. Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com 35 Camms. Requirement List resources provided for customer service, technical support and training, including business hours available and average response time for technology - related inquiries Camms Response furthermore ,Camms maintains transparency in its pricing, with clear and upfront costs. Beyond the standard annual license fee and a one-time implementation services fee, any additional costs related to integrations would be clearly outlined during the scoping phase and included in the commercial proposal with the City of La Quinta. As part of Camms SaaS offering, City of La Quinta will have access to Camms Help Desk function to receive product and technical related support available 24/7 - with in -region (US based) via phone and email support from 8:30 am to 5.30 pm. Outside of these typical hours, City of La Quinta can leverage the support of our global helpdesk, serviced out of our other regional locations across Australia , EMEA, North America, and other parts of Asia. Camms Online Support Portal is the desired method for clients to log and check the status of all help desk requests (as opposed to phone and email). The Camms Online Support Portal is an online helpdesk facility for reporting issues, submitting custom modification requests, viewing FAQs, seeking clarification on business rules, updating your contact details and submitting enhancements/suggestions. The portal is accessed via the Camms website and is available 24/7. If You Have a f Client support Case who should you contact? 0 omte 1 SNI +1;00.1. A I]01 ✓Vu111W. .RE :flI MH` S'SI M,yen.r.ebrr.. ... (KC r111.-.• II b,d •� . ., ..�i;..I rlr.•. niip.-. New Clients NJ: Post 'Go -Live', Camms customers are transferred to our customer success team, who are responsible for providing ongoing support to our customer base. For each client, a dedicated Customer Success Consultant (Account Manager) is allocated, who's primary responsibility is to work with customers in order to maximize their return in using Camms solutions. This consultant will access as the primary point of contact for all account -related queries, and the provision of subject matter expertise. Please note this role is independent of our Support Team, who are available to provide over the phone and email support at all times. Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com 36 Camms. Requirement Camms Response Additionally, Camms provides a customer support package, Camms.College a state-of-the-art training and customer support portal. As a world -leading provider of integrated business software solutions, we at Camms recognize the value organizations can obtain by not only investing in the digital ecosystem of the business but also its greatest asset — its people. Camms.College provides organizations with the capacity to do just that. Camms.College represents an intuitive, self-service online learning portal with a range of content designed to educate users on the Camms solution functionality and behavior, best practice and conceptual theories. Our goal is to help your employees become risk, strategy, and project experts through learning content that is carefully designed by Camms subject matter experts (SME). We have used our extensive knowledge from helping organizations implement Enterprise Performance Management Solutions to curate a learning experience that will help you achieve your corporate goals. The Camms.College platform includes: Our comprehensive support program includes: Training Courses Camms.College training courses cover everything from essentials to solutions, covering in-depth role -based user training. Each module is designed to help you understand concepts and implement them in the real world. Global Event Calendar Get access to both technical and conceptual subject matter experts through live, interactive, and on -demand webinars through the Global Event Calendar. Reporting Hub The Reporting Hub offers you a comprehensive sample report library, and Virtual Reporting Assistance with dedicated Reporting Agents to create reports according to your specific needs, helping you make reporting more efficient and less time consuming. Virtual Consulting Our expert team of Camms Consultants are ready to help you turn your strategy, into reality. With more than 20 years of experience in business intelligence and enterprise performance management, you can be assured that our Virtual Consultants are subject -matter experts in their respective fields. Caroms Community As a Camms.College customer, you now have access to the Camms Community where you can connect with other industry professionals and grow your network. Training resource and onboarding Caroms acknowledges that training is an important ingredient to a successful implementation - a system is only as good as the knowledge of the people engaging in it. As part of any implementation, Camms has a standard training program which is outlined below: • Caroms standard "Train -the -Trainer" approach includes the following sessions per product: o 1 x 2 hour system administrator training session conducted by a Camms consultant o 1 x 2 hour super / general user training session conducted by a Camms consultant o Access to Camms.College to support additional training requirements. Utilisation of Camms.College virtual consulting days, if applicable Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com 37 Camms. Requirement Camms Response Administrator/Super User Training A system -based session that provides comprehensive training on all aspects of each module of the solution, how they are interrelated and important dependencies. It is envisaged that training attendees will be able to complete all administrative activities following the session without assistance from Camms. Super / General user Training A system -based session that provides an overview of the key business functions of the solution, including any specific areas of focus as requested by the customer. This is typically delivered by the Customer's System Administrators, post the administrator's training listed above. To supplement the above training sessions, general user training, and on -training of other users, the Camms.College platform can be leveraged. Providing a number of short video courses on system functionality, all types of users can engage with the Camms.College platform. The user- friendly format of the courses ensures that engagement is retained, with users having the capability to pause and return to the section of the course when required. Although the above approach has been successful in a significant number of implementations, Camms would welcome the opportunity to discuss the Training Plan and Approach with City of La Quinta in due course, to ensure appropriate alignment. Customer standard service level agreement. Camms solutions are typically deployed as a SaaS, Cloud Based environment. Camms' Standard Service Level Agreement outlines our commitment to availability, which includes a 99.5% SLA uptime across a 24/7, 365 annual cycle, which is reflected in our current commercial offering. Caroms standard SaaS agreement includes SLA responses which define the appropriate response and resolution timelines applied. • Incident Support Priority Level 1 Response - 4 working hours, Target Resolution - 1 day. • Incident Support Priority Level 2 Response - 6 working hours, Target Resolution - 2 days. • Incident Support Priority Level 3 Response - 8 working hours, Target Resolution - 5 days. While the response and resolution times are aligned according to the priority of the issue, enhanced SLAs can be provided upon appropriate commercial agreement with Coventry University. Please refer to Section 8.2 of the Camms Technical Document attached with this response for more details. Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com 38 Camms. List of Complementary Services Offered by Proposer along with Corresponding Prices Camms Annual License Fee is a fee that is paid annually and provides our customers with the license to use our software. Camms pricing structure reflects the modular, user -based nature of our software, and thus, the Annual License Fee is impacted by two variables: the specific modules a customer needs and the number of users the customer wishes to deploy the software to. Camms confirms that, except in special circumstances, the Annual License Fee typically includes all upgrades (outside of customizations), technical support, and hosting. No additional investment costs are required outside of what is detailed within the initial contract. In terms of licensing, there will be no associated costs for additional parties as long as the number of users remains consistent. Any additional costs associated will be derived based on additional user licenses and variations to the scope that will need to be commercially agreed upon at a later stage of the implementation (if required). As part of Camms' standard SaaS offering, all maintenance and support of the system are included within the licensing cost proposed for City of La Quinta. Camms offers a wide range of services within our SaaS offering to ensure successful implementation and ongoing support for our customers: 1. Implementation Services: o Project management and support during the implementation phase. o Configuration services to tailor the platform to customer requirements. o Technical services like integration with other systems if included in scope. o Training services including a "Train -the -Trainer" approach and access to Camms.College. 2. Consulting Services: o Product consultancy from subject matter experts. o Workshops and other advisory services. 3. Data Migration: o Assistance with migrating historical data from existing source systems. 4. Managed Services: o Managed service offering to handle technical maintenance and support, allowing customers to focus on core operations while Camms manages the solution. 5. Ongoing Support: o Established global support program for Camms clients. o Local and regional support teams for implementation, professional services, and training needs. Camms aims to be an end-to-end partner through the entire solution lifecycle—from initial implementation through to post - implementation support services. We have the flexibility to scope and define service packages tailored to each customer's specific needs. Camms also offers a broad range of additional solutions which form part of the same system which City of La Quinta can utilize in the future, including Risk Management, Audit Management, Compliance Management, Flexible Workflow capabilities, Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com 39 Camms. Strategy & Performance Management and ESG. These all -form part of one broader system, and linkages can be established between associated areas across these. Camms would welcome the opportunity to discuss any of these broader areas as this process continues. Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com 40 Camms. Setup and Training Options/Procedure A standard implementation process is outline below, through the Camms 7 -stage implementation process. Each stage incorporates several activities culminating in a series of documented deliverables and sign -off points. • Pre -Implementation: The objective of Pre -Implementation is to ensure that the client has a high-level understanding of the implementation process. • Discovery and Planning: In the Discovery and Planning stage, all information relevant to the client's current business processes are collected and reviewed • System Establishment and Configuration: The System Establishment and Configuration stage incorporates installing the test environment and applying the agreed software parameters, configurations and label changes to this environment • Testing and Validation: Testing and Validation focus on ensuring the application is ready for deployment to the live environment. • Training: A system is only as good as the knowledge of the people engaging in it. Without a sound background in planning and performance management concepts, the system's full potential may not be harnessed. Deployment and Operational Handover: In this stage, final deployment occurs, and the application is ready to "go live". • Post -Implementation: Three months after going live, Camms will return on-site to undertake a post -implementation review and assess how everything is going. Furthermore , Camms acknowledges that training is an important ingredient to a successful implementation - a system is only as good as the knowledge of the people engaging in it. Training is conducted by UK consultants and can be accommodated both virtually or in person. Generally, Camms proposes the following approach to training: Administrator / Super User Training completed by Implementation Consultants leveraging our 'Train -the -Trainer' methodology, with selected key users being trained in all of the key system functionality, from administrative functions to general use of the platform. These users can then transfer relevant components of the training down the line, as appropriate. To supplement the above training sessions, general user training, and on -training of other users, the Camms.College platform can be leveraged. Providing a number of short video courses on system functionality, all types of users can engage with the Camms.College platform. The user-friendly format of the courses ensures that engagement is retained, with users having the capability to pause and return to the section of the course when required. In addition to Camms.College, users are provided with standard training/help documentation to support the training provided. Each of the user guides provides a detailed user-friendly overview of key system functionality. Further, Camms would welcome the opportunity to discuss tailored training material, should it be of interest. Camms can offer bespoke training options also, such as additional classroom training or bespoke E -Learning videos to be stored on Camms.College. Camms would welcome the opportunity to discuss this further with City of La Quinta to provide pointed recommendations on this. Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com 41 Camms. Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com 42 Camms. Integration Services/Options The solution has been designed to support a high level of interoperability across all customer source systems, to provide a truly integrated platform. As such, Camms offers customers a range of technical integration services to ensure our solutions are fully integrated into existing operational systems and business processes seamlessly as part of any implementation. Camms has standard APIs developed for both the import and export of data for our solutions with other web -based systems used by customers. Further to this, Camms solutions also have the capability to utilise both Web Service and Web APIs for application integration. Integration can be undertaken through Direct Database Access, Application API's, Web Services or Excel/CSV Flat Files or Json objects. Camms supports web services as well in SOAP format. The typical mechanisms used to integrate the proposed solution with other key systems include APIs / Web Services, ETL Connectors and CSV / Excel uploads scheduled to run on a set frequency. With the above capabilities Camms is confident that an integration can be established between the solution and the proposed third party solution for the customer. The exact approach to this integration and the relevant costing for the integratrion will be confirmed and agreed upon post a detailed scoping and analysis of the proposed third party solution, and its application to the customer Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com 43 Camms. Disclosures Camms affirms that there is no significant prior or ongoing agreement failure, nor any civil or criminal litigation or investigation, in which Camms has been judged guilty or liable within the last five (5) years. There is no negative history to disclose. Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com 44 Camms. Acknowledgement of Insurance Requirements (Attachment 2) We confirm that, if selected, we will provide the minimum insurance coverage and indemnification as specified in Exhibits E and F of the City's Agreement for Contract Services, as included in Attachment 1. Camms Technical Proposal 1 CLQ 1 www.cammsgroup.com 45 La Quinta Agreement for Contract Services Item # Clause # Reason for non-compliance Proposed amendment 1 4.3 Camms cannot agree to obtain its customers' permissions to use subcontractors. Remove the requirement to obtain prior permission to use subcontractors. 2 4.3 Camms needs the right to assign all its agreements upon a sale of the company. Remove the following from Section 4.3: "In addition, neither this Agreement nor any interest herein may be transferred, assigned, conveyed, hypothecated, or encumbered, voluntarily or by operation of law, without the prior written approval of City. Transfers restricted hereunder shall include the transfer to any person or group of persons acting in concert of more than twenty five percent (25%) of the present ownership and/or control of Contracting Party, taking all transfers into account on a cumulative basis." 3 7.2 Caroms will require 30 days notice for an audit and the number of audits shall be limited to 1 audit per year. Add such qualifications to the City's audit/review rights in Section 3. 4 7.3 Camms provides use of its standard software via a SaaS offering. Therefore Caroms does not create anything that its customers would own. Add the following provision to this section: Notwithstanding the foregoing, Contracting Party shall maintain ownership of its Pre -Existing IP. "Pre -Existing IP" shall mean any and all software, information, technology, tools, templates, methodologies, data, designs, ideas, concepts, know-how, trade secret and techniques owned by Contracting Party prior to the commencement or independent of the services hereunder and all intellectual property rights therein, some of which may be used by a party in performance of its services hereunder, and 1 2 shall also include any enhancements made by Contracting Party to the Pre -Existing IP while performing its services hereunder. Pre -Existing IP shall also include and documentation, deliverables, reports or materials created by a party in the course of performing its services hereunder. 5 7.5 Caroms provides its SaaS offering per a subscription term. The concept of a perpetual license will need to be replaced with a subscription license term in Section 7.5. 6 7.7 Confidentiality requirements should be mutual. Make this section mutual. 7 8.7 Camms prices its software licenses based on the fulfillment by the customer of the subscription term and therefore does not allow termination for convenience. Remove Section 8.7. 8 8.8 Camms does not agree to indirect/cover costs. Remove Section 8.8 9 Section 6 of Exhibit A Camms doesn't agree to Liquidating Damages. Remove Section 6 of Exhibit A. 2 10 Exhibit F Caroms agrees to indemnify only for (i) gross negligence and (ii) 3rd party claims pertaining to IP infringement claims. Camms does not enter into indemnification agreements with its subcontractors. Replace Exhibit F with the following: "F.1 Contracting Party shall indemnify, protect, defend and hold harmless City and any and all of its officials, employees, and agents ("Indemnified Parties") from and against any and all claims, losses, liabilities of every kind, nature, and description, damages, injury, costs and expenses including reasonable attorneys' fees, arising from (i) the Contracting Party intentional, willful, or gross negligent acts or omissions; or (ii) a claim by a third party that the software provided by Contracting Party infringes a valid patent or copyright or involves the misappropriation of a trade secret. Section F.1(a) does not apply to the extent that the alleged infringement arises from: (i) combination, operation, or use of the Contracting Party software or services in or with, any technology (including any software, hardware, firmware, system, or network) or service not provided by the Contracting Party or specified for the City's use in the Contracting Party's user documentation, (ii) modification of the Contracting Party software or services other than: (i) by Contracting Party in connection with this Agreement; or (ii) with Contracting Party's express written authorization and in strict accordance with its written directions and specifications, (iii) use of any version of the Contracting Party software or services other than the most current version or failure to timely implement any maintenance release, modification, update, or replacement of the Contracting Party software or services software made available to City by Contracting Party, (iv) use of the Contracting Party software or services by or on behalf of City that is outside the purpose, scope, or manner of use authorized by this Agreement or in any manner contrary to Contracting Party's instruction." 3 11 1.9 Add a standard warranty disclaimer Add the following: "1.9. Warranty Disclaimer. Except for the warranties set forth herein all deliverables, products, information, materials, and services provided by the Contracting Party are provided "as is." Contracting Party: (a) makes no additional representation or warranty of any kind, whether express, implied in fact or by operation of law; (b) disclaims all implied warranties, including fitness for a particular purpose, to the fullest extent allowed by law; and (c) does not warrant that the deliverables are or will be error-free or meet the City's requirements. 13 26.00 The services are provided on a subscription basis and therefore suspension is not applicable or agreeable. Remove Section 26.00. 14 n/a Added standard customer data provisions from Caroms' form of customer agreement. Add the following provision: 5.6 Data. The City is responsible for the accuracy, quality and legality of the City data (including personal data) as entered into the Contracting Party's systems, or otherwise supplied or used by the City, including the means by which the City acquired the personal information. The City agrees that Contracting Party may collect, use, and disclose quantitative data derived from the use of the Contracting Party's services for its business purposes, including industry analysis, benchmarking, analytics, and marketing. All data collected, used, and disclosed will be in aggregate and deidentified form only and must not identify the City or any third parties utilizing the services. 4 10.11 10.11 Added standard indirect liability disclaimer cap which Camms requires and has in all its customer agreements. Add the following provision: 10.11. Indirect Losses. Subject to clause 10.12, to the fullest extent allowed by law, each party excludes all liability for any loss of product, loss of revenue, loss of profit, loss of or damage to reputation, loss of anticipated savings or benefits, or any indirect, special or punitive loss, damage, cost or expense or other claims for consequential compensation however arising under or in connection with this Agreement or the performance or non- performance of this Agreement and whether arising under any indemnity, statute, in tort (for negligence or otherwise), or on any other basis in law or equity. 10.12 10.12 Added standard liability cap which Camms requires and has in all its customer agreements. Add the following provision: 10.12. Liability Cap. (a) Ordinary Cap. Subject to clauses 10.12(b) and 10.12(c) and to the maximum extent permitted by law, a party's aggregate liability for any and all claims, losses or damages arising out of or in connection with this Agreement, whether based on contract, warranty, tort (including negligence), statute or otherwise, is capped at the fees paid by the City to the Contracting Party under the Agreement during the 12 month period prior to which the events giving rise to the claim occurred. This cap applies in the aggregate to all claims arising from events which occur in the same period. (b) Super Caps. Subject to clause 10.12(c) and to the maximum extent permitted by law, a party's aggregate liability under this Agreement for any and all claims, losses or damages arising out of or in connection with Section 7.7 is capped at the greater of: (a) an amount equal to three times the fees paid by the City to the Contracting Party under the Agreement during the during the 12 month period prior to which the events 5 6 giving rise to the claim occurred in which the events giving rise to the claim occurred; and (b) $250,000. This cap applies in the aggregate to all claims arising from events which occur in the same 12-month period. (c) Exceptions. No provision of this Agreement limits the liability of a party for: (a) interest due by any party for late payments; (b) personal injury or tangible property damage caused by negligence; (c) losses caused by fraud or fraudulent misrepresentation; or (d) payment of fees. The Contracting Party's obligation to indemnify under Exhibit F is limited by clause 10.11 but is not capped under clauses 10.12(a) or 10.12(b). 6 Camms. Enterprise Statement Of Work PKN Orlen Commercial & Confidential Version 4.1 Prepared by Camms Zachary Burner August 2024 Business Development Manager Enterprise Implementation Statement Of Work Camms. Task Category Scope Included Excluded Assumptions Project management, governance, and general service delivery Discovery and Planning Delivery of professional services utilising Camms standard Project Implementation Methodology Regular project status meetings or calls (Weekly or Fortnightly as agreed at project kick-off) Scheduling and management of Camms resources Management of Camms project documentation and deliverables Invoicing/milestone management Scope & variation management Review and assessment of client documentation Use of Camms standard documentation to capture requirements Scheduling and management of client resources Use and maintenance of Camms non-standard documentation or project management materials Out of hours consultation Additional discovery or design workshops Discovery and design for products not included in scope. Creation or maintenance of any documentation that is not part of Camms standard delivery approach. Iterative changes and review of configuration during scoping and discovery Client will provide Project Management for their resources and deliverables The working hours of this project will generally be between 8:30AM and 5:OOPM Monday through Friday, except for public holidays Client will provide an appropriate level of access to systems and software platforms required to perform project work Client will ensure timely access to the appropriate stakeholders and staff for consultation and will provide Camms consultant(s) with any supporting information, data and documentation necessary to inform the development of appropriate deliverables Camms assumes an 22 to 24 weeks delivery timeline for this project. Delays in Client deliverables or milestones that require an extension to the project timeline may incur additional project cost Any relevant client internal consultation and preparation of requirements & process documentation have been completed prior to commencement of Discovery. Discovery & Design sessions are capped at approximately 8 participants per workshop and client will ensure they include key subject matter experts, stakeholders, and decision makers to ensure required outcomes from each workshop. Functional or technical requirements (e.g. traceability matrix) have been provided by the client and responded to by Camms prior to Discovery commencement, if applicable Client resources, subject matter experts, and stakeholders are available to complete scoping sessions and provide sign -off on required documentation as per the agreed project timeline. 2 Enterprise Implementation Statement Of Work Camms Task Category Scope Included Excluded Assumptions Discovery and Planning Camms.Service o Facilitation of up to 22 hours of Camms.lncident/ Camms.Service discovery workshops over 8 weeks Camms.Project o Facilitation of up to 22 hours of Camms.Project discovery workshops over 7 week Configuration Requirements Document o Completion of a Configuration Requirements Document for each of the included modules o Each document produced includes up to 4 iterations. An iteration is defined as an updated version of the document which includes changes as a result of workshop outputs or other feedback mechanisms Continued Continued 3 Enterprise Implementation Statement Of Work Camms Task Category Scope Included Excluded Assumptions Configuration Camms.Service o Configuration of the following workflows: Contract management Construction management o General system configuration (i.e. label replacements, incident category structures) o Deployment of Camms Standard Incident Management Objects for Event Workflow o Access to Camms.Incident standard reports o Access to standard Camms.Service email notifications and triggers. Camms.Project o Configuration of the following workflows: 1 Moderate Workflow 1 Basic Workflow o Configuration of 12 Project positions o General system configuration (i.e. label replacements, custom objects, drop down lists) o Access to Camms.Project Standard Reports o Access to standard Camms.Project email notifications and triggers Camms.Service o Configuration of Custom Objects o Configuration of Custom Fields (i.e. auto - mapped fields, conditional decision point mapping) o Configuration of additional workflows or hierarchies o Creation of any custom features, reports, email notifications & triggers, or system permissions o Modifications to standard out of the box reports Camms.Project o Configuration of multiple Project Registers o Customisation to Standard Object Functionality o Creation of New User Roles o Creation of any custom features, reports, email notifications & triggers, or system permissions o Modifications to standard out of the box reports 4 Enterprise Implementation Statement Of Work Camms Task Category Scope Included Excluded Assumptions Configuration Camms.Insights o Configuration of datasets and relationships available within the Camms application o Configuration of standard Administrator & Viewer roles and permissions Camms.Insights o Product does not include any standard reports or templates o Creation of any custom reports or templates o Development of custom datasets or filters o Relabelling of Camms standard dataset naming conventions to any custom terminology Camms.Insights o Camms.Insights configuration is performed after UAT sign -off and all configuration is finalised o Camms.Insights is configured in live and test databases only. Database copy/refresh between live and test environments does not apply and is not possible for Camms.Insights o Camms.Insights configures low -medium complexity reports in A4 format only o Camms.Insights can develop low -medium complexity reports only (Camms.Insights may not be able to develop complex visual representations e.g., heatmaps) o Custom datasets/filters may not be compatible with the report scheduling functionality available in Camms.Insights. o Camms.Insights permissions cannot be applied via integration and does not relate or consider access levels/permissions within the Camms application (e.g., data is not restrictive based on permissions in other products) o Camms.Insights is a cloud -exclusive offering and is not available for self -hosted clients 5 Enterprise Implementation Statement Of Work Camms. Task Category Scope Included Excluded Assumptions User Acceptance Testing Training and Change Management Go -Live Provision of a Test environment. UAT to be conducted in 2 rounds of testing over 2 weeks. Camms project team support of client resources during execution of testing. (Support includes Q&A, weekly defect review meetings, resolution of agreed defects). Camms will track UAT issues using our standard issues register. Camms standard "Train -the -Trainer" approach that includes the following sessions per product: o 1 x 2 hour System Administrator training session conducted virtually by a Camms Consultant (capped at 8 participants) o 1 x 2 hour Super User training session conducted virtually by a Camms Consultant (capped at 8 participants) Access to Camms.College to support additional training requirements. Utilisation of Camms.College virtual consulting days if applicable Database copy to Live environment and validation Notification Set -Up (if required). Single go -live event for all purchased Camms products. Project Team to provide Hypercare support for 2 weeks after go -live. Handover to Camms Support and Customer Success teams for ongoing management at the conclusion of "Hypercare". Camms execution or review of any UAT test cases/scripts. Camms resource support beyond agreed UAT timeline and number of testing rounds Development of test scripts or supporting materials. Changes or updates to system configuration other than those required to resolve an agreed defect. Use of any issue tracking solutions other than Camms standard issue register. Additional consultant led training sessions (unless further deducted from Camms.College allowance) Creation of any custom training content or materials Creation of a change management plan. Any other change management activities. Project team support beyond agreed Hypercare period, including support of any ongoing Pilot activities. Multiple Go -Live events and/or Hypercare periods for different products. User Acceptance Testing will commence once client has signed off on system configuration and had administrator training. Client will have adequate resource to execute UAT within agreed timelines. Client will internally triage UAT issues prior to raising with Camms. Client will report all issues to Camms using the provided Camms UAT tracking sheet. Once the resolution of a UAT items is completed by Camms, client will validate within 3 days of receiving communication of its resolution. All System Testing, User Acceptance Testing, Integration Testing (where applicable), and any Data Migration testing (where applicable) will all be conducted in the Test environment. Client will ensure required attendees are available for the scheduled sessions Camms have assumed that the client will utilise their licence to Camms.College for both system administration and general user training for the purposes of this implementation. Any in -scope System Administrator training sessions will be supplemented by ongoing access to the relevant Camms product general user course in Camms.College for end user training. Change Management activities, other than included training, will be planned and executed by client resources. All purchased Camms products will be launched at the same time and not staggered over multiple go -lives or phases. Launch of the solution within a client organisation as a Pilot to limited users will be treated as a standard go -live by Camms and trigger commencement of Hypercare period During Hypercare, Client will follow standard BAU support process and raise all issues via Camms ticketing solution (FreshDesk) 6 Enterprise Implementation Statement Of Work Camms. Task Category Scope Included Excluded Assumptions Product Enhancements, New Features, and Custom Development Integrations Data Migration or Upload Not in scope. Not in scope. Not in scope. Custom Reporting - Not in scope. Delivery of any product enhancements or roadmap items as part of this implementation. Access to any Camms API or other integration tools or processes Camms design and/or development of any integration services, tools, or processes. Camms design and/or development of a process or tool, including a manual process, to load or migrate any data into the Camms solution from an external system or source. This includes, but is not limited to: o Client's organisation structure o Staff and User Data o Risk registers o Incident data o KPI data Camms design and/or development of any custom reports or modifications to existing reports. Business requirements that are not able to be met within the current function of the Camms product will be considered a customisation. These customisations will be scoped and costed separately from the implementation costs for this engagement. Any item referenced as 'under consideration' within our product roadmap is provided as an indication only and is subject to change. Responses provided as part of our functional and non- functional specification do not constitute an agreement to conduct any development, until such a time that those items are included within a formal specification and business requirements document. There will be no inbound or outbound communication between Camms and any external system or tool. Client will manually enter any existing data required from other systems or sources into Camms. Client will utilise out-of-the-box reports. Indicative Implementation Plan -City Of La Quinta Camms. N Ln co O O O M 0 N N N N 111 Kick-off Kick Off • Req. Sign -off Config Complete • Camms.Project 1 Camms.Service 1 Camms. Insights Requirement Gathering Env. Setup & B. -B it Config. Req. Review Configuration eports( Custom) Des' Reports (Custom) Build Training UAT Complete Go -Live Project Closure • Project Management * This implementation plan is indicative only, and subject to change based on further discussion and analysis. Key project activities: 1. Pre -implementation 2. Discovery & Planning 3. System Configuration 4. Testing 5. Training 6. Go Live 7. Post Implementation Camms Technical Overview 234 5th Ave, 2nd Floor, New York, NY 10001 T +1 (603) 438 6360 E sales@cammsgroup.com Camms. Table of Contents 1 Architecture Specification 3 2 Hosting (US) 5 3 Auditing and Logging 15 4 Integration 16 5 Security and Trust Package 18 6 Privacy 27 7 Compliance 30 8 Accessibility and Availability 36 9 Appendix - Business Continuity Plan 40 Legal Disclaimer To the recipient of the Camms Technical Overview document, this document is strictly confidential and should only be shared with the intended internal employees at your company. The distribution of Camms Technical Overview document is prohibited, except as described below. You may use the Camms Technical Overview document solely for your evaluation of the content for the organization on whose behalf you have received this. You agree not to disclose any information in Camms Technical Overview document to any third party without the express written consent of Camms and will take reasonable precautions to avoid unauthorized disclosure and protect against unauthorized use of Camms Technical Overview document. Camms Security Overview document may be distributed within your organization only on a need -to -know basis. Technical Information (US) 1 Camms 1 www.cammsgroup.com 2 Components & Technologies Camms. 1 Architecture Specification The Camms architecture is a highly sophisticated, well-designed solution crafted with a customer - centric approach. Our approach to architecture design considers the diverse needs of different industries, resulting in a flexible and scalable solution that can be adapted to meet the evolving needs of our clients. The architecture is continuously improved through our cutting-edge R&D program, ensuring that we always stay ahead of the curve. Our software products are web -based applications that leverage the latest Microsoft technologies, such as .NET Framework 4.7.2, .NET 6.0, and SQL Server 2019. This combination of technologies allows us to create robust, user-friendly, and feature -rich applications that are easy to use and maintain. The applications are designed using the latest programming languages and tools, such as C#, Angular 13, Entity Framework Core, and other Microsoft technologies, making it easier to meet the demanding requirements of our clients. Our mobile applications are designed to meet the growing needs of a mobile -first world and are built using Xamarin/Android and (iOS) technologies. C# is the primary language used in this regard, providing a robust yet flexible platform that can be adapted to meet the unique needs of our clients. Camms products run on the stable and well -supported infrastructure of Microsoft Windows Server 2019 and IIS 10, offering a reliable and secure platform for our clients to operate on. This robust infrastructure configuration ensures that our clients can rely on the Camms solution for their data management needs with confidence in their data's confidentiality, integrity, and availability. 1.1 Architecture Diagram Machines Layers Connector PC & Mobile Device Web Server Database Server Presentation API Business Logic Data/Integration Lexis Nexis, Sha rePoint, Microsoft Teams, CRM Dynamics, DMA, Custom Connectors. Financial, HR, KPI, Risk Connectors, iso, Incident, Project, Strategy Mobile Apps Xamarin Web Content HTML, CSS, JS, Media, Angular Website Localisation ASP. Net MVC/ASP.Net Web Forms Cumms"- Comms hte (Custom Repo (Cornmuni;y I:nga Power 91 SSRS Reports Localisation A5P.NET CORE Web API Comms Obj Reposito Settings •chin• & Loca !sailor Office Add -In 11 History Custom Objects Entity Framework MS SQL Server Services Figure: Architecture Diagram w U D D u O7 y c y a� Q. V7 Technical Information (US) 1 Camms 1 www.cammsgroup.com 3 Camms 1.2 Process Architecture O n User on PC/Mobile Device Office Add -In Website Reporting Web Server Internet Information Server Camms Repository am7. Camms DataAccess \ Entity Framework 4-► Figure: Process Architecture Web Server Windows Server/Internet Information Server el Office Add -In Web Server Camms Suite Web Site Interactive Apps Web Site Camms.Connect Camms.Insights Camms.Engage Camms Search Service 3 Camms Agent Service 0 Email Service 1 Batch Service �'. Camms Middleware r q� Power BI L 1�1� Database Server SQL Server CLR Procedures & Function Reporting Services TSQL Procedures & Function Integration Services Database Server SQL Server 4— pReporting Service Financial Mapper SQL CLR Procedure Precalulator SQL Sehduler Job Camms BI Data warehouse & Integration gCamms Suite Table and Procedures Figure: Deployment Architecture Technical Information (US) 1 Camms 1 www.cammsgroup.com 4 Camms 2 Hosting (US) 2.1 Hosting Options The Camms platform is available in 6 cloud infrastructure configurations allowing customers to select the best option to meet their security requirements. Camms Public Cloud L, 1. Secure (base offering) 2. Secure+ Camms Private Cloud 4.1.--) 1. Protected 2. Protected+ 3. Protected+ IRAP (AU Only) Camms Dedicated Dedicated cloud environment Technical Information (US) 1 Camms 1 www.cammsgroup.com 5 Camms. 2.1.1 Hosting Service Summary An overview and services offered through each cloud configuration is below: SaaS Offering Secure Secure+ Protected Protected+ Protected+ TRAP Dedicated Cloud Information Region Restricted Shared Infrastructure Dedicated Infrastructure Multi -tenancy Own Database Own Database Instance Own Web Server Allow IP Whitelist Azure Express Route/ VPN Access Encryption in Transit Encryption at Rest Database File Encryption (IDE) DDoS Protection - Basic DDoS Protection - Standard WAF / SIEM Threat Detection (EDR/XDR) 0 0 0 0 0 0 0 0 0 O 0 0 O 0 O O Q Q Q O Contact Us O O O O O O O 0 0 O 0 0 O 0 0 O 0 0 Contact Us Contact Us Contact Us O 0 0 O 0 0 O 0 0 O 0 0 0 0 0 0 0 0 Compliance IS027001 SOC 2 Type II / HIPAA CE and CE plus (EU only) IRAP Assessment (AU only) O O O O O O O O O O Coming Soon Monthly Subscription Included Contact Us Contact Us Contact Us Contact Us Contact Us 2.1.2 Hosting Inclusions Summary Below is a detailed list of our infrastructure inclusions, customisable for specific security, privacy, and performance needs. Region Restricted ✓ Restricts customer data access to local Camms service centre region. ✓ Adheres to data privacy laws and sovereignty requirements. ✓ Grants control of data storage, processing, and support services. Dedicated Infrastructure VM assigned to one customer ensuring enhanced security and privacy. Provides logical isolation, predictable performance, and adherence to regulatory standards. Shared Infrastructure ✓ Virtual servers shared among multiple Camms customers. ✓ Hosted on Camms Azure Cloud. ✓ Secure access to Camms solutions on shared physical hardware. Multi -tenancy ✓ Single software instance shared among multiple customers. ✓ Robust isolation ensures data privacy and security. ✓ Scalable and configurable to individual customer needs. Technical Information (US) 1 Camms 1 www.cammsgroup.com 6 Camms. Own Database ✓ Exclusive database for one organisation. ✓ Inter -client confidentiality by design. ✓ Strict data privacy, control and security of sensitive data. Own Web Server ✓ Exclusive virtual machine hosting per client. ✓ High performance, additional security, and custom configurations. Azure Express Route or VPN Access* ✓ Private connections between Azure and on -premises data centres. ✓ Secure and encrypted data transmission. Database File Encryption ✓ Protection for specific database components using Transparent Data Encryption (TDE). ✓ Added security layer for sensitive information. Collects and analyses logs and events. Real-time analysis for threat detection and mitigation. Azure Web Application Firewall (WAF) ✓ Protection from common hacking techniques such as SQL injection. ✓ Guards against security vulnerabilities such as cross -site scripting. Own Database Instance ✓ Dedicated database instance for enhanced performance and security. ✓ Can have multiple databases under a single instance. ✓ Custom configurations and better data isolation. Allow IP Whitelist ✓ Security measures to restrict access to trusted IP addresses. ✓ Enhanced security against unauthorised access. Encryption in Transit & at Rest ✓ Data encrypted during transmission and when stored. ✓ Protection against data interception and vulnerabilities. DDoS Protection (Basic & Standard) ✓ Defense against traffic flooding attacks. ✓ Enhanced tools for monitoring and reporting in standard version. Threat Detection (EDR/XDR) ✓ Active monitoring of system activities. ✓ Machine learning to identify potential threats. For additional insights into the hosting options, kindly reach out to Camms to obtain further details. We look forward to assisting you with any inquiries you may have. Technical Information (US) 1 Camms 1 www.cammsgroup.com 7 Camms. 2.2 Hosting Infrastructure 2.2.1 Public (Multi Tenancy) Cloud The public cloud offering in the Camms Azure Cloud Environment is designed to be scalable and secure, offering a shared infrastructure that is robust yet flexible enough to meet differing needs. Camms Public Cloud Solutions • Secure • Secure+ Recommended actions to access Camms environment • Ensure to white -list our Public IP addresses on your firewall • If you have an integration between Camms and other systems at your organisation, you may be transferring data to us via FTP/SFTP. After this migration, the IP address of this SFTP server will be changed. Technical Information (US) 1 Camms 1 www.cammsgroup.com 8 Camms Multi Tenancy Cloud IPSEC VPr• 4— Camms Headquarters Camms Data Centre 3 088 LL176• Data Backup ;On o at D3y1 : (r,r3rt.jI $D Days Retention Datat]3se & Application files Backup 7.30 pun Deily {Lvcai Server lime) 1 0 a i Th 4 SFTP FITTPS:/f • Monitoring Azure Insight Application & Infrastructure Clients Security &Auditing Alio-IP/auk $IEAM 1 Web Access Firewall (WAF1 Azure lAra.r t FirewaII Subnet Network Securityr and Services ata Firewall Duly 11ac111. atludnektny Friday. HTTP5ISFTP 415 INFA Era hlir# Subriet U6 AP• Vi<•rrru 1HDP _ usSaLiPrca1 Non Arad Non Prod IL ApplicationEri S Pnrl I DB Subnet usewcs,...04,0pr.xn saLtr)Prod Subnet Production rej RB Subnet FTP Siuhnet • Network Security and Services Apbcalion €.cpl.c:aI. n 5acondary Data centre (DR Sits) LS _ : 1.6.41,H IN.., P1s.il US FTP:5=TP US SOL i«v.r U5 (AlOnFrudt lump Servar Figure: Multi Tenancy Cloud e. Amite MBBCkup {Dally4 Ste rage 7 Days Retention 'Lehi Backup 7.00 pm Dally ILveel Server Time) Technical Information (US) 1 Camms 1 www.cammsgroup.com 9 Azure VM Backup (Once a Day) Storage 7 Days Retention VM Backup Camms. 2.2.2 Private Cloud The private cloud offering within the Camms Azure Cloud Environment is characterised by its focus on dedicated resources and enhanced security features. It caters to clients seeking exclusive control and customisation capabilities to ensure strict data privacy and compliance with stringent regulatory requirements. Camms Shared Private Cloud Solutions • Protected • Protected+ • Protected+ TRAP (AU only) Azure Always On Private Cloud k Comms Headquarters t IPSec VPN • Azure Data Backup (Once a Day) Storage 90 Days Retention Database & Application Files Backup OA n Clients - ♦ SFTP CEO -Internet HTTP/ HTTPS Traffic r O Virtual Network + ,r (•) Firewall Subnet `6a'2T Azure Firewall (•) App Gateway Subnet ® Application Gateway (Azure WAF) I DMZ Network Web Tier 0 SFTP sublet SFTP Server 0 Client Sublet 02J Application Server {Client 02) 0 Client Sublet Qt 0 ti Applice — server , (Client GO J � (•) DataBase Sublet Data Tier Y Lorzedwayson Load Balancer Primary DB Server Secondary DB Server & Reporting Server V Instance Instance !stance Instance Client 01 Client 02 Client 01 Client 02 f4. it .U. Azure Key Vault J J <•) Virtual Network DR () Firewall Subnet DR 00 Azure Firewall DR (-) App Subnet DR Application Servers DR O DB Subnet DR ` DB Servers DR Figure: Private Cloud Technical Information (US) 1 Camms 1 www.cammsgroup.com 10 Camms 2.2.3 Dedicated Cloud The Camms dedicated cloud offering takes exclusivity and performance a step further and is ideal for clients requiring the highest levels of security and performance. It ensures an isolated, high- performance environment tailored to specific needs. Camms Dedicated Cloud Solution • Fully dedicated cloud environment Private Cloud IPSEC VPN Camms Headquarters Camms Data Centre 880 Azure Data Backup (Once a Day) torage 90 Days Retention Database & Application Files Backup 7.30 pm Daily ILocal Server Time) nv ? E 0 0 o 0 00 n (--VM Clients 4 SFTP HTTPS:// Monitoring Azure Insight N. Application & Infrastructure I Security & Auditing AlienVault - SI EM l I Web Access Firewall (WAF) atCY Azure WAF 1 Firewall Subnet Network Security and Services Azure Firewall J Prod Gaily Backup HNon Prod Weekly Backup H-N-PS/SFTP !PRP US Jump Server (MFA Enabled) RDP Application Subnet US app Server (Prod/Non Prod) SQL Port US SQL (Prod/Non Prod) DB Subnet wedneedey& FFP Friday Subnet 05 FTPJSFTP 1 Az re l Aplication Replication Network Security � Azure and Services 1 (CJ.(rr3j Firewall Secondary Data Centre (DR Site) 4mreoRsire-vurvrnn US App (ProdtNon Prod) US SQL Server (Prod/Non Prod) US FTP/SFTP US Jump Server Figure: Dedicated Cloud 4g Azure VM Backup (Dail Storage 7 Days Retention VM Backup 7.00 pm Daily (Local Server Time) Technical Information (US) 1 Camms 1 www.cammsgroup.com 11 Camms. 2.3 Hosting Security Our security is more than just a statement; it is a combination of industry-leading infrastructure, hardware, software, and procedures. All our products use HTTPS using 2048 -bit encryption for communication between the Caroms server and the customer's endpoints. Camms shared cloud servers are protected by Azure firewalls and WAF to prevent unauthorized access. Further, Camms are conducting quarterly VA assessments and server Hardening practices, which are aligned with the CIS benchmark. Ack HTTPS Internet Caroms Head qcarters e Trier '1 k. Fronterld Application Sarver Mi•crosoft IIS Web Server Tier 1 HoS#s Integration and fila sharing Microsoft FTf Senor Tier 2 1 Backend SOL Server Microsoft SQL Database 201g- Live Tier 2 Hosts Microsoft SQL Database 2O19•1amo Firewall Application Figure: Hosting Security Data base Technical Information (US) 1 Camms 1 www.cammsgroup.com 12 Camms. 2.4 Data Centre Specification Camms has a private IAAS cloud setup with Microsoft Azure. The Camms cloud is ISO/IEC 27001:2013 certified and is annually audited and accredited by an authorized third party. All products are hosted on Camms Cloud at the main data center situated at Iowa (Central US). All backup data are stored at the offsite data center situated at California (West US), with 99.5% SLA. •••••••• •••••••••••••••• •••••••••••••••••••• ••••••••••••••••••••• a •• ••••••••••••••••••••,a I U5) ••• •••••••••••••••••• •• ••••• ••••••••••••••••• ••••• •••••••• ••••••••••••••••• ••••••••••••• ••••••••••••••••••••••••••••••••• •••••••••••••••••••••••••••••• ••• ••••••••••••••••••••••• •• ••••••••••••••••••••••• •• ..................•••• California (West US) ••••••••••••••••••••••••• ••••••••••••••• •••••••••• ••• •• •• Figure: Data Center Specification (US) The specifications of the data center are as follows: Uninterrupted power supply - Uninterruptible power supplies and vast banks of batteries ensure that electricity remains continuous if a short-term power disruption occurs. Emergency generators provide backup power for extended outages and planned maintenance. If a natural disaster occurs, the data center can use on-site fuel reserves. Power - Multiple feeds from the CBD grid with one internal substation (two separate transformers). There are two on-site diesel generators (2 x 1600 kVA). On-site fuel storage can deliver three days of operation at full load (6 days at minimum load). Continuous fueling of the generators is also supported. Very Early Smoke Detection Alarm (VESDA) - Microsoft data centers implement robust fire detection mechanisms, including photoelectric smoke detectors installed below the floor and on the ceiling, Xtralis Very Early Smoke Detection Apparatus (VESDA) systems in each colocation, pull station fire alarm boxes installed throughout the datacenters, fire extinguishers located throughout the datacenters, security staff patrols in all building areas multiple times every eight-hour shift. Fire detection/suppression and emergency lighting systems are wired into the datacenter backup power systems providing a redundant power source. Network - High-speed and robust fiber optic networks connect datacenters with other major hubs and internet users. Compute nodes host workloads closer to users to reduce latency, provide geo- redundancy, and increase overall service resiliency. Engineers work around the clock to ensure services are persistently available. Technical Information (US) 1 Camms 1 www.cammsgroup.com 13 Camms. Air Conditioning - Precision controlled air conditioning system to maintain the perfect equipment environment 23+ / - 1 degrees C and humidity 50 % +/- 5%RH within the center. Redundancy - Camms offers same site redundant hardware and offsite backup to California (West US) with 99.5% SLA. Backup Management - Camms undertakes regular back-ups across all client environments. These back-ups are taken outside of working hours before being stored and archived in an offline environment within the same jurisdiction as the customer at all times. Camms stores a minimum of 90 days of nightly back-ups per customer. This can be higher in some instances where specific record-keeping regulations require it. Technical Information (US) 1 Camms 1 www.cammsgroup.com 14 Camms 3Auditing and Logging As a leading global enterprise solutions provider, Camms is cognizant of the importance of information security and understands our customers' concerns around protecting their intellectual property and customer data whilst ensuring that reliable solution is provided. Camms has produced an internal monitoring framework, which is aligned with the ISO 27001 standard for security. This framework is supported using various industrial tools and systems to ensure optimum monitoring capabilities. Few of the key tools that are used by the Camms team are indicated below. • Microsoft Azure Insights • SOPHOS • Pendo • Pingdom • AlienVault Camms applications are monitored through the above key tools, ensuring our customers the best of breed mechanisms in monitoring our solutions. The diagram below indicates the detailed monitoring mechanism set up by Camms. Audit trail Camms recognizes the importance of ensuring audit trails are maintained and accessible all our users - for historical comparison and analysis to be made, as well as to provide a safeguard for data integrity. The diagram below shows the architecture of the auditing and logging systems in place of the Camms infrastructure: t r CATEGORY Security Layer • Azure Firewall Logs Azure data centre firewall logs A Azure Anti-virus Alerts Sophos Anti-virus and malware detection logs SOPHOS Application Layer • Azure Insights Application insights /, Azure Pendo Product usage insights penda Pingdom Alert Application heart beat monitoring took Pingdom Business Layer Camms Hub Errors and information logging for application usage QSENSEI Log Files Rolling log files on applications using Serilog, window event logs, IIS logs. etc. Camms. Infrastructure Team TOOL J Figure: Audit Trail Database Layer • Azure Insights Application insights A Azure ❑ata Base Level Logging ❑ata level audit trails for main data entities Camms Technical Information (US) I Camms 1 www.cammsgroup.com 15 Camms. 4lntegration In a modern enterprise, different software and systems do not live in isolation. Instead, they communicate and exchange data with each other to efficiently solve business problems. Thus, most organizations struggle to make effective use of these various, isolated data stores and their inability to provide guidance to the business decision making process. Departmentalization of data and tools has resulted in siloed information which causes difficulties in reconciliation and are limited in their ability to provide the needed insight. Camms.Connect provides your organization with access to our robust business services via standards-based, real-time Application Programming Interfaces (APIs). These APIs provide opportunities for interaction with many critical areas of Camms, including staff, financials, projects, incidents, risks, and measures. Further to this, Camms solutions also have the capability to utilize both Web Service and Web APIs for application integration. Integration can be undertaken through Direct Database Access, Application API's, Web Services or Excel/CSV Flat Files or Json objects. Camms supports web services as well in SOAP format. The typical mechanisms used to integrate the proposed solution with other key systems include APIs / Web Services, ETL Connectors and CSV / Excel uploads scheduled to run on a set frequency. S Financial Systems *csk4 HR Systems KPI Systems Document Management System CRM Systems tl —Source Systems —8 [v I n Azure Data Factory Client extracts the Source Azure Blob Stan ardized data • Analytical Data model for extracts Storage extraction template reporting using Azure and copies to Azure Blob Explorer Database storage Azure Blob int SIM -age s Opt -2 Azure data factory -based integrationL API 1 ALL 0 API end pant of the Middeware Layer Camms API sys2tem connector Temporary table (Staging Environment) • Real time integration Opt -3 Data uploader Stan ardized data tool extraction template FTP I SFTP location SS IS based ETL connector s— Batch/Bulk processing of data via daily j on -demand extraction — • Figure: Integration Capability Camms Database c9411 (Y) o ` (,PG 1,) ►Camms.Strategy ►Camms.Project ►Camms.Risk ►Camms.Insights ►Camms.Engage tell Power BI ?-14'--►+++*+a bleau• Qlik Q wmms web NI Layer • Bl Visualization Tools 4.1 Inbound APIs From a Camms perspective, an inbound API is something which brings data into the Camms ecosystem from any number of potential source systems. While it is an incoming call to Camms which our inbound APIs need to 'listen' for, it is also an outbound call from the perspective of the external source system. Technical Information (US) 1 Camms 1 www.cammsgroup.com 16 Camms 4.2 Outbound APIs An outbound API which allows you to take data out of the Camms ecosystem. Camms outbound APIs need to 'transmit' this data so the external source system can pick it up as an incoming call. S Financial Systems zda KPI Systems Document Management System Data Transformation by client organisation API Key Validation El API Token Validation Incoming Data Azure API (Sources) Gateway Q Listens HR Finance O 0 KPI RISK O 0 Project Compliance Camms Database Transmits ((q)) G HR Finance O 0 KPI RISK O 0 Project Compliance External APIs External APIs 0 0 Internal APIs Inbound APIs O 0 Figure: API Integration Internal APIs Outbound APIs 4> API Key Validation Date Transformation by client organisation El API Token Validation C nnmred 'Armand St earning Dashboards Web and Mablle AOPlkatiens Ica Devices 0 Pdsats5 nli,tiane; VPCand�-Pa.nim Visualization 1.10 Power BI -Iobleau• Azure API Outgoing Data Gateway (Destinations) The integration approach from a technical point of view is predominantly an Extract, Transform and Load (ETL) approach where raw transactional data is transferred from multiple client data sources to a single database source. Several approaches are adopted during implementation depending on various factors, including how the applications are hosted and who undertakes the data extraction process. Certain clients prefer to provide transactional data extracts to Caroms. In such a situation, a client will extract data from the source/s and transform/cleanse it before populating the extract files. These files will be one of the recommended formats by Camms, e.g. Excel, CSV, Text. On the other hand, certain clients prefer to give Camms access to their source systems. Invariably the client expects Camms to perform the ETL. In such instances, Camms will use an appropriate system integration tool for ETL. • Temporary tables - if the client does not want to maintain historical information or for further analytical purposes (e.g., business intelligence) • Data Warehouse - if the client requires information analytics As with all Camms products, integration is developed and supported by a team of planning and performance management experts committed to the highest standards of continuous improvement in product development. The Camms Consulting Services team is setup to provide practical hands- on advice and solutions to meet the needs of your business. We apply our extensive breadth of expertise to all projects that we undertake to ensure maximized outcomes for our clients. Technical Information (US) I Camms 1 www.cammsgroup.com 17 Camms. 5Security and Trust Package At Camms our top priority is keeping our customers' data secure. We employ rigorous security measures at organizational, architectural, and operational levels to continually ensure that your data, application, and infrastructure remain safe. Trust is a combination of information security, privacy, compliance, and reliability to ensure confidentiality, integrity, and availability for the solutions and services provided by Caroms. Camms Information Security Management System An Information Security Management System (ISMS) is built to establish a holistic and structured approach to managing information. This system provides the framework for the policies, procedures, and guidelines that we at Camms have adopted to implement an ISMS. This implementation is based on the generally accepted ISO/IEC 27001:2013 management system and standard. Resources have been specifically committed to effectively manage the ISMS, including the appointment of a Head of Information Security and Compliance, who takes on the roles of Chief Information Security Officer (CISO) and the Data Protection Officer (DPO), and is responsible for the overall security and data privacy programs. The Information Security Steering Committee (ISSC) provides ongoing support and advisory to the ISMS. The Leadership of Camms is committed to a range of security activities conducted throughout the year, including regular risk assessments, security assessments, and any subsequent steps to maintain the highest security credentials across our organization. Information Security Audit Cycle Internal Audit Year 0 Year 3 Surveillance Stage 1 "Readiness Review" Year 2 Stage 2 "Certification' Figure: ISO 27001 Audit Cycle Yea r1 Internal Audit Surveillance Technical Information (US) 1 Camms 1 www.cammsgroup.com 18 Camms. 5.1 Product and Architectural Security Data Processing Relationship Our customers serve as the data controllers and administrators, while Camms acts as the data processor. This means that you have full control of the data entered into the application, as well as all setups and configurations. As you control your data and Camms acts as the processor, you will not have to rely on us to perform day-to-day tasks such as: • Assigning security authorization and manipulating roles • Creating new reports and dashboards • Configuring business process flows, alerts, rules etc. • Changing or creating new organizational structures • Monitoring all business transactions • Looking at all historical data and configuration changes 5.1.1 Infrastructure Security Camms solution infrastructure is hosted and managed on Microsoft Azure and runs in Datacenters managed and operated by Microsoft. These Datacenters comply with key industry standards, such as ISO/IEC 27001:2013 and NIST SP 800-53, for security and reliability. Backups are stored in a secondary Datacenter by Microsoft at a separate site to avoid the risk of a single infrastructure site failure. 5.1.2 Data Encryption Camms encrypts all end-to-end communication. This is a fundamental design characteristic of the Camms technology. The transport layer of the TCP IP stack is protected with Transport Layer Security protocol (TLS 1.2) to provide end-to-end security in communication between processes. This further helps secure network traffic from passive eavesdropping, active tampering, or message forgery. Web server authenticity is verified using a SHA2 256 hash function and encrypted using RSA 2048 bits, with certificates issued by RapidSSL, ensuring all web data packets from the server to the client are received to and from authorized parties. All Camms solutions enforce web access via a secure HTTPS protocol. Encryption using AES 256 at rest is enabled by default for both Azure VM instances and backup services. For more details on Azure at rest encryption by Microsoft Azure for managed disks and backup services, please visit: https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption- atrest. File -based integrations are secured using a Secure File Transfer Protocol (SFTP). Technical Information (US) 1 Camms 1 www.cammsgroup.com 19 Camms. 5.1.3 Environment (Logical) Security Camms solutions are deployed in both multi -tenant environments and single -tenant environments based on client requirements. Multi -tenant environments are referred to as public cloud environments for solution deployments, and single tenant environments are referred to as private cloud or self -hosted environments for solution deployment. The key difference between private and public cloud environments with solution deployment is that private cloud clients will be the only tenants within the hosting environment. In contrast, multiple clients will exist in a single hosting environment in public cloud environments. In a multi -tenancy environment, customer data is logically separated through strict coding standards and segregated access to organizations' data is stored in a separate database for each client. Each record of data in the solution includes a unique customer identifier. Users are authenticated to their respective databases. Camms solutions has the ability to segregate access to data through the application by using role - based permissions. We support LDAP delegated authentication and SAML for single sign -on authentication for both user and web services integrations. Single Sign -on Security Assertion Markup Language (SAML) allows for a seamless, single sign -on experience between the customer's internal web portal and Camms. A customer log into their company's internal web portal using their enterprise username and password and are then presented with a link to Camms, which automatically gives customers access without having to log in once again. Camms Native Login For customers who wish to use our native/standalone login, Camms will only store the passwords in the form of a secure hash as opposed to the password itself. Unsuccessful login attempts are logged as well as successful login/logout activity for audit purposes. Inactive user sessions are automatically timed out after a specified time period, which is configurable by Camms. Technical Information (US) 1 Camms 1 www.cammsgroup.com 20 Camms. 5.1.4 Authentication Camms caters to various client requirements by having several options for authentication to our solutions, including: Self -Hosted Environments • Form authentication • Windows authentication with SSO • Windows authentication without SSO Cloud Hosted Environments (Private and Public Cloud) • Form authentication • SAML authentication with SSO • SAML authentication without SSO Camms offers a Single Sign -On (SSO) functionality using SAML 2.0 compliant identity provider support. Some of the identity providers we have worked with include ADFS, Okta, Azure AD, Google, Facebook, and many more. 5.1.5 Role -based Access Camms solutions are developed to have a groups and permissions system. This allows you to restrict content for selected users with permission to view or edit based on the roles assigned. All user roles and permissions are managed in the staff management section of the application. 5.1.6 Solution Security Testing Internal Camms follows secure development guidelines aligned with OWASP top 10 and CWE/SANS top 25 elements taken into consideration. During a development lifecycle, Camms utilizes a Static Application Security Testing (SAST) tool, which scans the codebase based on OWASP top 10 and CWE/SANS top 25 standards. External Camms uses an industry-leading third party to perform quarterly scheduled vulnerability assessments using Dynamic Application Security Testing (DAST). The Burp Suite and Nessus detect vulnerabilities such as cross -site scripting (XSS), SQL injection, Cross -site request forgery, and all known vulnerabilities related to web applications. Further, another third party is contracted to perform manual penetration tests annually to ensure no malicious code or other vulnerabilities are present in all our solutions. The outputs of these assessments are reviewed by our Architecture Review Board, Quality Assurance, and information security teams to develop any required remediation plans. Technical Information (US) 1 Camms 1 www.cammsgroup.com 21 Camms 5.1.7 Privacy Camms value the importance of protecting our customers data and does not pass on personal information to third parties. Camms solutions seeks to minimize personal data collection to identify/authenticate users that use our solutions and administer new users to our products. The following personal information that the customer can manage within the staff section of our solution are: • Name (First Name, Last Name) • Location • Email • Phone 5.1.8 Software Development Lifecycle Software development staff perform source code reviews and security, functional, and performance testing on all significant application changes prior to the deployment to the live environment. Camms quality assurance staff perform these tests independently of the original developer. Development and testing activities are carried out in a logically separate environment from the live environments to ensure any changes made to the testing environment have no impact on the live environment. Secure Configuration Penetration Testing Evaluation Software Development Lifecycle Futicticviet Technical & Architecture Unit Testiry DEV Testing Tent Automation Secure Coding Static Analysis Functional & Technical Documentation Security Review Figure: Software Development Lifecycle 5.2 Operational and Organizational Security Security begins on day one here at Camms. All employees receive security, privacy and compliance training the moment they start work. Though the extent of this may vary according to their role in the organization, security is everyone's responsibility at Camms. Technical Information (US) I Camms 1 www.cammsgroup.com 22 Camms. 5.2.1 Physical Security Camms applications are hosted in state-of-the-art data centers designed to protect mission -critical systems with fully redundant subsystems and compartmentalized security zones. Our data centers adhere to the strict physical security measures including, but not limited to the following: • Multiple layers of authentication for server area access • Two -factor biometric authentication for critical areas • Camera surveillance systems at key internal and external entry points • 24/7 monitoring by security personnel • 100% redundant UPS dual power • Dedicated high redundant firewall protection All physical access to the data centers is highly restricted and stringently regulated. 5.2.2 Network Security Camms has established detailed operating policies, procedures, and processes designed to help manage the overall quality and integrity of the Camms environment. Further we have also implemented proactive security procedures, such as perimeter defense (Azure Firewall and Sophos Antivirus protection) for added protection. 5.2.3 Application Security Camms has implemented an enterprise Secure Software Development Policy (SSDP) to help ensure the continued security of Camms applications. This program includes an in-depth security risk assessment and review of Camms features. In addition, both static and dynamic source code analysis are performed to help integrate enterprise security into the development lifecycle. The development process is further enhanced by application security training for developers and penetration testing of the application. 5.2.4 Live Environment Infrastructure Access In order to gain access to the live environment infrastructure, an administrative user must authenticate the jump server on the respective network via a remote desktop protocol using SSL/TLS, and an authentication request must originate from a known whitelisted IP address. The whitelisted IP address is restricted to an authenticated virtual private network, to which the administrator must connect if working remotely prior to being able to communicate with the jump server. The user accounts used to access the live environment needs to be unique. 5.2.5 Live Environment Application Access Camms employees do not have application -level access to customer instances unless customers explicitly provide Camms with permission to perform tasks like implementation, support, or services. Technical Information (US) I Camms I www.cammsgroup.com 23 Camms. 5.2.6 Access Reviews Access reviews to the in -scope systems are performed on a quarterly basis to ensure that administrative access to product systems is limited and based on appropriate roles and responsibilities. The Information Security Analyst completes reviews, and the Head of Information Security approves the results. 5.2.7 Training and Awareness All employees at Camms receive information security and data privacy awareness training as part of their onboarding process and ongoing training (as a refresher). As a global organization, we have opted for our own solution, Camms.College, to deliver the training required for all our employees. Our training includes questionnaires to help reinforce understanding and the practical applications of the topics that are covered as part of the training, including: Information Security: • General Information Security Overview • Acceptable Usage Policy — Email — Internet — Mobile and computer — BYOD — Remote access — Password usage and management — Social media usage • Information Security Threats • Security Incident Management • Confidentiality Requirements — Data classification — Clear desk and clear screen policy — Client data confidentiality • Camms Defenses Data Privacy: • Essentials of Cyber Security and Data Protection • What is GDPR? • Data Subject Rights and Data Protection Principles • Data Protection Model for GDPR • Preparing for GDPR Technical Information (US) 1 Camms 1 www.cammsgroup.com 24 Camms. 5.2.8 Change Management Procedures Camms has a formal Change Management Policy and Procedures that mitigates unauthorized changes occurring in production systems. These policies and procedures address the production infrastructure and software development lifecycle, including change requests, approvals, and standard change implementation procedures to guide employees through implementing commonly applied changes. 5.2.9 Acceptable Usage Policy Camms employees are required to sign an acknowledgement form on joining the company stating that they have been given access to and have reviewed our Acceptable Usage Policy document, which includes an agreement with Camms to abide by the policy when using various Camms owned information assets. 5.2.10 Information Security Incident Management Monitoring A Host -based Intrusion Detection System (HIDS) is in place to monitor and analyze the in -scope systems for any possible or actual security breaches and send real-time notifications to support personnel upon detection of a potential threat to the network. If a severe incident affects customer data, we will notify customers immediately. Information Security related incidents can be reported to our support line, where responsible officers will be assigned to investigate and confirm the incident. Corrective and Preventive Action As part of the incident response plan of action, the incident will be reported through an appropriate channel where the incident would be logged for investigation, and corrective and preventive action would be taken. Corrective action is the immediate fix to mitigate the threat, while preventive action will involve a long-term solution to fix the identified issue and prevent its recurrence. 5.3 Assurance Camms contracts several third -party expert firms to conduct independent internal and external network, system, and application vulnerability assessments. 5.3.1 Application We contract with a leading third -party security firm to perform an application -level security vulnerability assessment of our web and mobile application prior to each major release and on an annual basis. The firm performs testing procedures to identify standard and advanced web application security vulnerabilities, including but not limited to the following: • Security weaknesses associated with Flash, Flex, AJAX, and ActionScript • Cross -site request forgery (CSRF) • Improper input handling (such as cross -site scripting, SQL injection, XML injection, and cross - site flashing) • XML and SOAP attacks • Weak -session management • Data validation flaws and data model constraint inconsistencies Technical Information (US) 1 Camms 1 www.cammsgroup.com 25 Camms. • Insufficient authentication or authorization • HTTPS response splitting • Misuse of SSL/TLS • Use of unsafe HTTPS methods • Misuse of cryptography 5.3.2 Network External vulnerability assessments scan all internet-facing assets, including firewalls, routers, and web servers for potential weaknesses that could allow unauthorized access to the network. In addition, an authenticated internal vulnerability network and system assessment is performed to identify potential weaknesses and inconsistencies with general system security policies. Technical Information (US) 1 Camms 1 www.cammsgroup.com 26 Camms. 6 Privacy Data privacy regulations are complex, vary from country to country, and impose stringent requirements. When choosing an application, businesses should select one that can comply with their data protection obligations and protect the privacy of their data. With Camms, our privacy functionalities and practices enable you to meet your privacy obligations. Additionally, we provide our customers' compliance and legal teams with the necessary resources and information to help them understand and validate the privacy and compliance requirements for their organization, as well as show how Camms can help power their compliance efforts. 6.1 Privacy Program Our privacy program follows strict policies and procedures regarding access to and the use, disclosure, and transfer of customer data. The core of our privacy program is that Camms employees do not access, use, disclose, or transfer customer data unless it is in accordance with a contractual agreement or at the direction of the customer. As data protection issues and global laws continue to evolve and become increasingly complex, Camms understands the importance of a privacy program that is embedded into our company's culture and services. Our philosophy of Privacy by Design is a testament to this and provides our customers with the assurance they need for the privacy and protection of their data. The Camms Privacy, Ethics, and Compliance function, led by our Director, Corporate Services, manages the privacy program and monitors its effectiveness. The team is responsible for: • Formulating, maintaining, and updating our internal privacy policies, procedures, and tools to protect the privacy of personal data handled by employees and partners on behalf of Camms • Monitoring compliance with our customer -facing privacy policies • Ensuring that privacy commitments made to our customers, partners, and employees are met • Maintaining our certifications and regulatory -compliance obligations • Training Camms staff on our privacy program, monitoring changing data privacy laws across the globe, and making necessary updates and modifications to our privacy program • Review our privacy policy to learn more about how we manage and protect our customers' information Technical Information (US) I Camms I www.cammsgroup.com 27 Camms. 6.2 Data Transparency, Privacy and Global Data Privacy Standards We provide transparency into the geographical regions where our customers' data is stored and processed. All of these are set forth in our standard Service Level Agreement (SLA). The SLA satisfies multiple country -specific requirements regarding data processing. Global Data Privacy Camms and our customers must comply with various international privacy regulations. Common privacy principles throughout jurisdictions include notice, choice, access, use, disclosure, and security. Our application is designed to allow our customers to achieve differentiated configurations, so that their country specific laws can be met. Camms further achieves compliance with international privacy regulations by maintaining a comprehensive, written information -security program that contains technical and organizational safeguards designed to prevent unauthorized access to and use or disclosure of customer data. Global Privacy Standards Camms remains committed to global privacy standards, as shown by our dedication to programs such as GDPR and the Australian Privacy Act. 6.2.1 GDPR The General Data Protection Regulation (GDPR), a European Union (EU) regulation, repeals and replaces Data Protection Directive 95/46/EC, as well as Member States implementing legislation. GDPR applies to companies in the EU as well as all companies that process or store personal data of EU citizens, regardless of their location. Camms has comprehensively evaluated GDPR requirements and implemented numerous privacy and security practices to ensure compliance with GDPR. These include: • Training employees on security and privacy practices • Conducting privacy impact assessments • Providing adequate data transfer methods to our customers • Maintaining records of processing activities 6.2.2 Australian Privacy Act The Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 established requirements for entities in responding to data breaches. Entities have data breach notification obligations when a data breach is likely to result in serious harm to any individuals whose personal information is involved in the breach. Camms has comprehensively evaluated the requirements and implemented numerous privacy and security practices to ensure compliance with the Australian Privacy Act. These include: • Training employees on security and privacy practices • Conducting privacy impact assessments • Providing adequate data transfer methods to our customers • Maintaining records of processing activities Technical Information (US) 1 Camms 1 www.cammsgroup.com 28 Camms. 6.2.3 Other Data Privacy Acts Further, in being compliant with GDPR, Camms complies to the following legal requirements for data privacy: • The Florida Information Protection Act of 2014 • California Consumer Privacy Act (CCPA) • Secure and Protect Americans' Data Act • The Australian Privacy Act 1988 • New Zealand Privacy Act 1993 • Victoria Privacy and Data Protection Act 2014 • The Personal Data Protection Act (PDPA) - Singapore Technical Information (US) 1 Camms 1 www.cammsgroup.com 29 Camms. 7 Compliance Today's technology leaders are charged with securing and protecting the customer, employee, and intellectual property data of their companies in an environment of increasingly complex security threats. Additionally, companies are responsible for complying with all applicable laws, including those related to data privacy and transmission of personal data, even when a service provider holds and processes a company's data on its behalf. Camms maintains a formal and comprehensive security program designed to ensure the security and integrity of customer data, protect against security threats or data breaches, and prevent unauthorized access to our customers' data. To help your compliance and legal teams understand and validate the compliance requirements for your organization, we have gathered the following compliance resources. 7.1 ISO 27001 Camms has established an ISO/IEC 27001:2013 accreditation plan to support achieving and maintaining robust compliance standing with the global standard. Camms offices globally are all certified under the ISO/IEC 27001:2013 accreditation, including all the operations conducted by each site. ISO 27001 is an international standard giving requirements related to Information Security Management System to enable an organization to assess its risk and implement appropriate controls to preserve confidentiality, integrity, and availability of information assets. A rigorous ISO/IEC 27001:2013 audit is conducted to provide our customers with an independent third -party assurance that our security controls are designed and operate effectively. This audit is part of maintaining the certification with a combination of internal and external audits. Benefits include: V UKAS MANAGEMENT SYSTEMS 008 • Due to dependability of information and information systems, confidentiality, integrity, and availability of information is essential to a maintain competitive edge, cash-flow, profitability, and commercial image • Compliance with legal, statutory, regulatory, and contractual requirements • Improved corporate governance and assurance to stakeholders such as shareholders, clients, consumers, and suppliers • Through a proper risk assessment, threats to assets are identified, vulnerability to and likelihood of occurrence is evaluated, and potential impact is estimated, so your investment is allocated where it is necessary Technical Information (US) 1 Camms 1 www.cammsgroup.com 30 Camms. Sri Lanka Office - GSDC Camms Global Service Delivery Centre (GSDC) in Sri Lanka has been certified after the audit and certification process was completed by Bureau Veritas. The certified scope is "Management of information security pertaining to IT infrastructure and software development provided by the Global Service Delivery Centre of Camms in accordance with the Statement of Applicability". Functions include: • IT Operations and Infrastructure • Software Development and Deployment • Pre -sales and Sales • Implementation and Consulting • Client Support • Product Management Australia Office - Adelaide, Melbourne, Sydney Camms Australia offices have been certified after the audit and certification process was completed by Bureau Veritas. The Certified Scope is "Management of information security pertaining to all functions provided by Camms offices in Australia; Adelaide, Melbourne, and Sydney in accordance with the Statement of Applicability". Functions include: • Pre -sales and Sales • Implementation and Consulting • Client Support • Product Management United Kingdom Office The scope and boundary of the Information Security Management System (ISMS) is covered to secure information and IT infrastructure, and it is limited to "Management of information security pertaining to all functions provided by the Camms office in Manchester, in accordance with the Statement of Applicability". Functions include: • Pre -sales and Sales • Implementation and Consulting • Client Support • Product Management Technical Information (US) 1 Camms 1 www.cammsgroup.com 31 Camms. United States of America Office The scope and boundary of the Information Security Management System (ISMS) shall be covered to secure information and IT infrastructure, and it is limited to "Management of information security pertaining to all functions provided by Camms office in New York in accordance with the Statement of Applicability". Functions include: • Pre -sales and Sales • Implementation and Consulting • Client Support • Product Management 7.2 Cyber Essentials and Cyber Essentials Plus The UK Government's Cyber Essentials Scheme focuses on the five most important technical security controls. Certification on this assessment indicates a good level of all-round information security. Camms UK has been awarded the Certificate of Assurance in Compliance with the requirements of the Cyber Essentials Scheme. Camms is currently Certified for both Cyber Essential and Cyber Essential Plus. The Cyber Essentials certificate testifies to the self assessment and independently verified by the assessor that assures that Camms meets the requirements of the Cyber Essentials scheme. Cyber Essentials Plus is similar to Cyber Essentials with an additional component of having an independent technical audit. CYBER ESSENTIALS r CERTIFIED PLUS CYBER ESSENTIALS CERTIFIED Technical Information (US) 1 Camms 1 www.cammsgroup.com 32 Camms. 7.3 SOC 2 Type 1 and SOC 2 Type 2 Camms provides Business Software solutions globally; the SOC 2 Type 1 and SOC 2 Type 2 attestations encompass operations related to this SaaS solution and its services offered globally. SOC 2 is among the highest standards for ensuring our customers' data and services are managed securely based on the established Trust Services Principles defined by the AICPA. For more information on AICPA, please visit https://www.linkedin.com/company/aicpa r @ SOC 2 TYPE 2 7.4 HIPAA Compliance Camms has successfully completed HIPAA attestation. This demonstrates our commitment to protecting patient health information (PHI) and adhering to the regulations set forth by the Health Insurance Portability and Accountability Act (HIPAA). We are dedicated to maintaining this compliance and continuing to ensure the privacy and security of PHI. 7.5 GDPR Camms is GDPR-compliant through practices like internal and customer privacy impact assessments, secure data transfer methods, and record maintenance. Standard contractual clauses in the Data Processing Addendum support data handling. Annual registration with the UK Information Commissioner's Office reinforces compliance efforts. Information Commissioner's Office Technical Information (US) 1 Camms 1 www.cammsgroup.com 33 Camms. 7.6 CSA STAR The CSA STAR Self -Assessment certification serves as a valuable tool for cloud customers, providing insight into the security protocols of cloud service providers. Camms has completed Level 1 of the CSA STAR Self -Assessment documenting our security controls to help customers assess the security. 7.7 Hosting Provider Security and Privacy Compliance Our hosting providers are Microsoft Azure and Macquarie Government Data Centre. Information security responsibilities for Microsoft Azure and Macquarie Government Data Centre are shared between Camms and the hosting providers. Our primary hosting provider Microsoft Azure, complies with various international security and privacy standards including: • ISO 27001, ISO 27017, ISO 27018 • SOC 1, 2, 3 • CSA STAR • IRAP ASD Certified • GDPR • FedRAMP • Cyber Essentials Plus • PCI DSS For more information about security, privacy, and compliance at Microsoft Azure, please visit https://azure.microsoft.com/en-gb/explore/trusted-cloud/compliance/ To read related audit reports, please visit: https://servicetrust.microsoft,com/ViewPage/MSComplianceGuide? • ISO 27001 • IRAP ASD Certified • PCI DSS To read more about Macquarie Government's security, please visit: https://macquariegovernment.com/why-us/certifications-and-accreditations-irap/ Technical Information (US) 1 Camms 1 www.cammsgroup.com 34 Camms 7.7.1 Camms Hosting Partner Attestations Australian Government Digital Transformation Agency Cloud Service Panel (Federal Govt, Australia) • There are currently 108 suppliers that have been appointed to the Panel through an open approach to the market. The Panel is a non -mandatory procurement avenue for entities subject to the Public Governance, Performance and Accountability Act 2013 (PGPA Act). • Camms can be procured directly of the listed panel under contract SON2914302 ISO 27001 (IAAS) • ISO 27001 is a globally recognized, standards-based approach to security that outlines requirements for an organization's Information Security Management System (ISMS). G -Cloud • The G -Cloud framework is an agreement between the UK government and cloud -base service providers. • G -Cloud enables cloud -based service providers to apply and once accepted, sell their cloud services to UK public sector organizations. The G -Cloud framework is updated annually by the governing body, Crown Commercial Services (CCS). Camms has been an authorized G -Cloud service provider since 2015. • UK public sector organizations can currently purchase Camms service offerings via the CCS Digital Marketplace. 7.8 Other steps Few other steps taken by Camms to secure the environment. The following steps are taken to secure the Azure Environment for migration: • Operating System level hardening as per CIS benchmark for the respective operating systems • Network level hardening and reviews conducted to ensure that internal systems are not exposed to the Internet and inter -server communications are restricted to only server specific functional requirements by port and IP filtering from the Azure Firewall • Application -level vulnerability assessment has been conducted on the application to ensure that all security controls placed are functioning as intended prior to deployment Technical Information (US) I Camms 1 www.cammsgroup.com 35 Camms 8Accessibility and Availability 8.1 Business Continuity Plan Camms has a 99.5% uptime across our primary and failover AU servers. Should the access and availability of these servers be interrupted, the Camms Business Continuity Plan will be activated. The 99.5% availability represented excludes planned maintenance. Our Disaster Recovery (DR) program consists of a few key practices to ensure the appropriate levels of governance, oversight, and testing: • RPO 24 hours: This is the longest recovery point. In a worst-case scenario, last night's backup will be the recovery point • RTO 6 hours: This is the Maximum recovery time In a scenario where the primary servers are not available due to a network or hardware failure, the below failover will be activated: A replicated DR environment is maintained for public clients. In case of a failure in the primary site, DR site switch over can be done (RTO 6 hours). This means public staff can keep functioning from where they were interrupted with minimum downtime of 6 hours from the initiation of manual failover. The determined RTO of 6 hours and RPO of 24 hours is the maximum time in the event of a worst-case scenario. Business Continuity Recovery point (RPO) How much data can you afford to recreate or lose? 24 4 `a' 5 Hours Hours Min Full Backup App consistency DailyBackup 111111111111 p 111111111111111111111111111rp2 1111111111111111111,11111111' p3.)11111111111111111111 L Data Loss Recovery time (RTO) What is the maximum downtime? MTD 1 Disaster 6 1 Hours Hour 1111111111111111111111111111111111111111111111111111.111111111111111111111111.11111111111111111 Down Time Resume Production Figure: Business Continuity Plan Technical Information (US) 1 Camms 1 www.cammsgroup.com 36 Camms. Recovery Point Objective (RPO) is defined as the maximum amount of data that can be lost after a recovery from a disaster/failure. Camms is maintaining 3 recovery points as below. • P1 - Daily full backup including Databases and system files (RPO=24 hours) • P2 - Application consistency backup replicated with secondary datacenter (RPO=4 hours) • P3 - delta data replicated with secondary datacenter (RPO= 5 minutes) The Recovery Time Objective (RTO) is the maximum tolerable amount of time needed to bring all critical systems back online. The Recovery Point Objective (RPO) has multiple maximum acceptable amounts of data loss measured in time with the most extended period of the recovery point being P1 which is taken every 24 hours as a backup to the secondary site. The P2 is an additional backup taken by Azure VM which is every 4 hours and finally, recovery point P3 which is executed every 5 minutes as aggregated backup to the P2. This makes the RPO 5mins as the best measure and 24 hours in the worst-case scenario. When it comes to recovery, the highest priority is given to recovery using the order of the recovery points P3, P2, and P1. MTD = RTO + WRT (Work Recovery Time) - Work Recovery Time (WRT) determines the maximum tolerable amount of time that is needed to verify the system and/or data integrity. This could be, for example, checking the databases and logs, and making sure the applications or services are running and are available. In most cases, those tasks are performed by the application administrator, database administrator etc. When all systems affected by the disaster are verified and/or recovered, the environment is ready to resume the production again. Maximum Tolerable Downtime (MTD) which defines the total amount of time that a business process can be disrupted without causing any unacceptable consequences. Governance - Leadership involvement is key to how we run our DR program. With leadership involved, we have both business and technical drivers accounted for in our strategy for resilience. Oversight and Maintenance - We take a disciplined governance, risk, and compliance approach when monitoring and managing our DR program. It enables us to operate more efficiently and effectively when monitoring, measuring, reporting, and remediating key activities within our DR program. Testing - We conduct regular testing and strive for continual improvement as part of our DR lifecycle to ensure your data and the use of your data is highly available and performant. Backup and restore procedures are in place and tested on a regular basis. This means that when data needs to be restored, we are prepared to get you up and running with well-trained support staff and fully tested procedures. In addition to assurance of resiliency through governance, oversight, and testing, Camms emphasizes on continual improvement throughout the DR program. Should further information be required, please refer to the 'Appendix 01 - Camms Business Continuity Plan'. Technical Information (US) 1 Camms 1 www.cammsgroup.com 37 Camms. 8.2 Service Level Agreement Camms agrees to provide the following support services as part of the subscription fee applicable to the SaaS solutions. Camms responds to requests in accordance with the following timeframes: Service Level Priority Definitions Priority Level Description 1 - Complete Loss of Service 2 - Severe Loss of Service 3 - Minor Loss of Service 4 - No Loss of service 5 - No SLA This indicates that work cannot be continued on your live/production site. The operation is possibly mission critical to the business, creating an emergency. Probable scenarios include barred entry to the site, data corruption, unavailability of a critical function, production of an incorrect result, cause of unacceptable or indefinite delays by the system for either resources or response, as well as system crashes including ones which occur repeatedly after attempts to restart. This situation leads to a severe loss of service, with no acceptable work -around being available. However, operations can be continued in restricted fashion. While it is possible to use software, certain areas will not function: e.g., reports not running. A situation where the impact is an inconvenience, which requires a work -around to restore functionality, with the possible request for urgent advice. Loss of service will not materially impede the operational aspects of the system, with requests being considered a minor error, incorrect behavior, change or error in documentation, or requests for advice and guidance: e.g., issue with label replacements, formatting of reports/screens. Any other issue, e.g., custom modifications, future enhancements. Target Response Target Resolution Time Time 4 working hours 1 Day 6 working hours 2 Days 8 working hours 5 Days 16 working hours Future release 24 working hours Future release Technical Information (US) I Camms 1 www.cammsgroup.com 38 Camms. 8.3 Customer Care and Support Support and activities covered by Customer Care include: • Feature / functionality queries (< 30 min time slots) • Assistance with product functionality and 'how to' questions • Minor Service Requests (< 2 hours) • Label replacements • Small configuration requests including: — tick boxes, — label replacements, and — small report formatting changes • Infrastructure related requests such as providing additional backups or database restorations (cloud) • Minor data upload and entry requests • Provision of change request estimates and analysis (applies to unapproved quotations) Support and activities not covered by Customer Care include: • Change requests for modifications • Change request specifications • Training 8.4 Data Breaches Camms fully complies with all legal and regulatory requirements in the location of hosting. Associated with this is Camms data breach policy which defines the Camms response to an eligible data breach. This has a number of process driven steps to identify, investigate, and rectify any data breach. In addition to this, Camms notifies customers of any data breach regardless of size and scale on its cloud infrastructure even if the breach does not impact the data of the customer. Technical Information (US) 1 Camms 1 www.cammsgroup.com 39 Camms. 9Appendix -Business Continuity Plan 9.1 Plan Overview Objectives The objectives of this plan are: • To ensure that maximum possible service levels are maintained • To ensure that we recover from interruptions as quickly as possible • To minimize the likelihood and impact (risk) of interruptions Principles The principles behind this plan are: • Disaster Recovery is just part of business continuity • Risks are assessed for both probability and business impact • Business continuity plans must be reasonable, practical, and achievable Policy This Business Continuity Plan (BCP) will only be used in situations when it is determined that business impacts and /or business risk requires alternate business processes or locations. Scope This BCP is applicable for Camms practices. Assumptions The plan will be implemented if systems are unavailable for 6 hours. Basic assumptions for the implementation of the plan include: • All critical staff have been provided with laptops and Wi-Fi adaptors • The office location's property owners will provide a temporary work site to all tenants • Telecommunications will have phone lines available at the temporary location • Equipment can be rented or otherwise acquired as needed • Camms can restore files from the latest off-site backups Technical Information (US) I Camms I www.cammsgroup.com 40 Camms. 9.2 Plan Activation and Authorization We have a designated list of authorized individuals who have the authority and responsibility to carry out our business continuity plan. These individuals are equipped with the necessary knowledge and resources to execute the plan effectively in the event of an interruption. Further details regarding these personnel can be shared upon request, ensuring transparency and readiness in addressing any potential disruptions to our services. We prioritize the seamless continuation of our operations and the preservation of service levels during unforeseen circumstances. is a list of the individuals who have the authority to carry out the plan. 9.3 Strategic Risks Camms utilizes a risk management approach to its business continuity planning. The plan is therefore structured around key risks and incorporates ongoing mitigation strategies and actions, as well as key actions and processes which are to be activated in cases where trigger events occur. The key strategic risks around which this business continuity plan is based are outlined below. Strategic Risk 001 Item Description ID SR - 001 Risk Name Camms Software Inaccessibility Description Clients are unable to access Camms software in order to undertake ongoing business processes. Initial Risk Rating High Revised Risk Rating Low Caroms hosted service connectivity failure Camms hosted software/system software failure Camms hosted hardware failure Cause Fire/ bomb/ structural damages to third party data center Data center failure Hosted environment power failure Hosted environment security breach Client business interruption Loss of client information Consequences Internal Controls Caroms products are hosted on Microsoft Azure hybrid cloud platform in Iowa (Central US) which gives 99.5% connectivity SLA. Real-time service monitoring is active for Caroms hosting environment and at the event of failover Camms will be notified by Microsoft Azure and the passive server will become active. Technical Information (US) I Camms I www.cammsgroup.com 41 Camms. Ongoing/Additional Mitigation Actions Trigger Events Caroms Software support is available 18 hours/day which provides immediate attention in a system failure. The following database backup strategies are used to backup data regularly to mitigate a threat of a system/ software failure: Microsoft Azure undertake incremental nightly and weekly backups and retain full 3 monthly backups. Caroms undertake a separate backup of databases which can be hosted in a different geographical data center within 48 hours in a natural disaster situation. Failovers will be escalated to Microsoft Azure priority support and will be addressed by the Camms software support team within an acceptable timeline. Server hardware is protected with 24 X 7 premium support from Azure which will address any hardware failure within 6 hours RTO. Microsoft ensures high availability through advanced monitoring and incident response, service support, and backup failover capability Geographically distributed Microsoft operation centers run 24/7/365. Regular remote backups are available with Camms to get the system running on a different data center within 24 hours. Backup site is separate to the Microsoft Azure primary data center. Archived backups are stored at the offsite data Centre situated at California (West US). The system will be available with the data restored from the last daily In the unlikely event of a data center failure, Camms adopts the following approach in order to mitigate the potential business impacts. Each night, an automated backup process is run across all live customer databases. These backups are copied and stored to an offsite location. The backups support an RPO of 24 hours, and an RTO of 6 hours. Please note the above applies to shared cloud customers only. Separate arrangements exist for customers hosted on Camms Private Cloud. Microsoft Azure data center is powered up with three phase un -interruptible power supply systems with a backup generator power which minimizes the risk of a power failure. Microsoft Azure data center is equipped with 24X7 monitoring with access control to minimize the risk of a physical intruder. Server monitoring and reporting. Provision of ongoing help desk and application management services. Data center failure Software/System failure Linked Process: Data center transfer Linked Process: SLA 1: Client support process Technical Information (US) 1 Camms 1 www.cammsgroup.com 42 Camms. Strategic Risk 002 Item Description ID SR - 002 Risk Name Camms Services/Personnel Inaccessibility Description Clients are unable to access Camms software in order to undertake ongoing business processes. Initial Risk Rating High Revised Risk Rating Low Disease/sickness Staff attrition Camms hosted hardware failure Cause Natural disaster Terror threats Camms support line failure Client business interruption Consequences Loss of client information Global 24-hour help desk and support - located in Australia, Canada, United Kingdom, and Sri Lanka. Internal Controls Global Organization - Camms has staff located across Australia and New Zealand, Canada, the United Kingdom, and Asia - thereby providing clients with the continuous support even through any disaster occurring in any region. Partner Relationships - Camms maintains a very strong global network of business partners spread across the regions highlighted above. Mobile work strategies including laptop provisions, mobile telephone, and internet capability. Global Network Access - WatchGuard Mobile VPN with SSL, is installed on all laptops so that employees can work remotely in the same manner that they would work if they were in the office.. Talent management policies and procedures. Client records management system. SharePoint document management system. Next business day support from Telecom for major failures. Technical Information (US) 1 Camms 1 www.cammsgroup.com 43 Camms. Ongoing/Additional Provision of client support function. Mitigation Actions Trigger Events Camms offices shutdown Linked Process: Camms offices coverage process Camms support line failures Linked Process: Support line failure resolution process Loss of staff Linked Process: Recruitment process Technical Information (US) 1 Camms 1 www.cammsgroup.com 44 Camms. Strategic Risk 003 Item Description ID SR - 003 Risk Name Application Data Loss or Corruption Description The loss of information from client databases. Initial Risk Rating Extreme Revised Risk Rating Moderate Camms hosted software/ system software failure Camms hosted hardware failure Fire/bomb/structural damages to third party data center Cause Data center failure Hosted environment power failure Hosted environment security breach Software security breach Client business interruption Significant additional costs of doing business Consequences Regulatory fines Lawsuits Loss of reputation Internal Controls Camms products are hosted on a Microsoft Azure hybrid cloud platform Iowa (Central US) which gives 99.5% connectivity SLA. Real-time service monitoring is active for the Camms hosting environment and at the event of a failover Camms will be notified by Microsoft Azure and the passive server will become active. Camms Software support is available 18 hours/day which provides immediate attention in a system failure. The Following database backup strategies are used to backup data regularly to mitigate a threat of a system/software failure: Microsoft Azure undertakes incremental nightly and weekly backups and retain full 3 monthly backups. Camms undertake a separate backup of databases which can be hosted in a different geographical data center within 12 hours in a natural disaster situation. Failovers will be escalated to Microsoft Azure priority support and will be addressed by the Camms software support team within an acceptable timeline. Technical Information (US) I Camms I www.cammsgroup.com 45 Camms. Ongoing/Additional Mitigation Actions Trigger Events Microsoft Azure data center has a fully monitored environment including VESDA fire detection and zoned dry -pipe fire control systems which will mitigate a risk of fire. Regular remote backups are available with Camms to get the system running on a different data center within 24 hours. Backup site is separate to the Microsoft Azure primary data center. Archived backups are stored in an unspecified off-site in a fire -proof location in case of a disaster. The system will be available with the data restored from the last daily backup. In the unlikely event of a data center failure, Camms adopts the following approach in order to mitigate the potential business impacts. Each night, an automated backup process is run across all live customer databases. These backups are copied and stored to an offsite location. The backups support an RPO of 24 hours, and an RTO of 6 hours. Please note the above applies to shared cloud customers only. Separate arrangements exist for customers hosted on Camms Private Cloud. Reviewing Security configurations. Ensure system account passwords are revised on a periodic basis. Product release cycles incorporates security testing procedures. Periodic review of the Microsoft Azure data center security policy. Server downtime Linked Process: Switch to backup server Application downtime Linked Process: Restore previous environment Database corruption/failure Linked Process: Restore backup (1 day old) Technical Information (US) 1 Camms 1 www.cammsgroup.com 46 Camms. Strategic Risk 004 Item Description ID SR - 004 Risk Name Insufficient Company Cash Flows Description Caroms experiences reduced revenues and rising costs lead to a low cash flow. Initial Risk Rating High Revised Risk Rating Low Reduced revenues (sales) Cause High than anticipated expenditures High debtors Increased interest rates for short-term debt Consequences Restricted growth Possible Solvency Maintain high level of liquidity. Access to debt funding. Internal Controls Strict financial reporting regimes. Cash flow projections and monitoring. Cost management controls. Ongoing/Additional Effective financial management reporting and monitoring of key performance indicators. Mitigation Actions Trigger Events Current Ratio drops below target Linked Process: Source short-term debt funding Consistently below average Linked Process: Evaluate costs associated with gross profit margin sales Technical Information (US) 1 Camms 1 www.cammsgroup.com 47 Camms. Strategic Risk 005 Item Description ID SR - 005 Risk Name Loss of Directors or Senior Executives Description The situation where Camms lose directors or senior executives due to a disaster. Initial Risk Rating High Revised Risk Rating Low Natural disaster Cause Illness Director or executives leave the company Lack of leadership Poor strategic direction of the company Consequences Employee morale is negatively impacted Customer confidence potentially shaken Directors located across the globe. Currently we have senior executives in Australia, New Zealand, Canada, the United Kingdom, and Sri Lanka. Internal Controls Ongoing/Additional Mitigation Actions We have strong succession planning processes in place to employee executives if necessary. Central documentation stores. Strategic plans are created ranging from 1 to 5 years plans and therefore for the short run the company would have the strategic direction needed. Utilization of Camms integrated planning and performance management software. Effective training and exposure for employees is provided to mature them to executive roles. Caroms strongly believes in empowerment, and we ensure employees are empowered in their work, and therefore loss of senior executives will not have a major impact as a typical company. Weekly global meetings are held to ensure that all senior executives are informed of all operations. Technical Information (US) 1 Camms 1 www.cammsgroup.com 48