R03-063 RESOLUTION NO. R03- 0(0'3
A RESOLUTION OF THE CITY COMMISSION OF THE
CITY OF BOYNTON BEACH, FLORIDA, AUTHORIZING
EXECUTION OF A TASK ORDER NO. 01-07 FOR
METCALF & EDDY, IN THE AMOUNT NOT TO EXCEED
$70,092.00 FOR ENGINEERING SERVICES FOR THE
PREPARATION OF THE UTILITIES DEPARTMENT
VULNERABILITY ASSESSMENT (VA) TO COMPLY
WITH REQUIREMENTS OF THE UNITED STATES
ENVIRONMENTAL PROTECTION AGENCY (EPA); AND
PROVIDING AN EFFECTIVE DATE.
WHEREAS, the purpose of conducting a VA is to identify components of our utility
system that may be vulnerable to acts of vandalism or terrorism that can lead to a loss of
atility service, which is a recent mandate of the EPA; and
WHEREAS, the City Commission upon recommendation of staff, deems it
appropriate to approve Task Order 01-07 with Utilities General Engineering consultants
Metcalf & Eddy, Inc., in an mount not to exceed $70,092, for the preparation of the Utilities
Department Vulnerability Assessment (VA) to comply with requirements of the United States
Environmental Protection Agency (EPA).
NOW, THEREFORE, BE IT RESOLVED BY THE CITY COMMISSION OF
THE CITY OF BOYNTON BEACH, FLORIDA, THAT:
Section 1. The foregoing "Whereas" clauses are hereby ratified and confirmed as
~eing true and correct and are hereby made a specific part of this Resolution upon adoption
hereof.
Section 2.
hereby authorize and direct execution of Task Order No. 01-07
amount not to exceed $70,092.00.
Section 3.
The City Commission of the City of Boynton Beach, Florida does
for Metcalf & Eddy, in an
This Resolution shall become effective immediately upon passage.
S:\CA\RESO~Agreements\Task - Change Orders\Task Order - Metcalf & Eddy - 01-07.doc
PASSED AND ADOPTED this I~' day of April, 2003.
j~21erk
Vice
~:\CA\RESO~Agreements\Task - Change Orders\Task Order - Metcalf & Eddy - 01-07.doc
TASK ORDER #01-07
March 19, 2003
FEE PROPOSAL AND SCOPE OF SERVICES
CITY OF BOYNTON BEACH
UTILITIES SYSTEM VULNERABILITY ASSESSMENT
Introduction
The proposed work will be conducted based on the Risk Assessment Methodology for
Water Utilities developed at Sandia National Laboratories, to meet the requirements of the
American Water Works Association Research Foundation (AWWARF) and the United
States Environmental Protection Agency (EPA). The Sandia Methodology addresses the
various tasks and subtasks identified in the program established by the EPA for large
drinking water vulnerability assessment (VA) grants, and is likely to become the standard
for the water works industry.
Concurrent to the facility characterization process for the water system, representative
facilities in the wastewater collection and pumping system will also be evaluated. The
representative facilities consist of those identified as 'critical' during City interviews.
Back~round
Following the events of September 11, 2001 the EPA received a supplemental
appropriation to improve the safety and security of the Nation's water supply. The
funding is intended to reduce the vulnerability of water utilities to terrorists attacks and to
enhance their security and ability to respond to emergency situations.
The EPA solicited grant applications to encourage and assist large, publicly-owned
drinking water systems to perform VAs of their facilities. The EPA's objective is to help
make drinking water systems across the United States as safe as possible within the
shortest possible time frame. All grant applications from public water utilities that serve
populations over 100,000 were considered for award.
The Public Health, Security, and Bioterrorism Preparedness and Response Act
("Bioterrorism Act"), signed into law in June of 2002, includes provisions to help
safeguard the nation's public drinking water systems against terrorist and other intentional
acts. This new legislation delineates community drinking water systems according to
population served, and lists deadlines for vulnerability assessments and emergency
response plans. The completion deadlines for systems serving between 50,000 and 99,999
people are December 31, 2003 for the vulnerability assessment and June 30, 2004 for the
1
emergency response plan. The City of Boynton Beach's (City) public water system serves
approximately 90,000 people.
As part of the work proposed herein, M&E will continue to monitor developments with
respect to EPA funding, and inform the City of these developments. An optional task has
been included to assist the City in the preparation of the grant application.
Overview
The City has proposed to conduct a VA, evaluate various levels of security enhancements,
and assess alternatives for implementation of cost effective security improvements and/or
consequence mitigation measures for the utilities system - with a primary focus on the
water system. The overall approach to the VA is as follows.
· Planning. Review the City's overall utility mission and develop and evaluate critical
mission objectives. Mission objectives are then ranked and used to prioritize the City's
facilities.
Threat assessment. Identify what and who the City is protecting against.
· Facility characterization. Identify the critical assets in the prioritized facilities.
Create a consequence table that allows the most critical assets to be identified.
· System effectiveness evaluation. Consider adversary strategies and worst-case
scenarios to evaluate the current system of asset protection.
· Risk management. Calculate the current level of risk, and if the risk is considered too
high, propose measures to reduce the risk. The calculated risk level varies in direct
proportion to the probability of attack and the consequences of an attack, and in
inverse proportion to the effectiveness of existing asset protection systems. Since the
City cannot control the probability of attack, it will ultimately focus its efforts on the
factors it can control - the effectiveness of protection systems, and the mitigation of
consequences.
Each phase of the work is outlined in further detail below and is based on Sandia
Methodology. Note that the evaluation of the wastewater facilities will be conducted
during the facility characterization phase, with the intent of generating security-related
recommendations for representative facilities, and will not follow the overall Sandia
process used for water facilities. It is expected that findings with respect to wastewater
may be helpful in addressing probable future regulatory requirements in this area, although
the final form of such requirements is not yet known.
It is emphasized that the process must be conducted in a highly sequential manner, since
the later phases cannot be properly performed unless prior phases have been completed
and consensus developed with respect to findings. Moreover, the active and sustained
participation on the City side of both "decision-makers" such as utility directors, and
"subject matter experts" such as key operations and maintenance staff, is essential to the
process. As evident from the outline provided above, such individuals are needed as part
2
of the Project Team to prioritize and decide key issues involving the mission and assets of
the water utility. Prior to initiating the first phase of the project, the list of Project Team
participants from the City will need to be defined.
Concerning the participation of City personnel from outside the utility, representatives of
fire and police departments will be consulted briefly with respect to response-related
issues. The participation of other non-utility personnel is not needed for successful
execution of the work.
SCOPE OF SERVICES
1.0 Project Management
Project Management activities comprise contract administration, coordination of project
staff, monitoring of progress and project costs throughout the project duration.
2.0 Planning and Threat Assessment
2.1 Phase 1 - Planning
Planning is the first phase in the VA process, and will consist of the following subtasks.
2.1.1 Define mission objectives
The first part of planning is to understand the City's overall utility mission and
mission objectives. For example, a prioritized list of mission objectives may be to
maintain adequate pressure for fire protection and other public safety uses,
maintain adequate volumetric water supply, maintain reasonable costs for water
supply, serve critical customers such as hospitals, and maintain potable-quality
water.
2.1.2 Define and rank criteria
Based on the mission objectives, criteria will be defined such as capacity,
geographic extent, critical customers, and quality. The criteria will then be ranked
using a process of pair-wise comparison.
2.1.3 Rank facilities
The City's water utility facilities will then be ranked using the criteria from the
previous subtask, and the result will be a facility that will stand out as most
important when all mission areas are considered.
3
2.1.4 Prepare Summary Memorandum No. 1
The product of this subtask will be a concise memorandum to summarize the work
conducted under the planning phase. This memorandum will address the team
selection and the agreed-upon mission objectives, prioritized criteria, and
prioritized facilities. The memorandum will also identify the facilities selected for
subsequent analysis under this scope of work.
2.1.5 Planning phase approach and importance
The prioritized mission objectives, prioritized criteria, and facility ranking will be
defined through a full-day, workshop-type meeting involving senior management
from the City's water utility. M&E will suggest the type of attendees who may be
needed, and will also provide review materials to attendees before this meeting to
allow advance consideration of the issues and thereby facilitate productive use of
the limited workshop time. An introductory overview of the VA process will also
be provided at this first workshop. This workshop will be one day in duration.
Since available funding may not allow subsequent analysis of every facility, M&E's
subsequent efforts under this scope of work will be focused on representative
facilities selected from the prioritized list of facilities. The planning phase will
result in the selection of representative facilities for detailed analysis.
2.2 Phase 2 - Threat assessment
Threat assessment is the second phase in the VA process, and will consist of the following
subtasks.
2.2.1 Define design basis threat
The design basis threat (DBT) is the portion of the threat spectrum that the utility
will try to protect against. The DBT must be considered and defined by
management before a detailed assessment is initiated, to avoid time and resources
being wasted on the collection of data not useful for the analysis.
The subsequent subtasks of the VA rely heavily on the clear definition of the DBT.
For example, the consequences of an event, and the assessment of effectiveness for
the existing asset protection systems, depend on the capabilities that are assigned
to an adversary. The likelihood of attack is also evaluated based on the DBT.
Examples ofa DBT include both outsiders (vandalism, demonstrators, activists,
extremists, terrorists, criminals, and computer hackers) and insiders (disgruntled
employees, psychotics, criminals, and terrorists).
The different categories of DBT are likely to use different approaches, have
different levels of knowledge concerning the utility's systems and operations, and
have different objectives.
While the process of discussing and evaluating the various DBTs is valuable to the
utility, M&E assumes that the City's primary reason for conducting the VA is to
assess vulnerabilities to a possible terrorist threat (based on EPA requirements).
Accordingly, this proposed scope of work allocates only a limited amount of time
to the process of defining the DBT. This process will include a review and
discussion of the various classes of DBT and the different attributes ("attributes"
include probable number of adversaries, tactics, weapons, technical skills and
knowledge, financial resources, potential for collusion with an insider, and so on),
but will then focus on the DBT involving a terrorist adversary.
It should also be noted that, while the characterizations of selected representative
facilities will focus on the DBT of a terrorist adversary, the ultimate findings in the
areas of asset protection and consequence mitigation may have value for lesser
types of DBTs as well.
2.2.2 Evaluate probability of attack
While the Sandia methodology can involve a detailed assessment concerning the
probability of attack, M&E assumes that the City does not wish to discriminate on
this basis. While law enforcement agencies, intelligence agencies, and other
sources may be able to provide specific indications concerning the probability of
attack, the process of assigning probability is still a highly uncertain exercise. A
simplifying assumption in this case is to assume that an attack will occur at some
time, and then proceed with the process of facility characterization. It is important
to note that this assumption affects only the absolute level of risk that is ultimately
calculated, and not the relative levels of risk among various critical assets. Given
that the City has committed itself to assessing vulnerabilities and risk, it is the
relative risk levels that have importance, since these relative levels will guide
decisions concerning asset protection and consequence mitigation measures.
2.2.3 Prepare Summary Memorandum No. 2
The product of this subtask will be a concise memorandum to summarize the work
conducted and provide details concerning the nature of the DBT to be considered
during subsequent phases of the project.
2.2.4 DBT phase approach and importance
It is assumed that the DBT will be the terrorist adversary as noted above.
5
The available funding will not allow detailed analysis of facilities and assets for
every class of DBT, and accordingly M&E's subsequent efforts under this scope of
work will be focused on the terrorist adversary as a DBT. However, a more
general evaluation of other classes of DBT will be provided in the project
deliverable.
It is assumed that the analysis will focus on relative risk levels, and attack
probability will not be used as a discriminating factor, as noted above.
3.0 Facility Characterization and System Effectiveness Evaluation
3.1 Phase 3 - Facility characterization
FaciBty characterization is the third phase in the VA process, and will consist of the
following subtasks.
3.1.1 Identify critical assets
Once the important facilities have been identified, and the DBT defined, the next
step involves identifying the critical assets in each facility selected for evaluation.
Critical assets are those which, alone or in combination with other assets, could be
targeted to cause the most serious consequences. Examples of critical assets could
include such assets as pipeline and pumping facilities, control systems, quality of
source or treated water, and key personnel. Site specific fault trees will be
developed to include the important mission objectives, and related critical assets
for each facility.
This subtask requires detailed knowledge concerning the equipment and operation
of the specific facility being evaluated, and the participation of knowledgeable
personnel from the City ("subject matter experts") will be very important to the
process at this stage.
The Project Team will need to define the scope of the analysis at each facility, with
respect to such items as electrical power, SCAD& and piping systems. System
process diagrams will be developed to understand single points of failure, the
interrelationship of the different processes, and the relationship of the SCADA
system. It will also be important to understand how a process problem can be
overcome by making operational changes to reduce a possible consequence.
This subtask will require a half-day, workshop-type meeting involving selected
knowledgeable personnel from the City's water utility. M&E will provide review
materials to attendees before this meeting, and request certain materials such as
facility site plans and process flow schematics to be made available at the
workshop by attendees from the utility. This type of advance preparation'will
6
allow a more complete consideration of the issues and facilitate productive use of
the limited workshop time.
3.1.2 Rank critical assets by consequence of loss
Critical assets are then ranked according to the consequences that could occur if
an adversary is successful in attacking them. Examples of consequence include
economic loss, duration of loss, loss of fire protection, number of users impacted,
illnesses, and deaths. This process allows the critical assets to be ordered on the
basis of consequence value, so that subsequent analysis focuses on the most
important assets first.
It is anticipated that this subtask will require a half-day, workshop-type meeting
involving selected knowledgeable personnel from the City. The intention will be to
accomplish this work on the same day as Subtask 3.1.1 above, but an additional
half-day meeting with the City Project Manager may be required to complete the
work. M&E will provide review materials to attendees before this meeting, and
request certain facility and operational information to be made available in advance
of the workshop by attendees from the City. This type of advance preparation will
allow a more complete consideration of the issues and facilitate productive use of
the limited workshop time.
3.1.3 Evaluate existing physical protection systems
Existing security systems must be understood so that the subsequent phase of the
analysis can properly evaluate the effectiveness of existing systems with respect to
the DBT defined for the VA process. An effective security system will feature
elements of detection (door sensors, cameras, access control), delay ( fences,
walls, doors), and response (guards, local law enforcement).
This subtask will require interviews with knowledgeable personnel, visits to the
facilities themselves to perform visual assessment of the security features
separating facility boundaries from critical assets, and review of documentation
with respect to policies and procedures for security personnel and access by
visitors and contractors. Design and operational data for existing security systems,
security plans, and emergency response plans will also be requested.
Information will be collected and recorded on checklists, site plans, and
schematics. Photographs will be taken for the purpose of recording observations
made in the field. Field evaluation will include, as applicable for the selected
representative facilities, existing perimeter barriers such as fences, doors, and
building walls; detection equipment such as alarms and cameras; traffic circulation,
access points, signage, and parking locations; utility routes and access; terrain and
lighting; fire suppression equipment; normal and emergency lighting; shift changes
and time clock stations; power disconnect switches; and hazardous materials
7
storage. The primary focus of the on-site reviews will be to identify assets that
may be vulnerable to disruption, and review existing security procedures and
physical barriers.
Any available information concerning the past performance of existing protection
systems will also be requested.
3.1.4 Prepare Summary Memorandum No. 3
The product of this subtask will be a concise memorandum to summarize the work
conducted under the facility characterization phase. This memorandum will
summarize the critical assets, prioritized on the basis of consequence of loss, and
will outline the evaluation of existing physical protection systems for asset
protection.
3.1.5 Facility characterization phase approach and importance
As noted above, it is anticipated that this phase will require a full-day workshop-
type meeting involving knowledgeable people from the Utility, possibly an
additional half-day meeting with the City's Project Manager, and field visits to the
selected representative facilities. M&E will provide review materials to attendees
before these meetings to allow advance consideration of the issues, and thereby
facilitate productive use of the limited workshop time.
The facility characterization phase will result in the identification of critical assets,
and the description of existing physical protection systems, to serve as a basis for
the subsequent evaluation of system effectiveness and calculation of risk to the
assets.
3.2 Phase 4 - System effectiveness evaluation
For a system to be effective, there must be awareness of an attack (detection), and a
sufficient slowing of adversary progress to the targets (delay) to allow the response force
enough time to interrupt or stop the adversary (response). This phase requires
consideration of a variety of paths that an adversary could choose to gain access to a
critical asset. Worst-case paths are evaluated, and a scenario is developed to allow
analysis of system effectiveness (detection, delay, response) along such paths.
Vulnerabilities along that path are those that would logically be the first to receive
upgrades if the risk is ultimately calculated to be too high.
System effectiveness evaluation is the fourth phase in the VA process, and will consist of
the following subtasks.
8
3.2.1 Identify most vulnerable strategy
By discussion and consensus, with consideration of security weaknesses and
vulnerable system states (for example, the middle of the night, or on Holidays), and
with consideration of the worst consequences an adversary might cause by having
access to the critical asset, the most vulnerable strategy will be assessed. This
would equate to the worst strategy against the critical asset at the priority facility,
since therefore all other strategies would have lower risks.
3.2.2 Derive most vulnerable scenario
In this subtask, the Project Team will consider the variety of paths that an
adversary could choose under the most vulnerable scenario defined in the previous
subtask. This will require consideration of all paths into the facility, from offsite to
the highest consequence critical asset. The worst-case path will then be selected,
and a scenario developed to allow analysis of system effectiveness (detection,
delay, response) along that single worst-case path.
3.2.3 Identify system vuinerabilities exploited by adversary
Once the most vulnerable scenario is defined, the next step in estimating the
protection system effectiveness involves listing and evaluating the features of the
system that provide detection, delay, and response for the selected scenario. In
this case, the protection system includes both the physical elements such as
sensors, locks, and law enforcement that could provide for detection, delay, and
response, as well as operational elements that could provide a second tier defense
by mitigating the effect of an attack. Examples of such operational elements could
include an emergency interconnect with a neighboring utility, or other system
redundancy that would allow the utility to continue providing a level of water
service if its high service pumps were disabled.
If neither the physical nor the operational systems detect an attack, then this clearly
points to a weakness in the system. With respect to the most vulnerable scenario
identified in the previous subtask, the specific vulnerabilities exploited by the
adversary will be identified. The identification of specific vulnerabilities will allow
a value to be assigned concerning, the effectiveness of the existing system, and will
allow upgrades to be considered for both the physical protection system and the
mitigation system.
3.2.4 Prepare Summary Memorandum No. 4
The product of this subtask will be a concise memorandum to summarize the work
conducted under the system effectiveness evaluation phase. This memorandum
will briefly summarize system vulnerabilities for the critical assets considered at the
selected representative facilities.
9
3.2.5 System effectiveness evaluation phase approach and importance
It is anticipated that this phase may involve additional field visits to the selected
representative facilities.
The system effectiveness evaluation phase will result in judgments concerning the
effectiveness of existing physical and operational systems, and will provide a basis
for specific upgrades to be considered in the subsequent phase.
4.0 Phase 5 - Risk Management
Risk management is the fitch phase in the VA process, and will consist of the following
subtasks.
4.1 Calculate risk levels
The Sandia VA methodology provides a mechanism for assigning numerical risk
values to critical assets. The calculated risk level varies in direct proportion to the
probability of attack and the consequences of an attack, and in inverse proportion
to the effectiveness of existing asset protection systems.
Previous subtasks will have facilitated the assessment of values for probability of
attack, consequences of an attack, and effectiveness of the existing physical
protection and mitigation measures for the critical assets analyzed at the selected
representative facilities.
In this subtask, risk values will be calculated for the applicable critical assets and a
ranking established based on relative risk levels among assets.
4.2 Identify possible upgrades to physical and operational security
Since the City cannot control the probability of attack, it will ultimately focus its
efforts on the factors it can control - the effectiveness of protection systems, and
the mitigation of consequences.
In this subtask, alternatives will be developed for upgrades to physical and
operational security for the protection of critical assets identified as high-risk.
Alternatives will be presented in table form, and planning-level cost estimates will
be provided for the identified upgrades.
Based on the recommended upgrades, residual risk to the critical assets will be
evaluated to identify the level of risk reduction that could be expected through the
implementation of the physical and/or operational system upgrades.
10
4.3 Prepare Summary Memorandum No. 5
The product of this subtask will be a concise memorandum to summarize the work
conducted under the risk management phase. This memorandum will provide a
representative summary of calculated risk values, alternative security upgrades,
and residual risk values for critical assets considered at the selected representative
facilities.
4.4 Risk management phase approach and importance
It is anticipated that this phase will require a half-day meeting with the City's
Project Manager for the preliminary presentation of findings and alternative
upgrades. The City's Project Manager should then obtain comments as necessary
from other Utility representatives via the circulation of the memorandum for this
task.
The risk management phase will result in calculated risk values for applicable
critical assets, identified alternatives for upgrading the physical and operational
security system, and re-calculated risk values for the subject assets based on the
implementation of the identified upgrades.
5.0 Final Report
This last phase of the project will consist of the preparation of a final report that will
document each of the previous phases and present the upgrades identified in the Risk
Management phase. The report will be an expansion of the summary memorandums
prepared under the previous subtasks, and will address comments and revisions from the
City concerning the previously submitted memorandums. The report will be structured so
as to address the EPA requirements.
The report structure will be as outlined below in Table 1.
TABLE 1. STRUCTURE AND CONTENTS OF FINAL REPORT
CHAPTER CONTENTS
Chapter 1 - · Introductory and background information on VA process
Introduction · Reasons why VA was conducted
· City requirements
· Scope and organization of report
Chapter 2 - · Planning and team selection
Planning · Mission statement and objectives
· Comparison of criteria
· Facility prioritization
· Risk reduction goals
Chapter 3 - · Design basis threat
Threat assessment · Justification for probability of attack
11
TABLE 1. STRUCTURE AND CONTENTS OF FINAL REPORT
CHAPTER CONTENTS
Chapter 4 - · System description
Facility · Site-specific fault trees
characterization · Existing security policy, procedures, and physical security
· Consequence table
· Consequence values for critical assets
Chapter 5 - · Adversary strategies and scenarios
System effectiveness · System effectiveness for scenarios
evaluation · Physical protection system and operating system vulnerabilities
Chapter 6 - · Risk analysis
Risk assessmen_t · Relative risks for critical assets at selected representative facilities
Chapter 7 - · Alternatives for upgrades to physical security and consequence
Risk management mitigation
· Estimate of risks for proposed actions
· Summary of results
6.0 M&E Internal Review
As part of our internal review quality control program, M&E will provide for a Technical
Advisory Team (TAT) review upon completion of the draf~ final report.
7.0 Grant Application Assistance (optional task)
As part of the work proposed herein, M&E will continue to monitor developments with
respect to EPA funding, and inform the City of these developments. A task has been
included to assist the City in the preparation of the grant application. It is assumed that
the grant application will be similar to those of 'large users'. To complete this task, a
$2,500 allowance has been allocated and would only be used upon written authorization
by the City to proceed with this task.
DELIVERABLES
Deliverables for the proposed work are listed below.
B.
C.
D.
E.
F.
Summary Memorandum for the Planning phase
Summary Memorandum for the Threat assessment phase
Summary Memorandum for the Facility characterization phase
Summary Memorandum for the System effectiveness evaluation phase
Summary Memorandum for the Risk management phase
Final Report for project
The summary memorandums will be submitted in draft form only. The City personnel
receiving the memorandums will be requested to communicate any comments or desired
12
revisions to these memorandums promptly, since each new phase of the project relies
heavily on the previous phase and consensus must be reached on a variety of issues before
new phases proceed. Comments and intended revisions to the memorandums will be
documented using addendums. These memorandums will be used as a basis for the final
report.
As stated above, the final report will be an expansion of the draft summary memorandum.
The final report will be provided in draft form for review and comment by the City. M&E
recommends that the City consult its legal counsel concerning the desired form and
handling of the final report submittal. Since the document will contain sensitive
information concerning the water utility's vulnerabilities, M&E strongly recommends that
the report be closely protected and access to its contents be restricted. In general, for the
entire project, all sensitive working papers and documents should be stored securely, the
number of copies should be limited.
PROJECT SCHEDULE
The work under this scope can be expected to be a five month duration. A detailed
schedule will be provided following receipt of the work authorization, when a definitive
starting date can be established. Nevertheless, the EPA requires that the completion be by
December 31, 2003.
COMPENSATION
The following table provides an estimate of staff hours and associated costs for the
proposed scope of work. The project cost under this proposed scope of work is estimated
at $67,592 with an additional $2,500 in optional activities.
Item Description Fee
1.0 Project Management $ 5,975
2.0 Planning and Threat Assessment $10,994
3.0 Facility Characterization and SEE $22,497
4.0 Risk Management $10,693
5.0 Final Report and Presentation $14,681
6.0 M&E TAT Final Report $ 2,752
Total Authorized to M&E $67,592
7.0 Grant Application Allowance (optional) $ 2,500
Compensation for work in this proposal will be based on a lump sum method of payment,
to be invoiced monthly on a percent complete basis for items 1-6. Item 7 would only be
used with prior written permission from the Assistant City Manager or his designee for
those items outlined in this proposal. M&E's current contract billing rates would be used
for this allowance.
13
BASIS OF ESTIMATE
The following assumptions apply to this scope of work.
A. As noted previously, it will be neither possible nor necessary to evaluate every
asset at every facility. The proposed methodology will focus on selection and
assessment of the highest priority facilities and assets, and findings with respect to
security upgrades will in general be transferable to other facilities and assets not
considered. The selection of representative facilities and critical assets for detailed
evaluation will be conducted through discussion and consensus with the City's
Project Manager. Follow-on analyses can be performed on lower priority assets
and facilities, subject to the constraints of schedule and funding. To some degree,
consolidation of memorandums can also be used to allow analysis of an expanded
facility/asset list, and this approach will be reviewed with the City during the
planning phase of this project.
B. Evaluation ofwastewater facilities will be conducted during the facility
characterization phase, with the intent of generating security-related
recommendations for representative facilities, and will not follow the overall
Sandia process used for water facilities. It is expected that findings with respect to
wastewater may be helpful in addressing probable future regulatory requirements
in this area, although the final form of such requirements is not yet known.
C. The VA process is highly sequential, and the later phases cannot be properly
performed unless prior phases have been completed and consensus developed with
respect to findings. Successful and timely project execution will rely on active and
sustained participation by both "decision-makers" and "subject matter experts"
from the City.
14
BY:
APPROVED BY
CITY OF BOYNTON BEACH, FLORIDA
i:ty Manager k..
Date:
S~T~DBY
Metcalf& Eddy, Inc.
By:
Mark S. Blanchard, Vice President
Date:
15