The URL can be used to link to this page

Home My WebLink AboutWashington State Department of Children, Youth, & Families RECEIVED • AUG -- 9 2013 MASON C tUl `i). MC contract 1119-060 ( � 3i„" ;ri 1: rf;I i" ' c` l). €h' . DCYF Agreement Number COUNTY PROGRAM AGREEMENT 1963-58216 1 :_;-*t 1-4 Juvenile Detention Alternatives 1 'j?7ea ,'' Initiative This Program Agreement is by and between the State of Washington Administration or Drision Department of Children,Youth, and Families (DCYF) and the County Agreement Number Identified below,and Is Issued in conjunction with a County and DCYF 1-501-00519 C°untyAgreementNumbor Agreement On General Terms and Conditions,which is Incorporated by reference. DCYF ADMINISTRATION DCYF DIVISION DCYF INDEX NUMBER DCYF CONTRACT CODE Department of Children,Youth, Children,Youth and Families 1229 2000CC=63 • and Families DCYF CONTACT NAME AND TITLE DCYF CONTACT ADDRESS Jenny Young 1115 Washington St SE Program Coordinator , Olympia,WA 98504-5828 DCYF CONTACT TELEPHONE DCYF CONTACT FAX DCYF CONTACT E-MAIL (360)902-0872 Click here to enter text. youngja2@dshs.wa.gov dshs.wa.gov COUNTY NAME 'COUNTY ADDRESS Mason County Mason County Juvenile Court PO Box 368 Shelton,WA 98584 COUNTY FEDERAL EMPLOYER IDENTIFICATION COUNTY CONTACT NAME NUMBER Jim Madsen • COUNTY CONTACT TELEPHONE COUNTY CONTACT FAX COUNTY CONTACT E-MAIL (360)427-9670 jamesma@co.rnaton.wa.us IS THE COUNTY A SUBRECIPIENT FOR PURPOSES OF THIS PROGRAM CFDA NUMBERS AGREEMENT? No . PROGRAM AGREEMENT START DATE PROGRAM AGREEMENT END DATE MAXIMUM PROGRAM AGREEMENT AMOUNT 07/01/2019 _ 06/30/2021 $49,000.00 EX1-1113ITS, When the box below is marked with an X,the following Exhibits are attached and are incorporated into this County Prograrn Agreement by reference: ®Exhibits (specify): Exhibit A:Data Security Requirement,.Exhibit B:Statement of Work,Exhibit C:JDAI Site Implementation Budget ❑NO ExhIbits. The terms end conditions of this Contract are an integration and representation of the final,entire and exclusive understanding between the parties superseding and merging all previous agreements,writings,and communications,oral or otherwise,regarding the subject matter of this Contract. The parties signing below represent that they have read and understand this Contract,and have the authority to execute this Contract. This Contract shall be binding on DCYF only upon signature by DCYF. COUNTY SIGNATURE(S) PRINTED NAME(S)AND TITLE(S) DATES)SIGNED kkkAw She.45 -Cho.r ShaYaw -1-rUS4c.,Commssi n0.— g� !f ,� i. 1-w''b-A 132.a.A No-l11A .b�M e. xntSsicNkte.r 7t iLI/AOic1 DCYF SIG U f' ' � �2ii PRINTED NAME AND TITLE DATE SIGNED _� kk E-- t-\c.i�4 iv v`,�-� t?/! ( lf __ ). --4'� Ct21-\r7c5-4 c_ctvki'L.A� D 4VJ tjf_r< 7 \ Department of Children,Youth,and Families 2e17CF County Program Agreement(12.14.2018) , . Page 1 U�, . ' D(t�rji. 5 irl 1` q'x Special Terms and Conditions 1. Definitions. The words and phrases listed below, as used in this Contract, shall each have the following definitions: a. "DCYF" means the Department of Children, Youth, and Families. b. "Office of Juvenile Justice" or"OJJ" means the Division under the Department of Children, Youth, and Families. c. "JDAI" means the Juvenile Detention Alternatives Initiative that the Washington State Partnership Council on Juvenile Justice, in partnership with eight county juvenile courts has adopted as a detention reform and system improvement initiative. 2. Purpose. The purpose of this Contract is to provide improve their juvenile justice systems and achieve the desired outcomes of: a. Increased public safety. b. Reduced detention overcrowding and the need to build and operate expensive detention facilities. c. Better outcomes for youth and families by safely keeping youth in their homes, schools and community. d. Reduction of racial disparities in the juvenile justice system. e. Redirecting scarce public funding to less expensive and proven community-based programs. 3. Data Security Requirements — Exhibit A. The Contractor shall protect, segregate, and dispose of data from DCYF as described in Exhibit A, and as required in the Section below entitled Secure Management of Confidential Information. 4. Statement of Work— Exhibit B. The Contractor shall provide services and staff as described in the Statement of Work attached as Exhibit B. 5. Statement of Work— Exhibit C. The Contractor shall provide services within the budget described in the JDAI Site Implementation Budget attached as Exhibit C. Department of Children,Youth,and Families 2017CF County Program Agreement(12-14-2018) Page 2 Special Terms and Conditions Exhibit A— Data Security Requirements 1. Definitions. The words and phrases listed below, as used in this Exhibit, shall each have the following definitions: a. "AES" means the Advanced Encryption Standard, a specification of Federal Information Processing Standards Publications for the encryption of electronic data issued by the National Institute of Standards and Technology (http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197.pdf). b. "Authorized Users(s)" means an individual or individuals with a business need to access DCYF Confidential Information, and who has or have been authorized to do so. c. "Business Associate Agreement" means an agreement between DCYF and a contractor who is receiving Data covered under the Privacy and Security Rules of the Health Insurance Portability and Accountability Act of 1996. The agreement establishes permitted and required uses and disclosures of protected health information (PHI) in accordance with HIPAA requirements and provides obligations for business associates to safeguard the information. d. "Category 4 Data" is data that is confidential and requires special handling due to statutes or regulations that require especially strict protection of the data and from which especially serious consequences may arise in the event of any compromise of such data. Data classified as Category 4 includes but is not limited to data protected by: the Health Insurance Portability and Accountability Act (HIPAA), Pub. L. 104-191 as amended by the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), 45 CFR Parts 160 and 164; the Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. §1232g; 34 CFR Part 99; Internal Revenue Service Publication 1075 (https://www.irs.gov/pub/irs-pdf/p1075.pdf); Substance Abuse and Mental Health Services Administration regulations on Confidentiality of Alcohol and Drug Abuse Patient Records, 42 CFR Part 2; and/or Criminal Justice Information Services, 28 CFR Part 20. e. "Cloud" means data storage on servers hosted by an entity other than the Contractor and on a network outside the control of the Contractor. Physical storage of data in the cloud typically spans multiple servers and often multiple locations. Cloud storage can be divided between consumer grade storage for personal files and enterprise grade for companies and governmental entities. Examples of consumer grade storage would include iTunes, Dropbox, Box.com, and many other entities. Enterprise cloud vendors include Microsoft Azure, Amazon Web Services, and Rackspace. f. "Encrypt" means to encode Confidential Information into a format that can only be read by those possessing a "key"; a password, digital certificate or other mechanism available only to authorized users. Encryption must use a key length of at least 256 bits for symmetric keys, or 2048 bits for asymmetric keys. When a symmetric key is used, the Advanced Encryption Standard (AES) must be used if available. g. "FedRAMP" means the Federal Risk and Authorization Management Program (see www.fedramp.gov), which is an assessment and authorization process that federal government agencies have been directed to use to ensure security is in place when accessing Cloud computing products and services. h. "Hardened Password" means a string of at least eight characters containing at least three of the following four character classes: Uppercase alphabetic, lowercase alphabetic, numeral, and special characters such as an asterisk, ampersand, or exclamation point. Department of Children,Youth,and Families 2017CF County Program Agreement(12-14-2018) Page 3 Special Terms and Conditions i. "Mobile Device" means a computing device, typically smaller than a notebook, which runs a mobile operating system, such as iOS, Android, or Windows Phone. Mobile Devices include smart phones, most tablets, and other form factors. j. "Multi-factor Authentication" means controlling access to computers and other IT resources by requiring two or more pieces of evidence that the user is who they claim to be. These pieces of evidence consist of something the user knows, such as a password or PIN; something the user has such as a key card, smart card, or physical token; and something the user is, a biometric identifier such as a fingerprint, facial scan, or retinal scan. "PIN" means a personal identification number, a series of numbers which act as a password for a device. Since PINs are typically only four to six characters, PINs are usually used in conjunction with another factor of authentication, such as a fingerprint. k. "Portable Device" means any computing device with a small form factor, designed to be transported from place to place. Portable devices are primarily battery powered devices with base computing resources in the form of a processor, memory, storage, and network access. Examples include, but are not limited to, mobile phones, tablets, and laptops. Mobile Device is a subset of Portable Device. I. "Portable Media" means any machine readable media that may routinely be stored or moved independently of computing devices. Examples include magnetic tapes, optical discs (CDs or DVDs), flash memory (thumb drive) devices, external hard drives, and internal hard drives that have been removed from a computing device. m. "Secure Area" means an area to which only authorized representatives of the entity possessing the Confidential Information have access, and access is controlled through use of a key, card key, combination lock, or comparable mechanism. Secure Areas may include buildings, rooms or locked storage containers (such as a filing cabinet or desk drawer) within a room, as long as access to the Confidential Information is not available to unauthorized personnel. In otherwise Secure Areas, such as an office with restricted access, the Data must be secured in such a way as to prevent access by non-authorized staff such as janitorial or facility security staff, when authorized Contractor staff are not present to ensure that non-authorized staff cannot access it. n. "Trusted Network" means a network operated and maintained by the Contractor, which includes security controls sufficient to protect DCYF Data on that network. Controls would include a firewall between any other networks, access control lists on networking devices such as routers and switches, and other such mechanisms which protect the confidentiality, integrity, and availability of the Data. o. "Unique User ID" means a string of characters that identifies a specific user and which, in conjunction with a password, passphrase or other mechanism, authenticates a user to an information system. 2. Authority. The security requirements described in this document reflect the applicable requirements of Standard 141.10 (https://ocio.wa.gov/policies) of the Office of the Chief Information Officer for the state of Washington, and of the DCYF Information Security Policy and Standards Manual. Reference material related to these requirements can be found here: https://www.dcyf.wa.gov/services/child- welfare-providers which is a site developed by the DSHS Information Security Office and hosted by DCYF. 3. Administrative Controls. The Contractor must have the following controls in place: a. A documented security policy governing the secure use of its computer network and systems, and Department of Children,Youth,and Families 2017CF County Program Agreement(12-14-2018) Page 4 Special Terms and Conditions which defines sanctions that may be applied to Contractor staff for violating that policy. b. Security awareness training for all employees, presented at least annually, which informs Contractor staff of their responsibilities under the Contractor's security policy. If the Contractor does not have an appropriate security awareness course, any of their staff who will work with the Data or systems housing the Data, must successfully complete the DSHS Information Security Awareness Training, which can be taken on this web page: https://www.dshs.wa.gov/fsa/central- contract-services/it-security-awareness-training, or a replacement later identified by DCYF. c. If the Data shared under this agreement is classified as Category 4, the Contractor must be aware of and compliant with the applicable legal or regulatory requirements for that Category 4 Data. d. If Confidential Information shared under this agreement is classified as Category 4, the Contractor must have a documented risk assessment for the system(s) housing the Category 4 Data. 4. Authorization, Authentication, and Access. In order to ensure that access to the Data is limited to authorized staff, the Contractor must: a. Have documented policies and procedures governing access to systems with the shared Data. b. Restrict access through administrative, physical, and technical controls to authorized staff. c. Ensure that user accounts are unique and that any given user account logon ID and password combination is known only to the one employee to whom that account is assigned. For purposes of non-repudiation, it must always be possible to determine which employee performed a given action on a system housing the Data based solely on the logon ID used to perform the action. d. Ensure that only authorized users are capable of accessing the Data. e. Ensure that an employee's access to the Data is removed immediately: (1) Upon suspected compromise of the user credentials. (2) When their employment, or the contract under which the Data is made available to them, is terminated. (3) When they no longer need access to the Data to fulfill the requirements of the contract. f. Have a process to periodically review and verify that only authorized users have access to systems containing DCYF Confidential Information. g. When accessing the Data from within the Contractor's network (the Data stays within the Contractor's network at all times), enforce password and logon requirements for users within the Contractor's network, including: (1) A minimum length of 8 characters, and containing at least three of the following character classes: uppercase letters, lowercase letters, numerals, and special characters such as an asterisk, ampersand, or exclamation point. (2) That a password does not contain a user's name, logon ID, or any form of their full name. (3) That a password does not consist of a single dictionary word. A password may be formed as a passphrase which consists of multiple dictionary words. Department of Children,Youth,and Families 2017CF County Program Agreement(12-14-2018) Page 5 Special Terms and Conditions (4) That passwords are significantly different from the previous four passwords. Passwords that increment by simply adding a number are not considered significantly different. h. When accessing Confidential Information from an external location (the Data will traverse the Internet or otherwise travel outside the Contractor's network), mitigate risk and enforce password and logon requirements for users by employing measures including: (1) Ensuring mitigations applied to the system don't allow end-user modification. (2) Not allowing the use of dial-up connections. (3) Using industry standard protocols and solutions for remote access. Examples would include RADIUS and Citrix. (4) Encrypting all remote access traffic from the external workstation to Trusted Network or to a component within the Trusted Network. The traffic must be encrypted at all times while traversing any network, including the Internet, which is not a Trusted Network. (5) Ensuring that the remote access system prompts for re-authentication or performs automated session termination after no more than 30 minutes of inactivity. (6) Ensuring use of Multi-factor Authentication to connect from the external end point to the internal end point. i. Passwords or PIN codes may meet a lesser standard if used in conjunction with another authentication mechanism, such as a biometric (fingerprint, face recognition, iris scan) or token (software, hardware, smart card, etc.) in that case: (1) The PIN or password must be at least 5 letters or numbers when used in conjunction with at least one other authentication factor (2) Must not be comprised of all the same letter or number (11111, 22222, aaaaa, would not be acceptable) (3) Must not contain a "run" of three or more consecutive numbers (12398, 98743 would not be acceptable) j. If the contract specifically allows for the storage of Confidential Information on a Mobile Device, passcodes used on the device must: (1) Be a minimum of six alphanumeric characters. (2) Contain at least three unique character classes (upper case, lower case, letter, number). (3) Not contain more than a three consecutive character run. Passcodes consisting of 12345, or abcdl2 would not be acceptable. k. Render the device unusable after a maximum of 10 failed logon attempts. 5. Protection of Data. The Contractor agrees to store Data on one or more of the following media and protect the Data as described: a. Hard disk drives. For Data stored on local workstation hard disks, access to the Data will be restricted to Authorized User(s) by requiring logon to the local workstation using a Unique User ID Department of Children,Youth,and Families 2017CF County Program Agreement(12-14-2018) Page 6 Special Terms and Conditions and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. b. Network server disks. For Data stored on hard disks mounted on network servers and made available through shared folders, access to the Data will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on disks mounted to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism. For DCYF Confidential Information stored on these disks, deleting unneeded Data is sufficient as long as the disks remain in a Secure Area and otherwise meet the requirements listed in the above paragraph. Destruction of the Data, as outlined below in Section 8 Data Disposition, may be deferred until the disks are retired, replaced, or otherwise taken out of the Secure Area. c. Optical discs (CDs or DVDs) in local workstation optical disc drives. Data provided by DCYF on optical discs which will be used in local workstation optical disc drives and which will not be transported out of a Secure Area. When not in use for the contracted purpose, such discs must be Stored in a Secure Area. Workstations which access DCYF Data on optical discs must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism. d. Optical discs (CDs or DVDs) in drives or jukeboxes attached to servers. Data provided by DCYF on optical discs which will be attached to network servers and which will not be transported out of a Secure Area. Access to Data on these discs will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on discs attached to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism. e. Paper documents. Any paper records must be protected by storing the records in a Secure Area which is only accessible to authorized personnel. When not in use, such records must be stored in a Secure Area. f. Remote Access. Access to and use of the Data over the State Governmental Network (SGN) or Secure Access Washington (SAW) will be controlled by DCYF staff who will issue authentication credentials (e.g. a Unique User ID and Hardened Password) to Authorized Users on Contractor's staff. Contractor will notify DCYF staff immediately whenever an Authorized User in possession of such credentials is terminated or otherwise leaves the employ of the Contractor, and whenever an Authorized User's duties change such that the Authorized User no longer requires access to perform work for this Contract. g. Data storage on portable devices or media. (1) Except where otherwise specified herein, DCYF Data shall not be stored by the Contractor on portable devices or media unless specifically authorized within the terms and conditions of the Contract. If so authorized, the Data shall be given the following protections: (a) Encrypt the Data. Department of Children,Youth,and Families 2017CF County Program Agreement(12-14-2018) Page 7 Special Terms and Conditions (b) Control access to devices with a Unique User ID and Hardened Password or stronger authentication method such as a physical token or biometrics. (c) Manually lock devices whenever they are left unattended and set devices to lock automatically after a period of inactivity, if this feature is available. Maximum period of inactivity is 20 minutes. (d) Apply administrative and physical security controls to Portable Devices and Portable Media by: i. Keeping them in a Secure Area when not in use, ii. Using check-in/check-out procedures when they are shared, and iii. Taking frequent inventories. (2) When being transported outside of a Secure Area, Portable Devices and Portable Media with DCYF Confidential Information must be under the physical control of Contractor staff with authorization to access the Data, even if the Data is encrypted. h. Data stored for backup purposes. (1) DCYF Confidential Information may be stored on Portable Media as part of a Contractor's existing, documented backup process for business continuity or disaster recovery purposes. Such storage is authorized until such time as that media would be reused during the course of normal backup operations. If backup media is retired while DCYF Confidential Information still exists upon it, such media will be destroyed at that time in accordance with the disposition requirements below in Section 8 Data Disposition. (2) Data may be stored on non-portable media (e.g. Storage Area Network drives, virtual media, etc.) as part of a Contractor's existing, documented backup process for business continuity or disaster recovery purposes. If so, such media will be protected as otherwise described in this exhibit. If this media is retired while DCYF Confidential Information still exists upon it, the data will be destroyed at that time in accordance with the disposition requirements below in Section 8 Data Disposition. i. Cloud storage. DCYF Confidential Information requires protections equal to or greater than those specified elsewhere within this exhibit. Cloud storage of Data is problematic as neither DCYF nor the Contractor has control of the environment in which the Data is stored. For this reason: (1) DCYF Data will not be stored in any consumer grade Cloud solution, unless all of the following conditions are met: (a) Contractor has written procedures in place governing use of the Cloud storage and Contractor attests in writing that all such procedures will be uniformly followed. (b) The Data will be Encrypted while within the Contractor network. (c) The Data will remain Encrypted during transmission to the Cloud. (d) The Data will remain Encrypted at all times while residing within the Cloud storage solution. (e) The Contractor will possess a decryption key for the Data, and the decryption key will be possessed only by the Contractor and/or DCYF. Department of Children,Youth,and Families 2017CF County Program Agreement(12-14-2018) Page 8 Special Terms and Conditions (f) The Data will not be downloaded to non-authorized systems, meaning systems that are not on either the DCYF or Contractor networks. (g) The Data will not be decrypted until downloaded onto a computer within the control of an Authorized User and within either the DCYF or Contractor's network. (2) Data will not be stored on an Enterprise Cloud storage solution unless either: (a) The Cloud storage provider is treated as any other Sub-Contractor, and agrees in writing to all of the requirements within this exhibit; or, (b) The Cloud storage solution used is FedRAMP certified. (3) If the Data includes protected health information covered by the Health Insurance Portability and Accountability Act (HIPAA), the Cloud provider must sign a Business Associate Agreement prior to Data being stored in their Cloud solution. 6. System Protection. To prevent compromise of systems which contain DCYF Data or through which that Data passes: a. Systems containing DCYF Data must have all security patches or hotfixes applied within 3 months of being made available. b. The Contractor will have a method of ensuring that the requisite patches and hotfixes have been applied within the required timeframes. c. Systems containing DCYF Data shall have an Anti-Malware application, if available, installed. d. Anti-Malware software shall be kept up to date. The product, its anti-virus engine, and any malware database the system uses, will be no more than one update behind current. 7. Data Segregation. a. DCYF Data must be segregated or otherwise distinguishable from non-DCYF data. This is to ensure that when no longer needed by the Contractor, all DCYF Data can be identified for return or destruction. It also aids in determining whether DCYF Data has or may have been compromised in the event of a security breach. As such, one or more of the following methods will be used for data segregation. (1) DCYF Data will be kept on media (e.g. hard disk, optical disc, tape, etc.)which will contain no non-DCYF Data. And/or, (2) DCYF Data will be stored in a logical container on electronic media, such as a partition or folder dedicated to DCYF Data. And/or, (3) DCYF Data will be stored in a database which will contain no non-DCYF data. And/or, (4) DCYF Data will be stored within a database and will be distinguishable from non-DCYF data by the value of a specific field or fields within database records. (5) When stored as physical paper documents, DCYF Data will be physically segregated from non- DCYF data in a drawer, folder, or other container. Department of Children,Youth,and Families 2017CF County Program Agreement(12-14-2018) Page 9 Special Terms and Conditions b. When it is not feasible or practical to segregate DCYF Data from non-DCYF data, then both the DCYF Data and the non-DCYF data with which it is commingled must be protected as described in this exhibit. 8. Data Disposition. When the contracted work has been completed or when the Data is no longer needed, except as noted above in Section 5.b, Data shall be returned to DCYF or destroyed. Media on which Data may be stored and associated acceptable methods of destruction are as follows: Data stored on: Will be destroyed by: Server or workstation hard disks, or Using a "wipe" utility which will overwrite the Data at least three (3) times using either random or single Removable media (e.g. floppies, USB flash character data, or drives, portable hard disks) excluding optical discs Degaussing sufficiently to ensure that the Data cannot be reconstructed, or Physically destroying the disk Paper documents with sensitive or Recycling through a contracted firm, provided the Confidential Information contract with the recycler assures that the confidentiality of Data will be protected. Paper documents containing Confidential On-site shredding, pulping, or incineration Information requiring special handling (e.g. protected health information) Optical discs (e.g. CDs or DVDs) Incineration, shredding, or completely defacing the readable surface with a coarse abrasive Magnetic tape Degaussing, incinerating or crosscut shredding 9. Notification of Compromise or Potential Compromise. The compromise or potential compromise of DCYF shared Data must be reported to the DCYF Contact designated in the Contract within one (1) business day of discovery. If no DCYF Contact is designated in the Contract, then the notification must be reported to the DCYF Privacy Officer at: dcyfprivacyofficer(c�dcyf.wa.pov. Contractor must also take actions to mitigate the risk of loss and comply with any notification or other requirements imposed by law or DCYF. 10. Data shared with Subcontractors. If DCYF Data provided under this Contract is to be shared with a subcontractor, the Contract with the subcontractor must include all of the data security provisions within this Contract and within any amendments, attachments, or exhibits within this Contract. If the Contractor cannot protect the Data as articulated within this Contract, then the contract with the sub- Contractor must be submitted to the DCYF Contact specified for this contract for review and approval. Department of Children,Youth,and Families 2017CF County Program Agreement(12-14-2018) Page 10 Special Terms and Conditions Exhibit B—STATEMENT OF WORK Mason County JDAI Site Contract 1. Contractor Obligations: Mason County Juvenile Court will: a. Work to achieve the goals outlined in the submitted Implementation Plan; incorporated by reference herein: (1) Finalize and implement sanctions grid: a) By working within juvenile court administration to design a grid that maintains accountability, reduces racial and ethnic disparities, and properly responds to risk and safety concerns; b) By creating a policy for the use of the Sanctions Grid to include supervisory review; c) By introducing the finalized grid and policy to Prosecutors, Defense, and Juvenile Court Judge for feedback; and d) By creating a tracking tool to follow the impact of Sanction Grid implementation on admissions to detention and racial and ethnic disparities. (2) Create and implement a tiered warrant system: a) By learning from other courts that use a tiered warrant system; b) By soliciting feedback from stakeholders regarding the desire to use a tiered warrant system; and c) By collaborating with the Mason County Prosecutor's Office, local law enforcement, and juvenile and superior court administration on the development of policy and procedures for the tiered warrant system. b. Complete the revision of the Juvenile Detention Policy and Procedure Manual and after review, incorporate recommended changes to ensure policies are culturally relevant, if needed. c. Complete and submit the following Quarterly Data Reports: Admissions to Detention and DRAI Recommendation Detail. 2. JDAI Quality Assurance Requirements: Mason County Juvenile Court shall: a. Participate in monthly one-on-one conference calls with the JDAI State Coordinator; b. Participate in quarterly Local JDAI Site Coordinator Conference Calls; and c. Attend and participate in the JDAI State Steering Committee Meetings. The Office of Juvenile Justice shall: a. Provide technical support to the Contractor when requested; b. Conduct at least two in person sites visits during the contract period; and c. Attend at least two of the Contractor's Local JDAI Stakeholder/Steering Committee meetings during the contract period. Department of Children,Youth,and Families 2017CF County Program Agreement(12-14-2018) Page 11 Special Terms and Conditions 3. Deliverables: The Deliverables include the following reports due to the JDAI State Coordinator per the due dates outlined below. a. Quarterly Progress Reports (aka: Stoplight Report) by the 15th of the month following the end of the quarter; b. Quarterly Data Reports (identified in Sec. 1.c.) by the 15th of the month following the end of the quarter; and c. Annual Results Report due by March 15th, 2020 for the 2019 Calendar Year and by March 15th, 2021 for the 2020 Calendar Year. 4. Consideration: The total maximum consideration payable to the Contractor for satisfactory performance of the work under this Contract is $24,500 (Fiscal Year 1) and $24,500 (Fiscal Year 2) for activities occurring between July 1, 2019 and June 30, 2021 including any and all expenses, and shall be based upon Exhibit C: JDAI Site Implementation Budget, attached and incorporated by reference herein. All quarterly data reports and progress reports must be received prior to payment of invoices submitted to the JDAI State Coordinator. Invoices submitted without quarterly data reports and progress reports will be held until required reports are submitted. All grant funds for Year 1 must be expended by June 30, 2020. All grant funds for Fiscal Year 2 must be expended by June 30, 2021. No unspent funding from the Fiscal Year 1 Budget may be carried over into the Fiscal Year 2 Budget. Up to 10% or $1,000, whichever is less, of the total budget may be moved between the line items or categories without an amendment with prior written approval from the OJJ Director or designated Contracts Manager. Contractor shall provide a written request for any changes and an updated budget upon approval. Any budget amendments over 10% or$1,000, whichever is less, must obtain an approved contract amendment and updated approved budget prior to any expenditures being made. Department of Children,Youth,and Families 2017CF County Program Agreement(12-14-2018) Page 12 Special Terms and Conditions EXHIBIT C—JDAI SITE IMPLEMENTATION BUDGET Fiscal Year 1 APPROVED BUDGET OFFICE OF JUVENILE JUSTICE AND SPECIAL CONDITIONS JJ-2 GRANT AWARD FUND DATE: Department of Children, Youth and Families 1500 Jefferson Ave., CONTRACT#: SOURCE: Olympia,WA 98501 1-501-00519 State 7/1/2019 Proviso PROJECT TITLE: JDAI Implementation Fiscal Year 1 PROJECT PERIOD: 7/1/2019 to 6/30/2021 This grant award is subject to the approved budget that appears below and to the special conditions that appear below and/or are attached hereto and are incorporated herein. BUDGET CATEGORIES SOURCE OF FUNDS PERSONNEL $20,000 FEDERAL $0.00 0.00% SUPPLIES $1,000 SUBGRANTEE IN-KIND $0.00 0.00% MATCH OTHER SERVICES AND $1,500 PROJECT INCOME $0.00 0.00% CHARGES EQUIPMENT $500.00 OTHER FUNDS $24,500 100.0% CAPITAL/OUTLAY TRAVEL $1,000 CONTRACTUAL $500 INDIRECT $0.00 TOTAL BUDGET $24,500 TOTAL PROJECT FUNDS $24,500 100% SUBGRANTEE FINANCIAL OFFICER Mason County Juvenile Court Services Paula Thale, 360-427-9670 ext. 338 SIGNING AUTHORITY PROJECT DIRECTOR Mason County Commissioners Jim Madsen, 360-427-9670 ext. 332 SPECIAL CONDITIONS: 1. The next Progress Report is due: October 15,2019 2. Commencement Within 60 Days: If a project is not operational within 60 days of the original starting date of the grant period,the sub grantee must report by letter to the State the steps taken to initiate the project,the reasons for the delay,and the expected starting date. 3. Operational Within 90 Days: If the project is not operational within 90 days of the original start date of the grant period, the sub grantee must submit a second statement to the State explaining the implementation delay. Upon receipt of the 90-day letter,the state may cancel the project. Department of Children,Youth,and Families 2017CF County Program Agreement(12-14-2018) Page 13 Special Terms and Conditions EXHIBIT C—JDAI SITE IMPLEMENTATION BUDGET Fiscal Year 2 APPROVED BUDGET OFFICE OF JUVENILE JUSTICE AND SPECIAL CONDITIONS JJ-2 Department of Children, Youth and Families GRANT AWARD FUND DATE: 1500 Jefferson Ave., CONTRACT#: SOURCE: Olympia,WA 98501 1-501-00519 State 7/1/2019 Proviso PROJECT TITLE: JDAI Implementation Fiscal Year 2 PROJECT PERIOD: 7/1/2019 to 6/30/2021 This grant award is subject to the approved budget that appears below and to the special conditions that appear below and/or are attached hereto and are incorporated herein. BUDGET CATEGORIES SOURCE OF FUNDS PERSONNEL $20,000 FEDERAL $0.00 0.00% SUPPLIES $1,000 SUBGRANTEE IN-KIND $0.00 0.00% MATCH OTHER SERVICES AND $1,500 PROJECT INCOME $0.00 0.00% CHARGES EQUIPMENT $500.00 OTHER FUNDS $24,500 100.0% CAPITAL/OUTLAY TRAVEL $1,000 CONTRACTUAL $500 INDIRECT $0.00 TOTAL BUDGET $24,500 TOTAL PROJECT FUNDS $24,500 100% SUBGRANTEE FINANCIAL OFFICER Mason County Juvenile Court Services Paula Thale, 360-427-9670 ext. 338 SIGNING AUTHORITY PROJECT DIRECTOR Mason County Commissioners Jim Madsen, 360-427-9670 ext. 332 SPECIAL CONDITIONS: 4. The next Progress Report is due:October 15,2019 5. Commencement Within 60 Days: If a project is not operational within 60 days of the original starting date of the grant period,the sub grantee must report by letter to the State the steps taken to initiate the project,the reasons for the delay,and the expected starting date. 6. Operational Within 90 Days: If the project is not operational within 90 days of the original start date of the grant period, the sub grantee must submit a second statement to the State explaining the implementation delay. Upon receipt of the 90-day letter,the state may cancel the project. Department of Children,Youth,and Families 2017CF County Program Agreement(12-14-2018) Page 14 Special Terms and Conditions Department of Children,Youth,and Families 2017CF County Program Agreement(12-14-2018) Page 15