The URL can be used to link to this page

Home My WebLink About07. Approve Integrated Public Alert & Warning System Memorandum of Agrmt-City Send Emergency Alerts to Cellphones111 e -TA -1 10 APPROVED 13y CITY MANAGER TO: HONORABLE MAYOR AND MEMBERS OF THE CITY COUNCIL 7ROM: FIRE DEPARTMENT BY: MARK GILLASPIE, FIRE CHIEF q]=11 1 0 161V r -NI 14'WOM 114 kTh &71111106111 0 1 =1;9 ZION *01 California experienced massive fires in 2018-2019, which has led to the push to give local city government access to the Integrated Public Alert and Warning System (IPAWS) that has traditionally been limited to County, State and the Federal Government. IPAWS provides public safety officials with an effective way to alert and warn the public about serious emergencies using the Emergency Alert System (EAS), Wireless Emergency Alerts (WEA), the National Oceanic and Atmospheric Administration (NOAA) Weather Radio, and other public alerting systems from a singIC interface. An example of the system is Amber Alerts, which is used to alert the public about child abduction using the cellular tower connections. .I - Currently, the City of Downey has Downey Alerts, which is an opt -in system for residents to sign up for emergency alerts. The system currently has over 28,000 contacts, with approximately 26,000 contacts from the 911 database (landlines), and E,000 contacts provided by residents. To sign-up for the system, residents can register #nline; complete a paper application for manual entry; or text "downeyalerts" to 888777. Even so, the majority of Downey's 113,000 plus residents are not in the system. Access to IPAWS will allow the City of Downey to provide emergency alerts to people within Downey who have a cell phone, whether or not they have opted into Downey Alerts. This will allow the City to provide information to the public during emergencies more efficiently and effectively, reaching a larger population. Until access is gained into APPROVE THE IPAWS MEMORANDUM OF AGREEMENT TO ENABLE THE CITY TO SEND EMERGENCY ALERTS TO RESIDENTS' C ELLPHON ES AUGUST 27, 2019 2 IPAWS, the City will need to •: the County Sheriff Department to help •: out notifications on behalf of the City of Downey. Efficiency & Adaptability N- .,•rhood is Infrastructur Public Engagement ATTACHMENTS 0 -Memorandum of Agreement between the Federal Emergency Management Agency Integrated Public Alert and Warning System (IPAWS) Program Management Office Regarding the use of: City of Downey Interoperable System(s) and IPAWS OPEN Platform for Emergency Networks (IPAWS-OPEN) RIMAKOW-11i WARNING: This document is FOR OFFICIAL USE ONLY (FOLIO). It contains information that may beexempt from public release under the Freedom of Information Act (5 U.S.C. 552). It is to be controlled, stored, handled, transmitted, distributed, and disposed of in accordance with DHS policy relating to FOLIO information and is not to be released to the public or other personnel who do not have a valid "need -to -know" without prior approval of the FEMA Integrated Public and Warning System and the FEMA Disclosure Offices. H VAEMMIKIAMWO .......... . . . . . IPAWS Program regarding the utilization and security of City of Downey Interoperable System(s) (as shown in Appendix A), which interoperate with the IPAWS-Open Platform for • Networks (IPAWS-OPEN). The expected benefit is to enable information interoperability across emergency response organizations and systems as intended by the FEMA IPAWS Program. 111111011 4111111 0 11 HTTPS via the public internet. Under this agreement, no direct or networked connection using VPN or ui len technology) between the systems named in Appendix A and IPAWS-OPEN is allowed. In the event dir ct connection is required, an Interconnection Security Agreement must be executed. tillow-Hinullf"A Tne autnority or tffi-s--agreement IS based on the Communications Act ot 1 1�34, as amende-cf(W��g-.S-U-§--Ull,76Tdn-UT[i-e- implementation of regulation 47 C.F.R § I I which establishes the statutory basis under which the FEMA IPAWS Program operates emergency alerting systems. In addition, Executive Order 13407 of June 26, 2006, Public Alert and Warning System Executive Order states, "It is the policy • the United States to have an effective, reliable, integrated, flexible, and comprehensive system to alert and warn the American people ... establish or adopt, as aIrro•ri e. common ate ina jig j,jj i 4 12 rocedures-fog,*e nublic_- L 171W_11111j�! SISM111 Lit ClIUVIC kHLV11VP;U1dF,111Lj U1111 L11U NCULFU Ur.11;UFj U1 UVVIUMULCU 111UNNU&rS LU TFAMM""T people". In response, FEMA established the IPAWS Program Management Office (PMO) in April 2007. 4.0 BACKGROUND A��i endix B' , at both the mana eri i in writing • may i• disseminated by electronic means unless otherwise noted. MINIMUM INIM-1,0111 -.1 1 ot"jswin Inturop7rayuRl. 1 0 SUICgLUIU LDU Q011HUCHUMILY, HlLugruy, U11U UVUHUFUILy or Tue sysTeins ana Trie uata Y store, process, and transmit, both parties agree to provide notice of specific events within the timeframes indicated below: Security Incidents: Technical, administrative and/or help desk staff will ininiediateiv • their designated counterparts by telephone or e-mail when a security incident(s) is detected and/or a violation of the Rules of Behavior (see Appendix Q has been identified. Both parties agree to make the appropriate technical and administrative individuals available for all necessary inquiries and/or investigations. Containment and/or V4.2, June 20, 2019 resolution procedures will be documented by the identifying party and after action reports generated and the dent(s). • Disasters and Other Contingencies: The FEMA IPAWS Program Office will notify the COG by telephone, e- mail or other acceptable means in the event of a disaster or other contingency that disrupts the normal operation of IPAWS-OPEN. • System Interconnections: This MOA is intended for systems interoperating with IPAWS-OPEN using SOAP over HTTPS via the public Internet. If in the future, an interconnection (i.e. dedicated system -to -system connection) is required to IPAWS-OPEN, this MOA must be updated and an Interconnection Security Agreement (ISA) must be executed. If a change in status from interoperating to interconnected system is required, the initiating party will notify the other party at least 3 months before the planned interconnection isto be in place. • Discontinuation of Use: In the event the use of IPAWS-OPEN is no longer required, the COG agrees to immediately notify, in writing, the FEMA IPAWS Program Office at which time the COGID and associated access credentials will be deactivated. • Personnel Changes: Both parties agree to provide notification of changes to their respective system owner or technical lead. In addition, both parties will provide notification of any changes in the point of contact information provided in Appendix B. All relevant personnel changes and changes to contact information must be provided within 5 business days of the change. 6.0 TYPE OF INTERCONNECTIVITY Both parties agree that the COG will utilize only the assigned COGID, associated credentials and digital certificates provided by the FEMA IPAWS Program Office to support interoperability between the system(s) listed in Appendix A and IPAWS-OPEN. In addition, all interoperable systems must be configured to interface with IPAWS-OPENover the public Internet using only approved web service standards and associated requirements. A listing of approved web service standards and supporting requirements can be obtained from the IPAWS-OPEN Web Service Interface Design Guidance document. In the event, a dedicated connection is required, both parties will agree to negotiate and execute an Interconnection Security Agreement (ISA) as required per Department of Homeland Security (DHS) policy which must be signed by all required parties before the interconnection is activated. Proposed changes to either system that affect system interoperability will be reviewed and evaluated to determine the potential impact. If the proposed changes impact the agreed upon terms, the MOA will be renegotiated and executed before changes are implemented. 7.0 SECURITY To ensure the joint security of the systems and the message data they store, process, and transmit, both parties agree to adhere to and enforce the Rules of Behavior (as specified in Appendix Q. In addition, both parties agree to the following: • Ensure authorized users accessing the interoperable system(s) receive, agree to abide by and sign (electronically or in paper form) the IPAWS-OPEN Rules of Behavior as specified in Appendix C. Each jurisdiction is responsible for keeping the signed Rules of Behavior on file or stored electronically for each system user. • Utilize FEMA approved PKI certificates to digitally sign messages as they are transported over the public Internet. • Certify that its respective system is designed, managed and operated in compliance with all relevant federal laws, regulations, and policies. • Document and maintain jurisdictional and/or system specific security policies and procedures and produce such documentation in response to official inquiries and/or requests. 3 V4.2, June 20, 2019 FOR OFFICIAL USE ONLY H CONTROLLED UNCLASSIFIED INFORMATION • Provide physical security and system environmental safeguards for devices supporting system interoperability with IPAWS-OPEN. • Ensure physical and logical access to the respective systems as well as knowledge of the COGID and associated access criteria are only granted to properly vetted and approved entities or individuals. • Where applicable, ensure that only individuals who have successfully completed FEMA -required trainingean utilize the interoperable systems to issue alerts and warnings intended for distribution to the public. • Where applicable, document and maintain records of successful completion of FEMA -required training and produce such documentation in response to official inquiries and/or requests. 8.0 PROFICIENCY DEMONSTRATION Once enabled, each COG operating under this agreement must demonstrate their ability to compose and send a message through the IPAWS-OPEN system at regular intervals. Such demonstration must be performed on a monthly basis through generation of a message successfully sent through the IPAWS-OPEN Training and Demonstration environment. 9.0 ASSOCIATED SOFTWARE REQUIREMENTS The COG will need to select a software package which will allow the COG to properly populate a Common Alerting Protocol (CAP) message which complies with both the OASIS Common Alerting Protocol Version 1.2 and the OASIS Common Alerting Protocol, v. 1.2 USA Integrated Public Alert and Warning System Profile Version 1.0. With respect to the software and the software vendor selected FEMA expects the selected software to provide the following minimum critical capabilities and services: • Permissions: o The ability to assign and manage user permissions; and o The ability to retrieve and view IPAWS Alerting Permissions o The provision of vendor support, to include user training, and around the clock technical support; and o The ability to submit both live and test digital certificates, with clear, easily identifiable information that indicates the environment to which the software is pointed (Live or Test) • User Interface: o The provision of an intuitive user interface, to include help menus; and o The ability to notify the user of digital certificate expiration; and o The ability to constrain event types and geocodes to user permissions; and o The ability to send one alert to multiple channels; and o The provision of displays that show required fields based on selected channel; and o The ability to pre -populate fields to the greatest extent possible; and o The ability to support templates; and o The ability to create a polygon or circle, of less than 100 nodes; and o The ability to update or cancel an alert, without having to reenter all of the data; and o The ability to alert the end user if a software license has expired; and o Clear explanations if alert information is case sensitive when entered • Confirmation and Error Checking: o The ability to pre -check an alert message for errors, prior to sending; and o The ability to create free -form 90 -character WEA text, while preventing prohibited characters; and 4 V4.2, June 20, 2019 i I FESM, "41111 FIESIM,11119W11031111 WOMITURINIM o The provision to IPAWS of alert status codes for any sent alert, with a clear definition ofwhether the codes are advice codes or error codes, along with the meaning of those codes; and # The provision of user confirmation of connectivity to IPAWS; and # The ability for users to see alert history and/or logs This agreement does not authorize financial expenditures by the COG on behalf of FEMA. The FEMA IPAWS Program is responsible for the costs associated with developing, operating and maintaining the availability of the IPAWS-OPEN system. The COG is responsible for all costs related to providing their users with access to IPAWS- *PEN via the public Internet. These costs may include hardware, software, monthly Internet charges, completion of security awareness training and other related jurisdictional costs. Each Party agrees and acknowledges that nothing in this Agreement shall be construed as giving a party any �roprietary rights in or to the intellectual property of the other party. Each Party further agrees that nothing in this property of the other party. INUM"d A* MC Mlq— WCF-11 1% 1,91 V1 UILVI LIMM p) yeals k RIMMMIM cuillies MR), Mis agreement wM expire wanouf YuRnUr MAIM and system access privileges will be revoked. If the parties wish to extend this agreement, they may do so by reviewing, updating, and reauthorizing this agreement. This agreement supersedes all earlier agreements, which should be referenced above by title and date. If one or both of the parties wish to terminate this agreement prematurely, they may do so upon 30 days' advanced notice or in the event of a security incident that necessitates an immediate response. This agreement may be suspended by FEMA for failure to perform the Proficiency Demonstration for two consecutive months. A suspended COG may be reinstated upon a completion of a successful Proficiency Demonstration. I agree to the terms of this Memorandum of Agreement. Noncompliance on the part of either organization or its users or contractors concerning the policies, standards, and procedures explained herein may result in the immediate termination of this agreement. City of Downey Official Federal Emergency Management Agency Name: Rick Rodriguez IPAWS-OPEN System Owner Title: Mayor Name: Mark A. Lucero Title: Chief, IPAWS Engineering (Signature Date) (Signature Date) City of Downey Attn: IPAWS-OPEN System Owner, Suite 5NW-0309 11111 Brookshire Ave Federal Emergency Management Agency Downey, CA, 90241 500 C Street SW Washington, D.C. 20472-3153 APPROVED AST It�l Ct'rATTORNEY 6 V4.2, June 20, 2019 1WRINVAM ITM I a 1 -11-1 1 1 1 1 A - ff &-M&T, 01 1 Ir'll using more than one system. In order to comply with DHS policy, all systems interoperating with IPAWS-OPEN must be documented and supported by a Memorandum of Agreement. As a result thisfsendix must be completed to identify all systems associated with the COG and used for interoperating with IPAWS-OPEN. This Appendix must be amended as applicable systems are added or removed from operations. IPAWS-OPEN is the backbone system that structures the alert and distributes the Function: message from one interoperating and/or interconnected system (message sender) to another interoperating and/or interconnected system (message recipient). Location: Bluemont, VA; Clarksville, VA Description of data, Messaging data is considered Sensitive But Unclassified (SBU) information and does including sensitivity or not contain Personally Identifiable Information (PII), Financial data, Law classification level: Enforcement Sensitive Information or classified information. Each message that flows through the IPAWS-OPEN system will be associated to a specifically assigned system User ID and COGID as captured within the message elements. This information will be retained in system logs. tf I' toll"WO"IMAU•I I IPAWS-OPEN Web Service Interface Design Guidance. Everbridge '1!''' 1,11:1 , 'Al I V AMM. I A J sending public alerts for major events for disseminations to WEA/CMAS, EAS NWEM and Public Feed 11 Data is comprised of emergency public alert messages. FOR OFFICIAL USE ONLY // CONTROLLED UNCLASSIFIED INFORMATION Appendix B COG Point of Contact Information Designated COG Primary Point of Contact: Name: Rakdy Khlok Title: Emergency Manager Business Email Address: rkhlok@downeyca.org Primary Phone Number: 562-299-5462 Alternate Phone Number: 562-299-2984 Organization: City of Downey, Fire Department Mailing Address: 11111 Brookshire Ave., Downey, CA, 90241 Designated Alternate Point of Contact: Name: Mark Gillaspie Title: Fire Chief Business Email Address: mgillaspie@downeyca.org Primary Phone Number: 562-299-5464 Alternate Phone Number: 562-824-2988 Organization: City of Downey, Fire Department Mailing Address: 11111 Brookshire Ave, Downey, CA, 90241 Designated Technical Point of Contact: Name: Alvin Lam Title: IT Director Business Email Address: Alam@downeyca.org Primary Phone Number: 562-299-7266 Alternate Phone Number: 562-419-1689 Organization: City of Downey, Finance Department, IT Division Mailing Address: 11111 Brookshire Ave., Downey, CA, 90241 8 V4.2, June 20, 2019 'P'9VM1#VY"&MW?1MM I FTNE FEMA: Integrated Public Alert and Warning System 40pen Platform for Emergency Networks (IPAWS-OPEJ i Contact Name COTtOCtUuTrber Mark Lucero LIM: n in, INKIRK, M-1 lytwaive.hutchinson@fema.dhs.gov togai.andrews@fema.dhs.gov mark.lucero@fema.dhs.gov gary.ham@associates.fema.dhs.gov Gustavo Barbet 202-212-3586 gustavo.barbet@associates.fema.dhs.gov Neil Bourgeois 703-732-6331 neil.bourgeois@associates.fema.dhs.gov 9 V4.2, June 20, 2019 Summary of System Responsibilities I Chief Information Officer, FEMA Chief Information Security Officer System Owner FEMA PMO - IPAWS- OPEN FEMA ISSO - IPAWS- OPEN FEMA-EADIS IPAWS- OPEN Tech Lead Appendix C a [11 MWIMIT111f 6 -YR -OW I text messaging systems (e.g., Blackberry), and plug-in and wireless peripherals that employ removable media (e.g. CDs, DVDs, etc.). PEDs also encompass USB flash memory (thumb) drives, external drives, and diskettes. These Rules of Behavior are consistent with existing DHS policies and DHS Information Technology (IT) Security iirectives and are intended to enhance the awareness of each user's responsibilities regarding accessing, storing, receiving and/or transmitting information using IPAWS-OPEN. 2.0 APPLICATION RULES 2.1 Official Use * IPAWS-OPEN is a Federal application to be used only in the performance of the user's official duties in support of public safety as described in the National Incident Management System (NIS). • The use of the IPAWS-OPEN for unauthorized activities is prohibited and could result in verbal or written warning, loss of access rights, and/or criminal or civil prosecution. • By utilizing IPAWS-OPEN, the user of the interoperable system(s) consents to allow system monitoring to ensure appropriate usage for public safety is being observed. • City of Downey will be held accountable for safeguarding all configuration items and information entrusted to them by FEMA. City of Downey is expected to manage the relationship with supporting vendors, consultants and any other entities providing system support on their behalf. In addition, City of Downey will be held accountable in the event of a security breach or disclosure of sensitive configuration information such as digital certificates. City of Downey understands that the use of digital signatures, used on their behalf, is binding and City of Downey will be held accountable accordingly. In the event sensitive information is mishandled, utilization of IPAWS-OPEN may be immediately revoked by FEMA. • If software interoperating with IPAWS-OPEN enables users to geo-target public alert messages by means of geospatial polygons or circles, then the user shall restrict any such geospatial boundaries so as to remain within the geographical limits of their public warning authority (or as near as possible), as determined by applicable state and/or local laws and duly adopted operational plans. 2.2 Access Security • All Email addresses provided in connection with interoperable system(s) user accounts must be associated to an approved email account assigned by the user's emergency management organization. The use of personal email accounts to support emergency messaging through IPAWS-OPEN is prohibited. • Upon approval of the MOA by FEMA, a COG account with COGID and Digital Certificate will be created and issued to the designated technical representative. All individuals with knowledge of these credentials must not share or alter these authentication mechanisms without explicit approval from the FEMA IPAWS Program. 10 V4.2, June 20, 2019 FOR OFFICIAL USE ONLY H CONTROLLED UNCLASSIFIED INFORMATION • Every interoperable system user is responsible for remote access security as it relates to their use of IPAWS-OPEN and shall abide by these Rules of Behavior. 2.3 Interoperable System User Accounts and Passwords • All users must have a discrete user account ID which cannot be the user's social security number. To protect against unauthorized access, passwords linked to the user ID are used to identify andauthenticate authorized users. • Accounts and passwords shall not be transferred or shared. The sharing of both a user ID and associated password with anyone (including administrators) is prohibited. • Accounts and passwords shall be protected fromdisclosure and writing passwords down or electronically storing them on a medium that is accessible by others is prohibited. • The selection of passwords must be complex and shall: o Be at least eight characters in length o Contain a combination of alphabetic, numeric and special characters o Not the same as any of the user's previous 8 passwords. • Passwords shall not contain any dictionary word. • Passwords shall not contain any proper noun or the name of any person, pet, child, or fictional character. Passwords shall not contain any employee serial number, Social Security number, birth date, phone number, or any information that could be readily guessed about the creator of the password. • Passwords shall not contain any simple pattern of letters or numbers, such as "qwerty" or "xyz123". • Passwords shall not be any word, noun, or name spelled backwards or with a single digit appended, or with a two -digit "year" string, such as 98xyz123. • Pass phrases, if used in addition to or instead of passwords, should follow the same guidelines. • Passwords shall not be the same as the User ID. • Users shall either log off or lock their workstations when unattended. • Workstations shall be configured to either log off, or activate a password -protected lock, or password - protected screensaver within fifteen (15) minutes of user inactivity. • Locked sessions shall remain locked until the user re -authenticates. • Workstations shall be protected from theft. • A user's account shall be automatically locked after three consecutive failed logon attempts. • The automatic lockout period for accounts locked due to failed login attempts shall be set for a minimum of twenty (20) minutes. • A process shall exist for manually unlocking accounts prior to the expiration of the twenty (20) minute period, after sufficient user identification is established. • Sessions shall automatically be terminated after sixty (60) minutes of inactivity. • Users are required to change their passwords at least once every 90 days. 11 V4.2, June 20, 2019 FOR OFFICIAL USE ONLY // CONTROLLED UNCLASSIFIED INFORMATION • Passwords must be promptly changed whenever a compromise of a password is known or suspected, 2.4 Integrity Controls & Data Protection • All computer workstations accessing IPAWS-OPEN must be protected by up-to-date anti-virus software. Virus scans must be performed on a periodic basis and when notified by the anti-virus software. • Users accessing interoperable system(s) to utilize IPAWS-OPEN must: * Physically protect computing devices such as laptops, PEDs, blackberry devices, smartphones, etc; * Protect sensitive data sent to or received from IPAWS-OPEN; * Not use peer-to-peer (P2P) file sharing, which can provide a mechanism for the spreading of viruses and put sensitive information at risk; Not program computing devices with automatic sign -on sequences, passwords or access credentials when utilizing IPAWS-OPEN. Users may not provide personal or official IPAWS-OPEN information solicited by e-mail. If e-mail messages are received from any source requesting personal information or asking to verify accounts or other authentication credentials, immediately report this and provide the questionable e-mail to the Local System Administrator and/or the City of Downey Help Desk. • Only devices officially issued through or approved by DHS, FEMA and/or approved emergency management organizations are authorized for use to interoperate with IPAWS-OPEN and use ofpersonal devices to access and/or store IPAWS-OPEN data and information is prohibited. • If a Blackberry, smartphone or other PED is used to access the interoperable system(s) to utilize IPAWS- OPEN, the device must be password protected and configured to timeout or lock after 10 minutes of inactivity. • If sensitive information is processed, stored, or transmitted on wireless devices, it must be encrypted using approved encryption methods. 2.5 System Access Agreement • 1 understand that I am given access to the interoperable system(s) and IPAWS-OPEN to perform my official duties. • I will not attempt to access data, information or applications I am not authorized to access nor bypass access control measures. • 1 will not provide or knowingly allow other individuals to use my account credentials to accessthe interoperable system(s) and IPAWS-OPEN. • To prevent and deter others from gaining unauthorized access to sensitive resources, I will log off or lock my computer workstation or will use a password -protected screensaver whenever I step away from my work area, even for a short time and I will log off when I leave for the day. • To prevent others from obtaining my password via "shoulder surfing", I will shield my keyboard from view as I enter my password. • 1 will not engage in, encourage, or conceal any hacking or cracking, denial of service, unauthorized tampering, or unauthorized attempted use of (or deliberate disruption of) any data or component within the interoperable system(s) and IPAWS-OPEN. • 1 agree to inform my Local System Administrator when access to the interoperable system(s) and/or 12 V4.2, June 20, 2019 I agree that I have completed Computer Security Awareness training as maybe required by myjurisdiction prior to my initial access to the interoperable system(s) and •A -OP and that as long as I have continued access, I will complete Computer Security Awareness training on an annual basis. If my jurisdiction does not provide Computer Security Awareness training, I will complete the FEMA self -study course IS -906: Workplace Security Awareness (https://training.fema.gov/is/courseoverview.aspx?code=IS- 906) on an annual basis. 2.6 Accountability a I understand that I have no expectation of privacy while using any services or programs interoperating with IPAWS-OPEN. 0 1 understand that I will be held accountable for my actions while accessing and using interoperable system(s) and IPAWS-OPEN, including any other connected systems and IT resources. 0 1 understand it is my responsibility to protect sensitive information from disclosure to unauthorized persons or groups. a I understand that I must comply with all software copyrights and licenses pertaining to the use of IPAWS- OPEN. 2.7 Incident Reporting or 'd NJ 11 1FAU Ir I have read and agree to comply with the requirements of these Rules of Behavior. I understand that the terms of this agreement are a condition of my initial and continued access to City of Downey Interoperable System(s) and IPA WS -OPEN and related services and that if Ifail to abide by the terms of these Rules of Behavior, my access to any and all IPA WS -OPEN information systems may be terminated and I may be subject to criminal or civil prosecution. I have read and presently understand the above conditions and restrictions concerning my access. Printed Name (as listed in Appendix 13): Signature: _�, Date: 13 V4.2, June 20, 2019 •• r • • �r r r r• • agree that I have completed Computer Security Awareness training as mayberequired by my jurisdiction prior to my initial access to the interoperable system(s) and IPAWS-OPEN and that as long as I have continued • 1lete Computer Security Awareness training on an annual basis. jurisdiction does not provide Computer Security Awareness training, I will complete the FEMA self -study course IS -906.- Workplace Security Awareness (https:Htraining.fema.gov/is/courscoverview.aspx?code—IS- 'II on basis. a I understand that I have no expectation of privacy while using any services or programs interoperating with IPAWS-OPEN. • 1 understand that I will be held accountable for my actions while accessing and using interoperable system(s) and IPAWS-OPEN, including any other connected systems and IT resources. • I understand it is my responsibility to protect sensitive information from disclosure to unauthorized persons or groups. • I understand that I must comply with all software copyrights and licenses pertaining to the use of IPAWS- OPEN. 2.7 Incident Reporting I wi I] promptly report IT security incidents, or any incidents of suspected fraud, waste or misuse of systems to the Local System Administratorand/or the City of Downey Help I have read and agree to comply with the requirements of these Rules of Behavior. I understand that the terms of this agreement are a condition of my initial and continued access to City of Downey Interoperable System(s) and IPA WS -OPEN and related services and that if 1 fail to abide by the terms of these Rules of Behavior, my access to any and all IPA WS -OPEN information systems may be terminated and I may be subject to criminal or civil prosecution. I have read and presently understand the above conditions and restrictions concerning y access. Printed Name is list n App di, 41 ; l4 Signature: J Date: / 13 V4.2, June 20, 2019 i• • ' i i `i � ! i tri it • •, •` -r -• I agree that I have • i_i Computer Security Awareness training as maybe requiredrjurisdiction prior to my initial access to the interoperable system(s) and [PAWS -OPEN and that as long as I have continued access, I will complete Computer Security Awareness training on an annual basis. If my jurisdiction does not provide Computer Security Awareness training, I will complete the FEMA self -study course IS -906: Workplace Security Awareness (https://training.fema.gov/is/courseoverview.aspx?code=lS- rl basis. .6 Accountability i I understand that I have no expectation of privacy while using any services or programs interoperating with IPAWS-OPEN. 0 1 understand that I will be held accountable for my actions while accessing and using interoperable system(s) and [PAWS -OPEN, including any other connected systems and IT resources. a I understand it is my responsibility to protect sensitive information from disclosure to unauthorized persons or groups. * I understand that I must comply with all software copyrights and licenses pertaining to the use of IPAWS- OPEN. 1 will promptly r-incidents,or of • fraud, waste or of - to the Local System Administrator and/or the City of Downey Help Desk. 1 1 1!1' / 1!1111 1 Y i have read a a + a Behaviorunderstand a of e a a i r of a and continued access to City of Downey Interoperable '• WS -OPEN and related set -vices and that if Ifail to abidee Rules of Behavior, a any and all PA WS -OPEN informationa 'a and I may be subject to criminal or civil prosecution. I havea andpresentlyunderstand the aboveconditions a restrictions concerning Printed Name (as h. tedin v ppendix B):, c Il( Signatu. # 4;/)�I72tlaV ?3- A rj.: , 1 13 V4.2, June 20, 2019 Emergency Management Institute N RM&W .01 This Certificate of Achievement is to acknowledge that has reaffirmed a dedication to serve in times of crisis through continued r�rofessional development and completion of the independent study course: IS -00247.a Integrated Public Alert and Warning System (IPAWS) Issued this 12th Day of August, 2019 Michael J. Sharon cmz�u� Deputy Superintendent A C ET 0.2 IACET CEU TTr— Emergency Management Institute Federal Emergency Management Agency Emergency Management Institute Z�° j y P� �RVtj Z. 0 This Certificate of Achievement is to acknowledge thl has reaffirmed a dedication to serve in times of crisis through continued professional development and completion of the independent study course: IS -00247.a Entegrated Public Alert and Warning System Issued this 12th Day ofAugust, 2019 A C-1 0.2 IACET CEU Michael J. Sharon Deputy Superintendent Emergency Management Institute Federal Emergency Management Agency