The URL can be used to link to this page

Home My WebLink AboutReports - 2024.03.14 - 41097 AGENDA ITEM: Purchase of County-Wide Digital Asset Management Application from MediaValet DEPARTMENT: Information Technology MEETING: Board of Commissioners DATE: Thursday, March 14, 2024 9:30 AM - Click to View Agenda ITEM SUMMARY SHEET COMMITTEE REPORT TO BOARD Resolution #2024-3916 Motion to approve the one-time appropriation and transfer of $31,000 from the General Fund Non- Departmental Transfers (9090101) Technology Projects-One Time (760180) to the Information Technology Fund (#63600) for the Digital Asset Management Application Replacement Project; further, that the Fiscal Year 2024 Budget shall be amended as reflected in the attached Schedule A – Budget Amendment. ITEM CATEGORY SPONSORED BY Budget Amendment Gwen Markham INTRODUCTION AND BACKGROUND The Department of Public Communications is spearheading an initiative to modernize the process and technology of managing digital assets across the County. The goal is to implement a market leading solution to streamline the creation, management, and distribution of County graphics, images, documents, and videos. The solution will protect the integrity of the brand, increase collaboration and adoption countywide, while also making it easier to ingest and share county branded assets with external partners. MediaValet is a leading name in the digital asset management industry. MediaValet is the only Digital Asset Management (DAM) solution that offers an annual cost that is less than what was previously paid for six months of our current solution. In addition, the cost comes in at only a third of the cost required for other solutions. Aside from cost, MediaValet’s robust permission and access controls allow for the meticulous management of who can view, download, and edit assets, ensuring that only brand-compliant materials are disseminated. It offers unlimited users (at no extra cost), as well as unlimited support and training. MediaValet will enable Oakland County to maintain a consistent brand image across all platforms and touchpoints with the use of branded portals, advanced search, and AI-powered tagging (auto tagging, facial recognition, forensic watermarking, and auto-generated transcripts in 60 languages). In addition, MediaValet offers industry-leading integrations into 3rd party applications that are currently utilized by Oakland County users like Adobe Creative Suite, Microsoft 365, Okta, and WordPress. MediaValet is the only DAM built exclusively on Microsoft Azure and offers enterprise- level security, including data encryption and SOC 2 certification. It is currently ranked as the #1 DAM vendor for security by SecurityScorecard with a score of 99/100. Based on the 2024 DAM Trends Report, MediaValet customers spend over 60% less time searching for assets, responding to asset requests, and recreating assets. This allows for stronger brand consistency, improved productivity, better team collaboration, and cost savings on asset creation. In summary, implementing this solution will allow for cost savings, enterprise-level security, stronger brand consistency, improved productivity, and better team collaboration. MediaValet will save the County money within the first month of implementation (just under $2,000 per month compared to our current solution) and provide a much needed functional, innovative, and integrated system for our DAM users and partners. BUDGET AMENDMENT REQUIRED: Yes Committee members can contact Michael Andrews, Policy and Fiscal Analysis Supervisor at 248.425.5572 or andrewsmb@oakgov.com or the department contact persons listed for additional information. CONTACT Teresa Recinto Rod Davenport, Chief Information Officer ITEM REVIEW TRACKING Aaron Snover, Board of Commissioners Created/Initiated - 3/14/2024 AGENDA DEADLINE: 03/14/2024 9:30 AM ATTACHMENTS 1. Schedule A - Budget Amendment 2. MediaValet - Oak 0415_APPENDIX A - RESPONSE TEMPLATE - Digital Asset Management Application 3. MediaValet - Quote For Oak 0415 - Digital Asset Management RFP 4. Oak 0415 - Digital Asset Management Application Score Card COMMITTEE TRACKING 2024-03-06 Finance - Recommend to Board 2024-03-14 Full Board - Adopt Motioned by: Commissioner Philip Weipert Seconded by: Commissioner Linnie Taylor Yes: David Woodward, Penny Luebs, Karen Joliat, Kristen Nelson, Christine Long, Robert Hoffman, Philip Weipert, Gwen Markham, Angela Powell, William Miller III, Yolanda Smith Charles, Charles Cavell, Ajay Raman, Ann Erickson Gault, Linnie Taylor (15) No: None (0) Abstain: None (0) Absent: Michael Spisz, Marcia Gershenson, Brendan Johnson, Michael Gingell (4) Passed Oakland County, Michigan INFORMATION TECHNOLOGY - BUDGET AMENDMENT REQUEST FOR COUNTY-WDE DIGITAL ASSET MANAGEMENT APPLICATION Schedule "A" DETAIL R/E Fund Name Division Name Fund # (FND)Cost Center (CCN) # Account # (RC/SC) Program # (PRG) Grant ID (GRN) # Project ID # (PROJ) Region (REG) Budget Fund Affiliate (BFA) Ledger Account Summar y Account Title FY 2024 Amendment E General Fund Non Departmental Transfers FND10100 CCN9090101 SC760180 PRG196030 760000 Technology Projects-One Time $(31,000) E General Fund Non Departmental FND10100 CCN9010101 SC788001 PRG196030 BFA63600 788001 Transfer Out – IT $31,000 Total Expenditures $- R Information Technology IT Administration FND63600 CCN1080101 RC695500 PRG152000 BFA10100 895500 Transfer In - Gen Fund $31,000 Total Revenue $31,000 E Information Technology Application Services FND63600 CCN1080201 SC730373 PRG152010 730000 Contracted Services $31,000 Total Expenses $31,000 Event #0415 Oak 0415 Digital Asset Management Appendix A- Response Template Failure to complete ALL eight (8) tabs of this form shall result in your Proposal being deemed nonresponsive and rejected without any further evaluation. BUSINESS MODEL RESPONSE TABLE Number 1 2 3 4 Bidder NOT to alter any cells and to complete all cells marked as > Bidder Name Bidder Contact Information (Name, Email, Phone) Bidder agrees to the County's contract template provided as written and, if you are a reseller, all reseller obligations in the solicitation and RFP. YES or NO Bidder provided copy of "current" proof of insurance (acord). YES or NO Bidder to confirm will PROVIDE DOCUMENTATION OF REQUIRED INSURANCE UPON AWARD which meets requirements stated in Insurance Exhibit in the County's contract template provided. YES or NO Requirement Bidder provides a sustainable business model supporting use of the Bidder’s products and/or services through a five-year period. Include in this description any proposed changes in offerings that will occur over this period. Bidders must identify if they currently participate in any existing government application store, service portal, or marketplace. Will any services in the proposal be subcontracted? YES or NO If yes, provide a description of the subcontracting organization and the contractual arrangements made therewith. Event #0415 Oak 0415 Digital Asset Management Appendix A- Response Template Failure to complete ALL eight (8) tabs of this form shall result in your Proposal being deemed nonresponsive and rejected without any further evaluation. BUSINESS MODEL RESPONSE TABLE Bidder must identify if they currently provide products and/or services to Oakland County or State of Michigan Departments, Divisions or Agencies, or cities, villages or townships located within the State of Michigan. Explain. MediaValet Inc Evan van Niekerk - evan.vanniekerk@mediavalet.com - +1 778 997 8147 It is our policy to not review legal contacts at this phase of RPFs in order to avoid incurring additional legal cost so that we can continue to offer the lowest price possible to our prospective customers. Once the proposal has been reviewed and if MediaValet is identified as shortlisted we are more than happy to review any contracts. We would also like to suggest that our MSA be the governing document for any potential contract as it is specifically built for a SaaS DAM contract. Yes Yes Response or name of attachment MediaValet’s business model is built on sustainable growth and profitability for our shareholders, employees and customers. Our Company is projected to generate free cash flow in Q4-23 and on annual basis for the next five years and during that same period continue to invest significantly in our innovative, market leading solutions ($147 million invested to date). MediaValet has access to an existing $9 million credit facility and as a publicly traded company on the Toronto stock exchange has further access to growth and working capital should the Company’s board and existing shareholders deem appropriate. No No Event #0415 Oak 0415 Digital Asset Management Appendix A- Response Template Failure to complete ALL eight (8) tabs of this form shall result in your Proposal being deemed nonresponsive and rejected without any further evaluation. No SOLUTION REQUIREMENTS RESPONSE TABLE Number Requirements and Questions 1.0 - General Information 1.1 Web-based User Interface – DAM solution is entirely web-based, with no client-side applications, downloads, or installations. 1.2 Branding – Ability to implement branding and customize the user interface. 1.3 Smartphone and Tablet Support – Supports touch-based interfaces on smartphones and tablet devices. 1.4 Digital Media Files - Various formats include photos and other images (logos, wordmarks, service marks, etc.), audio files, and multimedia video files used throughout the County. Supports file formats that include GIF, EPS, PNG, JPG, PDF, PPT, AI, SVG, WAV, MOV, MP4, MP3, SWF, FLV, etc. 1.5 Cloud Hosting – If cloud provider: The vendor provides a secure and scalable hosting solution. Assets must be stored in United States. 1.6 High Availability – The DAMA system operates 24 hours / 7 days a week / 365 day a year with application availability of 99.999% excluding predefined maintenance windows. 1.7 Outages – The vendor will notify the County of any planned outages or maintenance. The vendor will monitor the system and provide identification, notification, and resolution of any unplanned outages. 1.8 Backup – The vendor will identify the redundancy and data backup procedures of the DAM solution. 1.9 Administration – The DAM system must include the ability to maintain user accounts. 1.10 Authentication and Role-Based Access – The DAMA system must be able to utilize Oakland County’s Active Directory accounts. 1.11 Data Management – Explain how the solution functions regarding file transfer (file upload/download to and from the DAMA system) including any features that support mass file transfer. 1.12 Batch Processing – Ability to perform operations on multiple files or groups of files. 1.13 Version Control – Check in/Check out of assets, retain older versions of files, file tracking, etc. 1.14 Data Archiving – Explain how the solution handles the automatic or defined archiving or deletion of data, based on rules, expiration dates or other criteria. Is there a sunset function – how is it controlled? 1.15 Group/Ungroup – Ability to store assets in sets or groups. 1.16 Watermarking – Ability to automatically apply a watermark to copyrighted image files and videos. 1.17 Data Identification – Explain how the solution supports the use of metadata to identify assets. Will metadata transfer with assets at time of implementation? 1.18 Data Access/Searching – Explain how the solution enables browsing or searching assets, including features that enable searching by various criteria/metadata. 1.19 Data Sharing – Explain how the solution handles data sharing, including any features that support protected data sets. 1.20 Email Integration – Provides the ability to email assets as attachments or by providing link in email. 1.21 File Type Restrictions – Ability to restrict/reject specific file types. 1.22 File Size Restrictions – Ability to restrict/reject specific file sizes. 1.23 Embed Codes – Ability to create embed code for images. 1.24 Lightbox Function – Ability to create tagged galleries and send to others not in the system. Ability to sort by date and creator as well as alpha. 1.25 Caption – Ability to custom caption a record and easily edit after saving. 1.26 Image View – Ability to see tiled view of assets. 1.27 Image Edit – Ability to use quick edit features (lighten at 10%, darken at 10%, etc.). 1.28 Audio and Video Management – Explain how the solution stores and displays audio and video files, including any features that support file editing, file type conversion, thumbnail generation, preview/playback, etc. 1.29 File Transformation – Ability to perform automatic file type conversions or resizing. 1.30 Thumbnail Generation – Ability to automatically generate thumbnail images. Ability to auto-zoom when viewing. 1.31 Workflow – Ability to control assets through workflow approval process. 1.32 Download Formats – Ability to choose download format - GIF, EPS, PNG, JPG, PDF, PPT, AI, SVG, WAV, MOV, MP4, MP3, SWF, FLV, etc. 1.33 References - Provide three references of similar government entities currently using your solution. Include entity name, contact name, email and phone number. References will be contacted to ensure vendor/solution skills match those of the proposal and the requirements noted in the RFP. 2. TECHNICAL REQUIREMENTS RESPONSE TABLE Number Requirements and Questions 2.1 - Data Protection and Recovery 2.1.1 Describe data protection and recovery functionality provided by the proposed solution. 2.2 - System Management 2.2.1 Describe, if any, software or tools available to continually monitor performance. 2.3 - Support 2.3.1 The vendor provides ongoing 24 hour / 7 days a week support. This includes core helpdesk/phone support during business hours Monday through Friday. 2.3.2 Describe support model, how inquiries from Oakland County are handled. Example: Initial call taken by Help Desk, return call from tech in 15 minutes. 2.3.3 Describe escalation process/procedures and expectations for service. Example: If a level 1 tech can't help or answer a question, how is this issue escalated and what are the timelines? Can the parent company be involved with an issue? Is so, describe procedures and expected timelines. 2.3.4 Describe how software, OS, and firmware upgrades are released and installed. What is the typical frequency of these releases? 2.3.5 Indicate if an active support contract is necessary to receive updates. 2.3.6 Describe the support provided in the event of a disaster that required the replacement of the entire proposed system. 2.3.7 Indicate if any components of the proposed solution are exempted or excluded from the provided SLA. 2.4 - Integrations 2.4.1 List platforms that the solution has native integration capabilities with. 2.4.2 Are there other integration opportunities with your software with: A. Adobe Creative Cloud B. Microsoft Office (Word, PowerPoint, Publisher) C. Asana D. Others of importance 2.5 - Automation / API Capabilities 2.5.1 What, if any, automation capabilities or modules are compatible with your system (e.g. Ansible, Chef, Puppet, etc.) 2.5.2 Provide details or link to documentation for any API that the proposed solution exposes for general management and automation. 2.6 - Reporting and Alerts 2.6.1 Provide sample default reports that are generated by the solution and describe the method they are generated and made available to the administrators. 2.6.2 Explain how the solution handles reporting functions, including any features that provide statistics such as number of assets by file type and usage statistics. Explain the extent to which the solution provides audit reports for all user and administrator activity. 2.7 - Additional Features and Capabilities 2.7.1 If applicable, list or provide documentation for any value-added functions or capabilities. 2.7.2 Provide documentation for any required functionality that must be custom developed in their core product to meet the requirements of the RFP. If a required feature must be custom developed, Bidders must describe and clearly identify the feature, and if there is an additional fee, the cost in Tab 5.1 Price Proposals. 2.8 - Funding Models 2.8.1 Provide details on available procurement models available for the proposed solution. Include costs for these options in worksheet 5.1 - Price Proposal Content, or alternate cost proposal worksheets. Bidder NOT to alter any cells and to complete all cells marked as > Bidder Name Existing Capability (Y/N) Yes Yes Yes Yes Yes Yes Yes Yes 1.0 - General Information Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No No Yes Yes Yes Yes No Yes Yes Yes Yes Meets Requirement / Existing Capability (Y/N) Yes Yes 2. TECHNICAL REQUIREMENTS RESPONSE TABLE 2.1 - Data Protection and Recovery 2.2 - System Management 2.3 - Support Yes Yes No No 2.4 - Integrations Yes Yes Yes 2.5 - Automation / API Capabilities 2.6 - Reporting and Alerts Yes 2.7 - Additional Features and Capabilities 2.8 - Funding Models MediaValet Inc Comments and Responses Yes. MediaValet is a 100 percent cloud-based SaaS solution built on Microsoft Azure which users access via their web browser. The DAM can be customized/branded to meet the customers preferences and customers can set up multiple instances with separate branding if necessary. Yes. MediaValet is optimized for mobile use. So users will be able to access the DAM with any mobile device so long as they have access to the internet. The MediaValet DAM can store any file type with in system preview-ability for over 200. The full list of preview-able file types can be provided upon request. MediaValet is 100 percent cloud based, hosted on Microsoft Azure. Users can chose which data center region their data is stored within. There are multiple options within the United States. Planned outages are extremely rare. If that happens, your Success Manager will reach out to you. We deploy multiple times a day and there's no disruption in our services so no notification is required to be sent to users. Please refer to our Disaster Recovery and Backup Policy/Plan attached. 1.0 - General Information Customers have full control over the provisioning, management, and maintenance of their user accounts. All customers receive an unlimited amount of both users and custom user groups. The access/permission settings of these groups is fully customizable based on all areas of the DAM and all features and functionality. So, when users log in, they will only be able to see and do what they are mean to see and do. Like other SaaS tools, an Identity Provider (IdP) is required in order to set up an Active Directory integration. MediaValet SSO supports IdPs that use either SAML 2.0 or Open ID authentication protocols, including Azure Active Directory, Okta, etc. The SSO integration can be set up to receive user profile details such as Groups, Departments, and Addresses from the directory service. The authorization policy can then be created to authenticate (and, if necessary, provision) users based on any combination of profile variables. The authorization policy also assigns MediaValet user groups to users based on the rules defined, so that DAM access/authorization is determined based on current settings in the directory service. User provisioning (creation) happens automatically with MediaValet’s authorization rules engine: when a user tries to log in for the first time and they meet the requirements defined in the authorization policy, an account is created for them during this first login attempt thanks to JIT (Just In Time) provisioning. Upload When it comes to the initial migration of assets, the MediaValet team will handle the move of assets into the new system. After this approved users will be able to upload assets directly within the system via the upload section. When it comes to mass upload we offer a desktop based tool built for larger jobs. Download Approved users will be able to download assets simply by selecting the assets they need and clicking download. If a mass download is needed the MediaValet support team can help facilitate. User cam upload, download, share, and edit asset metadata in bulk When an asset is updated it will replace the previous version of the asset without altering the existing metadata. Previous versions can be seen in the version history tab and users with the permission setting to do so can revert back to previous versions. Users can check asset in and out as needed. While checked out they will be locked for other users until check back in. We currently offer cold storage at a significantly reduced cost per TB for archival of assets. These assets will still be searchable and preview-able in a reduced quality but will take up to 24 hours to retrieve for normal use. When it comes to an automation process for archiving, this is not currently a core feature but it can be set up and arranged with the help of your CSM. Archival automation is an item being discussed for development. When it comes to a sunset feature customers can set expiration dates for assets, so that once the date is reached they will be removed from their categories and placed in a separate area for admin review. They will not be deleted automatically, the admin will have to complete the review and delete the assets manually. Assets are structured in a familiar cascading folder structure, however folders are called categories within the system. The main difference is that these categories are not actually physical bins, but instead metadata tags. So a single asset can be tagged to multiple categories so that it can reside in multiple locations without being duplicated, ensuring a single source of truth. When an asset us updated it is updated in all of the categories in which it is tagged. Users can also create custom groups of assets, called LightBoxes in the system, that they can keep private or share for collaboration.Watermarks can be applied to assets to prevent unauthorized use. These can be in the form or normal, visible, water marks or forensic watermarks which will allow the customer to track the exact point of violation should an asset be leaked or used inappropriately. All of the metadata described below will be searchable. AI Generated Metadata All assets that are uploaded into the DAM will automatically have a large amount of metadata added to it via AI. This information includes: – Common Objects – Colors – In image text – Demographic information – Age – Gender – Mood All of this metadata is searchable. We have also recently added face recognition which can be taught to recognize and automatically tag specific people within photos. On top of this MediaValet offers an Audio/Visual Intelligence feature that can be applied to assets. This tool will: – Highlight all common objects with time stamps for where they appear – Transcribes all spoken word which can be made into closed captions, downloaded and translated into over 60 languages – Recognize and identify people and provides time stamps for when they appear. Manual Metadata Users can also add metadata manually at the time of upload or anytime after based on the custom metadata schema that MediaValet will help the Oakland County team define during onboarding. Existing Metadata Metadata that is already attached to assets outside of MediaValet can be mapped into the system with them during onboarding. There are several different ways that users can search for assets. – They can search manually using the cascading category structure to search for assets if they know generally where they are located and what they are looking for. – They can use the google-style search bar to locate assets. This search bar will use the entered text to search on all metadata attached to assets and supports Boolean operators such as: and, or and not. – They can use the Advanced Search function to locate assets based on: File Type, Rating, Status, Events and Dates, Action and User, Colors, Text, Transcript, People, and Custom Attributes. This can be used side by side with the search bar to filter the results more granularly. Searches can also be pinned for future use and shared for collaboration. All in document text will automatically be captured as metadata and the ability to include as a part of the searched metadata is a feature that can be easily togged on and off by users as necessary. All data is shared via our API and user credentials are used to enforce access-rights. Our built- in reporting module can typically perform most tasks needed by a DAM administrator effectively, thus removing the need for any data sharing. Custom reports can be generated by a DAM administrator by making a special request to our CS team. Yes. Users are able to share either single or collections of assets called web galleries directly via email from within the system or by generating a URL that can be shared. These web galleries can be protected with view only status, watermarks, and expiration dates. Currently there is no way to restrict what assets can be uploaded based on file type. Who can upload assets and where they can upload them to are settings that can be controlled. To ensure that only approved assets are entering the DAM, an approval process can be added where administrators will need to approve assets before upload is competed. If acceptable the asset can be approved and ingested into the DAM, if not it can be rejected and sent back to the user who uploaded it with notes attached. If this option is used, a notification will be sent to the administrator when new assets are ready for review. This can be set for some users and not others. Currently there is no way to restrict what assets can be uploaded based on file size. Who can upload assets and where they can upload them to are settings that can be controlled. To ensure that only approved assets are entering the DAM, an approval process can be added where administrators will need to approve assets before upload is competed. If acceptable the asset can be approved and ingested into the DAM, if not it can be rejected and sent back to the user who uploaded it with notes attached. If this option is used, a notification will be sent to the administrator when new assets are ready for review. This can be set for some users and not others. Customers can generate dynamic CDN links directly from the DAM which can be embedded to host assets from the system to their various websites. These assets, being dynamic will update the asset automatically if it is edited in the DAM. Users can create custom groups of assets, called LightBoxes in the system, that they can keep private or share for collaboration. Assets can be viewed either in a gallery with thumbnails or a list with custom, details information. The system does not support this type of editing however we do integrate out of the box with several creative applications such as the Adobe Creative Suite via CI Hub. They system stores audio and video files the same way that it stores all other assets and videos of up to 4k can be previewed within the system. For video editing an integration with creative tools such as adobe will be necessary. Thumbnails are automatically generated for videos. Users can change the file type at the time of download and distribution Customers also have the option to run their videos through the Audio/Visual Intelligence feature which provides the following results: – Transcribes all spoken language into a transcript that becomes searchable metadata, can be used as close captions and translated into over 60 languages – Identifies all common objects, which become searchable metadata, and provides time stamps for when they appear in the video – Employs facial recognition and machine learning to identify know people, which becomes searchable metadata, and provides time stamps for when they appear in the video. At the time of download and distribution users can alter an assets file type to other common formats, without changing the original file's type. If the asset is one of the 200+ supported file types the system will automatically generate a thumbnail. Users can chose the size of the thumbnails in the tile view and they can click the image to quickly see the largest version. If necessary an approval process can be added to the upload workflow. This process will notify admins when assets have been added to the system and will require approval before they are ingested. At this time the admin can add notes and send the assets back to the user if they do not meet the necessary standards/requirements. This can be turned on and off at the user group level so that it applies to some users and not others if necessary. For more complex workflow features users can integrate the system with one of our workflow partners such as Wrike, Monday.com, Asana, or Workfront. At the time of download/distribution users can edit the resolution of assets, as well as the cropping and file type. This does not alter the original high quality asset and does not create or save new versions or duplicates within the DAM. Miami-Dade County - Ryan Holloway - Photographer - ryan.holloway@miamidade.gov City of Abbotsford - Karen Steinebach - Marketing Assistant, Communication and Marketing - ksteinebach@abbotsford.ca Yuba County Water Agency - Alex Boesch - Public Information Specialist - aboesch@ycwa.com Comments and Responses Please see our Disaster Recovery and Backup Plan/Policy attached. MV team monitors system reliability and performance via proprietary tools. MediaValet's solution is built entirely on Microsoft Azure. Please refer to Azure's security controls in the link below: https://docs.microsoft.com/en-us/azure/security/fundamentals/physical-security MediaValet offers 24/7 global support via an email ticketing system and during business hours customers will also be able to reach out directly to their Customer Success Manager. Above and beyond the unlimited training and support that all customers receive at no charge. Users can access the following support and training from within the system: – Introduction and Help - A category in all DAM instances with helpful videos and guides providing instruction for features of the system. – Resource Center - A pop up tab that contains: – Help Center - Access to commonly asked questions. – Technical Support - A shortcut to reaching the support team. – Knowledge Base - A smart search for finding helpful articles. 2. TECHNICAL REQUIREMENTS RESPONSE TABLE 2.1 - Data Protection and Recovery 2.2 - System Management 2.3 - Support Please see our SLA attached. MediaValet maintains a monthly maintenance window during non-peak, non-standard hours for system maintenance; however, system updates will rarely require any outages or downtime for end users due to the multiple instances of the platform which are employed within the Azure cloud. If an extended maintenance period is required, the maintenance will be scheduled when it will have the least impact on our customers whenever possible (usually late nights or weekends). For extended maintenance periods, we will notify you 48 hours in advance via email. New Enhancements & Upgrades: Customers are notified via monthly news letters, in app notifications and direct communication from their Success Manager as new enhancements are made to the system. Appropriate training and support will be provided. There is no contract required out side of the normal core DAM contract. All customers will be assigned a dedicated Customer Success Manager who will be available to help with any support and communication regarding updates. All customers receive unlimited training and support for the duration of their contract. This is extremely unlikely as customer data will be located on a Microsoft Azure data center using locally redundant storage (LRS) which replicates your storage account three times within a single data center in the primary region. LRS provides at least 99.999999999% (11 nines) durability of objects over a given year. Please see our Disaster Recovery and Backup Plan/Policy attached for information regarding if this happens. 2.4 - Integrations We currently integrate out-of-the-box with: – Adobe Creative Suite – Akeneo – Asana – AutoDesk AutoCAD – Azure Active Directory – Box – Google Drive – Google SSO – Okta – OneDrive – PrintUI – Salesforce Sales Cloud – Shutterstock – Slack – Steg.AI – WordPress – Workfront – Wrike Customers are also given access to the MediaValet Open RESTful API as a part of the core DAM package. Customers can use this to build their own custom connections to platforms or MediaValet and our integration partners can help build them, We have out-of-the-box integrations with the three systems listed. For any integrations not listed above customers can use out Open RESTful API to create custom connections. MediaValet and our integration partners can help with this process if necessary. We have automation capabilities via OneTeg. Please see our API guide here: https://docs.mediavalet.com/ 2.5 - Automation / API Capabilities 2.6 - Reporting and Alerts MediaValet’s reporting and analytics functionality enables users to make smarter, data-backed decisions with built-in analytics, reports, and dashboards. View high-level snapshots or drill down into your data to gain insight into your assets, library, and user performance. Asset, library, user engagement, CDN and Portal dashboards simplify complex data to provide you with at-a-glance awareness of activity and performance. Customers can also leverage in- depth health and activity reports and filtering capabilities to audit asset performance. They can also import findings to other data analysis systems to confidently make data-driven business decisions. With MediaValet's reporting and analytics functionality, users can also track individual, team or department-level actions within their DAM to see how users are engaging with the library to maximize ROI. These reports are powered by PowerBI and can be easily accessed from within the reporting dashboard. MediaValet’s reporting and analytics functionality enables users to make smarter, data-backed decisions with built-in analytics, reports, and dashboards. View high-level snapshots or drill down into your data to gain insight into your assets, library, and user performance. Asset, library, user engagement, CDN linking and Portals dashboards simplify complex data to provide you with at-a-glance awareness of activity and performance. Customers can also leverage in-depth health and activity reports and filtering capabilities to audit asset performance. They can also import findings to other data analysis systems to confidently make data-driven business decisions. With MediaValet's reporting and analytics functionality, users can also track individual, team or department-level actions within their DAM to see how users are engaging with the library to maximize ROI. This dashboard is built using PowerBI and reports can be exported if necessary. Customers can choose to add on/take part in the following value-added features: – Audio/Video Intelligence – Face Recognition – Professional Services – Customer Beta Program 2.7 - Additional Features and Capabilities There are no features which we identify as needing to be developed specifically for this project. Customer can buy an annual license, based primarily on the amount of storage needed directly from MediaValet, from a reseller, or via the Microsoft Market Place. 2.8 - Funding Models LICENSE REQUIREMENTS RESPONSE TABLE Number 1 2 3 4 5 6 7 8 9 10 11 12 13 14 Bidder NOT to alter any cells and to complete all cells marked as > Bidder Name Requirements and Questions Bidder must be an established provider/reseller and must be able to prove that application licenses will be provided. Please explain. Bidder's solution will include all products and associated features as outlined in section 3.2 Current System Overview. Yes/No If answer to question 1.2 was "No", describe differences between requested services detailed in 3.2 Current System Overview and the proposed solution by bidder. Bidder products and solutions must be pre-packaged or bundled as complete solutions with associated pricing. Indicate licensing requirements for the proposed solution, and how those licenses are quantified and measured (e.g. per user, per storage unit, etc.).Please identify and explain. Bidder shall provide any and all applicable license agreements. Bidder shall provide any and all applicable support and SLA agreements. Bidder shall provide any and all applicable Software documentation. Provide explanation of Software release/patch cycles. Indicate if the licenses are perpetual or for a finite duration of time. Describe how the proposed solution operates in the absence of a valid license and/or an active support contract. LICENSE REQUIREMENTS RESPONSE TABLE If additional license are required due to growth or True-Up, provide a cost for additional licensing on tab 5.1 Price Proposal Content. Is there a licensing True-Up process? If so, please explain. Provide any Warranty that is included or part of the proposed solution Indicate what, if any, third party software and/or hardware components are required for the proposed solution MediaValet Inc Comments and Responses We are the the proprietor and seller of our own Digital Asset Management solution. Yes Answer tp 1.2 is Yes MediaValet bills annually and charges based on three main factors: – The amount of storage required by the TB, with additional TBs costing less as more are purchased – Necessary integrations with the customers current tech stack – Add-ons such as Audio/Video Intelligence, Face Recognition, CND Linking, and Professional Services The core DAM package comes with unlimited users of all types, user groups, training and support at no additional charge. Please find our Master Service Agreement (MSA) attached. Please find our SLA attached. Please see Infrastructure & Security Overview attached. Patches are provided automatically by Azure on a monthly schedule that aligns with Patch Tuesday. MediaValet bills annually with the option to play for multiple years up front for a reduced per year cost. Without a valid license the system will not be accessible. Customer receive an unlimited number of users so there is no cost associated with user growth. Customers may add additional features and add-on licenses or expand TB storage throughout any contract period and will be charged prorata to the end of the contract term. N/A The only third party that we rely on to deliver our solution is Microsoft Azure as out system is built on the Azure cloud and customer data is hosted on Azure data centers. ARCHITECTURAL REQUIREMENTS RESPONSE TABLE Number Category 1.0 Environment and Technology 1.1 Deployment Model 1.2 Discrete Environments 1.3 DNS Requirements 1.4 Ports and Protocols 1.5 Bandwidth Requirements 1.6 On-Premises Infrastructure 1.7 Network Requirements 1.8 Technical Diagrams 2.0 Application 2.1 Application Access 2.2 Supported Browsers 2.3 Browser Requirements 2.4 Application User Access 2.5 Application User Authentication 2.6 User Provisioning 2.7 Role based access 2.8 Application and Data Segmentation 2.9 Batch Processing/Automations 3.0 Business 3.1 Compliance 3.2 American Disabilities Act 3.3 Recovery Time Objectives (RTO) & Recovery Point Objectives (RPO) 3.4 Availability 3.5 Monitoring and Alerting 3.6 SLA / Support 4.0 Data 4.1 Data Encryption 4.2 Data Export 4.3 Retention 5.0 Product Lifecycle 5.1 Product Roadmap 5.2 Change Requests 5.3 Application Updates Bidder NOT to alter any cells and to complete all cells marked as > Bidder Name Requirement Describe the deployment options for the solution: Bidder hosted (SaaS), Oakland County hosted, hybrid, etc. Which method is recommended in this response? Other than Production, what environments are provided with this proposal (QA, Staging, Dev, etc)? How are application changes and configurations tested prior to production implementation? Is custom domain supported for application access? If so, provide details required for Oakland County to support custom URL/DNS application access. Include any certificate requirements of Oakland County to support a custom domain. Other than TCP/443, detail any additional ports and protocols that are required for user access or system integration. Does the solution have any specific bandwidth requirements? If so, please provide the requirements. Describe any on-premises infrastructure that will reside in the Oakland County Datacenter. If applicable, provide estimated number of servers, software (include versions), compute, memory, and disk required. Provide a RACI for these components to clarify Oakland County's ongoing responsibilities. Describe any additional vLAN's in the Oakland County Datacenter that are required for your devices. ARCHITECTURAL REQUIREMENTS RESPONSE TABLE 1.0 Environment and Technology Provide a high level architecture diagram of the solution and the user interaction. If the solution is customer hosted, provide a detailed architecture diagram. Describe all the ways the user can access application functionality. Browser based, API, Native Mobile App, Virtualized Application, Thick Client etc. If additional software install is required, provide the following: 1. Licensing model. 2. Installation Process and user permissions required. 3. Hardware and Software requirements. 4. Maintenance and Updates. If solution supports browser based access, describe the browsers and version(s) supported. List any browser plugins, extension and add-ons that are required or recommended. Describe the different user access types supported by the application. Example: Authenticated Users, Anonymous Users, etc. The County uses Okta as the enterprise Identity Providers (IDP) and leverage Okta to provide SSO Authentication via SAML 2.0 or OIDC to all applications. Describe in detail how SSO via an external IDP for user authentication is supported? If the application does not support authentication with an external IDP, please provide full details on your user store and authentication model. Note: Additional review and exception approvals will be required of any solution that does not support an external IDP. Is SCIM or JIT supported for user provisioning into the solution. If not, describe in detail the user provisioning process. Are standard user access and admin user access separated? 2.0 Application What method is employed to segment Oakland County application and data from other customer implementations? Describe any batch processes or automations required by the application. Include any external integrations to the system and respective security controls. Describe the legal standards, if applicable, with which the solution complies (e.g., CJIS, FEDRAMP, HIPAA, PCI, SOC 2, etc.). Provide any applicable compliance documents. Does the application meet Americans with Disability Act (ADA) requirements WCAG 2.0? Describe the standard Recovery Time Objective (RTO) and Recovery Point Objective (RPO) of the solution. Describe the architecture in terms of redundancy / High-Availability. In order to provide maximum uptime of the system, describe the redundancies and controls in place to meet SLAs. Examples: Unexpected load or demand, system component failure, hosting or infrastructure failure. When an individual component or systemwide outages occurs, what methods are supported for providing the outage notification and status of service restoration (i.e. public status page, RSS, web hooks, SMS, email, Teams Channel, etc.? Describe the process for submitting support tickets. Provide methods of accessing Support Portal (if any). 3.0 Business 4.0 Data Describe how the application data is protected in transit and at rest. Describe how Oakland County can get a full export of the data. Describe the data retention and purge policies for the solution. Describe or provide the product roadmap. How are feature requests or customization requests handled with the system? 5.0 Product Lifecycle How often are major and minor releases? How are releases communicated? How are they applied? For any included components (Java/JRE. 3rd party libraries, etc.), how does the release cycle include updates to these? MediaValet Inc Explanation MediaValet is a 100 percent cloud-based SaaS solution built on Microsoft Azure. Oakland County will be able to choose the Azure data center region in which their data is stored. Test environments can be provided, although there will be costs involved. A custom domain can be supported yes. Documentation will be provided to set this up during onboarding. All communication is done through HTTPS on the default port. For the on-boarding of files into our system we offer options to use other protocols such as FTP by request. MediaValet is web based and runs on the latest versions of Chrome, Safari, Firefox and Edge and is OS agnostic. The other requirements such as CPU, RAM, Database, Disk Space, Web Server, etc., are all the same as they would be for accessing any other site on the internet. The same performance results will be present for any downloading, uploading, browsing, etc. There is no on-premise infastructure required. No additional vLANs are needed, our application is entirely cloud-based. ARCHITECTURAL REQUIREMENTS RESPONSE TABLE 1.0 Environment and Technology Please find our Infrastructure & Security Overview attached. Users access the system via their web browser and can do so from both their computer and their devices. There is an app but we are in the process of upgrading the mobile capabilities so that the system will be fully functional from their mobile device browser as well. There is no software install required. The latest version of Chrome, Edge, Firefox and Safari are supported. Rest are not supported. There are no extensions, add-ons, or plugins needed. The DAM comes with 7 "System Groups" that administrators can use: Administrators - Full control of MediaValet account Approver - Download, Share and Approve submitted assets Contributor - View, download renditions and submit assets Guest - View only. No download capability Library Administrator - Full control of Asset Library (not users) Member - View and download renditions only User Administrator - Full control of User Account (not library) These groups, however, are meant to be a starting point to building our a customers user base because they can also create an unlimited amount of custom user groups which, as mentioned above, are full customizable based on all functions of the DAM and all categories. Like other SaaS tools, an Identity Provider (IdP) is required in order to set up an Active Directory integration. MediaValet SSO supports IdPs that use either SAML 2.0 or Open ID authentication protocols, including Azure Active Directory, Okta, etc. The SSO integration can be set up to receive user profile details such as Groups, Departments, and Addresses from the directory service. The authorization policy can then be created to authenticate (and, if necessary, provision) users based on any combination of profile variables. The authorization policy also assigns MediaValet user groups to users based on the rules defined, so that DAM access/authorization is determined based on current settings in the directory service. User provisioning (creation) happens automatically with MediaValet’s authorization rules engine: when a user tries to log in for the first time and they meet the requirements defined in the authorization policy, an account is created for them during this first login attempt thanks to JIT (Just In Time) provisioning. JIT user-provisioning with custom claims-based mapping is available. See our answer to 2.5 for additional detail. Every user will access the system the same way however what they can see and do will be unique based on the permission setting of their user group. 2.0 Application MediaValet is built on Microsoft Azure and customer data is stored on Azure data centers and therefore data will not necessarily be physically separate from other customer data. Data is stored in a multi-tenant environment utilizing logical segmentation. No batch processes or automations are required by the application. We are SOC 2 and HIPPAA compliant. Yes. Please see out VPAT report attached. MediaValet is built on Microsoft Azure and our RTO and RPOs are based on Microsoft's. The MediaValet platform is anchored on a Geo-Redundant Azure Storage since all the customers media assets are stored here. The Recovery Point Objective of Azure Geo- Redundant Storage is less than 15 minutes. RPO and RTO for Azure Geo Redundant storage are discussed here: https://docs.microsoft.com/en- us/azure/storage/common/storage-redundancy-grs. MediaValet uses an architecture with multiple replicas running for all-services to meet redundancy/high- availability requirements. We always ensure that we are meeting the requirements for Azure services that we operate along with following their best-practices. MediaValet runs multiple sessions in a year with Microsoft CSAs to ensure we are always keeping up-to- date with the latest developments to ensure our solution is as reliable as possible. Auto-scaling, automatic failover, load balancing and throttling policies are all in place such that we can respond to any spikes in demand to prevent degradation of our quality of service. Our SLA is monitored via a 3rd- party synthetic test that's reported on monthly. MediaValet has outlined clear recovery procedures and metrics in cloud infrastructure and operations to lessen the impact of different unexpected disruptions in our platform. MediaValet has a defined business continuity plan that outlines measures to avoid and lessen the impact of unexpected disruptions in our business operations. It includes operational details about steps to take before, during and after an event. Please refer to this Continuity Plan attached. Tickets are submitted via an email ticking system. Please see out SLA attached for more details. 3.0 Business 4.0 Data At Rest We do provide data encryption at rest as part of our security measures. Our encryption approach varies depending on the type of data and where it is stored. For example, we may use column-level encryption for sensitive information stored in databases, full-disk encryption for data stored on hard drives or other storage devices, or other encryption techniques as appropriate. Our encryption methods are based on industry-standard best practices and are regularly reviewed and updated to ensure they meet our clients' security needs. In Transit Data is encrypted in transit to ensure secure communication and protect against eavesdropping or tampering. Protocols like HTTPS and TLS (Transport Layer Security) are used to encrypt data as it's transmitted across networks or the internet. This ensures that sensitive information remains confidential and maintains its integrity while being transmitted between systems or users. For more information please refer to our Encryption Policy attached. Oakland County are able to perform a full data export directly through our PowerShell interface or they can request our Customer Success Team provide them with an export. Please see our Data Retention Policy and Disposal Policy attached. Our Chief Technology Officer is in the process of revamping our product road map. It is not currently available but it should be in the near future, at which time we can share it. Customers are encouraged to discuss feature requests and customizations with their account manager. We frequently bring product managers on calls to meet with our customers to discuss new features and to help prioritize our roadmap for new feature delivery. 5.0 Product Lifecycle The MediaValet team deploys updates 3-5 times per week, without interrupting the user experience. MediaValet's SaaS DAM built on Microsoft Azure PaaS technology allows for constant innovation and iteration to take advantage of the latest and greatest cloud services and capabilities. Our API is fully backwards-compatible for any change being made; potentially breaking changes are released using our a new version of the impacted API endpoints. SDK updates will be provided via a package manager with appropriate major/minor versioning schemes applied. MediaValet maintains a monthly maintenance window during non-peak, non-standard hours for system maintenance; however, system updates will rarely require any outages or downtime for end users due to the multiple instances of the platform which are employed within the Azure cloud. If an extended maintenance period is required, the maintenance will be scheduled when it will have the least impact on our customers whenever possible (usually late nights or weekends). For extended maintenance periods, we will notify you 48 hours in advance via email. Customers are notified via monthly news letters, in app notifications and direct communication from their Success Manager as new enhancements are made to the system. Appropriate training and support will be provided. Bidder NOT to alter any cells and to complete all cells marked as > Bidder Name IMPLEMENTATION SERVICES RESPONSE TABLE Number Requirement 1.1 Attach a typical implementation plan including Tasks, Owner of Task (Bidder, Oakland County) and Timeline. The following phases should be identified: - Project Management: Contains activities to manage the project. Project Roles, Resources, and Responsibilities" - Technical Design and Installation: Contains activities for solution configuration. - Security: Contains activities for establishing and maintaining security controls. - Testing: Contains activities to evaluate the functionality of the product with an intent to find whether the product met the specified requirements or not and identify the defects to ensure that the product is defect free to produce the quality product. - Education, Marketing, and Policies: Contains activities for training and promotion. - Implementation: Contains activities for solution launch and disaster recovery. - Post Implementation Support: Contains activities for solution support. Include attachment. 1.2 Provide your typical project implementation duration and timelines. 1.3 Based on the provided solution options, who would configure the solutions(s) (Vendor or Oakland County)? 1.4 For a cloud based solution, what type of access would Oakland County have to the system? 1.5 Based on the proposed solutions, what is Oakland County's role(s) in supporting the implementation. 1.6 What type of Bidder access is required during implementation? 1.7 What is the method for testing the software and data prior to live rollout? 1.8 Is a separate testing environment maintained? 1.9 Does the solution utilize proprietary data formats? If so, does the solution allow for data conversion? 1.10 How is system documentation provided? For example, digital, hardcopy, etc. 1.11 Is training provided with implementation? If so, is it instructor-led training, web-based training, or both? If separate cost, please specify. 1.12 Describe the process and procedures for loading existing Oakland County production data into the system. 1.13 Does the implementation include customization to software? If not, list cost for customization in the cost response tables in worksheet 5.1. 1.14 Please describe the procedures for maintenance and support. MediaValet Inc Explanation Please see Example Onboarding Process attached. For the onboarding process this is highly dependent on the amount of time that the customer has to dedicated to the initiative. This can range from one to several hours a week. On average, 2-4 months implementation should be planned for if meeting for 1 hour per week (+1-2 hours weekly of 'homework' during implementation). The DAM can be used within 1 week of implementation kick-off, but will generate the most benefit by launching after metadata strategy, permission group configuration, ingestion of existing assets and metadata, etc. have been worked through with your implementation team. IMPLEMENTATION SERVICES RESPONSE TABLE MediaValet will configure the solution initially, with Oakland County having the ability to edit aspects of the system any time after such as the metadata schema, taxonomy and user groups. Customers access the system via web browser. Oakland would be required to assemble a team of stakeholders who have decision making powers and solid business and asset knowledge who can meet regularly with our team. The expectation of effort would be 2-3 hrs per week for 6- 8 weeks. MediaValet will not require access to any bidder platforms providing the data is exported to MediaValet. Please see our Secure Software Development Lifecycle Policy attached. Test environments can be provided, there will be costs involved. We do not use proprietary data formats. All data can be retrieved by the client via our API which provides standards-based JSON responses. Documentation will be provided digitally by default but we are happy to provide hardcopies if that is the preference. We provide customized training plans for each of our customers based upon their business workflows, use- cases and intended outcomes. No two clients use the platform the same way so our Customer Success Team ensure that the training provided to customers is specific to their needs. We often run multiple sessions for different types of users. Training is conducted by the MediaValet onboarding team remotely however in person training can be arranged if necessary. Training is unlimited during onboarding and for the duration of the contract at not additional charge. MediaValet will handle the entire migration process from the current environment into the new DAM environment. The only areas of this process where the customer will need to be involved are: – An internal audit of assets to decide what will be migrated – Work with the MediaValet onboarding team to build our the new internal structure or "Taxonomy" of the DAM into which the assets will be migrated Yes. Any customization such as the taxonomy, metadata schema, and branding of the UI will be included. MediaValet maintains a monthly maintenance window during non-peak, non-standard hours for system maintenance; however, system updates will rarely require any outages or downtime for end users due to the multiple instances of the platform which are employed within the Azure cloud. If an extended maintenance period is required, the maintenance will be scheduled when it will have the least impact on our customers whenever possible (usually late nights or weekends). For extended maintenance periods, we will notify you 48 hours in advance via email. For new enhancements & upgrades customers are notified via monthly news letters, in app notifications and direct communication from their Success Manager as new enhancements are made to the system. Appropriate training and support will be provided. When it comes to support customers will simply submit a ticket to our email ticketing system for support, or they can reach out directly to their Customer Success Manager. OVERVIEW Technical Design Review Bidder NOT to alter any cells and to complete all cells marked as > Bidder Name Security Requirements Response Table Number Category Requirement 1.0 - Application Security 1.1 Secure Development / Codebase Describe how the software is developed using secure coding practices, such as input validation and error checking, to be resilient to common attacks such as SQL injection or cross-site scripting. Describe how you ensure these practices are followed. 1.2 Secure Development / Codebase Describe how the software is regularly tested for security vulnerabilities, such as through penetration testing or vulnerability scanning through manual and/or automated means. 1.3 Secure Development / Codebase Describe how third-party libraries and dependencies are reviewed and tested for security vulnerabilities before being incorporated into the software, as well as how they will be kept up to date with application releases 1.4 Secure Development / Codebase Describe how system and application configurations are reviewed and tested to ensure they are secure and compliant with industry standards, for example, Center for Internet Security (CIS), ISO, SANS Institute, NIST, etc. 1.5 Application Updates and Patching Describe how, and how often, patches and updates are regularly released and/or made available to be applied to the software to address known vulnerabilities. CONFIDENTIAL - NOT SUBJECT TO FOIA PER MCL 15.243 (1)(U)Page 69 of 88 OVERVIEW Technical Design Review 1.6 Application Logging, Monitoring, and Alerting Describe how security logs are implemented and monitored to detect and respond to security incidents. 1.7 Application Logging, Monitoring, and Alerting Describe how the software monitors and logs user activity, as well as any alerting or automatic actions taken by the application based on anomalous user activity (i.e. suspicious activity, repeated failed logins). 1.8 Application Administrative Access Describe the password and MFA requirements for administrators and do they differ from ordinary users. 1.9 Application Administrative Access Describe any extra logging, monitoring, or checks-and-balances in place for application administrators in order to audit their access and actions. 1.10 Application Administrative Access Describe the procedures in place for securely storing and handling sensitive data, such as personally identifiable information or financial data, especially as it may be accessible to Administrators of the application. 1.11 Session Management Describe application session management options, including automatic session timeout after a defined period of inactivity. 1.12 Default Passwords Does the application have any unchangeable default passwords? 2.0 - Service Provider Information Security CONFIDENTIAL - NOT SUBJECT TO FOIA PER MCL 15.243 (1)(U)Page 70 of 88 OVERVIEW Technical Design Review 2.1 Organizational Commitment to Security Does the organization have a documented Information Security Policy? If so, describe how it is communicated to staff? 2.2 Organizational Commitment to Security Does the organization have a designated individual who is responsible for the Information Security Program? 2.3 Personnel Security Describe the process in place to periodically screen (background checks, and re-checks) personnel during employment for anyone who accesses Oakland County’s Information assets? 2.4 Personnel Security Describe the information security training for your staff, especially as it pertains to handling information assets of its customers. 2.5 Offshore Personnel Describe if/how you utilize offshore teams for development or support? Please include information about your security process for passing information and code, as well as any background checks performed. 2.6 Offshore Data Do you utilize offshore data storage? If so where? 3.0 - Hosting Environment (for SaaS solutions) 3.1 SOC 2 Report Do you have a SOC 2 report or equivalent? If so, please provide. 3.2 Environment Security Describe how remote access for support and troubleshooting is controlled. 3.3 Environment Security Describe the network security controls (segmentation, firewall(s), Intrusion Detection Systems (IDS) / Intrusion Prevention Systems (IPS), Web Application Firewalls (WAF) etc.) to protect customer data on your network. 3.4 Environment Security Describe other industry standard controls to ensure protection of the environment against ransomware and other malware (viruses, trojans, etc.). 3.5 Environment Security Describe the change management practices and procedures to ensure no unplanned / untested changes get made to the environment. 3.6 Environment Security Describe how data is backed up regularly, stored securely, and tests of restores performed. 3.7 Environment Security Describe your identity management lifecycle for user who may have access to the County's application and data, focusing on onboarding, and timely offboarding. 3.8 Environment Security Describe your vulnerability management program - processes to ensure vulnerability assessments are periodically conducted on infrastructure, network and applications, and subsequently remediated in alignment with risk posed by the vulnerability. CONFIDENTIAL - NOT SUBJECT TO FOIA PER MCL 15.243 (1)(U)Page 71 of 88 OVERVIEW Technical Design Review 3.9 Logging and Monitoring Describe the logging and monitoring controls (including SIEM) to identify malicious activity, log information such activity, attempt to block/stop the activity, and to report such activity to customers. 3.10 Incident Response Describe your security incident response planning and notification procedures to monitor, react, notify and investigate any incident related to the County’s assets. CONFIDENTIAL - NOT SUBJECT TO FOIA PER MCL 15.243 (1)(U)Page 72 of 88 OVERVIEW Technical Design Review MediaValet Inc Explanation Please see our Secure Software Development Lifecycle Policy attached. MediaValet regularly tests its software for security vulnerabilities without any bold formatting: Automated Vulnerability Scanning 1. Azure Security Center: We leverage Azure Security Center for continuous assessment of our environment to detect vulnerabilities and provide recommendations for remediation. 2. Regular Scans: Automated scans are conducted on a regular basis to ensure consistent coverage and early detection of potential vulnerabilities. 3. Integration with Development: Our CI/CD pipeline includes automated vulnerability scanning to catch issues early in the development process. 4. Patch Management: We ensure that all systems are up to date with the latest security patches, and automated tools help us verify patch status. Manual Penetration Testing 1. External Experts: We engage with external security experts to conduct manual penetration testing on our application and infrastructure. 2. Comprehensive Testing: Our penetration tests cover various aspects of our system, including application layer, network layer, and potential business logic vulnerabilities. 3. Real-World Scenarios: The tests simulate real-world attack scenarios to understand potential vulnerabilities and their impact. 4. Regular Schedule: Penetration tests are conducted at regular intervals and in response to significant changes in our environment. Post-Testing Analysis and Remediation 1. Detailed Reporting: After testing, we receive detailed reports outlining any discovered vulnerabilities, their severity, and potential impact. 2. Prompt Remediation: Our team promptly addresses identified vulnerabilities, prioritizing based on severity and potential impact. 3. Verification: Once vulnerabilities are addressed, we verify that the remediations are effective and that they have not introduced new issues. 4. Continuous Improvement: The results from vulnerability scans and penetration tests feed into our continuous improvement process, helping enhance our security posture over time. 5. Documentation: All findings, remediations, and lessons learned are thoroughly documented to improve future testing cycles and overall security practices. By employing these practices, MediaValet ensures a robust approach to identifying and mitigating security vulnerabilities, maintaining a secure and resilient software environment for our customers. At MediaValet, we meticulously manage third-party libraries and dependencies to ensure they meet our stringent security standards. Before integration, we conduct comprehensive security assessments and review the reputation and maintenance records of these components, ensuring they are well-supported and regularly updated. Automated vulnerability scanning tools are integrated into our development pipeline to identify and address potential security issues early, complemented by manual security reviews for critical components. We maintain a detailed inventory of all third-party elements, including their versions and purposes, and employ automated tools to stay updated on the latest versions and security patches. Our dedicated schedule for regular updates and rigorous testing before integration ensures that all third-party components remain up to date and secure, aligning with our commitment to providing a robust and secure software environment for our customers. We place a strong emphasis on system testing and User Acceptance Testing (UAT) to ensure the quality and reliability of our software. Here's an overview of our approach to system testing and UAT: Testing Process: Test Planning: We develop a comprehensive test plan that outlines the testing objectives, strategies, and timelines. This plan serves as a roadmap for the testing process. Test Case Development: Our testing team creates detailed test cases based on the system requirements and design specifications. These test cases cover various scenarios to validate the functionality and performance of the software. Test Execution: We execute the test cases systematically, following a structured approach. Our testing team meticulously verifies the software against the defined criteria, records any observed defects, and communicates them to the development team for resolution. Defect Management: We utilize a defect tracking system to log and prioritize identified issues. Our testing team collaborates closely with the development team to ensure timely resolution of defects and retests the fixes to validate their effectiveness. Testing Roles and Responsibilities: – Testers: Responsible for developing test cases, executing tests, and reporting defects. – Test Lead/Manager: Oversees the testing process, coordinates testing activities, and ensures adherence to the test plan and schedule. – Developers: Collaborate with testers to understand and resolve reported defects. – Business Analysts/Product Owners: Provide requirements and participate in UAT to validate the software meets business needs. Types of Testing: – Functional Testing: Validates the software's functionality against the specified requirements. – Performance Testing: Assesses the software's performance under different workloads and stress conditions. – Load Testing: Evaluates the software's performance and stability under expected user loads. – Security Testing: Identifies vulnerabilities and ensures the software meets security standards and regulations. Testing Environments and Tools: – Test Environments: We maintain dedicated test environments that mirror the production environment as closely as possible to conduct accurate testing. – Testing Tools: We utilize a range of testing tools, including automated testing frameworks, performance testing tools, and security testing tools, to streamline and enhance the testing process. Acceptance Criteria and Approval Process: – Acceptance Criteria: We establish acceptance criteria in collaboration with stakeholders to define the conditions that must be met for the software to be considered acceptable. – Approval Process: During UAT, we involve end-users or designated representatives to perform acceptance testing and provide feedback. Based on their validation and satisfaction with the software, approval for deployment is granted. Our approach to system testing and UAT aims to ensure the software's functionality, performance, and security meet the defined requirements and user expectations. Through a well-defined testing process, clearly defined roles and responsibilities, various testing types, appropriate testing environments and tools, and a rigorous acceptance criteria and approval process, we strive to deliver reliable and high-quality software solutions to our customers. if duplicate - remove from other worksheet Security Requirements Response Table 1.0 - Application Security CONFIDENTIAL - NOT SUBJECT TO FOIA PER MCL 15.243 (1)(U)Page 73 of 88 OVERVIEW Technical Design Review Our audit logs for user activities and information security events are meticulously managed to guarantee transparency, accountability, and security within our system. These logs capture comprehensive records of user actions, system events, and any security-related incidents, allowing us to uphold the following practices: - Logging Mechanism: We maintain a sophisticated logging mechanism across our systems, applications, and infrastructure. This encompasses user authentication events, access requests, data modifications, administrative actions, and security incidents. - Granularity and Context: The logs provide intricate details, such as user IDs, IP addresses, timestamps, actions taken, and outcomes. This contextual information is essential for understanding the specifics of each event. - Storage and Retention: Our audit logs are securely stored in dedicated log storage systems. We observe predefined retention periods that align with industry standards and compliance mandates, taking into account the criticality of logged events. - Protection and Encryption: Both in transit and at rest, the audit logs are encrypted to prevent unauthorized access or tampering. We employ robust encryption protocols to ensure the confidentiality and integrity of the logs. - Access Controls: Access to audit logs is subject to stringent role- based access controls. Only authorized personnel with a legitimate requirement can access the logs, with all access activities being logged and monitored. - Regular Review and Monitoring: Our security team performs routine reviews of the audit logs to identify anomalies, potential security breaches, and irregular activity patterns. This proactive monitoring allows us to swiftly respond to security incidents. - Alerting and Notifications: We have automated alerting systems in place that immediately notify our security team upon the occurrence of specific pre-defined events. This proactive approach facilitates timely responses to potential security issues. - Integration with SIEM: Our audit logs are often integrated with Security Information and Event Management (SIEM) systems. This integration offers a centralized view of security events, enabling us to correlate different events and bolster our incident response capabilities. - Regular Backups: To ensure data availability in the face of hardware failures or incidents, we regularly back up our audit logs. By upholding a robust audit logging framework, we maintain accountability, enhance incident detection and response, and adhere to stringent security and compliance standards. Our unwavering commitment to safeguarding user activities and information security events remains steadfast. See above These requirements are set on the customer side. At MediaValet, we recognize the critical role that application administrators play in maintaining the security and integrity of our platform. To ensure accountability and transparency, we have implemented a comprehensive set of logging, monitoring, and checks-and-balances specifically tailored for administrator access and actions: Logging 1. Comprehensive Activity Logs: All actions taken by application administrators are logged in detail, capturing who did what and when. This includes changes to configurations, access to sensitive data, and modifications to user accounts or permissions. 2. Immutable Logs: The logs are stored in an immutable format, ensuring that once an entry is made, it cannot be altered or deleted, providing a tamper-proof record of administrator activities. 3. Real-Time Alerts: In case of any suspicious or unauthorized activities, real-time alerts are generated and sent to our security team for immediate investigation. Monitoring 1. Continuous Monitoring: Administrator activities are continuously monitored to ensure that they comply with our security policies and procedures. 2. Behavioral Analysis: We employ behavioral analysis tools to detect any deviations from normal administrator behavior, which could indicate a compromised account or insider threat. 3. Access Reviews: Regular access reviews are conducted to ensure that administrators only have the access they need to perform their duties, adhering to the principle of least privilege. Checks-and-Balances 1. Multi-Factor Authentication: All administrator accounts are protected with multi-factor authentication, adding an additional layer of security. 2. Role-Based Access Control: Administrators are assigned roles based on their job responsibilities, ensuring they only have access to the resources necessary for their role. 3. Approval Workflows: For critical actions or changes, an approval workflow is in place, requiring a second set of eyes to review and approve the action before it can be executed. 4. Regular Audits: Administrator activities and access levels are regularly audited to ensure compliance with our security policies and to identify any areas for improvement. 5. Training and Awareness: Administrators are provided with regular training and awareness programs to keep them updated on the latest security best practices and to reinforce the importance of their role in maintaining the security of the platform. The system does not store any PII or financial data. Inactive sessions can be timed out and users logged off after client chosen number of minutes of inactivity. It does not have any unchangeable default passwords 2.0 - Service Provider Information Security CONFIDENTIAL - NOT SUBJECT TO FOIA PER MCL 15.243 (1)(U)Page 74 of 88 OVERVIEW Technical Design Review Yes. Our employees undergo security training on a recurring basis. The frequency of training sessions may vary based on roles and responsibilities, but all employees receive regular updates and reminders about security practices. MediaValet has a dedicated Information Security Team lead by the CTO (acting CISO) and Head of Information Security and Privacy. Please refer to Staffing Policy attached Our employees undergo security training on a recurring basis. The frequency of training sessions may vary based on roles and responsibilities, but all employees receive regular updates and reminders about security practices.We do not currently utilize and offshore teams for development. We do offer offshore data storage, in Canada, Europe, and Australia however Oakland County can, and likely would, choose to have their data located within the United States. Yes. Please see a third party confirmation attached. An NDA is required before sharing the report itself. At MediaValet, we ensure secure and controlled remote access for support and troubleshooting through stringent authentication and authorization measures, including multi-factor authentication and role-based access control, complemented by a secure VPN connection for data transmission. All remote sessions are continuously monitored, recorded, and logged to provide a comprehensive audit trail, with automated alerts for any suspicious activities. Access is time-limited, usage- restricted, and subject to regular audits and reviews to verify appropriateness and compliance with our security policies. Additionally, users with remote access privileges undergo regular training and participate in awareness programs to reinforce their responsibilities and our commitment to maintaining a secure and trustworthy platform for our customers. As a SaaS company, we have implemented various security measures to detect the presence of malicious code and vulnerabilities on our computing systems. These measures include the use of anti-malware software, email filtering, network traffic packet inspection software, IDS, IPS, and other security tools. We use anti-malware software to scan our systems for malicious code and viruses. This software is regularly updated to ensure that it can detect the latest threats. We also use email filtering to block emails containing malicious code or suspicious attachments. This helps to prevent malware from being downloaded onto our systems. In addition, we use network traffic packet inspection software, IDS, and IPS to monitor network traffic for signs of malicious activity. This helps us to detect and respond to security threats in real-time. Overall, we use a multi-layered approach to security to protect our systems and data from malicious actors. Please refer to the MediaValet Information Security Policy attached. As a SaaS company, we have implemented various security measures to detect the presence of malicious code and vulnerabilities on our computing systems. These measures include the use of anti-malware software, email filtering, network traffic packet inspection software, IDS, IPS, and other security tools. We use anti-malware software to scan our systems for malicious code and viruses. This software is regularly updated to ensure that it can detect the latest threats. We also use email filtering to block emails containing malicious code or suspicious attachments. This helps to prevent malware from being downloaded onto our systems. In addition, we use network traffic packet inspection software, IDS, and IPS to monitor network traffic for signs of malicious activity. This helps us to detect and respond to security threats in real-time. Overall, we use a multi-layered approach to security to protect our systems and data from malicious actors. Please see our Change Management Policy attached. Data Backup – Scheduled Backups: Backups are scheduled to occur automatically at regular intervals, ensuring that data is consistently saved without requiring manual intervention. – Incremental and Full Backups: A combination of incremental and full backups are utilized. Incremental backups save changes made since the last backup, while full backups capture the entire dataset. – Backup Verification: After each backup, a verification process ensures that the data has been accurately and completely saved. – Secure Transmission: Data is encrypted during transmission to the backup storage location to protect it from interception or tampering. Secure Storage – Encryption at Rest: Data is encrypted when stored, ensuring that even if physical storage media is compromised, the data remains protected. – Geographically Distributed Storage: Backups are stored in geographically distributed locations to protect against data loss due to natural disasters or other regional incidents. – Access Controls: Strict access controls ensure that only authorized personnel can access backup data. – Regular Audits: Regular security audits of storage locations and access logs help identify and mitigate potential vulnerabilities. Restore Testing – Regular Restore Tests: Restore tests are conducted regularly to ensure that data can be successfully retrieved from backups. – Test Environment: Restore tests are performed in a separate test environment to prevent any impact on live systems. – Validation: After a restore test, the integrity of the data is validated to ensure that it matches the original data and that no corruption has occurred. – Documentation: The results of restore tests, including any issues encountered and their resolutions, are documented for future reference and continuous improvement. – Improvement: Lessons learned from restore tests are used to improve backup and restore processes, ensuring that they remain effective over time. Identity management is controlled by the customer. Please refer to our Vulnerability Management Policy attached. 3.0 - Hosting Environment (for SaaS solutions) CONFIDENTIAL - NOT SUBJECT TO FOIA PER MCL 15.243 (1)(U)Page 75 of 88 OVERVIEW Technical Design Review MediaValet at the moment, doesn't support integration with SIEM’s. Security logs are available via the admin web portal and can be downloaded via CSV files. Logs within the portal are stored indefinitely. Please see our Logging Policy attached.Please refer to our Incident Response Policy and Procedure attached. CONFIDENTIAL - NOT SUBJECT TO FOIA PER MCL 15.243 (1)(U)Page 76 of 88 Bidder NOT to alter any cells and to complete all cells marked as > This section asks for information on how the solution is priced when provided either as a traditional procurement or "as a Service". Table 1 covers all associated costs for the solution. Table 2 covers pricing for any additional items not covered by the other tables and assumptions made to accommodate this proposal's pricing. If you wish to provide alternative pricing that does not fit into these tables, add a sheet to this workbook after "5.1 - Price Proposal Content" and name it "5.2 - Alternate 1" and so on. Bidders should identify inapplicable costs with N/A. Note: If costs that are NOT listed are subsequently determined by Oakland County or the Bidder to be required, then Bidder shall provide all unlisted costs to Oakland County at no charge beyond annual support fees. Every Bidder shall provide an itemized Price Proposal. Quote costs for all software and services described in this RFP. Each major component, including integrated software, shall be identified. Both unit prices and extensions (if applicable) shall be quoted for each component or basic subsystem. All items (such as software interfaces, etc.) needed to achieve the proposed configuration, shall be identified and priced. All additional charges (i.e., shipping, installation, insurance, etc.) shall be quoted. In addition: •The cost of system documentation must be included in the total software costs. •Quote annual costs for the proposed maintenance agreement where applicable. In addition, list cost of training increments included with the system purchase. Quote the cost of additional training increments along with any conditions attached to their purchase. •Professional services required to satisfy the requirements set forth in the RFP must be identified and costs for these implementation services must be documented. •Quote a lump sum and hourly rates for implementation services and consulting services that could be enlisted for the implementation of the solution. •List separately any optional features price, but do not include these optional features in the total system price. •Specify any discount options associated with the proposal(s). If applicable, State Bulletin prices should be included for reference. Bidder Name Indicate if this proposal is a SaaS Proposal: Solution Name / Description: Total Cost of the Proposed Solution: COST RESPONSE TABLES Table 1 - Proposed Solution 1.0 - One-Time Implementation & Training Costs Include all costs to ensure the solution is fully installed and functional. Cost Description Implementation/Professional Services (include all costs to ensure the solution is fully installed and functional for Oakland County) Data Migration Training (onsite) Training (remote or online) Training documentation and user guides Other (list as individual line items and include description) Detail all discounts and savings programs …Add rows as necessary GRAND TOTAL 2.0 - Support, Maintenance, Storage, Licensing, and other Costs (one- time, recurring, etc.) Indicate duration of support contract and associated Service Level where applicable. Alternate offerings can be listed here, such as 5 Years Gold, 3 Years Silver, etc. Cost Description Example Gold Support - 5 Years Example Alternate Silver Support - 5 Years Storage 500GB Storage 1TB Storage 5TB Other Recurring Costs …Add rows as necessary GRAND TOTAL 3.0 - Software Indicate duration of support contract and associated Service Level where applicable. If all software is included, this section can be skipped. Cost Description Example Administrator Application Example Reporting Application …Add rows as necessary GRAND TOTAL Table 2 - Other Costs and Assumptions 1.0 - All Other Costs List any costs not captured above but still required for the solution. Cost Description Other Cost 1 Other Cost 2 …Add rows as necessary 2.0 - Cost Assumptions List any assumptions made to accommodate the above pricing here. Assumption 1 Assumption 2 …Add rows as necessary MediaValet Inc Duration Quantity Price Discount This section asks for information on how the solution is priced when provided either as a traditional procurement or "as a Service". Table 1 covers all associated costs for the solution. Table 2 covers pricing for any additional items not covered by the other tables and assumptions made to accommodate this proposal's pricing. If you wish to provide alternative pricing that does not fit into these tables, add a sheet to this workbook after "5.1 - Price Proposal Content" and name it "5.2 - Alternate 1" and so on. Bidders should identify inapplicable costs with N/A. Note: If costs that are NOT listed are subsequently determined by Oakland County or the Bidder to be required, then Bidder shall provide all unlisted costs to Oakland County at no charge beyond annual support fees. Every Bidder shall provide an itemized Price Proposal. Quote costs for all software and services described in this RFP. Each major component, including integrated software, shall be identified. Both unit prices and extensions (if applicable) shall be quoted for each component or basic subsystem. All items (such as software interfaces, etc.) needed to achieve the proposed configuration, shall be identified and priced. All additional charges (i.e., shipping, installation, insurance, etc.) shall be quoted. In addition: •The cost of system documentation must be included in the total software costs. •Quote annual costs for the proposed maintenance agreement where applicable. In addition, list cost of training increments included with the system purchase. Quote the cost of additional training increments along with any conditions attached to their purchase. •Professional services required to satisfy the requirements set forth in the RFP must be identified and costs for these implementation services must be documented. •Quote a lump sum and hourly rates for implementation services and consulting services that could be enlisted for the implementation of the solution. •List separately any optional features price, but do not include these optional features in the total system price. •Specify any discount options associated with the proposal(s). If applicable, State Bulletin prices should be included for reference. Duration Quantity Price Discount 50 Users 100 Users 150 Users 50 Users 100 Users 150 Users 50 Users 100 Users 150 Users Duration Quantity Price Discount List Price Quantity Discount Price Indicate duration of support contract and associated Service Level where applicable. Alternate offerings can be listed here, such as 5 Years Gold, 3 Years Silver, etc. Indicate duration of support contract and associated Service Level where applicable. If all software is included, this section can be skipped. Total Cost This section asks for information on how the solution is priced when provided either as a traditional procurement or "as a Service". Table 1 covers all associated costs for the solution. Table 2 covers pricing for any additional items not covered by the other tables and assumptions made to accommodate this proposal's pricing. If you wish to provide alternative pricing that does not fit into these tables, add a sheet to this workbook after "5.1 - Price Proposal Content" and name it "5.2 - Alternate 1" and so on. Bidders should identify inapplicable costs with N/A. Note: If costs that are NOT listed are subsequently determined by Oakland County or the Bidder to be required, then Bidder shall provide all unlisted costs to Oakland County at no charge beyond annual support fees. Every Bidder shall provide an itemized Price Proposal. Quote costs for all software and services described in this RFP. Each major component, including integrated software, shall be identified. Both unit prices and extensions (if applicable) shall be quoted for each component or basic subsystem. All items (such as software interfaces, etc.) needed to achieve the proposed configuration, shall be identified and priced. All additional charges (i.e., shipping, installation, insurance, etc.) shall be quoted. In addition: •The cost of system documentation must be included in the total software costs. •Quote annual costs for the proposed maintenance agreement where applicable. In addition, list cost of training increments included with the system purchase. Quote the cost of additional training increments along with any conditions attached to their purchase. •Professional services required to satisfy the requirements set forth in the RFP must be identified and costs for these implementation services must be documented. •Quote a lump sum and hourly rates for implementation services and consulting services that could be enlisted for the implementation of the solution. •List separately any optional features price, but do not include these optional features in the total system price. •Specify any discount options associated with the proposal(s). If applicable, State Bulletin prices should be included for reference. Total Cost Total Cost Total Cost *Please find a quote deck attached with the supporting documents* *Please find a quote deck attached with the supporting documents* *Please find a quote deck attached with the supporting documents* G2G Marketplace Response Table Number G2G Marketplace Response Table 1.1 Bidder is interested in participating in the G2G Marketplace. Participation is Not a requirement. 1.2 If Bidder is interested in participating in the G2G Marketplace, Bidder agrees to extend pre-negotiated blanket purchase orders, contract pricing, terms to Oakland County, and all G2G Marketplace customers. 1.3 If Bidder is interested in participating in the G2G Marketplace, a Pricing applies. Bidders shall agree to provide County with the lowest and most competitive pricing it provides to governmental entities. 1.4 If Bidder is interested in participating in the G2G Marketplace, Bidder agrees to extend Service Provider licensing to Oakland County/G2G Marketplace. 1.5 Bidder has reviewed Oakland County G2G Marketplace Professional Services Contract and will submit itemized descriptions of exceptions with response to RFP. 1.6 Bidder provides all applicable contract(s) as Appendix to RFP response. Bidder NOT to alter any cells and to complete all cells marked as > Bidder Name MediaValet Inc Response (Yes or No)Comment N/A N/A N/A N/A N/A Yes G2G Marketplace Response Table Quote for Oakland County Prepared by Chris Cassidy Executive Summary Hi Oakland County Team, Thanks for taking the time to share your vision and goals for your digital asset management initiative. I’m excited to work with you to ensure that your digital asset management solution achieves your project goals on-time and on- budget. With MediaValet, you’ll have an entire team dedicated to your project success and to solving the challenges we’ve discussed in our call: •Organizing and centralizing Oakland County’s digital assets and creating a flexible permission structure for your teams, stakeholders and partners •Enabling easy and intuitive sharing and collaboration between your teams •Increasing the efficiency of your teams by enabling asset discovery and reuse MediaValet’s powerful, scalable and easy-to-use DAM platform will help solve your immediate challenges and support future growth. It will empower you with: •An intuitive and easy-to-use interface, unlimited robust permission structures, and unlimited users •A flexible category structure and advanced searching across metadata, keywords, asset types •Industry-leading security and performance, driven by Microsoft Azure’s enterprise-grade technologyChris Cassidy Digital Asset Management Specialist Why MediaValet The unlimited product training has been the best - hands down. It makes all our users truly understand the features and functionality available to them, rather than making them figure it out on their own.” Naomi Pelkey University of Windsor Find the assets you need, instantly Use a central library to manage your growing collection of digital assets, from campaign ideation through to distributing final content. Create custom branded libraries Enhance your content with keywords, categories, search filters and more. Take advantage of AI-generated tags to boost discoverability. Make smarter, data- backed decisions Elevate your decision-making process with our user-friendly, data-rich reporting system. Dig into insights that matter, designed for your needs. Feel empowered with unlimited support Take advantage of MediaValet’s unlimited product training and support to help you achieve your goals every step of the way. Elevate your digital asset security Feel confident that your content is protected by enterprise-level security, including user permissions, data encryption and SOC 2 certification. We scale with you as you grow MediaValet is founded on the principle of “Crawl, Walk, Run”, meaning we’ve created a solution that allows you to progress at your own pace. Award-winning enterprise DAM 98% Of customers re-newed after their first year 95% Of customers achieved ROI within one year* *According to G2 Trusted by Top Global Brands Trusted by 70,000+ Users My representative was so patient with me and helped me rethink how I should set up things up so it would work for each franchisee. It’s so easy now because we got it right the first time. “ Amy Lofgreen BaseCamp Face Recognition •Enables administrators to easily manage and organize their digital asset library by detecting and tagging faces within their images •Automatic tagging for future uploads, further simplifying asset management Audio/Video Intelligence •Generate and edit transcripts that can be downloaded in a variety of file formats •Identify video clips containing specific topics, keywords and more •Train AI models to recognize people within your video content Adobe Creative Cloud, powered by CI Hub •Access MediaValet assets directly in Adobe Creative Cloud platforms, eliminating the need to switch between different platforms. •Easily access and work with the same set of approved and up-to-date assets stored in your MediaValet library. •Ensure creative teams have access to the latest brand assets, style guides and templates, promoting brand consistency across all creative outputs. CDN Linking •Manage, publish and update your brand’s digital content right from MediaValet •Provide a fast and secure web experience for users around the world •Always deliver fast loading, high quality video content •Monitor and track web content analytics to maximize marketing performance Open API Access •Create custom integrations to proprietary systems and eliminate extra steps •Connect your digital assets to your key technology and content platforms •Enable technology partners and developers to leverage MediaValet platform Pricing Complimentary with Enterprise package Pricing Options Packages Service Included Add-Ons Term 1 Year •Unlimited users accounts •Unlimited administrators •Unlimited upload bandwidth •Unlimited training •Unlimited support •API access •Packaged artificial intelligence •Branded portals •Triple redundancy (3 library copies stored within a Microsoft Azure Data Center in the USA) •100GB CDN Linking •CI Hub Connector ($350/user) •Office 365 Connector ($12/user) •Single Sign On •Audio Video Intelligence ($1,000 Per TB) •Face Recognition ($1,500) Start Date Jan 15, 2024 End Date Jan 14, 2025 Storage 1 TB Price $12,000 Set-Up Fee $2,500 Additional TB’s $3,000 Core Package Total $14,500 Quote for Oakland County Packages Service Included Add-Ons TBD Term 1 Year •Unlimited users accounts •Unlimited administrators •Unlimited upload bandwidth •Unlimited training •Unlimited support •API access •Packaged artificial intelligence •Branded portals •Triple redundancy (3 library copies stored within a Microsoft Azure Data Center in the USA) •100GB CDN Linking •CI Hub Connector ($350/user) •Office 365 Connector ($12/user) •Single Sign On •Audio Video Intelligence ($1,000 per TB) •Face Recognition ($1,500) Start Date Jan 15, 2024 End Date Jan 14, 2025 Storage 5 TB Price $24,000 Set-Up Fee $2,500 Core Package Total $26,500 Quote for Oakland County Your Journey to Achieving DAM Success Your Journey to Achieving DAM Success Phase 1 Discovery Kick off and strategy Phase 4 Delivery Product training and transition Phase 2 Design Taxonomy and best practices Phase 5 Adoption & Support Best practices sessions & library Phase 3 Development Asset migration, permissions and user set up Phase 6 Growth Future expansion plan Your Customer Success Manager helps to provide you ongoing coaching and support for you to get the most of your investment.Customer Success Manager Overview Training Strategy Support and guidance throughout your MediaValet journey to help you maximize the utilization of the MediaValet platform Advice, best practices and metrics to help you run your DAM that provides the most optimal experience and highest value outcomes Your Get:Your Get: •Ongoing enablement for you and your team on how to maximize your usage on the platform and to help drive overall adoption •Insights into new/upcoming feature/product releases and launches •Best practices on how best to leverage your DAM •Monitor overall DAM health and provide suggestions to improve to help you scale •Check-ins to ensure that things are on track •Success planning and reviews to support you in maximizing the value of your investment •Continuous access to best practices, success stories, and white papers Join the thousands of people who love MediaValet Thank you! mediavalet.com Rev 10/23 Evaluation Category Weight Acquia Canto MediaValet SmartSheet RFP Compliance 7.0 Minimum Requirements (100 pts required to score)100 100 0 100 Response Area Purchasing 5%33 100 33 100 4.2 - Business Model Requirements 5%56 81 88 81 4.3 - Solution Requirements 30%68 70 68 71 4.4 - Licensing Requirements 5%73 75 75 60 4.5 - Technical Architecture 10%98 92 93 82 4.6 - Implementation Services 5%72 69 75 72 4.7 - Security 10%60 67 71 59 5.1 - Price Proposal Content 30%10 10 30 4 RFP Total Score 100%51 56 59 52 Demo Scoring 64.17 71.25 77 70.75 Total Year 1 quoted cost $64,648.00 $59,000.00 $23,600.00 $138,560.00 Unscored/Informational: 6.1 - G2G Marketplace Participation 0 67 0 0 Score Summary Table