MICHIGANCRIMINALJUSTICEINFORMATIONNETWORK(Micjin)

RI-093 (11/2016)
MICHIGAN STATE POLICE
Page 1 of 7

MICHIGANCRIMINALJUSTICEINFORMATIONNETWORK(MiCJIN)

USERAGREEMENT

between the

MICHIGANSTATEPOLICE

And

Agency / Telephone / Originating Agency Identifier(ORI) Number
Address / City / State / ZIP Code

This“Agency” hereinafterwillbe known as “SUBSCRIBER.”

PURPOSE

Thepurpose of thisAgreementis tosetforththeterms and conditionsunder which theMichiganStatePolice(MSP) will provide access toMSPsoftwaresystems as requestedin theSUBSCRIBER’SsubmittedMiCJIN Administrator/Application Request (RI-092A) and Systems Connectivity Request(RI-092B).

TheMSPmust have thefollowing items before user IDsand passwordsare issued totheSUBSCRIBER:

•TheMiCJINAdministrator/Application Request (RI-092A);

•This original, completedMiCJIN User Agreement(RI-093);

•SecurID Token Request (RI-092C), if required and,

System accessgranted by thisAgreement is non-transferableby the above named SUBSCRIBERanditsoperator(s), staff, oremployees toanotheroperator, work site, or agency andis revokedupon theSUBSCRIBER’Stermination of thisAgreement.

DEFINITIONS

1.“MSP”meantheMichiganDepartmentofStatePolice. Itisadepartmentwithin thegovernment of theState of Michiganestablishedby 1935 PA 59,as amended.

2.“Agreement” meansthiscontractbetween theMSP and theSUBSCRIBER.

3.“MiCJINPortal”meanstheMichiganCriminal JusticeInformation Network. ThisWeb-basedserviceenables subscribingagencies toaccess multipleMSPsoftwaresystemsforrecordentry orsearches.

4.“MSPSoftwareSystems” meanstheelectronic recordsmanagementor information retrievalsystemsowned andoperatedby theMSP in which thesubscriberhasaccess viaMiCJIN.

5.“SecurIDToken” meansasmallcardor keychaindevice that displays a different numeric code every 60seconds. A userinputs theSecurIDtoken’s generatednumeric code and a personalidentificationnumberwith alogin and password togain access totheMiCJINPortalviatheInternet.

6.“Third-PartySoftware”meanssoftwarenot offered bytheMSP but necessary toview,edit, or operateMSPsoftwaresystems;e.g., MicrosoftWordfordisplaying narrativeinformation,Gmailforemailing,InternetExplorerforviewingWebapplications, etc.

7.“AdvancedAuthentication”meansauthenticationbased onadditional securitytothetypicaluser identification and authentication of login IDandpassword, including, but not limited to: biometric systems,user-based public keyinfrastructure (PKI),smart cards,softwaretokens, hardware tokens, paper (inert)tokens,or “Risk-basedAuthentication”thatincludes asoftwaretokenelement comprisedof anumberoffactors,suchas network information, user information, positive deviceidentification (e.g., device forensics,userpatternanalysis,anduserbinding),userprofiling,andhigh-risk challenge/response questions. (CJISSecurityPolicy5.0,Section5.6.2.2)

8.“AgencyAccessAdministrator”meansthepersonwhois responsiblefor enteringand maintainingthenames andpasswords ofall users within theSUBSCRIBER who areauthorized to access variousMSPsoftwaresystems. This person alsodistributes trainingmanualsand otherpublications. Those who areinthisrolemust have theappropriateauthority to grant anddeny access touserswithin theSUBSCRIBER.

THEPARTIESAGREEASFOLLOWS

1.TheMSPagrees toperform thefollowingfunctions:

1.1.ACCESS,OPERATION,ANDMAINTENANCE

TheMSPwill:

1.1.1.AllowtheSUBSCRIBERaccess toMSPsoftwaresystems as requestedin theSUBSCRIBER’SMSP-approvedMiCJINAdministrator/Application Request (RI-092A)

1.1.2.Solelyandexclusively selecttheequipment toprovide, maintain,operate,and manageMSPsoftwaresystemstofurnishtheservicesspecifiedin thisAgreement.

1.1.3.Solelyand exclusivelyprovide theequipment thatmaintain,operate,and manageMSP softwaresystems in order tofurnishtheservicesspecifiedin thisAgreement.

1.1.4.Furnishand maintainMSPsoftwaresystems, including templates,updates, andoperatingmanualsandpublications. TheMSP will not furnish or provideaccess totheInternetby meansof theMSP’s networkandwillnot supportorprovide third-partysoftwaretools.

1.1.5.Extract and senddata, when applicable, tobackend databases; e.g., MichiganIncidentCrimeReporting(MICR)andTrafficCrashReportingSystem(TCRS).

1.1.6.Refer “Freedomof Information”requestsforSUBSCRIBER’S information,as required by theFreedomof InformationAct(FOIA),toSUBSCRIBERforall storedand maintainedrecords.

2.SUPPORTANDTRAINING

TheMSPwill:

2.1.1.ProvidetrainingfortheSUBSCRIBER’Ssystemcoordinatorson MSPsoftwaresystems. Thistrainingwill serve as aresourcefor assistancein the initial softwaresetupand training of theSUBSCRIBER’S personnel.

2.1.2.Cover thefinancialexpendituresof salaryandwages fortheMSP-providedtrainer.

2.1.3.Not be responsibleforproblems resultingwith softwareconflictsbeyond thatof MSPsoftwaresystems.

2.1.4.ProvidetelephonesupportforMSPsoftwaresystems. Supportwill be available by callingtheMiCJINService Centerat 877-264-2546.

2.1.5.ProvidetheSUBSCRIBER withanelectronic meansto assign theSUBSCRIBER‘S operatorswithindividualuser IDs andpasswords.

2.2.COPYRIGHTANDOWNERSHIP

2.2.1.TheMSP andits suppliersretain all rights, title, and interest,includingall copyright andintellectualproperty rights, in and toMSPsoftwaresystems andall copiesthereof.

3.TheSUBSCRIBERagrees toadhere tothefollowingterms and conditions:

3.1.LEGALREQUIREMENTSANDCOMPLIANCE

TheSUBSCRIBERagrees to:

3.1.1.Adheretoallapplicable provisionsof 28CFR Part 23, asamended. Thisis arequirementtoreceivecriminalintelligence assistance and information fromMSPsoftwaresystems in thefurtheranceofits lawenforcementactivities and toparticipatein theexchangeof criminalintelligenceamong member agencies.

3.1.2.Comply with MSP audits in atimelymanner as definedby theMSP. Thisensuresdata integrityandproper use anddissemination of information availablethroughMSPsoftwaresystems.

3.1.3.AllowMSPstafftoconductperiodic audits at either theSUBSCRIBER’Sfacilityor at computerlocations connectedtotheSUBSCRIBERto ensure useand disseminationofinformationreceivedthroughMSPsoftwaresystems are in compliancewith policies and guidelines.

3.1.4.AllowtheMSP toexamine andapprove all programmingand associated documentation forusewithMSPsoftwaresystems, as applicable. Shouldapproval fromtheMSP not be given, theSUBSCRIBERagreesnot to pursueor continuewith the interface. All programming anditsassociated documentation controlling entryandaccessby outsidelinks totheSUBSCRIBERshallbe madeavailable totheMSP upon requestfor examination and approval.

3.1.5.Comply withall securityrequirements and responsibilities and allowperiodicauditsofits recordsand facilitiesto ensure thattheaccessing,use, anddissemination ofinformation obtained fromMSPsoftwaresystems is in compliancewith (a)MSP policy or guidelines; (b)theMichiganDepartmentof State and MichiganDigital ImageRetrieval System(MiDIRS)policies, ifaccessingMiDIRSimages; (c)theFBICJIS SecurityPolicythatis in effect when thisAgreementis signed orasamended; (d) applicable security andprivacyprotocolsandpoliciesdevelopedbytheMichiganDepartment of Technology,Managementand Budget;(e)theMSPforapplicationin connection with thisAgreement;and (f) therequirements of theMichiganVehicle Code,1949 PA 300 as amended, MCL 257.1 et seq., theStatePersonalIdentificationCard Act,1972 PA 222 as amended, MCL 28.291 et seq., the Driver’s PrivacyProtectionAct of 1994, 18 USC 2721 et seq., theSocialSecurityNumber PrivacyAct,2004 PA 454, MCL445.81 et seq., and theIdentityTheftProtectionAct,2004 PA 452 as amended, MCL445.61 etseq.

3.1.6.Ensureproper disseminationand loggingof information obtained throughMSP softwaresystems.

3.1.7.AdheretotheMichigan Department ofCorrections (MDOC)Securityand Privacyconstraintsforaccess totheParolee and ProbationerMapping application. The data containedthereinincludes personalinformationof individualswhich,ifdisclosed tothe public,would constitute anunwarranted invasionofprivacy. TheSocialSecurity Number,Driver’sLicenseNumber,Location,LocationDescriptionand AddressFieldsspecifically areexempt from publicdisclosureunder theFreedomof InformationAct(FOIA),1976 PA 442, MCL15.231 et seq. Thereleaseofany otherinformation tothepublic, including under FOIA,shallbe coordinatedwith theMDOCFOIACoordinator.

3.2.CONFIDENTIALITYANDAPPROPRIATEUSE

TheSUBSCRIBERagrees that:

3.2.1.Users willaccess,use,anddisseminate informationonlywhen relevant and necessary forcriminaljusticepurposes. MSPsoftwaresystemsshallnotbeusedforpersonalornon-governmental reasons.

3.2.2.Regular and systematic audits willbe conductedtominimizethe possibilityof improperaccess,use, anddissemination ofinformation.

3.2.3.Achallengetothevalidity of recordsfurnished is made only throughfingerprint identification.

3.2.4.Somerecordssuppliedby theMSP arebasedon nameandidentifiers furnished.

3.2.5.Informationprovidedby SUBSCRIBER willbe shared among allagencies connectedtoMiCJIN.

3.3.USERAUTHENTICATION

TheSUBSCRIBERagrees to:

3.3.1.Have theSUBSCRIBER’SAgencyAccessAdministrator disseminateuserIDs andpasswordstotheMiCJINPortal. A user ID and passwordis forthe exclusive useof theassigneduserandshall notbeloaned to anyone else orused byanyone else. Iftheuserleaves the employmentof theSUBSCRIBER,itis theresponsibility of theSUBSCRIBER’SAccessAdministratortoimmediately disable the user within thesystem. Failureto do somayresult in the immediatesuspensionof theSUBSCRIBER’S access toinformationunder thisAgreement.

3.3.2.AllowtheMSPtomonitoritsuse ofMSPsoftwaresystemstoensurecompliancewith thisAgreement.

3.3.3.Maintainamasterfilethatcontainsthename(s)of itsusers.

3.3.4.Investigateall complaints ofimproperaccess, information misuse, andunauthorizeddissemination of information.

3.3.5.Take allappropriateadministrativeand criminal actionsagainst those whoimproperlyaccess,use,ordisseminateinformation.

3.3.6.Besubjecttoallappropriate administrative and MSP actions.

3.4.SECURITY

TheSUBSCRIBERagrees to:

3.4.1.Implementreasonable procedures to protectinformation fromunauthorizedaccess,alteration,ordestruction. Ifthecomputerbeingused foraccess toMSPsoftwaresystems isremovedfromuse forthat purpose, theSUBSCRIBER will dispose of thehard drivein suchamannerthatpreventsunauthorizedaccessoruse.

3.4.2.Beresponsibleforcomputersinterfaced toits networks or computerthataccess MSPsoftwaresystems, as well as themaintenanceon thesecomputers.

3.4.3.Beresponsiblefortrainingoperatorson theuse ofaccess viaitsnetworksor computers.

3.4.4.Makeprogram changes in accordancewith newor modified information forMSP softwaresystemswithin 90 daysof notification, where applicable.

3.4.5.Maintainandensure thesecurityof theSecurIDtokensif accessing MSPsoftwaresystemsusing SecurIDtokens. Eachuser must be issued,by theMSP, an individual SecurIDtoken.

3.4.6.Not allowusers toshareSecurIDtokens.

3.4.7.Not allowusers tosave loginpasswords on the login screen.

3.5.INSTALLATION,TRAINING,ANDOPERATION

TheSUBSCRIBERagrees to:

3.5.1.Schedulesoftware installationafter allpre-installationwork is completed, as applicable. The MSP willprovide instructions toload thesoftware on thecomputer(s)andprovidedocumentationtotheSUBSCRIBER’Stechnicalcontact.

3.5.2.UseMSPsoftwaresystems intheiroriginalformatoras updatedby theMSP. TheSUBSCRIBERagrees not to:

•Performreverse engineeringon software; or

•Modifysoftwareorits tablesinany way,unless authorized inwriting by MSP staff.

3.5.3.Beresponsiblefortheconversionand entry of data into MSPsoftwaresystems using thecodes,procedures, and techniquesdeveloped by theMSP.

3.5.4.Ensureall of itsusers are trainedprior toaccessing MSPsoftwaresystems.

3.5.5.Beresponsibleforfinancial expendituresof participantsattending training,including meals andlodging,whenapplicable.

3.5.6.Maintainand make available totheSUBSCRIBER’Sauthorizedusers the operations manualsandother documentationrequiredtouseMSPsoftwaresystems, when applicable.

3.6.LIAISON

TheSUBSCRIBERagrees to:

3.6.1.Providea pointof contacton theMiCJINAdministrator/Application Request (RI-092A)toserve as theAgencyAccessAdministrator. Ifthis person subsequentlyis transferred,promoted, retired, etc., areplacementis tobenamedand theMSP notifiedwithin10 days. TheAgencyAccessAdministratorwill be responsiblefor:

•Reportingviolationsof policies and guidelines totheMSP;

•Coordinatingstart-upandupgradestoMSPsoftwaresystems;

•Coordinating meetingsbetween State of Michigantechnicians and theSUBSCRIBER’Stechnicalsupport personnel;

•Coordinating distributionofupgraded softwareto laptops andotheroff-line computers;

•Distributing trainingmanuals andother operatingpublications to operators;

•Reserving trainingsites andnecessaryequipment, schedulingtraining participants,andcoordinatingsetup, asapplicable;

•Ensuringall users have been properly trainedprior toaccessing MSPsoftwaresystems;and,

•Managinginformationaccessunder thisAgreement and performingperiodic reviews ofagencyuseofthesystem.

3.7.NETWORKANDEQUIPMENTREQUIREMENTS

TheSUBSCRIBERagrees to:

3.7.1.Develop and maintainadetailednetwork diagram thatmust beapproved by theMSP’sInformationSecurityOfficer(ISO)and submittedwiththisAgreement.

3.7.2.Not connectanyequipment linked totheMSPWideAreaNetwork (WAN) toanynon-MSPnetworks eitherdirectly or viamodem withoutprior writtenapproval fromtheMSP.

3.7.3.Installand maintain an MSP-approvedInternetfirewallsystem between theSUBSCRIBER’Snetworkandanynon-MSPnetworks.

3.7.4.Assumethecosts associated with access totheMSP network, including all financialresponsibilitiesforthecomputer equipment and theSUBSCRIBER’S Local Access Network(LAN). Recurring and non-recurring costs of communicationsconnectivitytotheMSP networkremaintheSUBSCRIBER’Sresponsibility. The networkpointofdemarcationis theinternalnetwork interfaceon thesuppliednetwork router. Maintenance of theequipment must beobtained from qualifiedpersonnel.

3.7.5.Payforall costs associatedwith itspersonnel, localequipment, power,and dispatch centersuppliesfortheoperationofMSPsoftwaresystems.

3.7.6.Providecomputer hardware componentsand standardsoftwarethatmeet theminimumrequirementsrequiredtoaccessMSPsoftwaresystems.

3.7.7.Providea network infrastructureand softwarethatmeettheminimumrequirementsrequiredtoaccessMSPsoftwaresystems.

3.7.8.Continue to maintain and keep current virus protection software throughout the life of this Agreement. The SUBSCRIBER will install all patches and service packs issued for their operating system and Internet Explorer (or other applicable software) when available. Failure tomaintain current virus protection, patches, and service packs endangers the network and may cause loss of service for the affected computer and/or network.

3.7.9.Accepttheriskthatsoftwaremay be installedon acomputerto accomplish access, which may beincompatible withother softwarecurrentlyinuse. TheMSP isnot responsibleforproblemsresultingwith softwarebeyond thatdefinedforaninstallation of MSPsoftwaresystems. Anycosts associated with maintenanceandresolution of suchaproblem at theSUBSCRIBER’Slocation uponinstallationare theresponsibility of theSUBSCRIBER.

4.NON-DISCRIMINATION:

Inthe performanceof thisAgreement,theSUBSCRIBERshall notdiscriminateagainst anyemployeeor applicant foremploymentwith respectto hisor herhire, tenure,terms or conditionsofemployment,or any matter directly or indirectly relatedtoemploymentbecause of race, color,religion, nationalorigin, sex,maritalstatus, age, height,weight, or because of a disability unrelated totheemployee’sortheapplicant’sability to perform the dutiesof a particular joborposition. Subcontractswitheachsubcontractorshallcontaina provision requiring non-discriminationinemploymentasherein specified. Thiscovenantis requiredpursuant totheElliott-LarsenCivilRights Act, 1976 PA 453, asamended,MCL37.2101et seq., and theMichiganPersons with DisabilitiesCivil Rights Act, 1976 PA 220,asamended, MCL 37.1101et seq.,and anybreach thereofmay be regarded as amaterial breach of thisAgreement.

5.REFERENCE:

5.1.Thefollowing documentsareincorporatedby reference and made partof thisAgreement:

5.1.1.ForMSPsoftwaresystemsretrievinginformation viatheLaw EnforcementInformationNetwork(LEIN),allCJIS Securitypolicy rulesand regulations.

6.MISCELLANEOUS:

6.1.Waiver- Thefailure of a party toinsistupon strict adherence to any term of thisAgreementshall not beconsideredawaiveror deprive the party of therightthereafterto insist upon thestrict adherence tothattermof theAgreement.

6.2.Modifications-ThisAgreementmaynot be modified,amended, extended, or augmented, except bywrittenamendment signed bybothparties.

6.3.GoverningLaw-ThisAgreementshallbe governed by and construedin accordance with thelaws oftheStateofMichigan.

6.4.Headings-Theheadings given tothesectionsand paragraphs of this Agreementare inserted only forconvenienceandareinno way to be construedaspartof thisAgreement oras alimitationof thescopeof theparticular sectionsor paragraphs towhich theheading refers.

6.5.IndependentContractorRelationship-TherelationshipbetweentheMSPandtheSUBSCRIBERisthatof anindependent contractorand client. No agent,employee, or servant of theMSP shallbedeemed to beanemployee, agent,or servant of theSUBSCRIBER. TheSUBSCRIBER willbe solelyand entirely responsibleforits actsand theacts of itsagents, employees, servants,subcontractors,and volunteers during the performance of thisAgreement.

6.6.NoThird-PartyBeneficiaries-It is expressly understood and agreed by thepartiesthatthisAgreementand theservicesprovidedarenot intended to inure tothe benefitor detrimentofany thirdparty.

6.7.Severability- If any provisionof thisAgreementis found invalid orunenforceableby acourt ofcompetentjurisdiction, suchfindingwillnot affect theotherprovisions of theAgreement,allof whichshallremainin fullforceand effect.

6.8.Notices–All notices tobegivenunder thisAgreement, except foremergency servicerequests,shallbe inwritingand shallbedeemedgiven: (a)uponpersonaldelivery; (b)onebusinessdayafterdepositwith a nationally recognized overnight courierservice; or (c)two businessdaysafter depositin a United

StatesPostalreceptacle;if sentcertifiedmail,returnreceiptrequested. Anyof theforegoingmethodsmaybeused togive such notice.

TERMSOFAGREEMENT

1.ThisAgreementshallcommence on the dateas listedbelow fortheSUBSCRIBER and continue until theMSP or theSUBSCRIBERterminatesservice. TheMSP or theSUBSCRIBERmaycancelthisAgreementupon 30dayswrittennotice statingthereasonsfortermination and theeffectivedate.

2.TheMSPreservestherighttoimmediately suspendfurnishing any information or servicesprovided forinthisAgreementtotheSUBSCRIBERwhen thisAgreement, any MSP,Michigan, or federalCJIS policyorguideline, or anylaw of thisstate or federal government applicable tothesecurityorprivacy ofinformation isviolatedorappears to be violated by theSUBSCRIBERorbyany ofits operators, staff, oremployees. Reinstatement may bepossible upon receipt of satisfactory assurances thatsuchviolations did notoccurorhavebeen corrected.

3.Anychanges, amendments,or revisionstothisAgreementshall onlybe effectiveif made inwritingwith thewritten concurrence authorized byboth theMSP and theSUBSCRIBER.

4.Eitherparty maychangetheir address as setforth in thisAgreement. Anychangesshall be effective sevendays after writtennotice of suchchangeisgiven. TheSUBSCRIBERmust notify theMiCJINAgencyAccessCoordinatorofany address change.

5.ThisAgreement iseffectiveupon thecompletion ofall signatures,regardlessof the orderinwhich they areplaced. TheAgreementisbinding onallof the agencies that are a party tothisAgreement,regardless ofthefuturestatus and authority of thesignatories.

6.ThisAgreementis conditionallyapproved subjectto and contingent upon the availability of MSP funds.

SUBSCRIBER(HEADOF AGENCY ORAUTHORIZEDREPRESENTATIVE)

Signature / Date
Print or Type Name
Title

MSP

Signature / Date
Print or Type Name
Title

Thisoriginal, signedAgreementmust be senttothefollowing address:MichiganStatePolice

Criminal JusticeInformation Center

P.O. Box30634

Lansing, Michigan48909-0634

Attention: MiCJIN Service Center

Questionsshould bedirected totheMiCJINAgencyAccess Coordinatorat 517-284-3074.