Change Request for Certification and Release of Funds Form
ALL CERTIFIED PROJECTS MUST FOLLOW NM STATE POLICIES AND PROCUREMENT CODE
CHANGE TYPE:
Scope
PROJECT NAME
Revised Uniformed Limited Partnership Enhancement Project
PROJECT NUMBER
SECRETARY OF STATE OFFICE
LEAD AGENCY
OTHER AGENCIES
EXECUTIVE SPONSOR
Budget
Schedule
DATE
05/06/09
AGENCY CODE
37000
PROJECT PHASE
Implementation
Phase
Mary Herrera, Secretary of State and Patricia Herrera, Director
Operations SOS
PROJECT MANAGER
Jose Hernandez
AGENCY HEAD
Mary Herrera, Secretary of State
AGENCY CIO/IT LEAD
Don Francisco Trujillo II
PROJECT DESCRIPTION (PROVIDE A BRIEF DESCRIPTION AND PURPOSE FOR THIS PROJECT)
The purpose of this project is to replace the current outdated SOSKB Limited Partnership module with
current best practice technology to comply with the new provisions of the Uniform Revised Limited
Partnership Act which was passed during the 2007 First Special Session of the Forty-Eight Legislature.
The major change is a complete redesign of the new Limited Liability Limited Partnership module using
current off the shelf software such as SQL and JAVA requiring upgrades to the current hardware as well to
meet the requirements of the new Act.
Planned Start Date
04/15/2008
Planned End Date
07/01/09
JUSTIFICATION FOR CHANGE IN CERTIFICATION (INCLUDE BUDGET ADJUSTMENT REQUEST; BUSINESS VALUE AND/OR
PROGRAM RESULTS)
A Request for Proposal (RFP) for the Limited Partnership module has replaced the previous plan
of enhancing and upgrading the Limited Partnership Module within the Secretary of State
Knowledge Base (SOSKB) application maintained by FileOne.
Amount Requested this Certification
$150,000.00
Amount Previously Certified
$150,000.00
Remaining Appropriation not Certified
$150,000.00
Total Appropriated Amount (include any new funds)
$150,000.00
This is a controlled document, refer to the document control index for the latest revision
Revision: 2/14/08
PAGE 2
Change Request for Certification and Release of Funds Form
ALL CERTIFIED PROJECTS MUST FOLLOW NM STATE POLICIES AND PROCUREMENT CODE
CERTIFICATION HISTORY (INCLUDE ANY PREVIOUS PROJECT OR PHASE CERTIFICATIONS)
Date
Amount
$150,000.00
April 6, 2008
Funding Source(s) (use specific citations to laws, grants, etc.)
Laws of 2008, Chapter 3, Section 5 (43) Secretary of State: 150.0
150.0
To replace the current Limited Partnership application module
APPROPRIATION HISTORY (INCLUDE ALL FUNDING SOURCES, E.G. FEDERAL, STATE, COUNTY, MUNICIPAL LAWS OR GRANTS)
Fiscal Year
Amount
$150,000.00
FY08
Funding Source(s)
Laws of 2008, Chapter 3, Section 5 (43) Secretary of State: 150.0
150.0
To replace the current Limited Partnership application module
BUDGET
Comments: $150,000.00 has been appropriated and is pending contract approval for the
replacement of the Limited Partnership module by July 1, 2009.
Description
Staff Internal
Independent
Verification
& Validation
Gross
Receipts Tax
Maintenance
Services
Server &
Hardware
Software/Lic
ense Fees
FY07 & prior
FY08
$0.0
FY09
FY11
$0.0
Vendor
$6,000
(Estimate)
Record Fusion
FY09
FileOne/FY08
Record
Fusion/FY09
State
Contractor
approved
vendor Server
State approved
vendor
software
$9,299
Configuratio
n/Installation
FY10
$140,000
$19,184
$8,000
$17,557
$2,000
$47,960
$35,000
This is a controlled document, refer to the document control index for the latest revision
Revision: 2/14/08
PAGE 2
Change Request for Certification and Release of Funds Form
ALL CERTIFIED PROJECTS MUST FOLLOW NM STATE POLICIES AND PROCUREMENT CODE
Data
Conversion
$15,000
$150,000
TOTAL
$150,000
INDEPENDENT VERIFICATION & VALIDATION (INCLUDE SUMMARY OF THE LATEST IV & V REPORT)
Review project risk, analyze elements associated with project planning, documentation project management,
and system testing.
IMPACT OF CHANGE (MAY INCLUDE SIGNIFICANT RISKS & MITIGATION STRATEGY; SECURITY, CONSOLIDATION & MAINTENANCE
STRATEGIES; RECORDS RETENTION; & BUSINESS PERFORMANCE MEASURES)
The new Partnership Module will address all types of partnerships handled by the Secretary of
State Office Operation Services division.
 General Domestic Partnerships
 Domestic and Foreign Partnerships
 Domestic and Foreign Limited Liability Partnerships
 Limited Liability Limited domestic Foreign Partnership
SECURITY STRATEGY (APPLICATION AND DATA SECURITY PROCESS, PLAN, OR STANDARD)
 Juniper SSG 320M Firewall Security.
 Offsite disaster recovery is provided through the maintenance contract of vendor. Also, please refer
to the security standards outlined by the contractor on the Business Continuity Strategies below.
Additional detailed security provided by Record Fusion will be available to the TARC.
IT SYSTEM ANALYSIS
On this document, or as an attachment, provide a summary response, including changes, to
the following IT infrastructure topics relating to this project:
This is a controlled document, refer to the document control index for the latest revision
Revision: 2/14/08
PAGE 2
Change Request for Certification and Release of Funds Form
ALL CERTIFIED PROJECTS MUST FOLLOW NM STATE POLICIES AND PROCUREMENT CODE

Describe or estimate this project’s impact on the Enterprise/DoIT infrastructure.
Hardware
o Database/Application Server: Recommended Model Dell PE 1950 or higher
o Staff Workstations: Dell OptiPlex 745, Pentium D945 or higher
Network
o Network setup: The Limited Partnership database application server will be
implemented into the Secretary of State local area infrastructure and it will reside in the
server room among the other servers currently setup in our network rack.

Software/Applications
COTS

MySQL Database

JAVA S/W
Where is the system hosted?

The system will be hosted in the Secretary of State’s Office server room. Ten
user licenses, unlimited Web licenses and one year maintenance training and
support will be provided by the select vendor/contractor

A secondary hot site will exist at the vendor/contractor location.

If not hosted at DoIT Data Center what is your strategy to host at DoIT Data
Center: (When, Why?)


The selected vendor/contractor will provide a secondary site to host
and administer this new system.

DoIT Migration Collaboration:

A plan to meet and discuss this process with DoIT Service Center will be
drafted.
Summarize your collaboration with DoIT on moving this project from initialization through
close (full production). Identify points of contact, dates of discussions, and results
o A project Charter and Certification Form has been submitted for the replacement of the
current Limited Partnership module.
o A contractor /vendor has been awarded the contract through an RFP process to create a
new Partnership module for the Secretary of State’s Office
o This Form will be submitted to the Department of Information Technology
This is a controlled document, refer to the document control index for the latest revision
Revision: 2/14/08
PAGE 2
Change Request for Certification and Release of Funds Form
ALL CERTIFIED PROJECTS MUST FOLLOW NM STATE POLICIES AND PROCUREMENT CODE
o The Partnership Module has been communicated via the House Finance and
Appropriation Committee and approved. A meeting took place with previous DoIT
Secretary Roy Soto, subcommittee, Madame Secretary, and previous SOS IT Director
in which the Project Charter, Project Certification form of the Initiation Phase were
presented and approved.
Provide Application Architecture Schematic
* Architecture Schematic will be provided upon receipt from our contractor, Record
Fusion
BUSINESS CONTINUITY STRATEGY
On this document, or as an attachment, provide a summary response, including changes, of
your business Continuity Strategy.

Disaster Recovery is included in RecordFusion’s annual maintenance and
support fee. Separate fees would apply only for Microfilm archival and storage.

There are multiple levels on redundancy in the RecordFusion solution.

The recommended servers for the images, database and application server are configured with
redundant network adaptors and power supplies. The system disks are mirrored and the data
disks use RAID 5 with hot spares.

The recommended system configuration has a spare server that is configured to run as either the
application server or the database’s server in case of failure of either of those servers. This
system will be actively replicated to by the database, so in the event of a catastrophic failure of
the database server, it will be up-to-date and can be switched over in a matter of minutes. In
addition, the spare server can also be configured with enough disk space to act as a spare file
server; with file being written to both servers concurrently if that is desired.

A nightly tape backup is recommended of all database and image file system changes, with
those tapes being moved offsite on a regular basis.

The recommended configuration has a secure link to the RecordFusion Disaster Recovery
Center in New Castle, PA. This link is used to backup all database and image data to a remote
site. The link is used to actively replicate all database changes. The image data can be backed
up either when changes are made or during non-peak times, depending on the other usage of
that line.

All data in the RecordFusion Disaster Recovery Center is backed up nightly and moved to offsite
storage on a regular basis.
The Record Fusion system has multiple levels of security:
 Each task has a permission associated to it, allowing the Secretary of State to restrict
This is a controlled document, refer to the document control index for the latest revision
Revision: 2/14/08
PAGE 2
Change Request for Certification and Release of Funds Form
ALL CERTIFIED PROJECTS MUST FOLLOW NM STATE POLICIES AND PROCUREMENT CODE






access to sensitive tasks (such a Voiding documents).
Document types can be configured such that new documents of that type cannot be
created / deleted or viewed unless the user has the permission to do so.
Specific documents can be marked as Secure Data or Secure Image- preventing access
to the document by non-authorized users.
Transactions can be set to a status that prevents new activity from occurring on that
transaction.
The data for Cases, Transactions or Documents can be configured such no additions /
edits can be made by non-authorized users.
Documents cannot be associated to a terminated UCC file number unless the user is
authorized to do so.
The Record Fusion system can be configured to aid users in locating sensitive information
on document images. Users can mark that data - creating a 'redacted' version of the
image to display to non-authorized users. The original version of the image will remain
available and unaltered to those with permission to view it.
RecordFusion’s system security is very robust. Password-only access is provided. User
Administration is easy to use and allows the office system administrator to specify exactly
what each user is allowed to do in the system. The Secretary of State directs how the security
levels are defined in your office. Various ‘User Groups’ can be established in the system and
then users can be assigned to groups. During implementation, RecordFusion works with you
to understand the various tasks in the system and set-up your user groups. These can be
revised by the system administrator as desired. In addition to the security level, our audit
function tracks everything done in the system by each user, when and at which workstation.
This includes tracking of all file access and activity.
Security Procedures
The system supports maintaining comments on any changes to a record and tracks who
makes changes. We recommend that the Secretary of State’s Office only allow certain
personnel to have the permissions to make certain changes in the system.
Image Security
Only users with the correct permissions have the ability to scan records and the images are
automatically loaded to the system to the correct document number. These files cannot be
altered.
External and Internal Security and Connectivity
The external site is hosted on a web server which sits in a DMZ area between the internet and
the internal network. The only function of this server is to run the web site. All other services
on this machine will be turned off. The only connection between this server and the internal
network is for database and image requests.
Internal Site Security
The internal site is secured using standard Windows domain security. All images are stored
on a windows file server and only those workstations that perform scanning functions have
write access to that file system. All other machines have read only access to the file system.
The database files are stored outside the shared area and are only accessible through the
database connection. Only authorized users are allowed logins to the servers.
This is a controlled document, refer to the document control index for the latest revision
Revision: 2/14/08
PAGE 2
Change Request for Certification and Release of Funds Form
ALL CERTIFIED PROJECTS MUST FOLLOW NM STATE POLICIES AND PROCUREMENT CODE
All images are kept in the file server with access to the file controlled through a shared drive.
Only users who have a need to write images (generally only those doing scanning, image
cleanup, or redaction) are allowed to write to this drive. In addition, the Secretary of State’s
Office will specify the users who will have the ability to delete files from this share. In the
normal course of duties, there is no reason to delete a file from this file system. All other
access to this drive is read only. Windows Server auditing will be set up on those folders to
write an audit log of anyone who creates, modifies or deletes a file in the image folders. The
audit will also log any user who attempts to do any of these actions, even if they don’t have
permission to do so.
RecordFusion provides multiple levels of redundancy of data for back-up and disaster
recovery. System Backup is critical to us as well as to our clients. The Secretary of State’ s
data will reside on server(s) at the Secretary of State’s office. A secondary back-up server
will be located at our New Castle, PA Data Center/Disaster Recovery Location. Replication
between the Secretary of State’s Office and the Data Center will occur in real-time, thus
ensuring back-up of both images and indexing data.
The Secretary of State’s Office and Data Center server will be RAID protected with hot spares
and an unattended tape backup will be provided in the Secretary of State’s server, thus
ensuring 4 levels of backup and redundancy with the 5th level of redundancy being the
archive of images to microfilm for storage. There is no intervention or assistance required
from the Secretary of State’s Office, other than the periodic removal and replacement of tapes
for off-site storage at the RecordFusion Data Center or a site identified by the Secretary of
State’s Office.
Power Outages
A dedicated UPS is recommended for the server with software that ensures a ‘smart’ shutdown of the server. The UPS provides about 10 minutes of power and ensures an orderly
shut-down of the server. The UPS is included in the hardware specifications. Also, if there
is a power outage, RecordFusion, with the replication of the data to our Data Center with
24/7 operation and fully redundant power will have the data available via the web, even if the
Secretary of State’s Office is not operational due to a power outage or other disaster thus
ensuring service to your constituents.
Prevention of Data Loss
RecordFusion provides 5 levels of data redundancy including replication and storage in a fully
secure 24/7 operational facility with redundant and alternative power to ensure the security of
the Secretary of State’s Office data and images and protecting against data loss.
RecordFusion will comply with the installation timeline desired by the Secretary of State’s
Office and will provide follow-up once the software is in production to provide full assistance to
staff and public searchers as needed.
This is a controlled document, refer to the document control index for the latest revision
Revision: 2/14/08
PAGE 2