Scenario 03: SafeCity Public Safety

AI-Generated Content — Use for Reference Only

This content is AI-generated and has only been validated by AI review processes. It has NOT been reviewed or validated by certified Salesforce CTAs or human subject matter experts. Do not rely on this content as authoritative or completely accurate. Use it solely as a reference point for your own study and preparation. Always verify architectural recommendations against official Salesforce documentation.

Practice Information

Difficulty: Intermediate Domain weights: D1 System Arch: HEAVY | D2 Security: HEAVY | D3 Data: MEDIUM | D4 Solution: LIGHT | D5 Integration: MEDIUM | D6 Dev Lifecycle: LIGHT Designed for 90-120 minute prep window

Before You Start

Print this scenario. Read it twice using the Two-Pass Reading Method — once for understanding, once to extract implicit requirements. Then build your solution artifacts within the 120-minute window.

Project Overview

The City of Glendale (population ~850,000) operates 3,500 employees across three public safety departments: the Glendale Police Department (GPD), Fire and EMS (GFEMS), and the Office of Emergency Management (OEM). The mayor has launched “SafeCity” to unify operations, improve inter-department coordination, and deliver a modern digital citizen experience. Budget: $4.2M over 24 months, with pressure to show results within 9 months.

The CIO selected Salesforce after an 8-month RFP. A fundamental question remains: should all three departments share a single Salesforce environment, or operate independently with coordinated data sharing? The police union and fire leadership have strong reservations about sharing any operational environment.

Objectives: Consolidate citizen services into a single digital front door; enable cross-department incident coordination; replace aging systems; meet all compliance obligations for public safety data; provide unified cross-department reporting.

Current Systems

Glendale Police Department (GPD)

• CAD system (CentralSquare): 15 years old, processes ~2,800 dispatch events/day with sub-second response times, tightly coupled with MDTs in 450 patrol vehicles. GPD has stated the CAD will NOT be replaced.
• Records Management (RMS): IBM mainframe deployed in 1998, COBOL-based. Contains 28 years of records (~14M records): criminal records, arrests, incident narratives, evidence tracking. Only 2 staff can maintain the COBOL code, both retiring within 3 years. Data extracts: overnight batch producing fixed-width flat files.
• Internal affairs: Microsoft Access database on a network drive.
• Property/evidence management: Standalone system.

Glendale Fire and EMS (GFEMS)

• CAD: Same vendor family, different version. ~1,100 dispatch events/day.
• ePCR system: NEMSIS-compliant patient care records with PHI. Integrates with 12 area hospitals for outcome tracking.
• Fire inspections: Paper-based. Inspectors carry printed checklists; manually enter results at the office. ~18,000 inspections/year across commercial, multi-family, and public assembly properties.

Office of Emergency Management (OEM)

45 staff; activates ~200 additional personnel during emergencies. Currently uses spreadsheets, email, and SharePoint for emergency plans, resource staging, and after-action reports.

City 311 System

On-premise Java application processing ~4,500 service requests/week (potholes, noise complaints, abandoned vehicles, code violations). REST API with JSON payloads. Vendor end-of-support: December 2027.

HR and Identity

All employees in Tyler Technologies Munis (ERP). Nightly CSV extract of active employees with department, rank, badge number, and assignment. Microsoft Entra ID as primary identity provider. GPD mainframe uses separate RACF authentication; CAD systems use their own credential stores.

Business Process Requirements

1. Single citizen portal for non-emergency service requests, request status checks, public fire inspection results, and neighborhood safety information.
2. Automatic routing of citizen requests to the appropriate department with cross-department reassignment capability.
3. Cross-department incident coordination: authorized GPD, GFEMS, and OEM personnel view and contribute to shared incident records with complete audit trails.
4. Mobile fire inspections with offline capability (limited connectivity in basements/elevator shafts), photograph capture, violation recording, and on-site compliance notices.
5. Formal citizen complaint workflow against police officers: intake through investigation, review board hearing, and final disposition with strict stage-based access controls.
6. Emergency activation: rapidly stand up incident command, assign roles from pre-defined roster, track resource deployment, generate situation reports every 2 hours during active emergencies.
7. Neighborhood outreach event scheduling, attendance tracking, and follow-up action recording.
8. Multi-step police overtime approval (sergeant, watch commander, division captain) with 4-hour escalation.
9. Fire inspection schedule management: inspector zone assignment, compliance deadline tracking, automated overdue and uncorrected violation notices.
10. 311 replacement maintaining all existing categories with added photo attachment and GPS capability from mobile devices.

Data Model and Migration Requirements

11. 14M mainframe records must be accessible from the new platform. Architect must determine which records to migrate, which to access virtually, and which remain in the mainframe with a read-only archive.
12. Criminal records and arrest reports must maintain original identifiers for legal proceedings and inter-agency information sharing.
13. Unified citizen profile linking 311 requests, fire inspections, and community events — while keeping law enforcement records strictly separated and invisible to non-law-enforcement personnel.
14. 7-year minimum retention for fire inspection records per property, including photographs, violations, and compliance documentation.
15. EMS patient care records treated as PHI with access limited to authorized GFEMS medical personnel.
16. Migration must handle known mainframe data quality issues: ~15% non-standard addresses, 8% missing/invalid cross-references, unknown duplicate person records from 28 years of manual entry.
17. Versioned emergency management plans, resource inventories, and after-action reports with historical comparison.
18. Automated data retention flagging for records approaching deadlines; prevent premature deletion of records under legal hold or active litigation.

Accessibility and Visibility Requirements

19. Criminal Justice Information (CJI) accessible only to personnel with completed CJIS background checks and security training. No exceptions.
20. Strict inter-department data boundaries: fire inspectors cannot see police investigations; police cannot see EMS patient records.
21. Internal affairs records visible only to IA investigators, Police Chief, City Attorney, and civilian review board. Officer’s chain of command excluded during active investigations.
22. Citizens see only their own requests, public fire inspection results, and general safety information — never other citizens’ records or internal data.
23. Council members and mayor’s office access aggregate statistics and dashboards but not individual cases, personnel information, or restricted data.
24. During emergencies, OEM can temporarily grant expanded cross-department access to incident command personnel with automatic revocation when the emergency ends.
25. All restricted data access logged (user, records, timestamp, action); tamper-proof logs retained 5 years minimum.
26. Microsoft Entra ID for authentication plus CJIS-mandated advanced authentication for criminal justice information access.
27. Time-limited access for contractors and emergency-activated personnel with automatic expiration; non-IT personnel cannot extend access.
28. Fire inspection results for commercial properties are public records under the state FOIA — accessible without authentication.

Reporting Requirements

29. Police Chief daily dashboard: call volume by type, average response time, open cases, officer deployment — refreshed at least every 15 minutes.
30. Fire Chief monthly dashboard: inspections completed vs scheduled, overdue by zone, outstanding violations by severity, inspector productivity.
31. City Manager unified cross-department dashboard: 311 volumes and resolution times, police and fire response metrics, citizen satisfaction — drillable by department, district, and time period.
32. Council quarterly reports comparing current vs prior metrics against annual targets, formatted for public meetings (no restricted data).
33. OEM real-time situation reports during emergencies pulling from all three departments.
34. Monthly NIBRS submissions to the FBI from police incident records in mandated format.
35. Fire inspection reporting by zone, property type, violation category, and inspector.
36. Ad hoc reporting for departmental analysts without IT involvement; report builders cannot expose restricted data beyond their scope.

Development Lifecycle Requirements

37. 12-person city IT department; 3 dedicated full-time to SafeCity. Systems integrator for the 24-month implementation.
38. Formal Change Advisory Board (CAB) meets bi-weekly for production change approval.
39. UAT by departmental representatives required; GPD providing only 2 part-time testers due to staffing.
40. Phased rollout: Phase 1 (citizen portal + 311 replacement) within 9 months per mayor’s commitment. Phase 2: fire inspection automation + cross-department coordination. Phase 3: remaining requirements.
41. 6-month knowledge transfer from integrator to internal IT team with complete documentation.
42. All artifacts in version control with automated deployment processes.

Key Stakeholder Positions

CIO Reeves: “Our biggest risk is the mainframe. We lose our COBOL expertise within three years. Whatever we build has to pass a CJIS audit — we cannot afford to lose our FBI access.”

Police Chief Torres: “If there is even a hint that fire or city hall staff can see our investigation files, I will pull my department out of the project. Internal affairs records stay locked down — no exceptions.”

Fire Chief Okafor: “Our inspectors waste 3 hours a day on paperwork. Get them mobile tools that work in basements where there is no signal. And do not slow down my dispatch system — lives depend on those response times.”

Implicit Requirements

Pay attention to user counts, data volumes, system constraints, compliance references (CJIS, HIPAA, FOIA), the single-org vs multi-org question, timeline pressures, and stakeholder non-negotiables. Not everything that matters is stated as a formal requirement.

Related Study Material

• Org Strategy — single-org vs multi-org decision framework
• Data Classification — public, confidential, restricted data tiers
• Sharing Model — role hierarchy, OWD, sharing rules
• Identity & Access Management — SSO, MFA, CJIS authentication
• Integration Patterns — real-time, batch, and virtual integration
• Large Data Volumes — strategies for millions of records
• Data Migration — planning, sequencing, data quality