The URL can be used to link to this page

AGR-6868 - CYLANCE INC - SECURITY CONSULTING AND DESIGN SERVICESp R PROFESSIONAL SERVICES AGREEMENT Security Consulting and Design Services] THIS PROFESSIONAL SERVICES AGREEMENT (the "Agreement") is made at Orange, California, as of N. O 2020 ("Effective Date") by and among the CITY OF ORANGE, a municipal corporation ("City") and CYLANCE, INC., a Delaware corporation ("Contractor"), with its principal office for purposes of this Agreement at 400 Spectrum Center Drive, Suite 900, Irvine, CA 92618,with reference to the following: 1. Services. Subject to the terms and conditions set forth in this Agreement, Contractor shall provide to the reasonable satisfaction of City,the services set forth in E chibit"A", which is attached hereto and incorporated herein by this reference. All services provided shall conform to all federal, state and local laws, rules and regulations and to the best and highest professional standards and practices. The terms and conditions set forth in this Agreement shall control over any terms and conditions in Exhibit "A"to the contrary. 2. Compensation and Fees. a. Contractor's total compensation for all services performed under this Agreement, shall not exceed SEVENTY-SEVEN THOUSAND DOLLARS and 00/100 77,000.00)without the prior written authorization of City. b. The above compensation shall include all costs, including, but not limited to, all clerical, administrative, overhead, insurance, reproduction, telephone, travel, auto rental, subsistence and all related expenses. 3. Pavment. a. As scheduled services are completed, Contractor shall submit to CiTy an invoice for the services completed, authorized expenses and authorized extra work actually performed or incurred. b. All such invoices shall state ie-basis for the amount invoiced, including services completed,the number of hours spent and any extra work performed. c. City will pay Contractor the amount invoiced within thirty (30) days of approval of all deliverables. d. Payment shall constitute payment in full for all services, authorized costs and authorized extra work covered by that invoice. 4. Chanse Orders. No payment for extra services caused by a change in the scope or complexity of work, or for any other reason, shall be made unless and until such extra services and a price therefor have been previously authorized in writing and approved by City as an amendment to this Agreement. The amendment shall set forth the changes of work, extension of time, and adjustment of the compensation to be paid by City to Contractor. 5. Licenses. Contractor represents that it and any subcontractors it may engage possess any and all licenses which are required under state or federal law to perform the work contemplated by this Agreement and that Contractor and subcontractors, if any, shall maintain all appropriate licenses, including a City of Orange business license, at its cost, during the performance of this Agreement. 6. Independent Contractor. At all times during the term of this Agreement, Contractor shall be an independent contractor and not an employee of City. City shall have the right to control Contractor only insofar as the result of Contractor's services rendered pursuant to this Agreement. City shall not have the right to control the means by which Contractor accomplishes services rendered pursuant to this Agreement. Contractor shall, at its sole cost and expense, furnish all facilities, materials and equipment which may be required for furnishing services pursuant to this Agreement. Contractor shall be solely responsible for, and shall indemnify, defend and save City harmless from all matters relating to the payment of its subcontractors,agents and employees,including compliance with social security,withholding and all other wages, salaries, benefits, taxes, exactions, and regulations of any nature whatsoever. Contractor acknowledges that Contractor and any subcontractors, agents or employees employed by Contractor shall not, under any circumstances, be considered employees of City, and that they shall not be entitled to any of the benefits or rights afforded employees of City, including,but not limited to, sick leave,vacation leave,holiday pay, Public Employees Retirement System benefits, or health, life, dental, long-term disability or workers' compensation insurance benefits. 7. Contractor Not Agent. Except as City may specify in writing, Contractor shall have no authority, express or implied, to act on behalf of City in any capacity whatsoever as an agent. Contractor shall have no authority, express or implied, to bind City to any obligation whatsoever. 8. Designated Persons. Only those persons designated in Exhibit "A", if any, shall perform work provided for under this Agreement provided that it is understood by the parties that clerical and other nonprofessional work may be performed by persons other than those designated. 9. Assignment or Subcontractin. No assignment or subcontracting by Contractor of any part of this Agreement or of funds to be received under this Agreement shall be of any force or effect unless the assignment has had the prior written approval of City. City may terminate this Agreement rather than accept any proposed assignment or subcontracting. Such assignment or subcontracting may be approved by the City Manager or his/her designee. 10. Time of Comnletion. Contractor agrees to diligently prosecute completion of the work in accordance with any time period set forth in Exhibit"A"hereto or otherwise agreed to by and between the representatives of the parties. 11. Time Is of the Essence. Time is of the essence in this Agreement. Contractor shall do all things necessary and incidental to the prosecution of Contractor's work. 2 12. Reserved. 13. Delays and Extensions of Time. Contractor's sole remedy for delays outside its control, other than those delays caused by City, shall be an extension of time. No matter what the cause of the delay,Contractor must document any delay and request an extension of time in writing at the time of the delay to the satisfaction of City. Any extensions granted shall be limited to the length of the delay outside Contractor's control. If Contractor believes that delays caused by City will cause it to incur additional costs, it must specify, in writing, why the delay has caused additional costs to be incurred and the exact amount of such cost at the time the delay occurs. No additional costs can be paid that exceed the not to exceed amount stated in Section 2.a, above, absent a written amendment to this Agreement. 14. Products of Contractor. The documents, reports, studies, technical data, logs, files, evaluations, assessments,plans, designs, materials,manuals and other products produced or provided by Contractor for this Agreement shall become the property of City upon receipt. Contractor shall deliver all such products to City prior to payment for same. City may use, reuse or otherwise utilize such products without restriction. 15. Equal Employment Opportunity. During the performance of this Agreement, Contractor agrees as follows: a. Contractor shall not discriminate against any employee or applicant for employment because of race, color,religion, sex,national origin,mental or physical disability, or any other basis prohibited by applicable law. Contractor shall ensure that applicants are employed, and that employees are treated during employment, without regard to their race, color, religion, sex,national origin,mental or physical disability, or any other basis prohibited by applicable law. Such actions shall include,but not be limited to the following: employment,upgrading,demotion or transfer,recruitment or recruitment advertising,layoff or termination,rates of pay or other forms of compensation and selection for training, including apprenticeship. Contractor agrees to post in conspicuous places, available to employees and applicants for employment, a notice setting forth provisions of this non-discrimination clause. b. Contractor shall, in all solicitations and advertisements for employees placed by, or on behalf of Contractor, state that all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, mental or physical disability, or any other basis prohibited by applicable law. c. Contractor shall cause the foregoing paragraphs(a)and(b)to be inserted in all subcontracts for any work covered by this Agreement, provided that the foregoing provisions shall not apply to subcontracts for standard commercial supplies or raw materials. 16. Conflicts of Interest. Contractor agrees that it shall not make, participate in the making, or in any way attempt to use its position as a contractor to influence any decision of City in which Contractor knows or has reason to know that Contractor, its officers, partners, or employees have a financial interest as defined in Section 87103 of the Government Code. 3 Contractor further agrees that it shall not be eligible to work as the design/build firm for the project that is the subject of this Agreement. 17. Indemnitv. a. To the fullest extent permitted by law, Contractor agrees to indemnify, defend and hold City,its City Council and each member thereof,and the officers,officials,agents and employees of City(collectively the"Indemnitees")entirely harmless from all liability arising out of: 1) Any and all claims under worker's compensation acts and other employee benefit acts with respect to Contractor's employees or subcontractor's employees arising out of Contractor's work under this Agreement, along with any and all claims under any law pertaining to Contractor's status as an independent contractor;and 2) Any and all claims alleging personal injury or property damage to the extent caused by the gross negligence or willful misconduct of the other party in connection with this Agreement. The obligations under this Section 17 are conditioned upon the party seeking indemnification giving the indemnifying party prompt written notice of any claim, action, suit or proceeding; (ii) granting complete control of the defense and settlement to the indemnifying party; and (iii) reasonably cooperating with the indemnifying party at the indemnifying party's expense. b.Except for the Indemnitees, the indemnifications provided in this Agreement shall not be construed to extend any third party indemnification rights of any kind to any person or entity which is not a signatory to this Agreement. c. The indemnitees set forth in this section shall survive any closing, rescission, or termination of this Agreement, and shall continue to be binding and in full force and effect in perpetuity with respect to Contractor and its successors. 18. Insurance. a. Contractor shall carry workers' compensation insurance as required by law for the protection of its employees during the progress of the work. Contractor understands that it is an independent contractor and not entitled to any worker's compensation benefits under any City program. b. Contractor shall maintain during the life of this Agreement the following minimum amount of comprehensive general liability insurance or commercial general liability insurance: the greater of(1) Two Million Dollars ($2,000,000); or (2) all the insurance coverage and/or limits carried by or available to Consultant. Said insurance shall cover bodily injury, death and property damage. 4 c. Contractor shall maintain during the life of this Agreement, the following minimum amount of automotive liability insurance: the greater of(1) a combined single limit of One Million Dollars ($1,000,000); or (2) all the insurance coverage and/or limits carried by or available to Consultant. Said insurance shall cover bodily injury, death and property damage for all owned,non-owned and hired vehicles and be written on an occurrence basis. d. Any insurance proceeds in excess of or broader than the minimum required coverage and/or minimum required limits which are applicable to a given loss shall be available to City. No representation is made that the minimum insurance requirements of this Agreement are sufficient to cover the obligations of Consultant under this Agreement. e. Each policy of general liability and automotive liability shall provide that City, its officers, officials, agents, and employees are declared to be additional insureds under the terms of the policy, but only with respect to the work performed by Contractor under this Agreement. A policy endorsement to that effect shall be provided to City along with the certificate of insurance, which endorsement shall be on Insurance Services Office, Inc. Form CG 20 10 10 O1. In lieu of an endorsement, City will accept a copy of the policy(ies)which evidences that City is an additional insured as a contracting party. The minimum coverage required by Subsection 18.b and c, above, shall apply to City as an additional insured. f.Contractor shall maintain during the life of this Agreement professional liability insurance covering errors and omissions arising out of the performance of this Agreement with a minimum limit of Two Million Dollars ($2,000,000)per claim. Contractor agrees to keep such policy in force and effect for at least five (5) years from the date of completion of this Agreement. g. The commercial general and automobile liability insurance policies maintained by Contractor shall be primary insurance and no insurance held or owned by City shall be called upon to cover any loss under the policy. Contractor will determine its own needs in procurement of insurance to cover liabilities other than as stated above. h. Before Contractor performs any work or prepares or delivers any materials, Contractor shall furnish certificates of insurance and endorsements, as required by City, evidencing the aforementioned minimum insurance coverages on forms acceptable to City,which shall provide that the insurance in force will not be canceled or allowed to lapse without at least ten(10) days' prior written notice to City. i.Except for professional liability insurance coverage that may be required by this Agreement, all insurance maintained by Contractor shall be issued by companies admitted to conduct the pertinent line of insurance business in California and having a rating of Grade A or better and Class VII or better by the latest edition of Best Key Rating Guide. In the case of professional liability insurance coverage, such coverage shall be issued by companies either licensed or admitted to conduct business in California so long as such insurer possesses the aforementioned Best rating. 5 j.Contractor shall immediately notify City if any required insurance lapses or is otherwise modified and cease performance of this Agreement unless otherwise directed by City. In such a case, City may procure insurance or self-insure the risk and charge Contractor for such costs and any and all damages resulting therefrom, by way of set-off from any sums owed Contractor. k. Contractor agrees that in the event of loss due to any of the perils for which it has agreed to provide insurance, Contractor shall look solely to its insurance for recovery. Contractor hereby grants to City, on behalf of any commercial general and automobile liability insurer providing insurance to either Contractor or City with respect to the services of Contractor herein, a waiver of any right to subrogation for the policies which any such insurer may acquire against City by virtue of the payment of any loss under such insurance. l.Contractor shall include all subcontractors, if any, as insureds under its policies or shall furnish separate certificates and endorsements for each subcontractor to City for review and approval. All coverages for subcontractors shall be subject to all of the requirements stated herein. 19. Termination. City may for any reason terminate this Agreement by giving Contractor not less than five (5)days' written notice of intent to terminate. Upon receipt of such notice, Contractor shall immediately cease work, unless the notice from City provides otherwise. Upon the termination of this Agreement, City shall pay Contractor for services satisfactorily provided and all allowable reimbursements incurred to the date of termination in compliance with this Agreement, unless termination by City shall be for cause, in which event City may withhold any disputed compensation. City shall not be liable for any claim of lost profits. 20. Maintenance and Insnection of Records. In accordance with generally accepted accounting principles, Contractor and its subcontractors shall maintain reasonably full and complete books, documents, papers, accounting records, and other information (collectively, the records")pertaining to the costs of and completion of services performed under this Agreement. City and its authorized representatives shall have access to and the right to audit and reproduce any of Contractor's records regarding the services provided under this Agreement. Contractor shall maintain all such records for a period of at least three (3) years after termination or completion of this Agreement. Contractor agrees to make available all such records for inspection or audit at its offices during normal business hours and upon three(3)days' notice from City,and copies thereof shall be furnished if requested. 21. Compliance with all Laws/Immi ration Laws. a. Contractor shall be knowledgeable of and comply with all local, state and federal laws which may apply to the performance of this Agreement. b. Contractor represents and warrants that Contractor: 1) Has complied and shall at all times during the term of this Agreement comply, in all respects, with all immigration laws, regulations, statutes, rules, codes, 6 and orders, including, without limitation, the Immigration Reform and Control Act of 1986 IRCA); and 2) Has not and will not knowingly employ any individual to perform services under this Agreement who is ineligible to work in the United States or under the terms of this Agreement; and 3) Has properly maintained, and shall at all times during the term of this Agreement properly maintain, all related employment documentation records including, without limitation, the completion and maintenance of the Form I-9 for each of Contractor's employees; and 4) Has responded, and shall at all times during the term of this Agreement respond, in a timely fashion to any government inspection requests relating to immigration law compliance and/or Form I-9 compliance and/or worksite enforcement by the Department of Homeland Security, the Department of Labor, or the Social Security Administration. c. Contractor shall require all subcontractors to make the same representations and warranties as set forth in Subsection 21.b. d. Contractor shall, upon request of City, provide a list of all employees working under this Agreement and shall provide,to the reasonable satisfaction of City,verification that all such employees are eligible to work in the United States. All costs associated with such verification shall be borne by Contractor. Once such request has been made, Contractor may not change employees working under this Agreement without written notice to City, accompanied by the verification required herein for such employees. e. Contractor shall require all subcontractors to make the same verification as set forth in Section d. f.If Contractor or subcontractor knowingly employs an employee providing work under this Agreement who is not authorized to work in the United States, and/or fails to follow federal laws to determine the status of such employee,that shall constitute a material breach of this Agreement and may be cause for immediate termination of this Agreement by City. g. Contractor agrees to indemnify and hold City, its officials, and employees harmless for, of and from any loss, including but not limited to fines, penalties and corrective measures,City may sustain by reason of the Contrator's failure to comply with said laws,rules and regulations in connection with the performance of this Agreement. 22. Governing Law and Venue. This Agreement shall be construed in accordance with and governed by the laws of the State of California and Contractor agrees to submit to the jurisdiction of California courts. Venue for any dispute arising under this Agreement shall be in Orange County, California. 7 23. Inte ration. This Agreement constitutes the entire agreement of the parties. No other agreement,oral or written,pertaining to the work to be performed under this Agreement shall be of any force or effect unless it is in writing and signed by both parties. Any work performed which is inconsistent with or in violation of the provisions of this Agreement shall not be compensated. 24. Notice. Except as otherwise provided herein, all notices required under this Agreement shall be in writing and delivered personally, by e-mail, or by first class mail,postage prepaid,to each party at the address listed below. Either party may change the notice address by notifying the other party in writing. Notices shall be deemed received upon receipt of same or within 3 days of deposit in the U.S. Mail, whichever is earlier. Notices sent by e-mail shall be deemed received on the date of the e-mail transmission. CONTRACTOR" CITY" Cylance, Inc City of Orange 400 Spectrum Center Drive, Suite 900 300 E. Chapman Avenue Irvine, CA 92618 Orange, CA 92866-1591 Attn.: Cheree James Attn.: Steven Scardina Telephone No.: 323-456-6707 Telephone No.: 714-744-2283 E-Mail: cjames@cylance.com E-Mail: sscardina@cityoforange.org 25. Counternarts. This Agreement may be executed in one or more counterparts,each of which shall be deemed an original, but all of which together shall constitute one and the same instrument. Signatures transmitted via facsimile and electronic mail shall have the same effect as original signatures. Remainder of page intentionally left blank; signatures on next page] 8 IN WITNESS of this Agreement, the parties have entered into this Agreement as of the year and day first above written. CONTRACTOR" CITY" CYLANCE, INC., a Delaware CITY OF ORANGE, a municipal corporation corporati B B v CY• Y• Printed ame. . c 1f C. Mai A. Murphy,Mayor Title: a€cortilNG OFFICER By: ATTEST: Printed Name: Title: Pamela Coleman, City Clerk APPROVED AS TO FORM: Mary E.Bi ng Senior Assistant City Attorney NOTE:The City requires the following signature(s) on behalf of the Contractor: 1) the Chair`nan of the Board, the President or a Vice President,AND (2) the Secretary, the Chief Financial Officer, the Treasurer, an Assistant Secretary or an Assistant Treasuren If only one corporate officer exists or one corporate officer holds`rzore than one corporate office,please so indicate. OR The corpopate officer named in a corporate resolution as authorized to enter into this Agreement. A copy of the corporate resolution, certified by the Secretaty close in time to the execution of the Agreement, must be provided to the City. 9 EXHIBIT "A" COPE OF SERVICES Beneath this sheet.] taterner t o rl<0 City of Orange A gust 8 , 019 I 1-577-7:3-333E E)rUS'fVICCs(ri cylanca,tor7 4vw;v.cyli3f}(:('_.CC1rfl CUllSIfltlll-; I Statement of Tork This 5tatement of Work{SOV4 is effective as oF the date]ast signed helow("Effective Date"),is subject to the Terms and Conditions ttached hereto{the"Terms and Cnnditions"},and is entered into by and between Cylance,Inc.{"Cyfance"}and City af Orange(the"Client"}. This SOW and the Terms and Conditions are together referred to as the"Agreement". Scope Cylance shall perform the services descrihed in this S4W{"Services"). Cylance shall provide the Services in accordance with this Agreement using its own equipment,taols,and other materials unless otherwise described herein. Incident Response Retainer Client desires to purchase 200 pre-paid hours far a period beginning as of the date last signed belaw and expiring March 31,2022. Cylance and Client agree to the follawing: Incident Response Services.The Pre-Paid Hours may be used for Incident Response/ncident Containment Services or any other servires Cylance currently offers during the ffective Perioc4. Notice.The designated hours can be used toward any iR as well as any ather services offered by Cylance,For non-IR relatetl services,hours must be used in blocks of at least 20 hours each.Two weeks'notice is requested for services other than IR in the preparation. This allows Cylance to properly schedule resources to meet the specific remediation requirements. Pre-Paid Hnurs Expiration.Customer agrees that afterthe Effective Period all Pre-Paid Hours that are not performed with Accegtance{as deFined in this agreement)wi11 be forfeited by Customer with the value therefore earned by Cylance and not refundable to Customer.The Effective Period shall be defined as the period beginning on the date last signed below and ending March 31,2022. Additianal Service Haurs.In the event client requires additional service hours,the price for these are as Follaws: $36S per haur. Cylance Response Service Level Agreement Details: li ation. In the event Client suffers a Security Incident and contacts Cylance by e-mai]and by telephone to 1+{877} 973-3336,Cylance wil]respond to Client via email and/or pt one within twelve(12) hours. If on-site assistance is requested,Cyfance will have a consultant dispatched to the applica}ale Client facility within twenty-four(24 hours of the date of receiving the original request. Exc ptions. Cylance shall be relie ed of its obligation under this Incident Response Seroices SLA if any of the following is true: The applicable Client facility is outside of the continental United States of America. Cylance is prevented from meeting its obligation under this Incident Response Services SLA by a cause or causes beyond the reasonable control of Cylance(including but not limited to travel limitations,war,sabotage,insurrectian,riots,civil disobedience,and the like,acts aE governments and agencies thereof,fires or acts of God},but in the case Cylance is pre ented Proprietary and Confidential 1 P a g e from meeting its obligation solely due to travel limitations,Cylance must make a Cylance consultant available to Client by telephone, Remedies Client's sole and exclusive remedy for any failure of ylance to rneet its obligations under this incident tesponse Services SLA is: If Cylance does not meet its obligation within thirty-six(36)hours of the date and time of the e-mail and phone call by Client described abave,the first twa(2}hours of Incident Response Services shall not be deducted from Client's Pre-Paid Haurs. f Cylance does not meet its obligation within seventy-two{72}haurs af the date and time of the e-mail and phone call by Client described a6ove,then an additional four{4) hours af Incident Response Seivices shall not be deducted from Client's Pre-Paid Hours a cumulative total of six{6]hours). Summary of Service Incident Response Services Based upon the scope and Service Levels stated above,Cylance wi11 respond and provide incident Response Services at the request and benefit af the Client. A summary of these services follow. Incident Respanse The objective of this professional services engagement is to assist Client with responding to a suspected security incident,The activities performed may include,but are not limited to,the following: Investigative support and directian as requested. Makware,forensic and log analysis as required. Remediation planning and assistance. Regular status reparting and pro}ect management-related activities. Reporting and/or presentations associated with findings and recommendations. Forensic Investigation The objective of this professional sen+ices engagement is to assist the City of Or nge with responding to a forensic investigatian.The activities performed may include,hut are not limited to, the following: Determine the investigati n scope Create an investigative plan Forensic acquisitian of electronic data Adhere to strict chain-of-custody procedures Analyze acquired data Reporting and/or presentations associated with findings and recommendations. Itt additron ta the services listed above,the Cdient may also use available hours toward other services pravided in C}Iance's suite of Professiona]Servfces afferings, Cylance requests two weeks'notice for scheduliny antf preparation for these services. These services include,but are notlimired to: Compramise Assessment Red Team Assessment Cybersecurity training Web and Mobile Application Assessment ThreatZERO&ThreatZERO Assurance Source Code and Threat Modeling Assessment Praprietar.y and Confidential 2 P a g e Internal and External Penetration Assessment Wireless 5ecurity Assessment Firewa1l,VPN,and Network Architecture Assessment Social Engineering Physical SecuriryAssessment Industrial Control Systems(ICS) Security Assessment Security Go ernance and Risk Assessment 1S0 27000 Policy Gap Analysis I e iverables ln connection with the Project,Cylance will produce the following deliverables,where applicable each a"Deliverable"and collectively,the"Deliverables"}; Daily and/or Weekly Status Rep4rts may include: o The findings discovered in the]ast twenty-four hours o The tasks completed forthe last twenty-four hours o The tasks planned Far the next twenty-Four hours o Any issues that need to be addressed o Any patential ind'scators oFcompromise identiFed Draft Reparts Fina1 Reports o Executive Summary Report o Graphical Summary af the testing results Strategic Remediation Roadmap Detailed Findings&Remediation Tracking Spreadsheet o Includes the finding name,findings details,vulnerable host/iP,vulnerability severity, detailed recommendations and screens shots o Assigned owners,vulnerabilities sorted by hosLname/IP address and Client assigned pri or'sties Executive Presentation upan request ncludes a raenate executive review of the results customized to meet the Client's needs At a minimum Cylance will assign a resource(s)after contract signature. Resources ylance w ll provide Client with a project team that includes overall project oversight,director oversight,project management,and dedicated consultant{s}, Engagment Project Manager o Coordinates status update cal]s and comrnunications o Tracks project progress o Informs hours of utilizatian o Notifies project setbacks Technical Lead(s) o Senior Consultant(s) o Technical delivery o Primary point af contact o Delivery of pra}ect methodology o Qwner of testing,analytics,and reporting Incident Containment Practice D"srector o Oversight for IR,CA,and BEC Assessments Regional Director o Overal] Project Oversight Proprietary and Canfidential 3 P a g e o Highest poittt of Escalation Additional members will he assigned as needed Schedule The project manager will commence on a mutually agreed date,typically 2-4 weeks after the Effective Date. Prior to the project commencement,a kick-off call w:ll be held to con rm praject logistics and timing.Cylance's assigned praject manager will create a mutually agreed upan Engagement Schedule and the scape of this project will be executed based on that plan, Notwithstanding the foregoing,all timelines,deliverables and implementatian efforts outlined in this 50W are estimates anly.This retainer is valid for a period of 24-months after sign-off. Fees Incident Response Retainer ZQO hours @$385Jhr;includes 2-day onsite Readiness Assessment 0(}O.U SUB TUTAL: 77,pUQAO T TAL: 77,ODU.00 Purchase Urder YES NO Client Billing Information Bill To: City of Orange Attn: Accounting Address: 340 E Chapman Ave,Orange,CA 92$66 E-mail: accountspayable@cityoforange.org Telephane; 714) 744-2225 Proprietary and Canfidential 4 ( P a g e Points of Contact Name of Primary Contact: Rob Youngquist E-mail:ryoungquist@cityoforange.arg Telephone: 714.744.22B2 Name of Primary ontact: Cheree James Position: Consulting Sales Manager E-maiL• cja riic:>_L-;;i_:>>ice.c.i_ Mobile Telephone: 323) 45b-6707 Attn: Accounting E-mail:ar cylance.com Expenses I n addition to the Fee listed above,Client shall reimburse Cylance for actual travel and lodging expenses incurred by Cylance in connection with the Project,such as airfare,lodging,meals and ground transportation. All travel and related expenses will be l illed ta Client at the end of the Project unless the Pro}ect extends bey nd thirty(30)days,in which case expenses will he biiled monthly.The expenses billed will reflect the actual cost incurred by Cylance for iravel and related expenses withaut markup. Payment Terms Client shall pay all invoices within thirty{30]days of receipt thereaf fi-om Cylance.Client shall pay all sales and other taxes,however,designated,which are levied or imposed in onnecti n with the Project,except for taxes based on Cylance's net incame.If Client fails to make payments when due then Cylance may,without limiting any other available remedies,suspend performance of the Services. Acceptance Within ten (10)business days of receipt of the Deliverables,Client shall re iew and inspect all Ueliverables and either[i)execute and deliver a Project Acceptance Report{"PAR"],in form to be provided by Gylance,acknawledging acceptance of the Deli erables and completion of the Project or{ii) deliver a written statement to Cylance describing in reasonable detail the failure of any Deliverable to conform with the terms ofthis SOW.In the absence of receigt of such notice of non- contormance,all Deliverahles shall be deemed accepted following the lapse of such ten{10) business day periad. Proprietary and Canfidential 5 P a g e Project Specific Assumptions Client is responsible far network availability at all times during the Project;lack of network readiness or access to specific files or other data may result in lack of praductivity by Cylance or may otherwise affect the accuracy of the res.ults. All devices within the desired environment will be accessible via network connecti ity and accessibility prior to the engagement commences. Client wiil identify th point of contact For engagement. Client will pravide the Cylance ronsultant with necessary documentation related ta engagements,as needed. C]ient will provide the Cylance consultant with access to all necessary facilities and computer systems{to include passwords)while on site. Client wil]provide the Cylance consultant office space or a desk while onsite,as needed. Client will schedule any interviews with the appropriate individuals as requested by the Cylance Project Manager The Cylance cansultant will be provided relevant informatian on proposed applications and computing systems. Client personnel will be available to grant access to facilities and systems,as needed_ Client is responsible For network availability at all times during the Project;lack of network readiness may result in lack of productivity for the Cylance consultant All devices within the desired en ironment wi]1 be accessible via network connectieity and accessibility prior to the engagement commences. Client personnel will be available to grant access to facilities and systems,as needed. Agreement The parties have cau5ed this Agreement to be executed by their duly authorized representatives as of the Effective Date. CYLANCE,Inc. City of Orange Signature Signature Name Name Title Tit]e Date Date Proprietary and Confidential 6 P a g e Terms and Conditions 1. GENERAL. 1.1.Amendment of Statements of Work.If at any time,Client requests a change to the S W,then Cylance will meet with Client to discuss the proposed change and the parties shall attempt to agree upan an addendum to the SOW reflecting the requested change.The addendum shall he deemed part of the SOW and this Agreement upon authorization by Client and Cylance. 1.2.Client's Obiigations.Client acknawledges that Client's timely provision of{and Cylance's access to) relevant Client assistance,caaperation,and camplete and accurate information and data, and securing all necessary third-party consents and appravals,is essential to the performance of the Services,and that Cylance shall not be liable for any deficiency in performing the Services if such deficiency results fram Client's failure to provide the faregoing.Client shall provtde Cylance with appropriate information concerning,and reasonable access to,Client's computer systems and pro ide all information,access and fu1l,good Eaith caoperation reasonably necessary to facilitate the Services,inciuding one or more emplayees of Client who have substantial computer systems and network and project management experience to act as a liaison between Client and Cylance. Client agrees that Cylance may pravide forensic analysis,cumpramise assessment,ar other sottware toals for Client to install on Client's systems as needed to provide the Services,or Cylance may install the software tools on Client's systems,as appropriate for the Services.If Client fails or delays in its performance of any of the foregoing,Cylance shall be relieved of its ohligatians hereunder to the extent such o6ligations are dependent on such perfarmance. 2. O IVIVERSHIP. 2.1.By Client.Subject to Cliertt's fulfillment of its payment obligations under the SOW,Client shall own all right,title and interest in and to the Deliverables.As used herein"Data"means[a) all data and infarmatian(i)submitted to Cylance by Client or(ii)which is Client created and/or owned data and information to which Cylance has access in connection with the provision of Services and (b)all derivatives of any of the foregoing.All Data to shall remain the sole property of Client,and Cylance shall not use Data for any purpose other than that of rendering the Servi es under this Agreement. 2.2.By Cylance.All methods ar processes used or develaped by or for Cylance in or for the provision of Services,and all documentation,records,raw data,materials,work praduct,concepts, information,inventions,improvements,designs,programs,formulas,know-how,or writings related thereto,other than Reliverables,authored,prepared,created,made,developed,delivered, canceived or reduced to practice,in whole ar in part,by Cylance in the course of psoviding the Services (collectively,the"Cylance[P")are and wi]1 be the sole and exc u5ive property of Cylance, Client shall not hy virtue of this Agreement or either party's performance thereof obtain any intellectual property ar other ownership rights in any Cy ance]P(defined herein). 3. CUNFIDENTIAL Y1V'QRMATION. 3.1.Definitian.For purposes of this Agreement,"Confidential Information"means:(i) a11 information of a party(the"Disclosing Party")that is disclosed to the other party(the"Receiving Parry"]that is markea or otherwise clearly identified as confidential,and (ii] al]information of the Proprietary and Confidential 7 P a g e Disclasing Party disclased to the Receiving Parry,whether or not so marked or designated,that the Receiving Party knaws or reasonably should know,based on the circumstances of disclosure,to be confidential,including,without limitatian,any and all informatian or proprietary materials(in every form and media)that ha e been or are hereafter disclosed and that are not generally known in the relevant trade or industry of the Receiving Party or their respective affiliates or third parties with which the Receiving Party conducts or may conduct business.Confidential Information includes,without limitation,{a)all trade secrets and intellectual property; (b}existing or contemplated products,services,designs,technology,processes,technica data,techniques, methodo]ogies and concepts and any informaCion related thereto; {c}information relating to business plans,forecasts,sales or marketing methods,business and product strategies,pricing and Client lists or requirements; [d]algorithms,software source cade,ohject code and compiled code; e)pricing infarmation related to the performance af services under this SQW; and(f}market research data,whether containing historic,current or future-related informatian and whether containing proprietary Disclosing Party data or third-party cammercial data. 3.2.Exceptions.Confidential Infarmation sha]1 nat include information that the Receiving Party can demonstrate hy its awn records: (1}was publicly available at the time it was communicated to the Receiving Parry; (2)became publicly avai]able subsequent to the time it was communicated to the Receiving Party through no fault of the Receiving ParTy; (3}was in the Receiving Party's possessian free of any obligation of conFdence at the time it was communicated ta the Receiving Party; (4)was rightfully communicated to the Receiving Party free of any obligation of confidence subsequent to the time it was communicated; or(5)was developed by employees or agents of the Receiving Party independently of and without reference to or use oEany Confidential Infarmation comrnunicated to the Receiving Party. 3.3 Obligations.The Receiving Party shall hold the Disclosing Party's Confidential Infflrmatian in strict confidence and shall treat such Confldential]nfnrmation with the sattle degree af care that it uses to protect its own Canfidential Information,The Receiving Party shall only use the Disclosing Party's Confidential Information as required to accomplish the intent of this Agreement. Notwithstanding the above,the Receiving Party shall not be in iolation of this Section 3.3 with regard to a disclosure ta the extent(i}required by applicable disclnsure laws or regulations,or[ii} in response to a valid order by a court or ather governmental body,in which case the Receiving Parry must provide the Disclosing Party with prior written notice of such disclosure sufficient to permit the isclosing Party to seek a pratective order or other confidential treatment of such information,attd must cooperate in any attempt to seek such protective order or other confidential treatment_ 4. 'IVARRANTY. 4.1.Services.Cylance warrants to the Client that Cylance will perform Services in a professional manner by qualifiec#personnel and in a manner consistent with industry standards.Client's sole and exclusive rernedy for Cylance's breach of the foregoing warranty shall be to provide Cylance with a written description of such hreach within thirty(30) da s from the date af performance of the nonconforming Services{or portion thereaf,if applicable],in which case Cylance shall promptly and at its expense,use commercially reasonable efforts to re-perform such Services{or partion thereot].If Cylance cannot r-perform such Services in canformity with this warranty,then Cylance Qrogrietary and Confidential 8 P a g e will refund fees paid by Client to Cylance in respect of the Services that fail ta meet this warranty.If no written rejection is given to Cylance by Client within such thirty{34}days,such Deliverable or Service sha11 be deemed accepted.This Section represents Cylance's sole liability,and Client's sole and exclusive remedy,for a breach of the Services warranry. 4.2.Disclaimer.EXCEPT AS EXPRESSLY S T FQRTH [N THIS SECTION 4,CYLANCE MAKES NO OTHER WARRANTIES,EITHER EXPRESS QR IMPLIED,AS TO ANY OTHER MATTER WHATSOEVER, 1PiCLUDING,WITHQUT LIMITATION,THE CONDITION OF THE SERVICES OR DELIVERABLES,AND CYLANCE HEREBY EXPRESSLY DISCLAIMS ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR ANY PARTICULAR PURPQSE OR NEED,ACCURACY,N41V-INFRiNGEMENT,AND ANY WARRANTIES THAT MAY ARISE FROM C4URSE QF DEALING,COURSE OF PERFORMANCE OR USAGE OF TRADE. 5. 1NDEMNITY. Each parry agrees to defend,indemnify,and hold harmless the other,its officers,directors, employees and agents(each of the foregoing,an"Indemnified party"}from and against any and all third party claims,losses,liabilities,expenses (including reasonable attorneys'fees and legal expenses related to such defense),fines,penalties,taxes or damages (collecti ely,"Liabilities") alleging personal injury or property damage to the extent caused by the gross negligence or willful misconduct of other parly in connection with this Agreement.The obligations under this Section 5 are conditianed upan the party see4cing indemnification giving the indemnifying party prompt written notice of any claim,action,suit or proceeding; (ii}granting complete control af the defense and settlement ta the indemnifying party; and (iii) reasonabty caoperating with the indemnifying party at the indemnifying party's expense. 6. ASSIGNMENT. This Agreement will inure to the benefit oFand be binding upon any permitted successors ar assigns of the parties hereto.Each party shall be permitted,without the consent of the other,to assign this Agreement in the event of znerger,acquisition,or other change in cantrol of such party. In ather circumstances,cansent of the other party shall be required,and such consent shall not be unreasonably withheld.For purposes of this Agreement,control means awnership of 50%or more of the voting interests of any entity. 7. TERMINATIUIV. 7.1.For Convenience. At any time upon thirty{30) days'advance written notice to Cylance,Client may terminate all or any pnrtion of the Services pursuant ta the SOW.In the event af such termination for convenience, aad with respect to the Services so terminated,Cylance sha11 be ent'stled to compensation in accardance with the SOW for Services performed prior to the effective date of terminatian and shall also he ent"stled to reasonable compensation far de-mobilization and re-mabi]ization accasioned by the termination, Proprietary and Confidential 9 E P a g e 7.2.Cause. By written notice to the other party,a party may terminate for cause this Agreement,or all or any portian of the Services,in the following circumstances: a) Immediately in the event of a material breach by the other party that remairts uncured after thirty(30) days written notice;and b}Immediately if the other parry is adjudged insolvent r bankrupt,or upon the institution af any proceedings l y or against the party seeking relief,reorganization or arrangement under any laws relating ta insolvency,or upon assignment for the benefit of creditors,ar upon the appointment of a receiver,liquidator or trustee of any of the parry's properry or assets related to the Services,or upan liquidation,dissolution or winding up of the party's husiness. 7.3.Survi al. Notwithstanding anything else in this Agreement,C11ent's payment obligations and the provisions of Sections 2,3,4,5,7.3 and 8 of these Terms and Conditions wi11 survive terminatian or expication of this Agreement for any reason. 8. GENERAL PRUVISIUNS. 8.1.lVon-Ex lu sivity. Nothing in this Agreement will restrict or limit Cylance fram performing any cansulting, implementation,integration,develapment,training,maintenance,suQport or ather services on behalf f itself or any other entity in any industry,and Cylance may enter into agreements with other companies for the provision of services similar to the 5ervices at any time_ 8.2.Independent Contractor. ln all matters relating to this Agreement,Cylance and Client will act as independent contractors and nothing in this Agreement shall he construed as creating a partnership,joint venture ar employer- employee relationship.Cylance wi3l be solely responsible for payment of federal,state and local tax withholdings,social security,disability,unemployment insurance,warker's campensativn, industrial accident and other contributions attributable to the Cylance employees that render the Services.Neither party will represent that it has any authority to assume or create any obligation, expressed or implied,on behalf of the Qther party,or to represent the other party as agent,partner, employ'ee,or in any other capacity.Neither Cylance nor Client shall become liable ar bound by any representation,act or omission whatsoever of the other parry. 8.3.Cumulative Remedies,Waiver and 5everability. All rights and remedies,whether conferred hereunder,or by any other instrument or law,unless Propr"setar.y and Confidential 10 P a g e otherwise expressly stated,will he cumulative and may be exercised singularly or concurrently.The failure of any party to enforce any of the provisians hereof will not be construed to be a waiver of the right of such party thereafter to enforce such provisions.IP one or more proeisions in this Agreement are ruled entirely or partly invalid or unenfarceable by any court ar governmental authority of competent jurisdiction,then the validity and enforceability oFall provisions not ruled to be invalid or unenforceable shall remain unaffected,IT IS EXPRESSLY UNDERST04I}AND AGREED THAT IN THE EVENT ANY REMEDY HEREUNDER IS DETERM[NED TO HAVE FAILED OF 1TS ES5ENTIAL PURPOSE,ALL LIMITATIONS OF LIABILITY AND EXCLUSIQNS OF DAMAGES 5ET FORTH HERE[N SHALL REMAIN IN EFFECT TO THE MAXIMUM ALLOWED BY APPLICABLE LAW. 8.4.Notices. All notices,requests,demands or other communications which are required or may be given pursuant to the terms of this Agreement shall be in writing and shall be deemed to have been duly given: (i) on the date of delivery if delivered by hand or by confirmed facsimile; (ii] upon the fifth day after such notice is deposited in the United States mail,if mailed by registered or certified mail, postage prepaid,return receipt requested,or(iii}up tt the date of the courier's verification of delivery at the specified address if sent by a nationally-recagnized overnight express courier. Written notices shall be provided to the applicahle party at the address set forth in the SOW,or such address as may be otherwise provided in writing by a party hereunder. 8.5.Governing Law. This Agreement will be governed by the laws of the United States of America and the State of California,without reference to its conflict of laws principles or any other principles that would result in the application of a different body of Eaw.If a party brings any action relating ta or arising from this Agreement,it shall bring such action in the state or federal courts within Orange County, California.The parties hereby agree that the United Nations Canvention an Contracts for the Internatianal Sale of Goods will not apply to this Agreement. 6.Force Majeure. Cylance shall be excused from performance under this Agreement for any period to the extent prevented or delayed,in whole or in part,as a result of causes beyond its reasonable contral. 8.7.Injunctive Relief. Kothing in this Agreement,will limiT either pariy's right to seek immediate injunctive or other equitable relief whenever the facts or circumstances would permit a party to seek such relief in a court of competent jurisdiction.Client acknowledges that its breach aF Cylance's Intellectual Property Rights may cause irreparable damage and hereby agrees that Cylance shall be entitled to injunctive relief in the event thereof,without the necessity of posting bond,as well as such further relief as may be granted by a court of competent jurisdiction. Praprietary and Confidential 12 P a g e 8.Headings. The section headings set forth in this Agreement are for the convenience of the parties,and in no way de€ine,limit,or describe the scape or intent of this Agreement.Such headings are to be given no legal effect. 8.9.Limitation of Liabiiity. EXCEPT FOft A BREACH OF SECTION 3,TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW IN Nd EVENT W[LL EITHER PARTY OR ITS SUPPLIERS BE LIABLE FQR ANY INDIRECT,SPECIAL,EXEMPLARY,INCIDENTAL,OR CONSEQi]ENTIAL DAMAGES{INCLUDING L SS OF PROFITS}ARIS[NG FR M{3R RELATING TO TH1S AGREEMENT,EVEN 1F SUCH PARTY KNEW OR SHOULD HAVE KNOWN OF THE POSS[BILITY QE,0 C ULD REASQNASLY HAVE PREVENTED, SUCH DAMAGES.IN NO EVENT SHALL CYLANCE'S TOTAG LlABILITY ARISING FROM QR RELATING TO THIS AGREEME[VT,WHETHER SUCH DAMAGES ARE BASED ON TORT,CONTRACT,R ANY OTHER LEGAL THEORY,EXCEED THE AMOUNT QF FEES PAID BY COM PANY TO CYLANCE UNDER THE STATEMENT QF WORK. 8.iQ.Ca nterparts. This Agreement may be executed in counterparts,each af which will be considered an original,but all of which together wiil constikute the same instrument. 8.11.Subcantracting. Cylance shall have the right,in its sole discretion,ta suhcontract portions of any Services authorized hereunder; provided,however,that Cylance sha11 require any such subcontractor ta adhere to the obligations imposed upon Cylance with respect to the services subcontracted;and provlded,further,however,that Cylance shall remain fully liable to Client for any services subcontracted_ 8.12.Integration;Order Of Precedence;Amendment. This Agreement constitutes the entire agreement between the parties,and supersedes all other prior or contemparaneous communications between the parties (whether written or oral}relating to its subject matter,including terms attached or incorporated by any purchase order or invoice. The parties do not intend that any terrn of this Agreement be enforceable by any third party;this Agreement sttall not create any rights in persons not party to this Agreement,whether third party beneFiciary,ar otherwise. This Agreement may be modified or amended salely in a writing signed by bath parties.In the event of any conflict between or among the provisions contained in the SOW and these Terms and Conditions,the provisions of the Statement of Work will supersede only if it expressly identifies the specific Section(s}of these Terms and Conditions that are being amended; in all other cases,these Terms and Conditions shal]supersede and gavern. Proprietary and Confidential I2 P a g e