The URL can be used to link to this page

Home My WebLink About20-129 - CentralSquare Technologies, LLC - Finance and HR Software ApplicationsDocuSign Envelope ID: 67F336AF-7F2B-4B2F-B86A-148390E126D4 20-129(b) Council Approval N/A AMENDMENT #2 TO THE CENTRALSQUARE SOLUTIONS AGREEMENT This Amendment (the "Amendment") amends the CentralSquare Solutions Agreement entered into by and between CentralSquare Technologies, LLC ("CentralSquare") the City of Tukwila, WA ("Customer") with an Execution Date of December 18, 2020 (the "Master Agreement") expressly as provided for in this Amendment. The Execution Date of this Amendment is the latest date shown on the signature page of this Amendment. Customer and CentralSquare, intending to be legally bound, agree as follows: 1. Defined Terms. Except as otherwise set forth herein, each defined term in the Agreement has the meaning ascribed to that term in the Master Agreement when the term is used in this Amendment. 2. Amendment to and Modification of the Master Agreement. The Master Agreement is amended and modified as follows: UTILITIES — STANDARD SAAS SUBSCRIPTION a. Customer's "Utilities — Standard SaaS Subscription" application as set forth in the Master Agreement is hereby being replaced with "CentralSquare Utility Billing Subscription" application, as defined in the attached Change Orders #Q-178596 and #Q-178597. b. The Recurring Fees (Section B, of Exhibit 1), are modified to add: 1. CentralSquare Utility Billing Annual Subscription Fee is due February 1, 2025 (to be coterminous with Customer's annual renewal cycle for its existing CentralSquare support fees), and annually thereafter on the anniversary of the aforementioned Due Date. 2. Annual Subscription Fees shall increase by 3% each year. 3. *Delivery Date: For on -premise Solutions, Delivery shall be when CentralSquare delivers to Customer the initial copies of the Solutions outlined below in Exhibit A by whichever the following applies and occurs first (a) electronic delivery, by posting it on CentralSquare's network for downloading, or similar suitable electronic file transfer method, or (b) physical shipment, such as on a disc or other suitable media transfer method, or (c) installation, or (d) delivery of managed services server. Physical shipment is on FOB - CentralSquare's shipping point, and electronic delivery is at the time CentralSquare provides Customer with access to download the Solutions. For cloud -based Solutions Delivery shall be whichever the following applies and occurs first when Authorized Users have (a) received log -in access to the Solution or any module of the Solution or (b) received access to the Solution via a URL. Page 1 of 2 DocuSign Envelope ID: 67F336AF-7F2B-4B2F-B86A-148390E126D4 PROFESSIONAL SERVICES — PAYMENT MILESTONE TABLE (MASTER AGREEMENT) Milestone Payment Terms #'s 8 and 9 for the Utilities Modules of the Master Agreement as set forth below: 8 Utilities - Testing and Training Once all modules are tested and online, the CentralSquare team alongside the customer will participate in an integration test to include all modules. This testing is considered complete when the engagement for testing has concluded and results have been provided to the customer. A proof of delivery will be provided to the customer. Customer acknowledgement will trigger milestone invoice. Training for the application is considered complete once 75% of the participants, as identified and documented in the planning phase of the project, have passed the Train the Trainer program. A proof of delivery will be provided to the customer. Customer acknowledgement will trigger milestone invoice. 5% $32,636 9 Customer is considered Live on the applications after 15 days of live operations in a production Utilities Go- environment and wherein no urgent or critical live error codes are recorded. A proof of delivery will be provided to the customer. Customer acknowledgement will trigger milestone invoice. 10% $65,272 are hereby replaced in their entirety with the milestone payment table below: Utility Billing Services Payment Milestones 30% Due on the Execution Date $ 29,372.40 20% Due at Project Kickoff $ 19,581.60 30% Due at completion of Training $ 29,372.40 20% Due at Go Live $ 19,581.60 3. Integration Provision. Except as expressly modified by this Amendment, the Agreement shall remain in full force and effect. As of the Execution Date, the Agreement, as further amended by this Amendment constitutes the entire understanding of the parties as regards the subject matter hereof and cannot be modified except by written agreement of the parties. CentralSquare Technologies, LLC BY: DocuSigned by: raw Q td u saw PRINT NAME: PRINT TITLE: DATE SIGNED: F7... Ron Anderson chief Sales officer 6/6/2024 City of Tukwila, WA DocuSigned by: k SM4at Thomas McLeod BY: PRINT NAME: PRINT TITLE: DATE SIGNED: Page 2 of 2 Mayor 6/12/2024 1 10:37 AM PDT APPROVED AS TO FORM BY CITY ATTORNEY 06/07/24 APPROVAL ON FILE. DocuSign Envelope ID: 67F336AF-7F2B-4B2F-B86A-148390E126D4 CENTRALSQUARE Change Order Quote prepared on: May 22, 2024 Quote prepared by: Crystal Roth crystal.roth@centralsquare.com Quote #: Q-178597 Primary Quoted Solution: Finance Enterprise Quote expires on: November 18, 2024 Change Order in reference to: Q-14246 MIROIRNIONIONIONIONIONIONIONIONIONIONIONIONIONIONIONIONIONIONIONIONIONIONIONIONIONIONIONIONIONIONIONI Quote prepared for: Vicky Carlsen City of Tukwila 6300 Southcenter Blvd, Suite 100 Tukwila, WA 98188 2064029888 Thank you for your interest in CentralSquare. CentralSquare provides software that powers over 8,000 communities. More about our products can be found at www.centralsquare.com. WHAT SOFTWARE IS INCLUDED? PRODUCT NAME 1. CentralSquare Utility Billing Annual Subscription Fee QUOTE SUMMARY QUANTITY UNIT PRICE DISCOUNT TOTAL MORE INFORMATION AT CENTRALSQUARE.COM 1 50,000.00 - 15,000.00 35,000.00 Software Subtotal Discount Software Total Software Subtotal Quote Subtotal Discount Quote Total 50,000.00 USD - 15,000.00 USD 35,000.00 USD 50,000.00 USD 50,000.00 USD - 15,000.00 USD 35,000.00 USD DocuSign Envelope ID: 67F336AF-7F2B-4B2F-B86A-148390E126D4 CENTRALSQUARE Change Order Quote prepared on: May 22, 2024 Quote prepared by: Crystal Roth crystal.roth@centralsquare.com WHAT ARE THE RECURRING FEES? TYPE AMOUNT FIRST YEAR SUBSCRIPTION TOTAL 35,000.00 The amount totals for Maintenance and/or Subscription on this quote include only the first year of software use and maintenance. This Quote is not intended to constitute a binding agreement. The terms herein shall only be effective once incorporated into a definitive written agreement with CentralSquare Technologies (including its subsidiaries) containing other customary commercial terms and signed by authorized representatives of both parties. BILLING INFORMATION Fees will be payable within 30 days of invoicing. Please note that the Unit Price shown above has been rounded to the nearest two decimal places for display purposes only. The actual price may include as many as five decimal places. For example, an actual price of $21.37656 will be shown as a Unit Price of $21.38. The Total for this quote has been calculated using the actual prices for the product and/or service, rather than the Unit Price displayed above. Prices shown do not include any taxes that may apply. Any such taxes are the responsibility of Customer. This is not an invoice. For customers based in the United States or Canada, any applicable taxes will be determined based on the laws and regulations of the taxing authority(ies) governing the "Ship To location provided by Customer on the Quote Form. PURCHASE ORDER INFORMATION Is a Purchase Order (PO) required for the purchase or payment of the products on this Quote Form? (Customer to complete) Yes[ ] No[ Customer's purchase order terms will be governed by the parties' existing mutually executed agreement, or in the absence of such, are void and will have no legal effect. PO Number: Initials: MORE INFORMATION AT CENTRALSQUARE.COM DocuSign Envelope ID: 67F336AF-7F2B-4B2F-B86A-148390E126D4 CENTRALSQUARE Change Order Quote prepared on: May 22, 2024 Quote prepared by: Crystal Roth crystal.roth@centralsquare.com Quote #: Q-178596 Primary Quoted Solution: Finance Enterprise Quote expires on: November 18, 2024 Change Order in reference to: Q-14246 MIROIRNIONIONIONIONIONIONIONIONIONIONIONIONIONIONIONIONIONIONIONIONIONIONIONIONIONIONIONIONIONIONIONI Quote prepared for: Tami Eberle -Harris City of Tukwila 6300 Southcenter Blvd, Suite 100 Tukwila, WA 98188 2064029888 Thank you for your interest in CentralSquare. CentralSquare provides software that powers over 8,000 communities. More about our products can be found at www.centralsquare.com. WHAT SOFTWARE IS INCLUDED? PRODUCT NAME 1. Utilities: Standard SaaS Subscription Annual Subscription Fee QUOTE SUMMARY MORE INFORMATION AT CENTRALSQUARE.COM QUANTITY -1 UNIT PRICE TOTAL 5,210.40 -5,210.40 Software Total -5,210.40 USD Software Subtotal -5,210.40 USD Quote Subtotal -5,210.40 USD Quote Total -5,210.40 USD DocuSign Envelope ID: B496909A-7A42-4248-A99C-91624865924E 20-129(a) Council Approval N/A AMENDMENT #1 TO THE CENTRALSQUARE SOLUTIONS AGREEMENT This Amendment (the "Amendment") amends the CentralSquare Solutions Agreement entered into by and between CentralSquare Technologies, LLC ("CentralSquare") the City of Tukwila, WA ("Customer") with an Execution Date of December 18, 2020 (the "Agreement") expressly as provided for in this Amendment. The Execution Date of this Amendment is the latest date shown on the signature page of this Amendment. Customer and CentralSquare, intending to be legally bound, agree as follows: 1. Defined Terms. Except as otherwise set forth herein, each defined term in the Agreement has the meaning ascribed to that term in the Agreement when the term is used in this Amendment. 2. Amendment to and Modification of the Agreement. The Agreement is amended and modified as follows: a. Exhibit 1 is modified by moving the Modules below from Phase 2 and into the Utilities Modules Phase. Modules moving into the Utilities Modules Phase * Position Budgeting * Citizen Engagement (ARO, VMO) * Certent Disclosure Management * Fixed Assets * Project Allocation b. The Recurring Fees (Section B, of Exhibit 1), are modified to reflect: 1. The Annual Subscription Fee is due pursuant to A.2 for the first year, and thereafter annually on the anniversary of the Go Live Date per phase. 2. The Annual Subscription Fee shall be limited an annual 3% escalation. 3. Integration Provision. Except as expressly modified by this Amendment, the Agreement shall remain in full force and effect. As of the Execution Date, the Agreement, as further amended by this Amendment constitutes the entire understanding of the parties as regards the subject matter hereof and cannot be modified except by written agreement of the parties. CentralSquare Technologies, LLC &A, ocuSigned by: tIVULe v�SOR, BY:€€F-1774 456... PRINT NAME: City of Tukwila, WA DocuSigned by: BY•L..?"11Ffl232F5A5AFA431 Ron Anderson Vicky Carl sen PRINT NAME: PRINT TITLE: DATE SIGNED: PRINT TITLE: chief sales officer DATE SIGNED: 7/28/2023 Page 1 of 1 Finance Director 7/27/2023 CentralSquare Solutions Agreement 20-129 Council Approval 12/14/20 This CentralSquare Solutions Agreement (the "Agreement"), effective as of the latest date shown on the signature block below (the "Effective Date"), is entered into between CentralSquare Technologies, LLC, a Delaware Limited Liability Company with its principal place of business in Lake Mary, EL ("CentralSquare") and City of Tukwila, WA a Washington municipal corporation ("Customer"), collectively the "Parties", and each, a 'Party". WHEREAS, CentralSquare licenses and gives access to certain software applications ("Solutions") to its customers and also provides maintenance, support, migration, installation and other professional services; and WHEREAS, Customer desires to license and/or gain access to certain Solutions and receive professional services described herein, and CentralSquare desires to grant and provide Customer license and access to such offerings as well as to support them with professional services, subject to the terms and conditions set forth in this Agreement. NOW, THEREFORE, in consideration of the mutual covenants, terms, and conditions set forth herein, and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, by the signatures of their duly authorized representative below, the Parties intending to be legally bound, agree to all of the following provisions and exhibits of this Agreement: 1000 Business Center Dr Lake Mary, FL 2274l By: 8300 Southcenter Blvd, Suite 100 Tukwila, WA 98188 By: Cee/l/-euec .65r/e'g Print Print Title: 5 / Print Name: Allan Ekberg Print Title: Mayor Date Signed: 12- it c 720 ZO Date Signed: 12/18/2020 VC �cs CO 1. Solution(s) provided by CentralSquare: Finance Enterprise, Utilities, HCM, Citizen Engagement, Certent Disclosure Management (third -party). 2. Term. 2.1. Initial Term. The Initial Term of this Agreement commences as of the Effective Date and will continue in effect for five (5) years from such date unless terminated earlier pursuant to any of the Agreement's express provisions (the "Initial Term"). 2.2. Renewal Term. This Agreement will automatically renew for additional successive two (2) year terms unless earlier terminated pursuant to any of the Agreement's provisions (a "Renewal Term' and, collectively, with the Initial Term, the `Term"). 2.3. Non -Renewal. Either party may elect to end renewal of the contract by issuing a notice of non -renewal, in writing, to the other party twelve (1 2) months prior to the expiration of the current contract term. 3. Fees. In consideration of the rights and services granted by CentralSquare to Customer under this Agreement, Customer shall make undisputed payments to CentralSquare pursuant to the amounts and payment terms outlined in Exhibit 1 (the "Project Cost Summary"). 4. Definitions. Capitalized terms not otherwise defined in this Agreement have the meanings set forth below: 4.1. "Action' means any claim, action, cause of action, demand, lawsuit, arbitration, inquiry, audit, notice of violation, proceeding, litigation, citation, summons, subpoena, or investigation of any nature, civil, criminal, administrative, regulatory or other, whether at law, in equity, or otherwise. 4.2. "Affiliate" of a Person means any other Person that directly or indirectly, through one or more intermediaries, controls, is controlled by, or is under common control with, such Person. 4.3. "Authorized User" means Customer's employees, consultants, contractors, and agents who are authorized by Customer to access and use the Solutions under the rights granted to Customer pursuant to this Agreement, and for whom access to the Solutions has been purchased. {EFM2291012. Docx;4/13175.Ouuoul/ } 1/1 4.4. `Baseline" means the version of a Solution updated to the particular time in question through CentralSquare 's warranty services and maintenance, but without any other modification whatsoever. 4.5. "Component System" means any one of the Solutions identified in Exhibit 1, including all copies of Source Code, Object Code and all related specifications, Documentation, technical information, and all corrections, modifications, additions, development work, improvements and enhancements to and all Intellectual Property Rights for such Component System. 4.6. "Customer Data" means information, data, and content, in any form or medium, collected, downloaded, or otherwise received, directly or indirectly from Customer, an Authorized User or end-users by or through the Solutions, provided the data is not personally identifiable and not identifiable to Customer. 4.7. "Custom Modification" means a change that CentralSquare has made at Customer's request to any Component System in accordance with a CentralSquare -generated specification, but without any other changes whatsoever by any Person. 4.8. "Customer Systems" means the Customer's information technology infrastructure, including computers, software, hardware, databases, electronic systems (including database management systems), and networks, whether operated by Customer or through the use of third -party services. 4.9. "Defect" means a material deviation between the Baseline Solution and its Documentation, for which Defect Customer has given CentralSquare enough information to enable CentralSquare to replicate the deviation on a computer configuration that is both comparable to the Customer Systems and that is under CentralSquare's control. Further, with regard to each Custom Modification, Defect means a material deviation between the Custom Modification and the CentralSquare generated specification and documentation for such Custom Modification, and for which Defect Customer has given CentralSquare enough information to enable CentralSquare to replicate the deviation on a computer configuration that is both comparable to the Customer Systems and that is under CentralSquare's control. 4.10. "Documentation" means any manuals, instructions, or other documents or materials that CentralSquare provides or makes available to Customer in any form or medium and which describe the functionality, components, features, or requirements of the Solutions, including any aspect of the installation, configuration, integration, operation, use, support, or maintenance thereof. 4.11. "Enhancements" means general release (as opposed to custom) changes to a Baseline Component System or Custom Modification which increase the functionality of the Baseline Component System or Custom Modification in question. 4.12. "Go Live Date" means the date the Customer certifies in writing that (a) CentralSquare provided the current version of the Solution(s) to the Customer and (b) said Solution(s) is fully functioning, includin g being free from any viruses or Harmful Code. 4.13. "Harmful Code" means any software, hardware, device or other technology, including any virus, worm, malware, or other malicious computer code, the purpose or effect of which is to (a) permit unauthorized access to, or to destroy, disrupt, disable, distort, or otherwise harm or impede any (I) computer, software, firmware, hardware, system, or network; or (ii) any application or function of any of the foregoing or the security, integrity, confidentiality, or use of any data Processed thereby; or (b) prevent Customer or any Authorized User from accessing or using the Solutions as intended by this Agreement. 4.14. "Intellectual Property Rights" means any and all registered and unregistered rights granted, applied for, or otherwise now or hereafter in existence under or related to any patent, copyright, trademark, trade secret, database protection, or other intellectual property rights laws, and, all similar or equivalent rights or forms of protection, in any part of the world. 4.15. "Maintenance" means optimization, error correction, modifications, and updates to CentralSquare Systems to correct any known Defects and improve performance. Maintenance will be provided for each Component System, the hours and details of which are described in Exhibit 2 ("Support Standards"). 4.16. "New Releases" means new editions of a Baseline Component System or Custom Modification. 4.17. "Person" means an individual, corporation, partnership, joint venture, limited liability entity, governmental authority, unincorporated organization, trust, association, or other entity. 4.18. "Personal Information" means any information that does or can identify a specific individual or by or from which a specific individual may be identified, contacted, or located. Personal Information includes all information defined by RCW 42.56.590, excluding subsection 10(b), as well as "nonpublic personal {EFM2297012.DOCX;4/13175.000001/ } information" as defined under the Gramm -Leach -Bliley Act, "protected health information" as defined under the Health and Insurance Portability and Accountability Act of 1996, "Personal Data" as defined in the EU General Data Protection Regulation (GDPR 2018), "Personal Information" as defined under the Children's Online Privacy Protection Act of 1998, and all rules and regulations issued under any of the foregoing. 4.19. "Professional Services" means installation, implementation, development work, training or consulting services including custom modification programming, support relating to custom modifications, on-site support services, assistance with data transfers, system restarts and reinstallations provided by CentralSquare. 4.20. "Representatives" means, with respect to a Party, that Party's employees, officers, directors, agents, subcontractors, and legal advisors. 421. "CentralSquare's Request for Proposal" or "CentralSquare's RFP" means the proposal that CentralSquare submitted to the City April 3, 2020 in response to the City's request for proposals for Cloud Based Enterprise Resource Planning Software Solution and which demonstrates CentralSquare's ability to meet the software functionality and requirements requested by the City. CentralSquare's RFP is hereby adopted and incorporated by reference in this Agreement. 4.22. "CentralSquare Personnel" means all individuals involved in the performance of Support Services and Professional Services as employees, agents, Subcontractors or independent contractors of CentralSquare. 4.23. "Solutions" means the Component Systems, Documentation, Custom Modifications, development work, CentralSquare Systems and any and all other information, data, documents, materials, works, and other content, devices, methods, processes, hardware, software, technologies and inventions, including any deliverables, technical or functional descriptions, requirements, plans, or reports, provided or used by CentralSquare or any Subcontractor in connection with Professional Services or Support Services rendered under this Agreement. 4.24. "CentralSquare Systems" means the information technology infrastructure used by or on behalf of CentralSquare to deliver Solutions, including all computers, software, hardware, databases, electronic systems (including database management systems), and networks, whether operated directly by CentralSquare or through the use of third -party services. 4.25. "Support Services" means Maintenance, Enhancements, implementation of New Releases, and general support efforts to respond to incidents reported by Customer in accordance with the detailed Support Standards outlined in Exhibit 2. 4.26. "Third -Party Materials" means materials and information, in any form or medium, including any software, documents, data, content, specifications, products, related services, equipment, or components of or relating to the Solutions that are not proprietary to CentralSquare. 5. License, Access & Services and Audit. 5.1. License Grant. Subject to and conditioned on the payment of Fees and compliance with all other terms and conditions of this Agreement, CentralSquare hereby grants to Customer a non-exclusive, non- sublicenseable, and non -transferable license to use the current version of the Solution(s), on a subscription basis, outlined in Exhibit 1 at the time of this Agreement's execution. 5.2. Access and Scope of Use. Subject to and conditioned on Customer and their Authorized Users' compliance with the terms and conditions of this Agreement, CentralSquare hereby grants Customer a non-exclusive, non -transferable right to access and use the Solutions, solely by Authorized Users. Such use is limited to Customer's internal use. CentralSquare shall deliver to Customer the initial copies of the Solutions outlined in Exhibit 1 by (a) electronic delivery, by posting it on CentralSquare's network for downloading, or similar suitable electronic file transfer method, or (b) physical shipment, such as on a disc or other suitable media transfer method. Physical shipment is on FOB- CentralSquare's shipping point, and electronic delivery is deemed effective at the time CentralSquare provides Customer with access to download the Solutions. The date of such delivery shall be referred to as the "Delivery Date." 5.3. Documentation License. CentralSquare hereby grants to Customer a non-exclusive, non-sublicenseable, non -transferable license to use the Documentation during the Term solely for Customer's internal business purposes in connection with its use of the Solutions. {EFM2297012.DOCX 4/13175.000001/ 5.4. Audit. Customer shall maintain for a reasonable period of time, but not less than three (3) years after expiration or termination of this Agreement, the systems, books, and records necessary to accurately reflect compliance with software licenses and the use thereof under this Agreement. Upon reasonable request but not less than thirty (30) days, Customer shall permit CentralSquare and its directors, officers, employees, and agents to have on-site access at Customer's premises (or remote access as the case may be) during normal business hours to such systems, books, and records for the purpose of verifying such licensed use the performance of such obligations and amounts. Customer shall render reasonable cooperation to CentralSquare as requested. If as a result of any audit or inspection CentralSquare substantiates a deficiency or non-compliance, and which deficiency or non-compliance is not cured by Customer within thirty (30) days notice of such deficiency or non-compliance Customer will be required to pay for any delinquencies in compliance with software licenses. 5.5. Service and System Control. Except as otherwise expressly provided in this Agreement: 5.5.1. CentralSquare has and will retain sole control over the operation, provision, maintenance, and management of the Solutions; and 5.5.2. Customer has and will retain sole control over the operation, maintenance, and management of, and all access to and use of, the Customer Systems, and sole responsibility for access to and use of the Solutions by any Person by or through the Customer Systems or other means controlled by Customer or any Authorized User, including any reports or results obtained from any use of the Solutions, and conclusions, decisions, or actions based on such use. 5.6. Limitations. Customer must provide CentralSquare with such facilities, equipment, and support as are reasonably necessary for CentralSquare to perform its obligations under this Agreement, including, if required by CentralSquare, remote access to the Customer Systems. CentralSquare is not responsible or liable for any delay or failure of performance caused in whole or in part by any Customer delay or Customer's failure to perform any obligations under this Agreement, unless the Customer delay or failure to perform results from CentralSquare's actions or lack thereof. 5.7. Exceptions. CentralSquare has no obligation to provide Support Services relating to any Defect with the Solutions that, in whole or in part, arise out of or result from any of the following: 5.7.1. software, or media on which provided, that is modified or damaged by Customer or unauthorized third -party; 5.7.2. any operation or use of, or other activity relating to, the Solutions other than as specified in the Documentation, including any incorporation, or combination, operation or use of the Solutions in or with, any technology (software, hardware, firmware, system, or network) or service not specified for Customer's use in the Documentation; 5.7.3. any negligence, abuse, misapplication, or misuse of the Solution other than by CentralSquare personnel, including any Customer use of the Solution other than as specified in the Documentation or expressly authorized in writing by CentralSquare; 5.7.4. the operation of, or access to, Customer's or a third -party's system, materials or network not otherwise identified in Exhibit 5: Statement of Work; 5.7.5. any relocation of the Solution other than by CentralSquare personnel; 5.7.6. any beta software, software that CentralSquare makes available for testing or demonstration purposes, temporary software modules, or software for which CentralSquare does not receive a fee; 5.7.7. any breach of or noncompliance with any provision of this Agreement by Customer or any of its Representatives or any Force Majeure Event (including abnormal physical or electrical stress). 5.8. Reservation of Rights. Except for the specified rights outlined in this Section, nothing in this Agreement grants any right, title, or interest in or to any Intellectual Property Rights in or relating to the Support Services, Professional Services, Solutions, or Third -Party Materials, whether expressly, by implication, estoppel, or otherwise. All right, title, and interest in the Solutions, and the Third -Parry Materials are and will remain with CentralSquare and the respective rights holders. (EFM2297012.DOCX;4/13175,000001/ } 5.9. Changes. CentralSquare reserves the right, in its sole discretion, to make any changes to the Support Services and Solutions that it deems necessary or useful to: (a) maintain or enhance the quality or delivery of CentralSquare 's services to its customers, the competitive strength of or market for CentralSquare 's services, or the Support Services' cost efficiency or performance; or (b) to comply with applicable law. If such changes or modifications restrict or eliminate Customer's usage of the Service, Customer may terminate this Agreement and shall be entitled to a pro -rata refund of any prepaid fees. Without limiting the foregoing, either Party may, at any time during the Term, request in writing changes to particular Support Services, Professional Services or their product suite of Solutions. The Parties shall evaluate and, if agreed, implement all such requested changes. No requested changes will be effective unless and until memorialized in either a CentralSquare issued Add -On Quote signed by the Customer, or a written change order or amendment to this agreement signed by both Parties. 5.10. Subcontractors. Upon prior written notice to, and acceptance by Customer, CentralSquare may engage third parties to perform Professional Services or Support Services (each, a "Subcontractor"). Subcontractors engaged to perform Professional Services and/or Support Services are held to the same requirements and obligations under this Agreement as CentralSquare. 5.11. Security Measures. The Solution may contain technological measures designed to prevent unauthorized or illegal use of the Solution. Customer acknowledges and agrees that: (a) CentralSquare may use these and other lawful measures to verify compliance with the terms of this Agreement and enforce CentralSquare 's rights, including all Intellectual Property Rights, in and to the Solution; (b) CentralSquare may deny any individual access to and/or use of the Solution if CentralSquare, in its reasonable discretion, believes that person's use of the Solution would violate any provision of this Agreement, regardless of whether Customer designated that person as an Authorized User; provided that CentralSquare will notify Customer within 24 hours of terminating an Authorized User's access and in the event CentralSquare determines that no security breach occurred, CentralSquare will reinstate the Authorized User's access; and (c) CentralSquare may collect, maintain, process, use and disclose technical, diagnostic and related non -identifiable data gathered periodically which may lead to improvements in the performance and security of the Solutions. 5.12. CentralSquare Responsibility. In addition to complying with all terms and provision in this Agreement, CentralSquare shall also comply with all terms and provisions in Exhibits 6 and 7 - Vendor Security Requirements and Data Protection and Information Security Agreement., attached and incorporated herein. 6. Use Restrictions. Customer shall not, and shall not intentionally permit any other Person to, access or use the Solutions except as expressly permitted by this Agreement. For purposes of clarity and without limiting the generality of the foregoing, Customer shall not, except as this Agreement expressly permits: 6.1. copy, modify, or create derivative works or improvements of the Solutions, or rent, lease, lend, sell, sublicense, assign, distribute, publish, transfer, or otherwise make available any Solutions to any Person, including on or in connection with the Internet or any time-sharing, service bureau, software as a service, cloud, or other technology or service; 6.2. reverse engineer, disassemble, decompile, decode, adapt, or otherwise attempt to derive or gain access to the source code of the Solutions, in whole or in part; 6.3. bypass or breach any security device or protection used by Solutions or access or use the Solutions other than by an Authorized User through the use of his or her own then valid access; 6.4. input, upload, transmit, or otherwise provide to or through the CentralSquare Systems, any information or materials that are unlawful or injurious, or contain, transmit, or activate any Harmful Code; 6.5. damage, destroy, disrupt, disable, impair, interfere with, or otherwise impede or harm in any manner the CentralSquare Systems, or CentralSquare 's provision of services to any third -party, in whole or in part; 6.6. remove, delete, alter, or obscure any trademarks, Specifications, Documentation, warranties, or disclaimers, or any copyright, trademark, patent, or other intellectual property or proprietary rights notices from any Documentation or Solutions, including any copy thereof; 6.7. access or use the Solutions in any manner or for any purpose that infringes, misappropriates, or otherwise violates any Intellectual Property Right or other right of any third -party, or that violates any applicable law; 6.8. access or use the Solutions for purposes of competitive analysis of the Solutions, the development, provision, or use of a competing software service or product or any other purpose that is to {EFM2297012.DOCX;4/13175.000001/ } CentralSquare's detriment or commercial disadvantage or otherwise access or use the Solutions beyond the scope of the authorization granted under this Section. 7. Customer Obligations. 7.1. Customer Systems and Cooperation. Customer shall at all times during the Term: (a) set up, maintain, and operate in good repair all Customer Systems on or through which the Solutions are accessed or used; (b) provide CentralSquare Personnel with such access to Customer's premises and Customer Systems as is necessary for CentralSquare to perform the Support Services in accordance with the Support Standards and Specifications; and (c) provide all cooperation as CentralSquare may reasonably request to enable CentralSquare to exercise its rights and perform its obligations under and in connection with this Agreement. 7.2. Effect of Customer Failure or Delay. CentralSquare is not responsible or liable for any delay or failure of performance caused in whole or in part by Customer's delay in performing, or failure to perform, any of its obligations under this Agreement. 7.3. Corrective Action and Notice. If Customer becomes aware of any actual or threatened activity prohibited by Section 6, Customer shall, and shall cause its Authorized Users to, immediately: (a) take all reasonable and lawful measures within their respective control that are necessary to stop the activity or threatened activity and to mitigate its effects (including, where applicable, by discontinuing and preventing any unauthorized access to the Solutions and permanently erasing from their systems and destroying any data to which any of them gained unauthorized access); and (b) notify CentralSquare of any such actual or threatened activity. 7.4. Prevention of Unauthorized Use. Customer shall not intentionally sell, transfer, publish, disclose or otherwise make available any portion of the Software or its associated documentation to others. Customer shall use its reasonable best efforts to cooperate with and assist CentralSquare in identifying and preventing any unauthorized use, copying or disclosure of the Software or any portion thereof or any of the algorithms or logic contained therein or any other deliverables. 8. Professional Services. 8.1. Assistance with Integration of Third -Party Vendors. CentralSquare agrees to fully assist and cooperate with all Third Party vendor interfaces as outlined in the scope of work attached and incorporated as Exhibit 5. 8.2. Compliance with Customer Policies. While CentralSquare Personnel are performing services at Customer's site, CentralSquare will ensure that such personnel comply with Customer's reasonable security procedures and site policies that are generally applicable to Customer's other suppliers providing similar services and that have been provided to CentralSquare in writing or in advance. Contributed Material. In the process of CentralSquare's performing Professional Services, Customer may, from time to time, provide CentralSquare with designs, plans, or specifications, improvements, works or other material for inclusion in, or making modifications to, the Solutions, the Documentation or any other deliverables ("Contributed Material"). Customer grants to CentralSquare a nonexclusive, irrevocable, perpetual, transferable right, without the payment of any royalties or other compensation of any kind and without the right of attribution, for CentralSquare, CentralSquare's Affiliates and CentralSquare's licensees to make, use, self and create derivative works of the Contributed Material. 9. Confidentiality. Confidential Information. Each Party possesses certain non-public proprietary information, which has economic value and is protected with reasonable safeguards to maintain its secrecy ("Confidential Information"). Confidential Information may include, but is not limited to any financial data, business and other plans, specifications, equipment designs, electronic configurations, design information, product architecture algorithms, quality assurance plans, inventions (whether or not the subject of pending patent applications), ideas, discoveries, formulae, models, requirements, standards, trade and manufacturing secrets, drawings, samples, devices, demonstrations, technical information, all personal information as defined in RCW 42.56.590 that come within CentralSquare's possession in the course of performance under this Agreement, as well as any and all intellectual and industrial property rights contained therein or in relation thereto. Confidential Information will be disclosed either: (i) in writing and conspicuously marked with a restrictive legend identifying it as being a Party's Confidential Information; or (ii) orally or visually and identified at the time of disclosure as Confidential Information. Notwithstanding the foregoing, Confidential Information shall not include any information that (i) is or becomes generally known to the public without breach of any obligation owed to the {EFM2297012,DOCX;4/13175.000001/ } Disclosing Party, (ii) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party, (iii) is received from a Third Party without breach of any obligation owed to the Disclosing Party, or (iv) was independently developed by the Receiving Party. 9.1. Protection of Confidential Information. The Receiving Party agrees that it shall (1) hold the Disclosing Party's Confidential Information in strict confidence and shall use the same degree of care in protecting the confidentiality of the Disclosing Party's Confidential Information that it uses to protect its own Confidential Information, but in no event less than reasonable care, (ii) not use the Confidential Information of the Disclosing Party for any purpose not permitted by this Agreement; (iii) not copy any part of the Disclosing Party's Confidential Information except as expressly permitted by this Agreement, (iv) limit access to the Confidential Information of the Disclosing Party to those of its employees, contractors and agents who need such access for purposes consistent with this Agreement or who have signed confidentiality agreements with the Receiving Party containing protections no less stringent than those herein. 9.2. Compelled Disclosures. If the either Party or any of its Representatives is compelled by applicable law to disclose any Confidential Information then, to the extent permitted by law, that Party shall: (a) promptly, and prior to such disclosure, notify the other Party in writing of such requirement so that they can seek a protective order or other remedy or waive its rights under Section 9.3; and (b) provide reasonable assistance, at the Disclosing Party's cost, to the Disclosing Party in opposing such disclosure or seeking a protective order or other limitations on disclosure. If the Disclosing Party waives compliance or, after providing the notice and assistance required under this Section, the Receiving Party remains required by law to disclose any Confidential Information, the Receiving Party shall disclose only that portion of the Confidential Information that the Receiving Party is legally required to disclose. This Section 9.2 shall not apply to Subscriber's response to a request made under the Public Records Act, Chapter 42.56 RCW. 9.3. Termination. Upon expiration or termination of this Agreement, or upon written demand by CentralSquare, Customer shall either (i) return to CentralSquare all copies of CentralSquare's Confidential Information in Customer's possession, or (ii) destroy all copies of CentralSquare's Confidential Information in Customer's possession and so certify such destruction to CentralSquare in writing. Notwithstanding the foregoing, Customer may retain data or records in electronic form containing Confidential Information for the purposes of backup, recovery, contingency planning, or business continuity planning, so long as such data or records, to the extent not permanently deleted or overwritten in the ordinary course of business, are not accessible in the ordinary course of business and are not accessed except as required by Customer only for backup, recovery, contingency planning, or business continuity purposes. 9.4. Records Requests. CentralSquare acknowledges that Customer is a public entity and is subject to the Public Records Act under Chapter 42.56 RCW. To the extent permitted by law, Customer shall treat as exempt from treatment as a public record, and shall not disclose in response to a request made pursuant to any applicable public records law, any of CentralSquare's Confidential Information. If a request is received for records CentralSquare has submitted to Customer and has identified as Confidential Information, Customer will use its best efforts to provide CentralSquare with notice of the request in accordance with RCW 42.56.540 and a reasonable time (of no less than 10 days) within which CentralSquare may seek an injunction to prohibit Customer's disclosure of the requested record. Customer shall comply with any injunction or court order requested by CentralSquare which prohibits the disclosure of any such Confidential Information; however, in the event a higher court overturns such injunction or court order, CentralSquare shall reimburse Customer for any fines or penalties imposed for failure to disclose such records. Nothing in this Section prohibits Customer from complying with RCW 42.56, or any other applicable law or court order requiring the release of public records, and Customer shall not be liable to CentralSquare for compliance with any law or court order requiring the release of public records. 10. Security. 10.1. CentralSquare will implement commercially reasonable administrative, technical and physical safeguards designed to ensure the security and confidentiality of Customer Data, protect against any anticipated threats or hazards to the security or integrity of Customer Data, and protect against unauthorized access or use of Customer Data. CentralSquare will review and test such safeguards on no less than an annual basis. 10.2. Customer shall maintain, in connection with the operation or use of the Solutions, adequate technical and procedural access controls and system security requirements and devices, necessary for data privacy, {EFM2297012.DOCX;4/13175.000001/ } confidentiality, integrity, authorization, authentication and non -repudiation and virus detection and eradication. 10.3. To the extent that Authorized Users are permitted to have access to the Solutions, Customer shall maintain agreements with such Authorized Users that adequately protect the confidentiality and Intellectual Property Rights of CentralSquare in the Solutions and Documentation, and disclaim any liability or responsibility of CentralSquare with respect to such Authorized Users. 11. Personal Data. if CentralSquare processes or otherwise has access to any personal data or personal information on Customer's behalf when performing CentralSquare's obligations under this Agreement, then: 11.1. Customer shall be the data controller (where "data controller" means an entity which alone or jointly with others determines purposes for which and the manner in which any personal data are, or are to be, processed) and CentralSquare shall be a data processor (where "data processor" means an entity which processes the data only on behalf of the data controller and not for any purposes of its own); 11.2. Customer shall ensure that it has obtained all necessary consents and it is entitled to transfer the relevant personal data or personal information to CentralSquare so that CentralSquare may lawfully use, process and transfer the personal data and personal information in accordance with this Agreement on Customer's behalf, which may include CentralSquare processing and transferring the relevant personal data or personal information outside the country where Customer and the Authorized Users are located in order for CentralSquare to provide the Solutions and perform its other obligations under this Agreement; and 11.3. CentralSquare shall process personal data and information only in accordance with lawful and reasonable written instructions given by Customer and as set out in and in accordance with the terms of this Agreement; and 11.4. each Party shall take appropriate technical and organizational measures against unauthorized or unlawful processing of the personal data and personal information or its accidental loss, destruction or damage so that, having regard to the state of technological development and the cost of implementing any measures, the measures taken ensure a level of security appropriate to the harm that might result from such unauthorized or unlawful processing or accidental loss, destruction or damage in relation to the personal data and personal information and the nature of the personal data and personal information being protected. If necessary, the parties will cooperate to document these measures taken. 12. Representations and Warranties. 12.1. GENERAL WARRANTY. CentralSquare warrants that it owns or otherwise has the rights in the Software and has the right to license the Software as described in this Agreement. 12.2. SOFTWARE WARRANTY. CentralSquare warrants to Customer that for a period of twelve (12) months from the Go Live Date, the Solutions (as delivered to Customer by CentralSquare and when properly used for the purpose and manner authorized by this Agreement), will perform as described in the Documentation in all material respects, including being free from any viruses or Harmful Code. The provisions of this Section and its subsections below, shall constitute the agreement of the Parties with respect to viruses. Customer's sole remedy with respect to the foregoing software warranty shall be to receive a New Release to the CentralSquare Software that does not contain any of the above- described routines or devices. 12.3. PROFESSIONAL SERVICES REPRESENTATION AND WARRANTY. CentralSquare represents, warrants, and covenants to Customer that during the Term, CentralSquare will perform Professional Services using personnel of required skill, experience, and qualifications and in a professional and workmanlike manner in accordance with generally recognized industry standards for similar services and will devote adequate resources to meet its obligations under this Agreement. If Customer reasonably believes that any Professional Services were performed in violation of this warranty, it will notify CentralSquare within thirty ( 30) days of service performance describing the issue, together with adequate supporting documentation and data. Upon receipt of such notice, CentralSquare's obligation will be to re -perform the particular Professional Services affected as soon as commercially reasonable at no additional charge {EFM2297012.D0CX;4/13175.000001/ } 12.4. SUPPORT SERVICES REPRESENTATION AND WARRANTY. CentralSquare represents, warrants, and covenants to Customer that during the Term, CentralSquare will perform the Support Services using personnel of required skill, experience, and qualifications and in a professional and workmanlike manner in accordance with both generally recognized industry standards including applicable local authority, laws or codes specified by Customer for similar services, and the specific guidance for support found in Exhibit 2, and will devote adequate resources to meet its obligations under this Agreement, If Customer reasonably believes that any Support Services failed to meet this warranty, they will follow their preferred escalation path outlined in the Support Standards below, including receipt of service credit. 12.5. DISCLAIMER OF WARRANTY. EXCEPT FOR THE EXPRESS LIMITED WARRANTY SET FORTH ABOVE, CENTRALSQUARE MAKES NO WARRANTIES WHATSOEVER, EXPRESSED OR IMPLIED, WITH REGARD TO THE SOLUTIONS, PROFESSIONAL SERVICES, SUPPORT SERVICES, AND/OR ANY OTHER MATTER RELATING TO THIS AGREEMENT, AND THAT CENTRALSQUARE DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHER, INCLUDING ALL WARRANTIES ARISING FROM COURSE OF DEALING, USAGE OR TRADE PRACTICE, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE. FURTHER, CENTRALSQUARE EXPRESSLY DOES NOT WARRANT THAT A SOLUTION, ANY CUSTOM MODIFICATION OR ANY IMPROVEMENTS WILL BE USABLE BY CUSTOMER IF THE SOLUTION OR CUSTOM MODIFICATION HAS BEEN MODIFIED BY ANYONE OTHER THAN CENTRALSQUARE PERSONNEL, OR WILL BE ERROR FREE, WILL OPERATE WITHOUT INTERRUPTION OR WILL BE COMPATIBLE WITH ANY HARDWARE OR SOFTWARE TO THE EXTENT EXPRESSLY SET FORTH IN THE DOCUMENTATION. ALL THIRD -PARTY MATERIALS ARE PROVIDED "AS -IS" AND ANY REPRESENTATION OR WARANTY OF OR CONCERNING ANY OF THEM IS STRICTLY BETWEEN CUSTOMER AND THE THIRD -PARTY OWNER. THIS AGREEMENT DOES NOT AMEND, OR MODIFY CENTRALSQUARE'S WARRANTY UNDER ANY AGREEMENT OR ANY CONDITIONS, LIMITATIONS, OR RESTRICTIONS THEREOF. 13. Notices. All notices and other communications, except breach notifications which are provided for in Exhibit 6 or 7, required or permitted under this Agreement must be in writing and will be deemed given when delivered personally, sent by United States registered or certified mail, return receipt requested; transmitted by facsimile or email confirmed by United States first class mail, or sent by overnight courier. Notices must be sent to a Party at its address shown below, or to such other place as the Party may subsequently designate for its receipt of notices in writing by the other Party. If CentralSquare CentralSquare : 1000 Business Center Dr. Lake Mary, FL 32746 Phone: 407-304-3235 email: info@CentralSquare.com Attention: Legal/Contracts If to Customer: City of Tukwila 6300 Southcenter Blvd, Suite 100 Tukwila, WA 98188 Phone: (206)433-1835 email: finance © tukwilawa.gov Attention: Finance Director 14. Force Majeure. Neither Party shall be responsible for failure to fulfill its obligations hereunder or liable for damages resulting from delay in performance as a result of war, fire, strike, pandemic, riot or insurrection, natural disaster, delay of carriers, governmental order or regulation, complete or partial shutdown of plant, unavailability of Equipment, software, or services from suppliers, default of a subcontractor or vendor to the Party if such default arises out of causes beyond the reasonable control of such subcontractor or vendor, the acts or omissions of the other Party, or its officers, directors, employees, agents, contractors, or elected officials, and/or other occurrences beyond the Party's reasonable control ("Excusable Delay" hereunder). In the event of such Excusable Delay, performance shall be extended on a day for day basis or as otherwise reasonably necessary to compensate for such delay. {EFM2297012.D0CX;4/13175.000001/ } 15. Indemnification. To the extent permitted under applicable law, each Party shall defend, indemnify, and hold harmless the other Party, its affiliates, and their elected officials, officers, directors, employees, and agents (the "indemnified parties") against and from any and all losses, liabilities, damages, actions, claims, demands, settlements, judgments, and any other expenses (including reasonable attorneys' fees), which are asserted against the indemnified parties by a third party, but only to the extent caused by (1) violation of law in the performance of its obligations under this Agreement by the indemnifying Party, its affiliates, or the elected officials, officers, directors, employees, or agents of such Party (the "indemnifying parties"); (ii) the gross negligence or willful misconduct of the indemnifying Parties during the term of this Agreement; (iii) violation, infringement or misappropriation of any U.S. patent, copyright, trade secret or other intellectual property right; (iv) with respect to CentralSquare, a breach of Customer Data, or (v) with respect to Customer, violation of any of the license terms or restrictions contained in this Agreement. The indemnities in this section are subject to the indemnified Parties promptly notifying the indemnifying Parties in writing of any claims or suits; provided that an indemnified party's failure to so notify and request indemnification shall not relieve the indemnifying party of any liability that the indemnifying party might have, except to the extent that such failure prejudices the indemnifying party's ability to defend such claim or suit. 16. Termination. This Agreement may be terminated as follows: 16.1. For cause by either Party, effective on written notice to the other Party, if the other Party materially breaches this Agreement and: (i) is incapable of cure; or (ii) being capable of cure, remains uncured thirty (30) days after the non -breaching Party provides the breaching Party with written notice of such breach. 16.2. For lack of payment of undisputed invoices by written notice to Customer, if Customer's failure to pay amounts due under this Agreement has continued more than ninety (90) days after delivery of written notice of non-payment. 17. Effect of Termination or Expiration. On the expiration or earlier termination of this Agreement: 17.1. each Party shall continue to hold such Confidential Information in confidence pursuant to Section 9; and 17.2. each Party shall pay to the other all undisputed amounts accrued prior to and through the date of termination of this Agreement; and 17.3. CentralSquare shall retain Customer Data in a format available for Customer to download for six (6) months. 17.4. The provisions set forth in the following sections, and any other right or obligation of the parties in this Agreement that, by its nature ( including but not limited to: Use Restrictions, Confidential Information, Warranty Disclaimers, Indemnification & Limitations of Liability), should survive termination or expiration of this Agreement, will survive any expiration or termination of this Agreement. 17.5. Return of Customer Data. CentralSquare shall within 60 days following such expiration or termination, deliver to Customer in a format as requested by Customer the then most recent version of Customer Data maintained by CentralSquare, provided that Customer has at that time paid all undisputed Fees then outstanding and any amounts payable after or as a result of such expiration or termination. 17.6. Deconversion. In the event of (i) expiration or earlier termination of this Agreement, or ( ii) Customer no longer purchasing certain CentralSquare Solutions (including those indicated to be Third -Party Materials), if Customer requests assistance in the transfer of Customer Data to a different vendor's applications ("Deconversion"), CentralSquare will provide reasonable assistance. CentralSquare and Customer will negotiate in good faith to establish the relative roles and responsibilities of CentralSquare and Customer in effecting Deconversion, as well as the appropriate date for completion. CentralSquare shall be entitled to receive compensation for any additional consultation, software and documentation required for Deconversion on a time and materials basis at CentralSquare's then standard Professional Services rates. Work pursuant to this subsection shall be completed no later than 60 days after Customer's written notification of such request to CentralSquare. 18. Assignment. Neither this Agreement nor any rights or obligations hereunder shall be assigned or otherwise transferred by either Party without the prior written consent of the other Party, which consent will not be unreasonably withheld; provided however, that in the event of a merger or acquisition of all or substantially all of CentralSquare's assets, CentralSquare may assign this Agreement to an entity ready, willing and able to perform CentralSquare's executory obligations hereunder, as evidenced by an express written assumption of the obligations hereunder by the assignee. {EFM2297012.DOCX;4/13175.000001/ } 19. Dispute Resolution. Any dispute, controversy or claim arising out of or relating to this Agreement, including the breach, termination, or validity thereof, shall be resolved as follows: 19.1. Customer agrees to provide CentralSquare with written notice within thirty (30) days of becoming aware of a dispute. Customer agrees to cooperate with CentralSquare in trying to reasonably resolve all disputes, including, if requested by either party, appointing a senior representative to meet and engage in good faith negotiations with our appointed senior representative. Senior representatives will convene within thirty (30) clays of the written dispute notice, unless otherwise agreed. All meetings and discussions between senior representatives will be deemed confidential settlement discussions not subject to disclosure under Federal Rule of Evidence 408 or any similar applicable state rule. If the Parties fail to resolve the dispute, then the Parties shall participate in non-binding mediation in an effort to resolve the dispute. If the dispute remains unresolved after mediation, then either Party may assert their respective rights and remedies in court subject to section 20 below. Nothing in this section shall prevent Customer or CentralSquare from seeking necessary injunctive relief during the dispute resolution procedures. 20. Jurisdiction; Governing Law; Attorneys' Fees. This Agreement and any dispute or claim arising directly or indirectly out of or in connection with it or its subject matter or formation (including non -contractual disputes or claims) is governed by, and shall be construed and enforced in accordance with, the laws of the State of Washington excluding choice of law. Any suit to enforce or relating to this Agreement shall only be filed in King County Superior Court, King County, Washington, and the Parties consent to the jurisdiction thereof. The Parties agree that the prevailing party shall be entitled to recover its reasonable attorney's fees, court costs and other legal expenses from the other Party. 21. Waiver/Severability. The failure of either Party to enforce any of the provisions hereof will not be construed to be a waiver of the right of such Party thereafter to enforce such provisions. If any provision of this Agreement is found to be unenforceable, that provision will be enforced to the maximum extent possible, and the validity, legality and enforceability of the remaining provisions will not in any way be affected or impaired thereby. 22. LIABILITY. NOTWITHSTANDING ANY PROVISION WITHIN THIS AGREEMENT TO THE CONTRARY, AND REGARDLESS OF THE NUMBER OF LOSSES, WHETHER IN CONTRACT, EQUITY, STATUTE, TORT, NEGLIGENCE, OR OTHERWISE: 22.1. NEITHER PARTY SHALL HAVE LIABILITY TO THE OTHER PARTY FOR ANY SPECIAL, INDIRECT, INCIDENTAL, PUNITIVE, EXEMPLARY, LIQUIDATED, OR CONSEQUENTIAL DAMAGES OF ANY KIND, AND NEITHER PARTY SHALL BE LIABLE TO THE OTHER PARTY FOR LOSSES OF PROFIT, REVENUE, INCOME, BUSINESS, ANTICIPATED SAVINGS, DATA, REPUTATION, AND MORE GENERALLY, ANY LOSSES OF AN ECONOMIC OR FINANCIAL NATURE, REGARDLESS OF WHETHER SUCH LOSSES MAY BE DEEMED AS CONSEQUENTIAL OR ARISING DIRECTLY AND NATURALLY FROM THE INCIDENT GIVING RISE TO THE CLAIM, AND REGARDLESS OF WHETHER SUCH LOSSES ARE FORESEEABLE OR WHETHER EITHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSSES; AND 22.2. EXCEPT FOR A CLAIM FOR INDEMNIFICATION UNDER SECTION 15, EITHER PARTY'S TOTAL LIABILITY ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT SHALL NOT EXCEED THE SUBSCRIPTION FEE AMOUNT(S) ACTUALLY PAID BY CUSTOMER TO CENTRALSQUARE HEREUNDER FOR THE LAST TWELVE MONTHS. 23. Third -Party Materials. CentralSquare may from time to time, in its discretion engage third parties to perform services, provide software, or provide equipment. Customer acknowledges and agrees CentralSquare provides front-line support services for third parties, but these third parties assume all responsibility and liability in connection with the third -party software, equipment, or related services. CentralSquare is not authorized to make any representations or warranties that are binding upon the third -party or to engage in any other acts that are binding upon the third -party, excepting specifically that CentralSquare is authorized to represent third -party fees in the Agreement and to accept payment of such amounts from Customer on behalf of the third -party for as long as such third -party authorizes CentralSquare to do so. As a condition precedent to installing or accessing any third -party Materials, Customer may be required to execute a click -through, shrink-wrap End User License Agreement (EULA) or similar agreement provided by the Third -Party Materials provider. All third - party materials are provided "as -is" and any representation or warranty concerning them is strictly between Customer and the third -party. {EFM2297012.DOCX;4/13175.000001/ } 24. Entire Agreement. This Agreement, and any Exhibits specifically incorporated therein by reference, constitutes the entire agreement between the Parties with respect to the subject matter. These documents supersede and merge all previous and contemporaneous proposals of sale, communications, representations, understandings and agreements, whether oral or written, between the Parties with respect to the subject hereof. This Agreement may not be modified except by a writing subscribed to by authorized representatives of both Parties. 25. No Third -Party Beneficiaries. This Agreement is for the sole benefit of the Parties and their respective successors and permitted assigns and nothing herein, express or implied, is intended to or shall confer on any other person any legal or equitable right, benefit, or remedy of any nature under or by reason of this Agreement. 26. Counterparts. This Agreement may be executed in several counterparts, each of which when so executed shall be deemed to be an original, and such counterparts shall constitute one and the same instrument. This Amendment shall be considered properly executed by a Party if executed by that Party and transmitted by facsimile or other electronic means including, without limitation, Docusign, Tagged Image Format Files (TIFF), or Portable Document Format (PDF). 27. Material Adverse Change. If any Law, Regulatory Approval, applicable standard, process, OEM requirement is changed or comes into force after the Effective Date, including but not limited to PCI standards (collectively, a "Material Adverse Change"), which is not explicitly addressed within this Agreement and results in significant extra costs for either Party in relation to the performance of this Agreement, both Parties shall promptly meet, discuss in good faith how to reduce the technical, operational, and/or commercial impact of such Material Adverse Change. 28. Cooperative Purchases. This Contract may be used by other government agencies. CentralSquare has agreed to offer similar services to other agencies under the same terms and conditions as stated herein except that the compensation may be negotiated between CentralSquare and other agencies based on the specific revenue expectations, agency reimbursed costs, and other agency requirements. The Customer will in no way whatsoever incur any liability in relation to specifications, delivery, payment, or any other aspect of purchases by such agencies. 29. Order of Precedence. 29.1. In the event of any conflict or inconsistency between this Agreement, the Exhibits, or any purchase order, then the following priority shall prevail: 29.1.1. The main body of this Agreement, attached Exhibits to this Agreement, and any associated amendments or change orders. 29.1.2. Purchase Orders placed with Centralsquare in accordance with this Agreement. Customer's purchase terms and conditions or CentralSquare's sales terms and conditions are not applicable and shall have no force and effect, whether referenced or not in any document in relation to this Agreement. 29.2. Incorporated Exhibits to this Agreement: Exhibit 1 -- Project Cost Summary Exhibit 2 - Maintenance & Support Standards Exhibit 3 — Travel Expense Guidelines Exhibit 4 — Insurance Requirements Exhibit 5 — Scope of Work Exhibit 6 - Vendor Security Requirements Exhibit 7- Data Protection and Information Security Agreement {FFM2297012.DOCX;4/13175.000001/ } Software Subscriptions PRODUCT NAME EXHIBIT 1 Proiect Cost Summary QUANTITY UNIT PRICE TOTAL Finance Enterprise: Advanced SaaS 1 89,916.00 USD 89,916.00 USD Subscription Annual Subscription Fee. Utilities: Standard SaaS Subscription 1 5,210.40 USD 5,210_40 USD Annual Subscription Fee HCM Employee Finance Enterprise: 1 9,062.00 USD 9,062.00 USD Standard SaaS Subscription Annual Subscription Fee Certent Disclosure Management (DM): 1 7,200.00 USD 7,200.00 USD Base Bundle Annua[ Access Fee Software! Subscription Total; 111,388.40 USD Services DESCRIPTION TOTAL Finance Enterprise: Advanced SaaS Subscription Contract Startup Fee 10,000.00 USD Finance Enterprise Finance Business Process Review For Implementation 21,600.00 USD Consulting Finance Enterprise Finance Business Process Review For Implementation 360.00 USD Project Management Fee Finance Ent Training 53,640.00 USD HCM Training 13,140.00 USD Internet Pro Training 1,440.00 USD CAFR Training 28,800.00 USD Utilities Training 9,540.00 USD {EFM2297012.DOCX;4/13175.000001/ } Finance Ent Development 17,940.00 USE) HCM Development 21,840.00 USD Utilities Development 18,720.00 USD Finance Ent PM 51,870.00 USD HCM PM 28,080.00 USD Internet Pro PM 1,560.00 USD CAFR PM 4,680.00 USD Utilities PM 9,165.00 USD Extra PM 36,660.00 USD Finance Ent Consulting 175,500.00 USD Interfaces 31,200.00 USD HCM Consulting 150,930.00 USD Internet Installation 2,340.00 USD Utilities Technical Services 17,160.00 USD Certent DM: Base Bundle Installation 780.00 USD Extra ReportingMtorkflow 28,800.00 USD Services include contract start-up fees, project management, Services Total 735,745.00 USD technical services, consulting, development, training, and installation. Total: 893,715.00 USD Discount Total: 90,806.60 USD Quote Total: 802,908.40 USD {EFM2297012.DOCX;4/13175.000001/ } City of Tukwila - CentralSquare Payment Terms Finance Phase 2 Modules CentralSquare RFP Checklist Annual Subscription Fee Finance Phase 1 Modules p. 11, p.59, p. $44,958.00 Purchase Orders p. 55 - p. 61, Fixed Assets p. 80, p. 183, Grant Management p. 191, p. 193, Project Allocation p. 241, p. 245 General Ledger - Job/Project Ledger - p. 246 Bank Reconciliation p. 184, p. 191, p. 248 - p. Accounts Payable 249, , Accounts Receivable p. 257, p. 287 Contract Management p. 78 -81, p. 85, p. 173, p. Cashiering 258 Documents Online, Easy Laser Forms and p.262, p. 263, Analytics (Cognos) specific to each module. p. 283 - 285 Finance Phase 2 Modules $52,158.00 p. 11, p.59, p. Purchase Orders 99, p. 105-106 Fixed Assets p. 255 Grant Management p. 260 Project Allocation p. 246 Purchasing p. 251 - 252 Bank Reconciliation p. 114, p. 250 p. 175, p. Budgeting 177, p. 191, p. 233, Contract Management p. 261 p. 103, p. 106 Bid/Quote Management -- p. 107 P -Cards p. 96, p. 97 Position Budgeting p. 178 p. 19, p. 287 - Citizen Engagement (ARO, VMO) 288 p. 54, p. 56, p. Certent Disclosure Management 61, p. 275 Documents Online, Easy Laser Forms and p. 262, p. 263, Analytics (Cognos) specific to each module. p. 283-285 HR/Payroll Modules $9,062.00 p. 264 - p. Human Resources 266 p. 122, p. 123, Payroll p. 269 Employee Online p. 126, p. 271 Documents Online, Easy Laser Forms and p. 262, p. 263, Analytics (Cognos) specific to each module. p. 283-285 {EFM2297012.DOCX;4/13175,000001/ } Utilities Modules $5,210.00 Utilities p. 277-280 Data Quality Suite p. 278 Meter Reading Interface p. 166, Online Utility Exchange Interface p. 280 Common Cash Receipts p. 278 OPTIO — Form Writer p. 277 Citizen Engagement (Utility Billing) p. 277 Total $111,388.00 A. ONE TIME FEES 1. Contract Startup Fee ($10,000). Finance Enterprise Advance SaaS Subscription Contract Startup Fee paid upon the Execution Date. 2. Subscription Modules. Subscription Modules will be implemented and stabilized in descending order of priority as set out above. Modules shall be delivered, to be completely implemented/integrated and shall meet all corresponding RFP Checklist requirements, including any mutually agreed upon changes documented as signed Change Orders, as noted before subscription fees are paid. i. If Phase 1 Subscription Modules have not been implemented, as defined by meeting all functionality stated in RFP, within30 days of the date agreed upon in the Product Planning Schedule, and the City has provided all reasonable requested assistance from CentralSquare, CentralSquare shall provide a credit equal to 40 hours of training/support to the City. 3. Professional Services. i. Fees for the existing implementation services shall be billed pursuant to the Milestone table set out below. ii. Any implementation fees not previously quoted, but necessary to complete installation of the Products shall be added pursuant to an additional quote. CentralSquare agrees that any additional implementation fees shall be billed at the same hourly rates as the previously quoted fees. Fees for services needed by the City after the Go -Live of the products and during the Initial Term of this Agreement shall be added pursuant to an additional quote. CentralSquare agrees that any additional fees after Go -Live but during the Initial Term of the Agreement shall be billed at an hourly rate not to exceed 3% above the hourly rates used to quote the fees for implementation services. iv. Express written authorization from City is required before any Professional Services are provided to City via offshore resources. v. Extra Reporting/Workflow prior to the Go -Live date, $28,800, is billed as incurred at a rate of $180 per hour. 4. Third -Party Fees. i. Third -Party Professional Services Fees are due: 50% on Execution Date, and 50% due upon completion of services with invoice. B. RECURRING FEES 1. The Annual Subscription Fee is due pursuant to A.2. for the first year, and thereafter annually on the anniversary of the Execution Date. 2. The Annual Subscription Fee shall be limited an annual 3% escalation. C. ANCILLARY FEES 1. Customer is responsible for paying all taxes relating to this Agreement. Applicable tax amounts (if any) are not included in the fees set forth in this Agreement. If Customer is exempt from the {EFM2297012.DOCX;4/13175.000001/ } payment of any such taxes, Customer must provide CentralSquare valid proof of exemption; otherwise, CentralSquare will invoice Customer and Customer will pay to CentralSquare all such tax amounts. 2. If Customer fails to make any payment when due, then CentralSquare may charge interest on the past due amount at the rate of .5% per month calculated daily and compounded monthly, or, if lower, the highest rate permitted under applicable law; and If such failure continues for 90 days following written notice thereof, CentralSquare may suspend performance or access until past due amounts have been paid. Professional Services - Payment Milestone Table Milestone Payment Milestone Description Baseline Project Schedule Provided Finance Phase I (GL, AP, AR, Cash The baseline project schedule is developed within the first 60 days of the project through careful planning with both the CentralSquare project manager and the Customer project manager. The baseline project schedule is the initial agreed upon schedule for the project, inclusive of all tasks from both project teams. Once the baseline project schedule has been delivered, this task is considered complete. A proof of delivery will be provided to the customer. Customer acknowledgement will trigger milestone invoice. Once all modules are tested and online, the CentralSquare team alongside the customer will participate in an integration test to include all modules. This testing is considered complete when the engagement for testing has concluded and results have been provided to the customer. A proof of delivery will be provided to the customer. Customer acknowledgement will trigger milestone invoice. Receipts) - Testing and Training for the application is considered Training complete once 75% of the participants, as identified and documented in the planning phase of the project, have passed the Train the Trainer program. A proof of delivery will be provided to the customer. Customer acknowledgement will trigger milestone invoice. Customer is considered Live on the applications after 15 days of live operations in a production environment and wherein no urgent or critical error codes are recorded. A 15% $104,541 proof of delivery will be provided to the customer. Customer acknowledgement will trigger milestone invoice. Finance Phase I Go -live Percent of Services Cost 10% $69,695 10% $69,695 {EFM2297012,DOCX;4/13175.000001/ ) Finance Phase 11 (remaining Finance modules) - Testing and Training Finance Phase [I Go -live HR/Payroll - Testing and Training Once all modules are tested and online, the CentralSquare team alongside the customer will participate in an integration test to include :all modules. This testing is considered complete when the engagement for testing has concluded and results have been provided to the customer. A proof of delivery will be provided to the customer. Customer acknowledgement will trigger milestone invoice. Training for the application is considered complete once 75% of the participants, as identified and documented in the planning phase of the project, have passed the Train the Trainer program. A proof of delivery will be provided to the customer. Customer acknowledgement will trigger milestone invoice. 10% Customer is considered Live on the applications after 15 days of live operations in a production environment and wherein no urgent or critical error codes are recorded. Ai 15% proof of delivery will be provided to the customer. Customer acknowledgement will trigger milestone invoice. Once all modules are tested and online, the CentralSquare team alongside the customer will participate in an integration test to include all modules. This testing is considered complete when the engagement for testing has concluded and results have been provided to the customer. A proof of delivery will be provided to the customer. Customer acknowledgement will trigger milestone invoice. Training for the application is considered complete once 75% of the participants, as identified and documented in the planning phase of the project, have passed the Train the Trainer program. A proof of delivery will be provided to the customer. Customer acknowledgement will trigger milestone invoice.5 10% $69,695 $69,695 Customer is considered Live on the applications after 15 days of live operations in HR/Payroll a production environment and wherein no Go -lime urgent or critical error codes are recorded. A 15% proof of delivery will be provided to the customer. Customer acknowledgement will trigger milestone invoice. {EFM2297012.Docx;4/13175.000001/ } {EFM2297012.DOCX;4/13175.000001/ } 8 Utilities - ' Testing and Training Once all modules are tested and online, the CentralSquare team alongside the customer will participate in an integration test to include all modules. This testing is considered complete when the engagement for testing has concluded and results have been provided to the customer. A proof of delivery will be provided to the customer. Customer acknowledgement will trigger milestone invoice. Training for the application is considered complete once 75% of the participants, as identified and documented in the planning phase of the project, have passed the Train the Trainer program. A proof of delivery will be provided to the customer. Customer acknowledgement will trigger milestone invoice. 5% $34,847 Utilities Go -live Customer is considered Live on the applications after 15 days of live operations in a production environment and wherein no urgent or critical error codes are recorded. A 10% proof of delivery will be provided to the customer. Customer acknowledgement will: trigger milestone invoice. $69,695 Total Services $696,945 {EFM2297012.DOCX;4/13175.000001/ } EXHIBIT 2 Support Standards 1. CentralSquare Cloud Security Program A. Access & Continuity. Logical access restrictions include VLAN data segregation, extensive deny -by - default access control lists, and Multi -Factor authentication required for System Administration. Business continuity is prioritized via daily encrypted backup stored offsite, virtual tape backup technology to counter loss of physical media, and full replication to disaster recovery site, with redundancy an availability through multiple carriers. B. Security & Monitoring. SSL and IPSEC VPN with 256 bit encryption, web application firewalls, multi- layered infrastructure model with recorded internal and external CCTV, card access control, best of breed HVAC/fire suppression/physical security, and backed by 24-7 x 365 monitoring by a staffed operations facility for: Intrusion detection & prevention, DDOS mitigation, and automated network incident creation and escalation. C. Testing, Audits & Compliance. third -party internal, external, perimeter vulnerability and penetration testing. Centrally managed patching, OS hardening program, and endpoint protection on all servers. Industry standard compliance includes annual completion of: SSAE18/ISAE Data Center Audit, SSAE18 Operations Audit, PCI -DSS Compliance Audit, Vulnerability Testing & CVSS Audit, and Control Self -Assessment Audit. 2. Service Level Commitments A. Target. In each Service Period, the target for availability of the Solutions is 99.9% ("Availability Target"). "Service Period" means 24 hours per day Monday through Sunday each calendar month that Customer receives the Solutions, excluding Sundays between 12:00 AM and 12:00 PM Eastern Time for scheduled maintenance. During this time, Customers may experience intermittent interruptions. CentralSquare will make commercially reasonable efforts to minimize the frequency and duration of these interruptions and CentralSquare will notify the Customer if the entire maintenance window will be required. B. Support Terms. Beginning on the Execution Date and continuing for twelve (12) months thereafter ("Initial Support Term"), CentralSquare shall provide the ongoing Support Services described herein pursuant to the rates governed by the terms of Exhibit 1. Upon expiration of the Initial Support Term, ongoing Support Services shall automatically renew, with Customer paying far additional annual support periods, each a ("Renewal Support Term"), pursuant to the rates governed by the terms of Exhibit 1. This renewal will continue until termination of this Agreement provided that, CentralSquare shall not give notice of termination if it would be effective prior to a period equal to two times the Agreement's Initial Term. C. Measurement. Service availability is measured as the total time that the Solutions are available during each Service Period for access by Customer ("Service Availability"). Service Availability measurement shall be applied to the production environment, and the points of measurement for all monitoring shall be the servers tEFM2297012.DOCX;4/13175.000001/ } 3. 4. D. E. F. G. Server a. b. System a. b. c. and the Internet connections at CentralSquare's hosted monitoring, measuring, and recording Service Availability. The monitoring tools, not to override CentralSquare's measurements Availability. Additionally, the monitoring tool must be: 1. mutually agreed upon by CentralSquare and the 2. paid, installed and maintained by the Customer. 3. non-invasive and may not reside on CentralSquare's Calculation. Service Availability for a given month shall be calculated environment. CentralSquare has technology Customer, at their discretion, may also employ for the purposes of calculating Service Customer. systems. using the following calculation: available in a given month shall be subtracted month. The resulting figure is divided by the the variance of the number of days in a month. NOT available in a given month shall exclude then the Customer shall be entitled to a credit or if no in as I. The total number of minutes which the service was NOT from the total number of minutes available in the given total number of minutes available in the given month. 11. Service Availability Targets are subject to change due to 111. The total number of minutes which the service was minutes associated with scheduled or emergency maintenance. Remedy. If the Service Period target measurement is not met calculated as follows: 5% Less than 99.9% but greater than or equal to 99.0% Less than 99.0% but greater than or equal to 95.0% lill Less than 95% 50% If not directly reported by CentralSquare, credit entitlement must days of the failed Target. Customer shall not be entitled to withhold fee payments, on account of a pending credit. Customer where Customer is more than thirty (30) days past due on their showing performance and service levels. Chronic Outage. In the event the Customer experiences Service or more months in a rolling twelve (12) month period, Customer is in material breach of the Agreement and may terminate this excluding the rights and opportunity to cure provided under Section Performance & Capacity. CentralSquare shall provide sufficient server capacity for the duration performance requirements for the number of concurrent system Customer requests, at some later date, to add additional Solutions, processing requirements, and/or request additional environments, additional resources are required to support modifications, Availability is below 99.9% for any two (2) or months in a rolling deploy additional server and network capacity to meet the performance additional expense to Customer. "In-network" is defined as any point between which the data packet subsequently departs the CentralSquare environment. CentralSquare protected network environment shall be deemed responsible for Internet connectivity and/or performance out-of-network. Maintenance. Solutions maintenance and upgrades. CentralSquare will provide be requested by the Customer within sixty (60) offset any monthly Solutions fee payments, nor shall not be eligible for credits for any period account. CentralSquare will provide reporting, Availability that is below 95% for any three (3) shall have the right to claim that CentralSquare Agreement in accordance with Section 16.1, 16.1(ii). of this Agreement to meet the reasonable users provided for in this Agreement. If the increase user licenses, increase storage these requests will be evaluated and additional fees may apply. In the event Service twelve (12) month period, CentralSquare shall requirements of this Agreement at enters the CentralSquare environment and. Any point of communications outside of the as "out-of-network." CentralSquare is not all hosted systems and network maintenance Maintenance and upgrades will be scheduled of the designated hours set aside for this and upgrades will be performed outside of the will be notified prior to the upgrade. on a case-by-case basis in such a manner as deemed appropriate and necessary by CentralSquare. advance with the Customer's primary contact if they fall outside function of Sundays from 12:OOAM to 12:00 PM. Hardware maintenance and upgrades. Hardware maintenance Customer's standard business hours of operation and the Customer Emergency maintenance. Emergency situations will be handled {EFM2297012.DOCX;4/13175.000001/ } to cause the least possible disruption to overall system operations and availability without negatively affecting system stability and integrity. CentralSquare will attempt to notify the Customer promptly, however if no contact can be made, CentralSquare management may deem it necessary to move forward with the emergency maintenance. 5. Incident Response. Incidents are defined as interruptions to existing service and can range in priority from urgent to [ow depending on the impact to the Customer. CentralSquare will make commercially reasonable efforts to res and to Solutions incidents for live roduction s stems usin the following • uidelines: • • • 1 Urgent An Incident that results in loss of Customer connectivity to all of the Solutions or results in loss, corruption or damage to Customer's Data. CentralSquare will respond within 1 hour of the issue being reported with an initial assessment for rectification, with a progress report twice per day. 95% 2 Critical An Incident that has an adverse material impact on the performance of the Solutions or materially restricts Customer's day-to- day operations. CentralSquare will respond within 2 hourE of the issue being reported with an initial assessment for rectification, with a progress report once per day. 95% 3 Non -Critical An Incident that does not result in a failure of the Solutions but a fault exists that restricts the Customer's use of the Solutions. CentralSquare will respond within 4 hourE. of the issue being reported an initial assessment for rectification, with a progress report every business days. 95% 4 Minor An Incident that does not affect or which has minimal adverse impact on the use of the Solutions. CentralSquare will respond within 24 hours of the issue being reported. 95% a. Measurement. CentralSquare shall track and report on response and resolution time for application and hosting support issues identified by the Customer. 6. Disaster Recovery. CentralSquare provides disaster recovery services for Solutions. The costs for these disaster recovery services are included in the monthly fees. In the event that a disaster renders the Customer's data center is inaccessible or rendered non-functional, CentralSquare will provide the ability to connect to the appropriate data center using software provided by CentralSquare. This will allow the Customer to connect to their systems from a remote site to the previously identified critical functions, however functionality may be diminished due to lack of access to hardware and/or software located in the Customer's facilities. 7. Exceptions. CentralSquare shall not be responsible for failure to carry out its service and maintenance obligations under this Agreement if the failure is caused by adverse impact due to: a. defectiveness of the Customer's environment, Customer's systems, or due to Customer corrupt, incomplete, or inaccurate data reported to the Solutions, or documented Defect. b. denial of reasonable access to Customer's system or premises preventing CentralSquare from addressing the issue. c. material changes made to the usage of the Solutions by Customer where CentralSquare has not agreed to such changes in advance and in writing or the modification or alteration, in any way, by Customer or its subcontractors, of communications links necessary to the proper performance of the Solutions. {EFM2297012.D0CX;4/13175.000001/ } 8. 9. 10. a. b. 11. 12. d. a force majeure event, or the negligence, intentional acts, or omissions Incident Resolution. Actual response times and resolutions may vary due critical impact level and above, CentralSquare provides a continuous resolution Service Requests. Service requests are new requests that will take Tess requests that require additional time, CentralSquare will prioritize these requests, needed to order equipment or software. Non -Production Environments. CentralSquare will make commercially production environment(s) during Customer business hours. Non -production the metrics or service credit schedules discussed in this Exhibit. Maintenance. All forms of maintenance to be performed on non -production of Customer or its agents. to issue complexity and priority. effort until the issue is resolved. than 8 hours to accomplish. For and determine if extra time reasonable efforts to provide environments are not included under environments will follow the Maintenance. are considered priority 3 or 4, dictated service requests. For new non exact of is - a structure and schedules outlined above in Section 3 for regular System Incidents and service requests. Non -production environment incidents by circumstances and will be prioritized and scheduled similar to production Responsibility Summary Matrix. Responsibility Summary Matrix Description CentralSquare Responsibility Customer Responsibility ASP Server Hardware management X ASP Server File system management X ASP Server OS upgrades and maintenance X ASP Database product upgrades and maintenance X ASP third-party product upgrades and maintenance X Application Update Installation Request to install application updates X Installation of application updates X ASP Backup Management X Data and or File restoration Request to restore data and or files X Restoration of data and or files X Network ASP Network up to and including the router at CentralSquare 's location X ASP Router at Customer's location X Customer's network up to the router at Customer's location X Customer Workstations X System Performance X X Add/Change users User add/change requests X User add/change implementation for System Access X X User add/change implementation for Solutions X Add/Change Printers Printer add/change requests X Printer add/change implementation on ASP network X X Printer add/change implementation for Solutions X Disaster Recovery X Password Management X X Application Management Application Configuration X X Application Security Management X X Accuracy and Control of Data X X Security Intrusion and Penetration Testing X X Virtual Private Network (VPN) Concentrator. If Customer's desired system configuration requires the use {EFM2297012.DDCX;4/13175.000001/ } VPN concentrator, including router, this will be provided by CentralSquare . It will reside at Customer's location but is, and shall remain the property of CentralSquare . 13. Customer Cooperation. Customer may be asked to perform problem determination activities as suggested by CentralSquare . Problem determination activities may include capturing error messages, documenting steps taken and collecting configuration information. Customer may also be requested to perform resolution activities including, for example, modification of processes. Customer agrees to cooperate with such requests, if reasonable. 14. Training. Outside the scope of training services purchased, if any, Customer is responsible for the training and organization of its staff in the operation of the Solutions. 15. Development Work. The Support Standards do not include development work either (i) on software not licensed from CentralSquare or (ii) development work for enhancements or features that are outside the documented functionality of the Solutions, except such work as may be specifically purchased and outlined in Exhibit 1. CentralSquare retains all Intellectual Property Rights in development work performed and Customer may request consulting and development work from CentralSquare as a separate billable service. 16. Telephone Support & Support Portal a. Hours. CentralSquare shall provide to Customer, Monday through Friday, 8:00 A.M. to 5:00 P.M. Customer's Local Time within the continental United States, excluding holidays ("5x9"). CentralSquare shall provide to Customer, during the Support Hours, commercially reasonable efforts in solving errors reported by the Customer as well as making available an online support portal. Customer shall provide to CentralSquare reasonably detailed documentation and explanation, together with underlying data, to substantiate errors and to assist CentralSquare in its efforts to diagnose, reproduce and correct the error. This support shall be provided by CentralSquare at Customer location(s) if and when CentralSquare and Customer agree that on-site services are necessary to diagnose or resolve the problem. If a reported error did not, in fact, exist or was not attributable to a defect in the Solutions or an act or omission of CentralSquare, then Customer shall pay for CentralSquare 's investigation and related services at CentralSquare 's standard professional services rates governed by the terms of Exhibit 1. Customer must provide CentralSquare with such facilities, equipment and support as are reasonably necessary for CentralSquare to perform its obligations under this Agreement, including remote access to the Specified Configuration b. Releases. Customer shall promptly install and/or use any Release provided by CentralSquare to avoid or mitigate a performance problem or infringement claim. All modifications, revisions and updates to the Solutions shall be furnished by means of new Releases of the Solutions and shall be accompanied by updates to the Documentation whenever CentralSquare determines, in its sole discretion, that such updates are necessary. c. Case Number. Measured from the moment a Case number is created. i. As used herein a "Case number" is created when (a) a CentralSquare support representative has been directly contacted by Customer either by phone, in person, or through CentralSquare's online support portal, and (b) when CentralSquare's support representative assigns a case number and conveys that case number to the Customer. ii. An incident must be reported and recorded in CentralSquare's support system in order to be resolved and any associated escalation for resolution of the incident will proceed as follows: 1.Support Manager 2.Support Director or Director of Cloud 3.Assigned CSM (Customer Success Manager) 4.Support VP 5. Public Administration General Manager 6.COO of Company 7. CTO of Company 8. CEO of Company iii. Should the Support Manager or other key personnel assigned to Customer in Exhibit 5 (Scope of Work) change, CentralSquare will provide reasonable notification to Customer and assist in the personnel transition. (EFM2297012.DOCX;4/13175.000001/ } EXHIBIT 3 Travel Expense Guidelines CentralSquare will adhere to the following guidelines when incurring travel expenses: All arrangements for travel are to be made through the CentralSquare Corporate Travel Agent unless other arrangements have been made with the Customer and are documented in writing. AIR TRAVEL — CentralSquare will use the least expensive class of service available with a minimum of seven (7) day, maximum of thirty (30) day, advance purchase. Upon request, CentralSquare shall provide the travel itinerary as the receipt for reimbursement of the airfare and any fees. Fees not listed on the itinerary will require a receipt for reimbursement. Trips fewer than 250 miles round are considered local. Unless a flight has been otherwise approved by the Customer, Customer will reimburse the current IRS approved mileage rate for all local trips. LODGING —CentralSquare will use the most reasonable accommodations possible, dependent on the city. All movies, and phone/internet charges are not reimbursable. RENTAL CAR — Compact or Intermediate cars will be required unless there are three or more CentralSquare employees sharing the car in which case the use of a full size car is authorized. Gas is reimbursable however, pre -paid gas purchases will not be authorized and all rental cars are to be returned with a full tank of gas. Upon request, receipts for car rental and gas purchases will be submitted to Customer. CentralSquare shall decline all rental car insurance offered by the car rental agency as staff members will be covered under the CentralSquare auto insurance policy. Fines for traffic violations are not reimbursable expenses. OTHER TRANSPORTATION — CentralSquare staff members are expected to use the most economical means for traveling to and from the airport (Airport bus, hotel shuttle service). Airport taxi or mileage for the employee's personal vehicle (per IRS mileage guidelines) are reimbursable if necessary. Upon request, receipt(s) for the taxi will be submitted to Customer. Proof of mileage may be required and may documented by a readily available electronic mapping service. The mileage rate will be the then -current IRS mileage guideline rate (subject to change with any change in IRS guidelines). OTHER BUSINESS EXPENSES — Parking at the airport is reimbursable. Tolls to and from the airport and while traveling at the Customer site are reimbursable. Tipping on cab fare exceeding 15% is not reimbursable. Porter tips are reimbursable, not exceeding $1.00 per bag. Laundry is reimbursable when travel includes a weekend day or Company Holiday and the hotel stay is four nights or more. Laundry charges must be incurred during the trip and the limit is one shirt and one pair of pants/skirt per day. With the exception of tips, receipts shall be provided to Customer upon request for all of the aforementioned items. MEALS — Standard per Diem. Subject to change due to cost of Living. (FFM 2297012.D0CX 4/13175.000001/ } EXHIBIT 4 Insurance A. Insurance Term CentralSquare shall procure and maintain for the duration of the Agreement, insurance against claims for injuries to persons or damage to property which may arise from or in connection with the performance of the work hereunder by the CentralSquare, its agents, representatives, or employees. B. No Limitation CentralSquare's maintenance of insurance as required by the Agreement shall not be construed to limit the liability of the CentralSquare to the coverage provided by such insurance, or otherwise limit the Customer's recourse to any remedy available at law or in equity. C. Minimum Scope of Insurance 1. CentralSquare shall obtain insurance with a current A.M Best rating of not less than A:VII., and including the types and coverage described below: 2. Automobile Liability insurance covering all, non -owned, hired, and leased vehicles. Coverage shall be written as least as broad as Insurance Services Office (ISO) form CA 00 01. 3. Commercial General Liability insurance shall be at least as broad as ISO occurrence form CG 00 01 and shall cover liability arising from premises, operations, stop -gap, independent contractors and personal injury and advertising injury. Customer shall be included as an additional insured under the CentralSquare's Commercial General Liability insurance policy with respect to the work performed for the Customer using an additional insured endorsement at least as broad as ISO CG 20 26. 4. Workers' Compensation coverage as required by the Industrial Insurance laws of the State of Washington. 5. Technology Errors & Omissions (E&O) 6. Network Security (Cyber) and Privacy Insurance shall include, but not be limited to, coverage, including defense, for the following losses or services: Claims involving infringement of intellectual property, infringement of copyright, trademark, trade dress, invasion of privacy violations, and information theft. Liability arising from theft, dissemination, andlor use of Customer confidential and personally identifiable information, including but not limited to, any information about an individual maintained by the Customer, including (i) any information that can be used to distinguish or trace an individual's identity, such as name, social security number, date and place of birth, mother's maiden name, or biometric records; and (ii) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information regardless of how or where the information is stored or transmitted. Network security liability arising from (i) the unauthorized access to, use of, or tampering with computer systems, including hacker attacks; or (ii) the inability of an authorized third party to gain access to supplier systems and/or Customer data, including denial of service, unless caused by a mechanical or electrical failure; (iii) introduction of any unauthorized software computer code or virus causing damage to the Customer or any other third party data. Lawfully insurable fines and penalties resulting or alleging from a data breach. (E FM 2297012. DOCX;4/13175.000001/ } Event management services and first -party loss expenses for a data breach response including crisis management services, credit monitoring for individuals, public relations, legal service advice, notification of affected parties, independent information security forensics firm, and costs to re -secure, re-create and restore data or systems. D. Minimum Amounts of Insurance 1. CentralSquare shall maintain the following insurance limits: 2. Automobile Liability insurance with a minimum combined single limit for bodily injury and property damage of $1,000,000 per accident. 3. Commercial General Liability insurance shall be written with limits no less than $1,000,000 each occurrence, $2,000,000 general aggregate. 4. Technology Errors & Omissions (E&O) shall be written with limits no less than $1,000,000 per claim and $1,000,000 policy aggregate limit. 5. Network Security (Cyber) and Privacy Insurance shall be written with limits no less than $5,000.000 per claim $5,000,000 policy aggregate for network security and privacy coverage, $100,000 per claim for regulatory action (fines and penalties), and $100,000 per claim for event management services. E. Other Insurance Provision CentralSquare's Automobile Liability and Commercial General Liability insurance policies are to contain, or be endorsed to contain that they shall be primary insurance as respect Customer. Any insurance, self-insurance, or self-insured pool coverage maintained by Customer shall be excess of the CentralSquare's insurance and shall not contribute with it. F. Verification of Coverage CentralSquare shall furnish Customer with certificates and a copy of the amendatory endorsements, including but not necessarily limited to the additional insured endorsement except for Technology Errors & Omissions (E&O) & Network Security (Cyber) and Privacy Issues, evidencing the insurance requirements of CentralSquare before commencement of the work. G. Notice of Cancellation CentralSquare shall provide Customer with written notice of any policy cancellation within two business days of their receipt of such notice. H. Failure to Maintain Insurance Failure on the part of CentralSquare to maintain the insurance as required shall constitute a material breach of contract, upon which Customer may, after giving five business days' notice to CentralSquare to correct the breach, immediately terminate the contract or, at its discretion, procure or renew such insurance and pay any and all premiums in connection therewith, with any sums so expended to be repaid to Customer on demand, or at the sole discretion of Customer, offset against funds due CentralSquare from Customer. I. Customer Full Availability of CentralSquare Limits If CentralSquare maintains higher insurance limits than the minimums shown above, Customer shall be insured for the full available limits of Commercial General and Excess or Umbrella liability maintained by CentralSquare, irrespective of whether such limits maintained by CentralSquare are greater than those required by this contract or whether any certificate of insurance furnished Customer evidences limits of liability lower than those maintained by CentralSquare. J. Safeguarding of Personal Information {EFM2297012.DOCX;4/13175.000001/ } CentralSquare shall not use or disclose Personal Information, as defined in RCW 19.255.010, in any manner that would constitute a violation of federal law or applicable provisions of Washington State law. CentralSquare agrees to comply with all federal and state laws and regulations, as currently enacted or revised, regarding data security and electronic data interchange of Personal Information. CentralSquare shall ensure its directors, officers, employees, subcontractors or agents use Personal Information solely for the purposes of accomplishing the services set forth in the Agreement. CentralSquare shall protect Personal Information collected, used, or acquired in connection with the Agreement, against unauthorized use, disclosure, modification or loss. CentralSquare and its sub -consultants agree not to release, divulge, publish, transfer, sell or otherwise make Personal Information known to unauthorized persons without the express written consent of Customer or as otherwise authorized by law. CentralSquare agrees to implement physical, electronic, and managerial policies, procedures, and safeguards to prevent unauthorized access, use, or disclosure of Personal Information. CentralSquare shall make the Personal Information available to amend as directed by Customer and incorporate any amendments into all the copies maintained by CentralSquare or its subcontractors. CentralSquare shall certify its return or destruction upon expiration or termination of the Agreement and CentralSquare shall retain no copies. If CentralSquare and Customer mutually determine that return or destruction is not feasible, CentralSquare shall not use the Personal Information in a manner other than those permitted or authorized by state and federal laws. CentralSquare shall notify Customer pursuant to Exhibit 6 upon becoming aware of any unauthorized access, use or disclosure of Personal Information. CentralSquare shall take necessary steps to mitigate the harmful effects of such use or disclosure. CentralSquare is financially responsible for notification of any unauthorized access, use or disclosure. The details of the notification must be approved by Customer. Any breach of this clause may result in termination of the Agreement and the demand for return of all Personal Information. {EFM2297012.DOCX ./isys.000001/ } EXHIBIT 5 Scope of Work 1.0 Implementation Statement of Work ("SOW") This document is the Statement of Work (SOW) and contains the approach for the implementation of CentralSquare's Technology's ("CentralSquare") Finance, Human Resources & Payroll Information Management ("Enterprise Finance"), Human Capital Management ("HCM"), Utilities software and related services with respect to the Solution software expressly identified in the Order (the "Agreement") for the City of Tukwila. CentralSquare will provide implementation services identified in the Agreement and as further described in this SOW to assist the Customer in implementing the software solution. The SOW is an attachment incorporated as part of the Agreement signed by CentralSquare and the Customer, and all actions directed herein shall be performed in accordance with the aforementioned Agreement. This SOW is intended to be a planning and control document, not the detailed requirements or design of the solution. 2.0 Scope Overview The purpose of this project is to upgrade the Customer's current Financial, Human Resources, Utilities Management software with CentralSquare's Finance Enterprise, HCM, Utilities software system, to improve the Customer's existing administrative processes in order to take advantage of industry best practices that best leverage the Finance Enterprise, HCM, Utilities software. The project scope is comprised of the software and services identified in the Agreement and further described throughout this SOW. Anything not specifically designated in the SOW should be considered out of scope and not part of this project. 2.1 Software Scope Covered software does not include hardware, hardware vendor operating systems and/or other system software, customer developed software, or third -party software. CentralSquare will deliver computer software and database structure for SQL/Server database. The following list depicts the software associated with the Agreement. Finance Enterprise • Accounts Payable • Accounts Receivable • Fixed Assets • Stores Inventory • General Ledger • Grants Management • Job/Project Ledger • Project Allocation • Punchout • Purchasing • Bank Reconciliation • Budgeting • Documents Online • Fusion • Cashiering • Base Analytics (COGNOS BI) • Easy Laser Forms • Contract Management • Bid and Quote Management • Position Budgeting {EFM2297012.000(;4/13175.000001/ } • Procurement Cards • Certent Disclosure Management (CAFR/Planning) • Business Process Review Human Capital Management • Human Resources (HRIS) • Payroll • Documents Online • Professional Development • Base Analytics (COGNOS BI) • Employee Online Utilities • Utilities • Data Quality Suite • Meter Reading Interface to Sensus • Online Utility Exchange Interface • Common Cash Receipts • Optio • Citizen Engagement 2.2 Services Scope The following outlines the proposed services for the project management, installation, configuration, training, testing, and other services work necessary for the implementation of the HCM, Finance Enterprise, Utilities, software and represents a good -faith estimate based on our knowledge at time of the Agreement. Service Description Engagement Planning/Project Initiation/Analysis High Level Tasks Completion of the following tasks are accomplished remotely: • Kick -Off Meeting • Formal Discovery Sessions at Start of Project • Detailed Scope and Contract Review o Discovery/Design and Workflow Review o Conversion Scope Review • Assignment of Project Team and Identify Key Team Members • Review platform features, define business processes including current and future state Deliverables • Kick -Off Meeting Draft Project Plan Decision Workbook {EFM2297012,DOCX;4/13175,000001/ } Engagement High Level Tasks Monitoring and Control/ Configuration Testing • Define consultant hours with knowledge transfer during scope and discovery • Key dates and milestones on deliverables..,project schedule • Identify improvement opportunities through a Workflow Analysis • Collaboratively Develop a Roadmap that Drives Implementation Remote installation tasks consisting of the following: • Software Installation • Application Installation • Network Architecture Review Comprehension design and configuration task for the software solution: • Creation of Workflow • Report Development see Section A -Reports • System Configuration • Data Converted • Third -party software Integration Remote Data Conversion and Testing: After Initial Data Load occurred within respective processes, CentralSquare will upload the subsequent rounds of corrected Customer provided legacy extract files into "software" Shared responsibilities for the following tasks: • System Validation • Application Tests • Integration Testing • Parallel Testing (typically for 2-3 payroll cycles) • 3-5 test runs for Req to Check batches Completion of the following tasks are accomplished through distance learning sessions: Deliverables • Monthly Status Report • Issues Log • Risk Register • Implementation Guide Test Workbook {EFM2297012.DOCX;4/13175.000001/ } Engagement High Level Tasks Deployment/ Closeout End User Training System Administration Training Tasks to be completed at or near the end of the implementation project: • • • • Service Assumptions Mock Go Live/Readiness Review Go -live Activities Post Go -live Support Complete Project Documentation Transition to Support Team You will be introduced to your Customer Success and Support around Go -Live of phase 1 Final phase post Go -Live implementation support a 30 -day overlap Transition to Customer Success Manager Deliverables • Go Live Cutover Plan (determined at Mock Go Live) • Service to Support/Customer Service Team Project Closeout Report • CentralSquare is implementing a Commercially Available Off -the -Shelf solution. • Customer and CentralSquare expect that this SOW may be modified from time to time as mutually agreed in writing, given that CentralSquare may be provided or may obtain a more thorough understanding of Customer's existing policies, practices, and operations through the post -contract planning and discovery process. • Customer and CentralSquare will jointly develop a detailed and fully integrated project plan and schedule. • Customer may obtain the services of an additional consultant to provide project review, advice, and consultation at their own cost. CentralSquare will make every attempt to cooperate with the efforts of this consultant within the context of Customer's participation, deliverable review, and approval timeframes identified within this SOW and the Agreement. • Both the Customer and CentralSquare will furnish resources with appropriate skills and experience to handle the roles and responsibility described in this SOW. • CentralSquare is not responsible for quality of Customer's legacy data or for the correction or resolution of data quality issues unless previously agreed upon. City of Tukwila Responsibilities • Customer will consider and approve business processes as necessary to maximize efficiencies according to best practices. • Customer will make resources available to assist as needed to fulfill the responsibilities herein. • Customer will form a Project Team and will make their Project Team members available for meetings; consulting and training sessions; discussions and conference calls; and, other related project tasks or events requested by CentralSquare, or as indicated in the project plan. • Customer Project Team members will respond to information requests from CentralSquare staff in the timeframe requested in accordance with the project plan as to minimize delays in the project. • Customer Project Manager, Project Team, Subject Matter Experts, and other key personnel (as determined by Customer) will participate in the Kick -Off Meeting. • Customer and CentralSquare Project Manager to develop a mutually agreeable schedule and agenda for the workflow discovery. • Customer will review recommendations in the Workflow Analysis Report and attend the scheduled presentation of the findings. CentralSquare will take into consideration existing workloads and internal {EFM2297012.DOCX;4/13175.000001/ } deadlines. Customer will submit written questions or requests for clarification/revision to the CentralSquare Project Manager within five (5) to seven (7) business days of the presentation, with the exception of unforeseen delays which are not due to the actions of either party. Delays in review and approval of the Workflow Analysis Report can impact timely development of the interfaces and ultimately delay the Go -Live of the system. • Customer will participate in planning activities (conference calls, emails) with CentralSquare Application Installation Consultant and Technical Lead. • Customer will provide access to servers as required for CentralSquare Technical Lead and Application installation Consultant to perform interface testing. • Customer will designate a representative as the Project Team's Project Manager. The Project Manager will be the primary point of contact for project coordination throughout the project. • Customer will provide adequate training space and computers for the scheduled training throughout the project. The training spaces will include fully functioning networked computers, meeting the required CentraiSquare hardware standards. CentralSquare may consider alternative meeting options such as WebEx, video conferencing, remote desktop, and conference calls when appropriate. • Customer's Project Manager will act as the primary point of contact with non-CentralSquare third parties, including other vendors, state agencies, and local agencies that control products and/or databases with which CentralSquare products are to be interfaced. • Customer will provide expertise in third -party data, data mapping, and data validation. • Customer will be responsible for validating all data transferred into the HCM, Finance Enterprise, Utilities, and data transferred from HCM, Finance Enterprise, Utilities, into other third -party applications. • Customer will be responsible to get the legacy data "conversion ready", meaning it is clean (duplicates, typos, missing information, etc. have been corrected) and in a format that CentralSquare can read for import purposes (Excel spreadsheet, for example). • Customer staff will provide a Customer data dictionary or equivalent documentation to facilitate mapping data elements between the legacy system and Finance Enterprise and HCM databases. If sufficient documentation is not available, Customer will need to provide screenshots of the legacy system to assist in mapping data elements. • Customer application owners will participate in testing activities. • Customer will provide verification and validation of the converted data into the designated non -production environment according to the Test Plan. • Approval to proceed: Customer will provide sign off of the converted data set in a non -production environment, approving the cycle to be completed in a production environment. • Customer will identify and schedule appropriate personnel to attend training. • Customer will complete all tasks on the Customer Go -Live preparation checklist in the designated timeframes. • Customer Project Manager and other key personnel (as determined by Customer) provide support and assistance throughout Go -Live event. • Final conversion sign off: Customer will provide sign off of the converted data set into the production environment. Out of Scope • Customized interfaces unless otherwise stated in this SOW. 3.0 interfaces and Integrations The software Integrations and Interfaces identified during the sales process are described below. During the project, further discussion and discovery will take place and the Customer may request that modifications to the integration and/or interface services scope be performed by CentralSquare. Interfaces lEFM2297012.D0CX;4/13175.000001/ } Interfaces are process where data from the system is compiled in a format (stored procedure/batch export) for use into another Customer system. This is typically a single direction data transfer. f teg oflo s Scope Integrations allow for the automatic communication and data transfer between systems. Integration development is the joint responsibility of the Customer and CentralSquare. The integrations included in this SOW were identified by CentralSquare based on the RFP and discovery. During the project, further discussion and discovery will take place and the Customer may request that modifications to the integration services scope be performed by CentralSquare. CentralSquare will provide necessary assistance with integration setup, testing, and implementation to verify communications and basic functionality. Upon completion of the Discovery work session(s), CentralSquare will provide the Customer with a list of triggers for extracting data from the CentralSquare database(s) to be submitted to the Customer's third -party vendors and with the configuration details for data import. CentralSquare agrees to answer any database/interface questions and work with Customer's vendors to complete integrations as necessary and in a timely manner. Roles and Responsibilities CentralSquare: • CentralSquare Project Team members will respond to information requests from Tukwila in the timeframe requested in accordance with the project plan as to minimize delays in the project. • CentralSquare consultants will advise and train Customer on using the CentralSquare standard file uploads to complete the data interface if applicable. CentralSquare will assist and advise on data mapping as required. CentralSquare supplies numerous API's for integration the Customer can use should they choose. The API's are part of the Fusion integration tool. Future APIs will be available at no additional cost; however, there may be additional implementation hours for configuration. • CentralSquare will assist and advise Customer on API integration. • CentralSquare will work with the Customer on testing and perfecting the integrations, until Customer signs off on each integration. Customer understands that any delay on their part may have an impact on the overall project schedule. CentralSquare understands that any delay on their part may also have an impact on the overall project schedule. • Where an existing CentralSquare relationship exists, work directly with CentralSquare third parties, including other vendors, state agencies, and local agencies that control products and/or databases with which CentralSquare products are to be interfaced. • Install all interfaces required for Go Live prior to System Integration Testing. • Training for SME's on functionality and maintenance of each interface as installed and configured. • Provide Interface Control Documents to Customer upon request. • Where interfaces are custom, CentralSquare will work with the third -party consultants to receive a detailed statement of work around each custom item. CentralSquare will assist Customer as necessary in performing the integration testing and validation. Tukwila: • Customer will share with CentralSquare the planning and tasks of creating the integrations. • Act as the primary point of contact with third parties, including other vendors, state agencies, and local agencies that control products and/or databases with which CentralSquare products are to be interfaced. • Provide detailed schema, protocol, query specifications, as needed, and as available per interface. • Ensure design decisions are made conclusively and in a timely fashion. • Provide a Customer point of contact for each interface who is knowledgeable of the workflow and data requirements. • Responsible for validating all data transferred into Finance Enterprise, HRIPayroll, Utility Billing and data transferred from Finance Enterprise, HR/Payroll, Utility Billing to another application. • Provide SME(s) familiar with existing data structures in the legacy system to assist with the interface process. • Provide expertise in third -party data, data mapping, and data validation. {EFM2297012.DOCX;4/13175.000001/ } • Review and provide written feedback on Interface Control Documents within ten (10) business days of delivery, with the exception of unforeseen delays which are not due to the actions of either party. CentralSquare will take into consideration existing workloads and internal deadlines. Delays in review and approval of the 1CDs can impact timely development of the interfaces and ultimately delay the Go -Live of the system. Assumptions: • CentralSquare is not responsible for the applicable third -party software, third -party hardware or third -party system software costs which may be required for the development of the interfaces describe • Additional requests and changes to the scope of the below interfaces will require a change order and may incur additional charges. Changes include any additional requirements including building integration via API and Web Services (if not already listed as the interface method.) • Standard interfaces are supported by CentralSquare without additional yearly services for maintenance. Custom interfaces will require additional development fees prior to installation as well as additional yearly services. • Following is a description of the interfaces to be provided. Kronos TeleStaff NeoGov Timekeeping NeoGov Recruiting Timekeeping for Payroll (Fire and Police) Time and attendance data into Payroll Time and Attendance New hire information into Employee Master NeoGov PAFs Position change information into Position Change PAF Everything Online benefit Benefits forms Washington State Dept. Retirement Systems US Bank Enrollment, retirement contributions, reporting. Batch Batch Batch Batch Batch Banking Batch 2 -way 2 -way 1 -way 2 -way Standard Standard Manual Manual 1 Standard Automated Standard Automated 1 -way 1 -way Standard Manual Standard 1 -way Standard Manual Manual {EFM2297012.DOCX;4/13175.000001/ } Lucity Utilities TRAKiT Golfnow Time data for API 2 -way Standard Payroll. Asset information. Cash Receipts Batch 1 -way Standard Automated Automated Cash Receipts Batch 1 -way Standard j Automated Cash Receipts Batch 1 -way i Standard Automated Laserfiche Enterprise Content Management System Sensus Meter reading system for Utilities PerfectMind ------------ Cardknox ESRI ArcGIS Community Development Summary Transactions for Recreation Credit Card Processing Utility Meter and Customer Location Mapping GTUR export into Utilities via the Land Import Utility Link Batch Batch Link API 2 -way Standard ' Automated 2 -way Standard j Automated 1 -way Standard Automated 2 -way Standard Automated 1 -way Standard Automated Batch 1 -way Standard i Automated 4.0 Application Software Implementation CentralSquare and Customer will conduct the following Installation as part of this project. SAAS Installation Initial Installation of CentralSquare's Finance Enterprise software 2. Test Account Test Account Creation is the Creation creation of the test account which is cloned from the pre- production environment. • Attend Discovery Call Validate Account • Discovery Call • Complete install and data migration • Create Test Account {EFM2297012.DOCx;4/13175,0Q00O1/ } Assumptions • CentralSquare will migrate all Customer data into the HCM, Utilities, database and confirm that the Finance Enterprise software's primary system functions are available. • CentralSquare will install the Finance, HCM, Utilities, software into our Hosted Cloud environment, managed by our Cloud services team centers and provide access to the Customer through a standard URL. • CentralSquare will complete all installation remotely • CentralSquare will create one (1) Production Account and one (1) Test Account as part of the Agreement. Additional accounts will require additional hours added under separate quote by mutual written agreement at CentralSquare's prevailing rates. • CentralSquare provides one free Account refresh per year after Go -Live, Each additional refresh will require additional hours and additional cost. Refreshes that occur during the migration and during new version upgrades will not incur additional costs. Average refreshes are completed in approximately 4 hours at the current hourly rate and are performed within two weeks. • CentralSquare's standard methodology for implementation of Enterprise Resource Planning systems is a structured sequence of product deployment beginning with Finance Enterprise then continuing with the deployment of HCM. Roles and Responsibilities CentralSquare: • Load files and perform initial configuration of all licensed CentralSquare applications, including base and add-on modules, and interfaces to third -party applications. Configuration includes activating appropriate modules, table set up, and selection of mandatory configuration settings based on combination of CentralSquare applications purchased. • Set up test environment as mirror copy of the production environment. • Conduct knowledge transfer of installation/set up procedures to Customer IT staff and/or other designated personnel responsible for set up and maintenance of end-user computers (4-6 people maximum). • Conduct a test to verify that CentralSquare applications have been installed and configured successfully, operating properly, and are ready to begin the implementation and configuration process. Note: Not all CentralSquare components may be ready at this point, for a full test, but a reasonable effort ensures CentralSquare components are ready for the next step in the process. CentralSquare installation services will ensure that all needed components are prepared and ready prior to conducting subsequent activities for the specific application area according to the agreed upon Project Schedule. Customer: • Participate in planning activities (conference calls, emails) with CentralSquare Application Installation Consultant and Technical Lead. • Provide access to Customer's servers (including third -party) as required for CentralSquare Technical Lead and Application Installation Consultant to perform installation and migration tasks. • Attend knowledge transfer sessions focusing on how to prepare workstations or mobile computers to run CentralSquare applications. 5.0 Project Governance The purpose of the project governance is to define the resources required to adequately establish the business needs, objectives and priorities of the project, communicate the goals to other Project participants and provide support and guidance to accomplish these goals. Project governance also defines the structure for issue escalation and resolution, change control review and authority, and organizational change management activities. The preliminary governance structure establishes a clear escalation path when issues and risks require escalation above the Project Manager level. Further refinement to the structure, the process and specific roles {EFM2297012.DOCX;4/13175.000001/ } and responsibilities may occur throughout the project. Changes to the governance will be mutually agreed upon, documented in writing and communicated to all impacted parties. Organizational change management plays a vital role in achieving high levels of user adoption and realization of benefits from efficiencies gained during prescriptive process changes throughout the implementation. Managing the organizational change acceptance through the establishment of a formal Change Management Team is a key function that drives project success. Customer Personnel Sponsorship Team (ST) The Customer's ST provides support to the project by allocating resources, providing strategic direction, communicating key issues about the project and the project's overall importance to the Customer's organization. When called upon, the ST will also act as the final authority on all escalated project issues. The ST engages in the project, as needed, to provide necessary support, oversight, guidance, and escalation, and may participate in day-to-day activities in their normal job roles. The ST will empower the Product Owner, Project Manager, Change Manager, Project Management Team and the functional team leads to make critical business decisions for the Customer. Specifically, the ST will: • Understand and support the cultural change necessary for the project • Foster an appreciation of the value of an integrated system throughout the organization • Oversee the project team and the project as a whole • Participate in regular meetings so it is current on all project progress, project decisions, and achievement of project milestones • Communicate the importance of the project to City departments along with other department directors and the Change Manager. • Be responsible for making timely decisions on critical project or policy issues. The Project Management Team (PMT) Customer project team members will work under the direction of the designated Functional Team Leads for each area in the system. The Functional Team leads have detailed subject matter expertise and are empowered to make or obtain from the Steering Committee appropriate business process and configuration decisions in their respective areas. The Functional Team Leads are tasked, by the Customer Project Manager, with carrying out all project tasks described in the SOW including business process analysis, configuration, documentation, testing, training, and all other required Customer tasks. The Functional Team Leads will be responsible for and empowered to implement the new system in the best interests of the Customer consistent with the project goals, project vision, and direction from the Project Manager, the PMT and the ST. Product Owner The Product Owner (PO) is the management level resource that will be responsible for accurately communicating the requirements, assumptions and constraints of the business unit to the implementation team, (listed in the CentralSquare personnel section.) The work performed by the PO will include the clarification of business requirements, testing and communication of project status to staff. The PO will work closely with the City's PM and Central Square's PM. • The Customer's Product Owner will communicate and reinforce the vision • Collaborate with stakeholders and the Implementation team to define and communicate the roadmap • Collaborate with the Change Management Team • Clarify requirements and priorities with stakeholders and team • Manage the Functional Team Leads and SMEs {EFM2297012.DOCX;4/13175.000001/ } Project Manager (PM) The Customer's PM will: • Be the primary contact for the project • Coordinate Customer's project team members • Coordinate all CentralSquare activities with the CentralSquare Project Manager • Coordinate the subject matter experts (SMEs) in the Customer's organization City • Be responsible for reporting to the ST • Ensure all deliverables are reviewed on a timely basis by the Customer • Co -manage the overall implementation schedule with the CentralSquare PM • Collaborate with the Change Management Team Functional Team Leads Project team members will work under the direction of the designated Functional Team Leads for each area in the system. The Functional Team Leads have detailed subject matter expertise and are empowered to make appropriate business process and configuration decisions in their respective areas. The Functional Team Leads are tasked with carrying out all project tasks described in the SOW including planning, business process analysis, configuration, documentation, testing, training, and all other required Customer tasks. The Functional Team Leads will be responsible for and empowered to implement the new system in the best interests of the Customer consistent with the project goals, project vision, and direction from the Project Manager, the PMT and the ST. Subject Matter Experts (SMEs) SMEs have special, in-depth knowledge of Customer's current legacy systems and processes. Their opinions will be sought in defining business needs, test requirements, and software functionality. During the implementation, the Customer's SMEs will dedicate a considerable amount of their time to the project because they may be involved in multiple roles, including participating in training and other workshops, conducting end user training, reviewing project deliverables, performing various testing tasks, etc. Quality Assurance Team (QAT) The Customer will form a QAT made up of individual(s) who will participate in the review and acceptance of each CentralSquare deliverable and conduct periodic project health checks to ensure tasks are completed on time, on budget and to the satisfaction of the Customer. Furthermore, the QAT will work closely with the Project Manager to ensure all contractual matters are in compliance and services delivered are in accordance with the terms and conditions of the CentralSquare/Customer agreement as well as with the SOW. Assumptions: • The Customer may have multiple staff providing the roles outlined above and the same staff providing multiple roles. CentralSquare Personnel Project Sponsor CentralSquare Project Sponsor will have indirect involvement with the project and is part of the escalation process. The Project's sponsor will offer additional support to the CentralSquare project team and collaborate with other third -party consultants who are involved on this project. Specifically, the Project Sponsor will: • Provide support to CentralSquare's Project Managers in reporting project progress to ST. • Approve and sign -off on any material changes to project scope or staffing changes. Project Manager {EFM2297012.DOCX;4/13175.000001/ } The CentralSquare Project Manager will coordinate all project activities with the Customer and perform the following: • Serve as the point person for all project issues (the first escalation point) • Be responsible for project performance, deliverables as they are outlined in the SOW, and the milestones. • Provide updates to the Customer's ST and the PMT in accordance with project plan. • Fulfill Go Live dates. • Support the Customer Project Manager in monitoring and reporting overall implementation progress • Monitor and report progress on CentralSquare's responsibilities on a weekly basis • Immediately notify the Customer Project Manager, the PMT and the ST of any issue that could delay the project. • Ensure Software installation occurs as per the project schedule. • Schedule CentralSquare Staff according to the project plan. • Facilitate coordination between all CentralSquare departments. • Monitor the work plan and schedule and make course corrections as necessary. • Prepare bi-weekly status reports along with notes from meetings and calls. • Develop meeting agendas. • Provide issue resolution status, tracking, and procedures. • Identify personnel, equipment, facilities and resources that will be required to perform services by CentralSquare. Functional Leads (Consultants, Developers, and Technical resources) • Install application in agreed upon environments. • Work with the Customer Functional Team Leads and SMEs to design and configure the functional components of the Finance Enterprise software for optimal long-term use. • Document decisions made during configuration in the weekly site reports. • Lead the Finance Enterprise software configuration with assistance from the Customer's Functional Team Lleads. • Check that software operates after configuration as per its documentation. • Assist with the resolution of issues and tasks. • Schedule the training of the Customer Functional Team Lleads and SMEs during the configuration of software. • Provide and assist with data conversion guides. • Create and deliver interface programs according to Customer specifications and this SOW. • Provide training on security and assist with set up. • Provide training on workflow and assist with set up. • Provide samples of and training on the creation of forms and reports. 6.0 Quality Assurance Project Oversight The CentralSquare Project Management Organization (PMO) will provide Project Oversight throughout the project life cycle. Assuring the project is progressing as outlined in the project management plan and is achieving the Customer's goals is critical to overall project success and eventual adoption of the system by Customer. Said oversite includes, but is not necessarily limited to: • Reviewing project deliverables in Section 2.2 — Service Description for quality and assisting the Project Team in making corrections as required. • Providing assistance with any areas of high risk identified throughout the project. • Holding a monthly meeting with the Customer PMT to discuss and assess their view of the project progress. {EFM2297012.DOCX;4/13175.000001/ } • Communicating any challenges internally to leadership throughout CentralSquare's organization to assist in resolving issues. • Providing feedback to CentralSquare project staff and CentralSquare PMO on the results of the oversight activities. • Helping identify lessons learned that can improve performance on future phases. • Issues that will impact the quality, timeline, and overall goals will be identified, tracked, resolved and documented in the Issues/Tasks Log. These issues will be presented to the PMT and the Steering Committee during the regular cadence meetings as required. 7.0 Deliverable and Milestone Approval & Acceptance The Customer will review, approve, and provide written acceptance for all Milestones outlined in the Agreement by following the below process: • CentralSquare will submit in writing to the Customer a Deliverable Acceptance form for each completed Deliverable outlined on the table in Section 2.2 — Service Description. • The Customer will identify in writing any required changes, deficiencies, and/or additions necessary, within ten (10) business days from the form being delivered to the Customer for each completed Deliverable, unless the review timeframe is deemed by the Customer to be insufficient for a proper review. In such cases, the Customer Project Manager will request an extension in writing to the CentralSquare Project Manager, and the parties will mutually agree to a reasonable alternative to the original deadline. Delays in providing notification of required changes can impact timely development of the interfaces and ultimately delay the Go -Live of the system. • CentralSquare will review deliverables which are not approved and create a plan to address the deficiencies within ten (10) business days, with the exception of unforeseen delays which are not due to the actions of either party. CentralSquare will take into consideration existing workloads and internal deadlines. Once the deliverable has been corrected or the milestone achieved, a revised completion form will be submitted. The Customer will then review the deliverable or milestone and provide any additional comments on any required changes, deficiencies, and/or additions necessary within ten (10) business days from the updated completion form being delivered to Customer. Again, if the review timeframe is deemed to be insufficient for a proper review, the Customer Project Manager will request an extension in writing to the CentralSquare Project Manager, and the parties will mutually agree to a reasonable alternative to the original deadline. This process will be repeated until the Customer grants approval and signoff on the deliverable or milestone. • Upon approval of the deliverable or milestone, the Customer Project Manager will sign the completion form and return it to CentralSquare Project Manager. • CentralSquare has agreed to phase implementation and to the best of resource availability. The proposed phases include: PHASE Installations 1 General Ledger, Accounts Payable, Accounts Receivable, Cash Receipts 2 Remaining Finance 3 HR, Payroll 4 Utilities 8.0 Dispute Resolution Procedure The Customer and CentralSquare should anticipate challenging issues to arise throughout the implementation process due to the complex magnitude of this project. (eg. CentralSquare staff is not performing to the expectations of CentralSquare and Tukwila.) In order for these issues to be remedied the Customer and CentralSquare will utilize the following Dispute Resolution Procedure: All communication regarding the project should be directed to each party's Project Managers and the Customer to maintain consistent communication between the parties. Scheduled weekly calls/meetings will be maintained between the two Project Managers and the Customer's PMT. {EFM2297012.DDCX;4/13175.000001/ } All issues or concerns will be discussed actively and openly between all parties. If issues begin to interfere with the progression of the project, the Customer and/or CentralSquare should escalate issues to CentralSquare management in the sequence below, as needed: Name and Role Phone Emai€ Michael DiOrio, Sr. Director of 407-304-3024 i Michael,€ ioro@ecn ralsc(.�a recern Professional Services George Slyman, Sr. Director of 360-303-9362 Geon c,z j r3,a1- Cc ntruisware.co� �; Professional Services Mike Poth, VP Professional Services 703-328-0979 iE,ichae. oth©-w ent:°a1Sauare,com Escalation to Customer Management Team should be as follows: NEs,in � acid RoePhone Email Joel Bush 206-454-7569 Joel.Bush@TukwilaWA.gov Tami Eberle -Harris 206-433-7153 Tami.Harris@TukwilaWA.gov Vicky Car[sen 206-433-1839 Vickv.Carlsen@TukwilaWA.gov Tony Cullerton 206-433-1838 Tany.cu[lerton@tukwilawa.gov Any changes to either party's Implementation Team or Managernent Team will be communicated to the other party at the following scheduled weekly call/meeting at the latest. The Customer and CentralSquare may request a change to this scope of work by following the process outlined in the Agreement. 9.0 Change Requests and Changes to this Statement of Work The Customer and CentralSquare may request changes to the services outlined in this SOW by following the process outlined in this section. Such a request is considered acceptable only upon full execution of a written Change Order form signed by both parties. The change order will provide sufficient detail including the following. • Detailed description of resources (both Customer and CentralSquare) required to perform the change. • Specifications if applicable • Implementation plans • Schedule for completion • Verification and approval criteria • Impact on current milestones and payment schedule • Additional milestones (if applicable) • Impact on project goals and objectives • Price The other party has five (5) business days (or as mutually agreed upon) to determine whether it agrees to the Change Request. If agreement to pursue a Change Order does not occur in five (5) business days of the initiation of the Change Request (or as mutually agreed upon), it is assumed that the Change Request has been rejected and any remaining issues will be identified on the Issues Log and/or follow the above-mentioned dispute resolution process. 10,0 Acts or Omissions of Customer If CentralSquare's performance of its obligations under this SOW is prevented or delayed by any act or omission of Customer, any Authorized Service Recipient, or their agents, subcontractors, consultants, or employees {EFM2297012.D0CX;4/13175.000001/ } outside of CentralSquare's control, CentralSquare Provider shall not be deemed in breach of its obligations under this SOW or otherwise liable for any costs, charges, or losses sustained or incurred by Customer, in each case, or for any delays in delivery of any services, products or deliverables under this SOW to the extent arising directly or indirectly from such prevention or delay. Additionally, if either parties' performance of its obligations under this SOW is prevented or delayed by any act or omission of the other, and the non -delaying party expends reasonable costs, charges, or sustains losses, then the party causing the delay is responsible to reimburse the other party for all costs, charges, or sustained losses to the extent they arise directly or indirectly from such prevention or delay. To avoid penalties associated with cancelation or delay of any deliverables, products, or services that were to be provided in accordance with the terms of this SOW as defined in the mutually agreed upon project schedule, either party must provide notice of cancellation a minimum of ten (10) business days prior to scheduled event. Section A - Reporting The below list details Tukwila's desired reports. CentralSquare and Tukwila will collaborate during the project plan phase to ensure all reporting needs are evaluated and met. Benefit Administration Report Pull all benefit eligible employees by department/fixed cost designation. Provide a count of employees per fixed cost and allocated 3.85 per employee per month. Split cost for employees with more than one fixed cost account. New Hire Report The report includes a parameter to choose all newly hired employees within a specified time period and includes all report fields needed. Exportable to excel as a CSV. Teamsters Dues Report Pulls all employees of a bargaining unit with name, address, hourly rate, employee status, calculated dues and term date. The report includesparameters to pull fora specific payroll. PERS3 Check Detail Provides a report of all PERS3 members, split by those that have chosen WSIB and Self Directed investments. Subtotal benefits and deductions by investment choice and a grand total for all PERS3 members. Includes parameters to choose the paTperiod. ------------------------------------- ------ ---------- Employee List by Salary Group Group employees by salary group with name, address, hire, term, position title, hourly rate, monthly salary and annual salary. Medical/Dental Report Dependent Report Group by medical election (Kaiser or HMA). Include employee name, emp number, bargaining unit, medical, dental, vision elections. Include the employee deduction total, benefit total, and indicate employee coverage, spouse coverage and number of covered dependents. Include parameter to pull information for a specific pay period. Include ability to show/hide fields of this report. Report includes employee name, all covered dependents, dependent SSN, dependent birthdate and relationship to the employee. Employee List Employee list with employee name, hire date, shift code, position appointment date, City department. Ability to sort various ways and filter by union group, department, etc_ -- — — Benefit/Deduction Report Pull information by employee or bargaining unit to choose any ben/ded plan and report on the current information in place for the specified Ian. OSHA Hours Report Pull report to show the nember of hours worked for all employees charged to each fixed cost account for a specified date range. OSHA Emp Count Total number of employees charged to each fixed cost account number by pay period for a specified range of periods. Includes a grand total of employees= — — Census Report Employee first name, last name, SSN, Gender, Birth Date, Hire Date, Monthly salary, Annual hours worked, address, bargaining unit. (E FM 2297012. DOCX;4/13175.000001/ } {EEivi2297012.DOCX;4/13175.000001/ } Census Report 2 Emp name, hire, title, annual salary earned for a specified year. Include ability to filter by group of employee bargaining unit or by full or part time employees. Extra Labor Report Activity History Employee time reporting for open pay periods Expense detail detail report i Report to show ail part time employees by department showing monthly hours worked for each month of the past 12 months. Shows pension eligibility, number of months worked over 70 hours, and average number of hours worked over the 12 month period. Also shows the total hours worked during the specified period. ; Pull all hour types paid for an employee or group of employees for a specified period. Ability to filter for specific hour types. Used for retro calculations. A report showing all activity entered for all employees by day with daily totals, total by hourtype and total hours entered for the period. Includes activity notes, supervisor approval, approval date and time and supervisor comments= i A report showing all activity for a specified period, filtered by a 1 department or departments including name, fixed cost, pa code, activity notes, earnings and benefits. A report showing the total cost of labor for an employee or employees for a specific period of time or specific hours. Hours could include regular or overtime hours including benefits. A report showing employees and leave accruals/ liability at year end Labor Cost Analysis Compensated Abscense Report Leave Balance Report Ability to pull current and historial leave balances, usage, and accruals Statutory Quarterly/ Annual Reporting Employee Position Report Hourly Labor Cost by EE 1 DRS Pension Reports Metro Report j Valley View quarterly 941, PFMLA, SUTA, FUTA, L&I, W-2 Ability to pull current and historial position data by position number and employee details - - — - - - - - Pull employee data to annualize hourly rate to include ER benefit costs Ability to build DRS Pension report to capture DRS reporting requirements to align with City CBA Quarterly report of sewerage customers Quarterly report of sewer usage each month. Main meter consumption less deduct meter consumption for total sewer consumption. Master meter list Deduct meter list Consumption Report by Type Zero Consumption Report List of acct. no, acct. type, name, service location, phone no. meter size, meter number, register no. and radio no......._. List of acct no., acct type, name, service location, phone no., mtr size, mtr no., register no. and radio no Report for main and sub -consumption by meter size List of active accounts with no consumption for the month Highest Monthly Consumption Top consumption users each month Monthly Reclaimed Water List of reclaimed water accounts with read dates, meter read, and Readings consumption {EEivi2297012.DOCX;4/13175.000001/ } EXHIBIT 6 Vendor Security Requirements City of Tukwila Security Requirements Introduction During the term of this agreement, the Company shall operate an information security program designed to meet the confidentiality, integrity, and availability requirements of the service or product being supplied. The program shall include at a minimum the following security measures. Governance 1. Information Security Policy: Company shall develop, implement, and maintain an information security policy and shall communicate the policy to all staff and contractors. 2. Information Security Accountability: Company shall appoint an employee of at least manager level who shall be accountable for the overall information security program. 3. Risk Management: Company shall employ a formal risk assessment process to identify security risks which may impact the products or services being supplied, and mitigate risks in a timely manner commensurate with the risk. Asset Management 4. Asset Inventory: Company shall maintain an inventory of all hardware and software assets, including asset ownership. 5. Data Classification: Company shall develop, implement, and maintain a data classification scheme and process designed to ensure that data is protected according to its confidentiality requirements. Supply Chain Risk Management 6. Supplier Security Assessments: Company shall engage in appropriate due diligence assessments of potential suppliers which may impact the security of the services or products being supplied. 7. Security in Supplier Agreements: Company shall ensure that agreements with suppliers who may impact the security of the services or products being supplied contain appropriate security requirements. Human Resource Security 8. Information Security Awareness: Company shall develop and implement an information security awareness program designed to ensure that all employees and contractors receive security education as relevant to their job function. 9. Background Checks: Company shall conduct appropriate background checks on all new employees based on the sensitivity of the role that they are being hired for. Identity Management, Authentication and Access Control 10. Authentication: Company shall ensure that all access, by employees or contractors, to its information systems used to provide services or products being supplied shall require appropriate authentication controls that at a minimum will include: a. Strong passwords or multi -factor authentication for users b. Multi -factor authentication for all remote access 11. Authorization: Company shall ensure that all access to its information systems used to provide services or products being supplied shall be approved by management. {EFM2297012.DOCX;4/13175.000001/ } 12. Privileged Account Management: Company shall appropriately manage and control privileged accounts on its information systems that at a minimum will include: a. Use of dedicated accounts for privileged activity b. Maintaining an inventory of privileged accounts 13. Access Termination: Company shall develop and maintain a process designed to ensure that user access is revoked upon termination of employment, or contract for contractors. Data Security 14. Encryption: Company shall ensure that all laptops, mobile devices, and removable media, including those that are owned by Company employees or contractors, which may be used to store, process, or transport organizational data are encrypted at all times. [Scoping guideline: this requirement may be removed if the Company is not expected to possess any confidential or sensitive organizational data] 15. Secure Disposal: Company shall ensure that all media which may be used to store, process, or transport organizational data is disposed of in a secure manner. [Scoping guideline: this requirement may he removed if the Company is not expected to possess any confidential or sensitive organizational data] System Acquisition, Development and Maintenance 16. Security Requirements: Company shall ensure that information security requirements are defined for all new information systems, whether acquired or developed. 17. Separation of Environments: Company shall ensure that development and testing environments are separate from their production environment. 18. Data Anonymization: Company shall ensure that [Company's name]'s data will not be used in the development or testing of new systems unless the data is appropriately anonymized. 19. Secure Coding: Company shall ensure that all applications are developed with secure coding practices, including OWASP Top 10 Most Critical Web Application Security Risks. Physical and Environmental Security 20. Risk Assessment: Company shall use a formal risk assessment methodology to identify physical and environmental threats and shall implement controls to minimize the risks. Information Protection Processes and Procedure 21. Hardening: Company shall develop and implement security configuration baselines for all endpoint and network devices types. 22. Network Segregation: Company shall segregate its network into zones based on trust levels, and control the flow of traffic between zones. 23. Anti-Malware: Company shall ensure that all information systems that are susceptible to malware are protected by up-to-date anti-malware software. 24. Wireless Access Control: Company shall ensure that wireless network access is protected, including at a minimum: a. All wireless network access should be encrypted b. All wireless network access to the production network should be authenticated using multi -factor authentication such as machine certificates c. Wireless network access for personal devices and guest access should be segregated from the production network 25. Patching: Company shall evaluate, test, and apply information system patches in a timely fashion according to their risk. 26. Backup and Recovery: Company shall implement a backup and recovery process designed to ensure that data can be recovered in the event of unexpected loss. Protective Technology fEFM2297012.DOCX;4/13175.000001/ } 27. Logging: Company shall ensure that security event logging requirements been defined, and that all information systems are configured to meet logging requirements. 28. Intrusion Detection: Company shall deploy intrusion detection or prevention systems at the network perimeter. 29. URL Filtering: Company shall deploy tools to limit web browsing activity based on URL categories. 30. Denial of Service Protection: Company shall deploy controls to detect and mitigate denial of service attacks. Security Continuous Monitoring 31. Security Monitoring: Company shall deploy automated tools to collect, correlate, and analyze security event logs from multiple sources, and monitor them for suspected security incidents. 32. Vulnerability Assessments: Company shall conduct vulnerability assessments against all Internet - facing information systems on a regular basis, no less often than quarterly. 33. Penetration Testing: Company shall perform penetration tests on all web applications and services, in accordance with standard penetration testing methodologies, on a regular basis, no less often than annually. Information Security Incident Management 34. Incident Response: Company shall develop, implement, and maintain an information security incident response process, and will test the process on a regular basis, no less often than annually. {EFM2297012.DOCX;4/13175.000001/ } Exhibit 7 City of Tukwila Data Protection and Information Security Agreement This Data Protection and Information Security Exhibit ("Exhibit") is an attachment to the Agreement and sets forth the data protection and information security requirements of City of Tukwila. This Exhibit includes by reference the terms and conditions of the Agreement. In the event of any inconsistencies between this Exhibit and the Agreement, the parties agree that the terms and conditions of the Exhibit will prevail. Throughout the term of the Agreement and for as long as Vendor controls, possesses, stores, transmits, or processes Confidential Information as part of the Services provided to City of Tukwila, Vendor will comply with the requirements set forth in this Exhibit. Any breach of this Exhibit will be deemed a material breach under the Agreement. 1. Definitions "Authorized Personnel" for the purposes of this Exhibit, means Vendor's employees or subcontractors who: (i) have a need to receive or access Confidential Information or Personal Information to enable Vendor to perform its obligations under the Agreement; and (11) are bound in writing with Vendor by confidentiality obligations sufficient for the protection of Confidential Information and Personal Information in accordance with the terms and conditions set forth in the Agreement and this Exhibit. "Common Software Vulnerabilities" (CSV) are application defects and errors that are commonly exploited in software. This includes but is not limited to: (i) The CWE/SANS Top 25 Programming Errors — see http://cwe,mitre.orq/top25/ and httpJ/www.sans.oro/top25-software-errors/ (ii) The Open Web Application Security Project's (OWASP) "Top Ten Project" — see http://www.owasp.orq "Confidential Information" is as defined in the Agreement, and includes Personal Information; provided that, Personal Information shall remain Confidential Information even if at the time of disclosure or collection, or later, it is or becomes known to the public. "Industry Standards" mean generally recognized industry standards, best practices, and benchmarks including but not limited to: (1) Payment Card Industry Data Security Standards ("PCI DSS") — see http://www.pcisecuritystandards.om/ (ii) National Institute for Standards and Technology — see http://csrc.nist.gov/ (ill) ISO / IEC 27000 -series — see http://www.iso27001security.com/ (iv) COBIT 5 — http://www.isaca.org/cobit/ (v) Cyber Security Framework — see http://www.nist.gov/cyberframeworkl (vi) Cloud Security Alliance — see https://cloudsecurityalliance.org/ (vii) Other standards applicable to the services provided by Vendor to City of Tukwila "Information Protection Laws" mean all local, state, federal and international laws, standards, guidelines, policies, regulations and procedures applicable to Vendor or City of Tukwila pertaining to data security, confidentiality, privacy, and breach notification. "Personal Information" also known as Personally Identifiable Information (PII), is information of City of Tukwila customers, employees and subcontractors or their devices gathered or used by Vendor that can be used on its own or combined with other information to identify, contact, or locate a person, or to identify an individual or his or her device in context. Examples of Personal Information include name, social security number or national identifier, biometric records, driver's license number, device identifier, IP address, MAC address, either alone or when combined with other personal or identifying information which is linked or linkable to a specific individual or iEFM2297012,DOCx;4/13175.000001/ device, such as date and place of birth, mother's maiden name, etc. Personal Information might also be defined under applicable state or federal law in the event of a Security Incident. "Security Incident" is any actual or suspected occurrence of: (i) Unauthorized access, use, alteration, disclosure, loss, theft of, or destruction of Confidential Information or the systems / storage media containing Confidential Information (ii) Illicit or malicious code, phishing, spamming, spoofing (iii) Unauthorized use of, or unauthorized access to, Vendor's systems (iv) Inability to access Confidential Information or Vendor systems as a result of a Denial of Service (DOS) or Distributed Denial of Service (DDOS) attack (v) Loss of Confidential Information due to a breach of security "Security Vulnerability" is an application, operating system, or system flaw (including but not limited to associated process, computer, device, network, or software weakness) that can be exploited resulting in a Security Incident. 2. Roles of the Parties and Compliance with information Protection Laws As between City of Tukwila and Vendor, City of Tukwila shall be the principal and Vendor shall be its agent with respect to the collection, use, processing and disclosure of all Confidential Information. The Parties shall comply with their respective obligations as the principal (e.g., data owner/controller/covered entity) and agent (e.g., data processor/business associate/trading partner) under all Information Protection Laws, The Parties acknowledge that, with respect to all Confidential Information processed by Vendor for the purpose of providing the Services under this Agreement: a) City of Tukwila shall determine the scope, purpose, and manner in which such Confidential Information may be accessed or processed by Vendor, and Vendor shall limit its access to or use of Confidential Information to that which is necessary to provide the Services, comply with applicable laws, or as otherwise directed by City of Tukwila; b) Each party shall be responsible for compliance with Information Protection Laws in accordance with their respective roles; and c) Vendor and City of Tukwila shall implement the technical and organizational measures specified in this Exhibit and any additional procedures agreed upon pursuant to a Statement of Work ("SOW") to protect Confidential Information against unauthorized use, destruction or loss, alteration, disclosure or access. 3. General Security Requirements Vendor will have an information security program that has been developed, implemented and maintained in accordance with Industry Standards. At a minimum, Vendor's information security program will include, but not be limited to, the following elements: 3.1 Information Security Program Management. Vendor will have or assign a qualified member of its workforce or commission a reputable third -party service provider to be responsible for the development, implementation and maintenance of Vendor's enterprise information security program. 3.2 Policies and Standards. To protect City of Tukwila Confidential Information, Vendor will implement and maintain reasonable security that complies with Information Protection Laws and meets data security Industry Standards. a) Security Policies and Standards. Vendor will maintain formal written information security policies and standards that: (1) Define the administrative, physical, and technological controls to protect the confidentiality, integrity, and availability of Confidential Information, City of Tukwila systems, and Vendor systems (including mobile devices) used in providing Services to City of Tukwila (ii) Encompasses secure access, retention, and transport of Confidential Information (iii) Provide for disciplinary or legal action in the event of violation of policy by employees or Vendor subcontractors and vendors {EFM2297012.DOCX;4/13175.000001/ } (iv) Prevent unauthorized access to City of Tukwila data, City of Tukwila systems, and Vendor systems, including access by Vendor's terminated employees and subcontractors (v) Employ the requirements for assessment, monitoring and auditing procedures to ensure Vendor is compliant with the policies (vi) Conduct an annual assessment of the policies, and upon City of Tukwila written request, provide attestation of compliance. b) In the SOW or other document, Vendor will identify to City of Tukwila all third -party vendors (including those providing subcontractors to Vendor) involved in the provision of the Services to City of Tukwila, and will specify those third -party vendors that will have access to Confidential Information. 3.3 Security and Privacy Training. Vendor, at its expense, will train new and existing employees and subcontractors to comply with the data security and data privacy obligations under this Agreement and this Exhibit. Ongoing training is to be provided at least annually and more frequently as appropriate or requested by City of Tukwila. City of Tukwila may provide specific training material to Vendor to include in its employee/subcontractor training. 3.4 Access Control. Vendor will ensure that City of Tukwila Confidential Information will be accessible only by Authorized Personnel after appropriate user authentication and access controls (including but not limited to two -factor authentication) that satisfy the requirements of this Exhibit. Each Authorized Personnel shall have unique access credentials and shall receive training which includes a prohibition on sharing access credentials with any other person. Vendor should maintain access logs relevant to City of Tukwila Confidential Information for a minimum of six (6) months or other mutually agreed upon duration. 3.5 Data Backup. The parties shall agree in an SOW or other document upon the categories of City of Tukwila Confidential Information that are required to be backed up by Vendor. Unless otherwise agreed to in writing by City of Tukwila, backups of City of Tukwila Confidential Information shall reside solely in the United States, For the orderly and timely recovery of Confidential Information in the event of a service interruption: a) Vendor will store a backup of Confidential Information at a secure offsite facility and maintain a contemporaneous backup of Confidential Information on-site to meet needed data recovery time objectives. b) Vendor will encrypt and isolate all City of Tukwila backup data on portable media from any backup data of Vendor's other customers. 3.6 Business Continuity Planning (BCP) and Disaster Recovery (DR). Vendor will maintain an appropriate business continuity and disaster recovery plan to enable Vendor to adequately respond to, and recover from business interruptions involving City of Tukwila Confidential Information or services provided by Vendor to City of Tukwila. a) At a minimum, Vendor will test the BCP & DR plan annually, in accordance with Industry Standards, to ensure that the business interruption and disaster objectives set forth in this Exhibit have been met and will promptly remedy any failures. Upon City of Tukwila's request, Vendor will provide City of Tukwila with a written summary of the annual test results. b) In the event of a business interruption that activates the BCP & DR plan affecting the Services or Confidential Information of City of Tukwila, Vendor will notify City of Tukwila's designated Security Contact as soon as possible. c) Vendor will allow City of Tukwila or its authorized third party, upon a minimum of thirty (30) days' notice to Vendor's designated Security Contact, to perform an assessment of Vendor's BCP and DR plans once annually, or more frequently if agreed to in an SOW or other document. Following notice provided by City of Tukwila, the parties will meet to determine the scope and timing of the assessment. 3.7 Network Security. Vendor agrees to implement and maintain network security controls that conform to Industry Standards including but not limited to the following: a) Firewalls. Vendor will utilize firewalls to manage and restrict inbound, outbound and internal network traffic to only the necessary hosts and network resources. {EFM2297012,DOCX;4/13175,000001/ } b) Network Architecture. Vendor will appropriately segment its network to only allow authorized hosts and users to traverse areas of the network and access resources that are required for their job responsibilities. c) Demilitarized Zone (DMZ). Vendor will ensure that publicly accessible servers are placed on a separate, isolated network segment typically referred to as the DMZ. d) Wireless Security. Vendor will ensure that its wireless network(s) only utilize strong encryption, such as WPA2. e) Intrusion Detection/Intrusion Prevention (IDS/IPS) System -- Vendor will have an IDS and/or IPS in place to detect inappropriate, incorrect, or anomalous activity and determine whether Vendor's computer network and/or server(s) have experienced an unauthorized intrusion. 3.8 Application and Software Security. Vendor, should it provide software applications or Software as a Service (SaaS) to City of Tukwila, agrees that its product(s) will remain secure from Software Vulnerabilities and, at a minimum, incorporate the following: a) Malicious Code Protection. Vendor's software development processes and environment must protect against malicious code being introduced into its product(s) future releases and/or updates. b) Application Level Security. Vendor must use a reputable 3rd party to conduct static/manual application vulnerability scans on the application(s) software provided to City of Tukwila for each major code release or at the time of contract renewal. An internally produced static/manual test from the Vendor will not be accepted. Results of the application testing will be provided to City of Tukwila in a summary report and vulnerabilities categorized as Very High, High or that have been identified as part of the OWASP top 10 and SANS top 25 within ten (10) weeks of identification. c) Vulnerability Management. Vendor agrees at all times to provide, maintain and support its software and subsequent updates, upgrades, and bug fixes such that the software is, and remains secure from Common Software Vulnerabilities. d) Logging. Vendor software that controls access to Confidential Information must log and track all access to the information. e) Updates and Patches. Vendor agrees to promptly provide updates and patches to remediate Security Vulnerabilities that are exploitable. Upon City of Tukwila's request, Vendor shall provide information on remediation efforts of known Security Vulnerabilities. 3.9 Data Security. Vendor agrees to preserve the confidentiality, integrity and accessibility of City of Tukwila Confidential Information with administrative, technical and physical measures that conform to Industry Standards that Vendor then applies to its own systems and processing environment. Unless otherwise agreed to in writing by City of Tukwila, Vendor agrees that any and all City of Tukwila Confidential Information will be stored, processed, and maintained solely on designated systems located in the continental United States. Additionally: a) Encryption. Vendor agrees that all City of Tukwila Confidential Information and Personal Information will be encrypted with a Federal Information Processing Standard (Z=IPS) compliant encryption product, also referred to as 140-2 compliant. Symmetric keys will be encrypted with a minimum of 128 -bit key and asymmetric encryption requires a minimum of 1024 bit key length. Encryption will be utilized in the following instances: • City of Tukwila Confidential Information and Personal Information will be stored on any portable computing device or any portable storage medium. • City of Tukwila Confidential information and Personal Information will be transmitted or exchanged over a public network. b) Data Segregation. Vendor will segregate City of Tukwila Confidential Information and Personal Information from Vendor's data and from the data of Vendor's other customers or third parties, 3.10 Data Re -Use. Vendor agrees that any and all data exchanged shall be used expressly and solely for the purposes enumerated in the Agreement. Data shall not be distributed, repurposed or shared across other applications, environments, or business units of Vendor. Vendor further agrees that no Confidential Information of any kind shall be transmitted, exchanged or otherwise passed to other parties except on a case-by-case basis as specifically agreed to in writing by City of Tukwila. {EFM2297012.DOCX;4/13175.000001/ 3.11 Data Destruction and Data Retention. Upon expiration or termination of this Agreement or upon City of Tukwila's written request, Vendor and its Authorized Personnel will promptly return to City of Tukwila all City of Tukwila Confidential Information and/or securely destroy City of Tukwila Confidential Information. At a minimum, destruction of data activity is to be performed according to the standards enumerated by the National Institute of Standards, Guidelines for Media Sanitization - see http:!/csrc.nist.gov/. If destroyed, an officer of Vendor must certify to City of Tukwila in writing within ten (10) business days all destruction of City of Tukwila Confidential Information. If Vendor is required to retain any City of Tukwila Confidential Information or metadata to comply with a legal requirement, Vendor shall provide notice to both the general notice contact in the Agreement as well as City of Tukwila's designated Security Contact. 3.12 .Upon written request, CentralSquare shall provide City copies of internally conducted SSAE18 reports. 3.13 Security Testing. Vendor, at its expense, will allow City of Tukwila to conduct static, dynamic, automated, and/or manual security testing on its software products and/or services, hardware, devices, and systems to identify Security Vulnerabilities on an ongoing basis. Should any vulnerabilities be discovered, Vendor agrees to notify City of Tukwila and create a mutually agreed upon remediation plan to resolve all vulnerabilities identified. City of Tukwila has the right to request or conduct additional reasonable security testing throughout the Term of the Agreement. 4. Security Incident / Data Breach 4.1 Security Contact. The individuals identified below shall serve as each party's designated Security Contact for security issues under this Agreement. City of Tukwila Security Contact: Bao Trinh Network Architect Bao.trinh@tukwilawa.gov 206-454-7572 Vendor Security Contact: Name: Troy Saunders Director of Security Trov.saunders@centralscuare.com 407-304-3218 4.2 Requirements. Vendor will take commercially reasonable actions to ensure that City of Tukwila is protected against any and all reasonably anticipated Security Incidents, including but not limited to: (i) Vendor's systems are continually monitored to detect evidence of a Security Incident (11) Vendor has a Security Incident response process to manage and to take corrective action for any suspected or realized Security Incident (iii) Upon request Vendor will provide City of Tukwila with a copy of its Security Incident policies and procedures. If a Security Incident affecting City of Tukwila occurs, Vendor, at its expense and in accordance with applicable Information Protection Laws, will immediately take action to prevent the continuation of the Security Incident. 4.3 Notification. Within twenty-four (24) hours of Vendor's confirmation of a Security Incident or other mutually agreed upon time period, Vendor will notify City of Tukwila of the incident by calling by phone the City of Tukwila Security Contact(s) listed above. 4.4 Investigation and Remediation. Upon Vendor's notification to City of Tukwila of a Security Incident, the parties will coordinate to investigate the Security Incident. Vendor shall be responsible for leading the investigation of the Security Incident, but shall cooperate with City of Tukwila to the extent City of Tukwila requires involvement in the investigation. Vendor shall involve law enforcement in the investigation if requested by City of Tukwila. Depending upon the type and scope of the Security Incident, City of Tukwila personnel may participate in: (i) interviews with Vendor's employees and subcontractors involved in the {EFM2297012.DOCX;4/13175.000001/ } incident; and (ii) review of all relevant records, logs, files, reporting data, systems, Vendor devices, and other materials as otherwise required by City of Tukwila. Vendor will cooperate, at its expense, with City of Tukwila in any litigation or investigation deemed reasonably necessary by City of Tukwila to protect its rights relating to the use, disclosure, protection and maintenance of Confidential Information. Vendor will reimburse City of Tukwila for actual costs incurred by City of Tukwila in responding to, and mitigating damages caused by any Security Incident, including all costs of notice and remediation which City of Tukwila, in its sole discretion, deems necessary to protect such affected individuals in light of the risks posed by the Security Incident. Vendor will, at Vendor's own expense, provide City of Tukwila with all information necessary for City of Tukwila to comply with data breach recordkeeping, reporting and notification requirements pursuant to Information Protection Laws. Vendor will use reasonable efforts to prevent a recurrence of any such Security Incident. Additionally, Vendor will provide (or reimburse City of Tukwila) for at least one (1) year of complimentary access for one (1) credit monitoring service, credit protection service, credit fraud alert and/or similar services, which City of Tukwila deems necessary to protect affected individuals in light of risks posed by a Security Incident. 4.5 Reporting. Vendor will provide City of Tukwila with a final written incident report within five (5) business days after resolution of a Security Incident or upon determination that the Security Incident cannot be sufficiently resolved. 5. Confidential Information or Personal Information 5.1 Authorized Personnel. Vendor will require all Authorized Personnel to meet Vendor's obligations under the Agreement with respect to Confidential Information or Personal Information. Vendor will screen and evaluate all Authorized Personnel and will provide appropriate privacy and security training, as set forth above, in order to meet Vendor's obligations under the Agreement. Upon City of Tukwila's written request, Vendor will provide City of Tukwila with a list of Authorized Personnel. Vendor will remain fully responsible for any act, error, or omission of its Authorized Personnel. 5.2 Handling of Confidential Information or Personal Information. Vendor will: Keep and maintain all Confidential Information and Personal Information in strict confidence in accordance with the terms of the Agreement Use and disclose Confidential Information and/or Personal Information solely and exclusively for the purpose for which the Confidential Information or Personal Information is provided pursuant to the terms and conditions of the Agreement. Vendor will not disclose Confidential Information or Personal Information to any person other than to Authorized Personnel without City of Tukwila's prior written consent, unless and to the extent required by applicable law, in which case, Vendor will use best efforts to notify City of Tukwila before any such disclosure or as soon thereafter as reasonably possible. In addition, Vendor will not produce any Confidential Information or Personal Information in response to a non -legally binding request for disclosure of such Personal Information. 5.3 Data and Privacy Protection Laws. Vendor represents and warrants that its collection, access, use, storage, disposal, and disclosure of Personal Information complies with all applicable federal, state, local and foreign data and privacy protection laws, as well as all other applicable regulations and directives. 6. Third Party Security 6.1 Vendor will conduct thorough background checks and due diligence on any third and fourth parties which materially impact Vendor's ability to provide the products and/or Services to City of Tukwila as described in the Agreement. 6.2 Vendor will not outsource any work related to its products or the Services provided to City of Tukwila in countries outside the United States of America, which have not been disclosed in the Agreement or without prior written approval from City of Tukwila Legal and Information Security. If Vendor desires to outsource certain work during the Term of the Agreement, Vendor shall first notify City of Tukwila so that the parties {EFM2297012.DOCX;4/13175.000001/ } can ensure adequate security protections are in place with respect to the Services provided to City of Tukwila. 7. Payment Cardholder Data 7.1 If Vendor accesses, collects, processes, uses, stores, transmits, discloses, or disposes of City of Tukwila and/or City of Tukwila customer credit, debit, or other payment cardholder information, Vendor agrees to the following additional requirements: a) Vendor, at its sole expense, will comply with the Payment Card Industry Data Security Standard ("PCI DSS"), as may be amended or changed from time to time, including without limitation, any and all payment card industry validation actions (e.g., third party assessments, self -assessments, security vulnerability scans, or any other actions identified by payment card companies for the purpose of validating Vendor's compliance with the PCI DSS). b) Vendor will maintain a continuous PCI DSS compliance program. Annually, Vendor agrees to provide evidence of PCI DSS compliance in the form of a Qualified Security Assessor ("OSA") Assessment Certificate, a PCI Report on Compliance ("ROC"), or evidence that Vendor is included on the Visa or MasterCard list of PCI DSS Validated Service Providers. c) Vendor will ensure that subcontractors approved by City of Tukwila, in accordance with Section 6.2, comply with and maintain a continuous PCI DSS complianceprogram if the subcontractor provides any service on behalf of Vendor that falls within PCI DSS scope. The Subcontractor must provide evidence of PCI DSS compliance in the form of a Qualified Security Assessor ("OSA") Assessment Certificate, a PCI Report on Compliance ("ROC"), or evidence that Subcontractor is included on the Visa or MasterCard list of PCI DSS Validated Service Providers. d) Vendor will immediately notify City of Tukwila if Vendor is found to be non-compliant with a PCI DSS requirement or if there is any breach of cardholder data impacting City of Tukwila or its customers. 8. Changes In the event of any change in City of Tukwila's data protection or privacy obligations due to legislative or regulatory actions, industry standards, technology advances, or contractual obligations, Vendor will work in good faith with City of Tukwila to promptly amend this Exhibit accordingly. {EEM2297012.DOCX;4/13175.000001/ }