The URL can be used to link to this page

Home My WebLink AboutSpecial 2020-12-14 Item 2B - Contracts - Enterprise Resource Planning (ERP) Systems for Finance Department and Human Resources DepartmentITEM INFORMATION STAFF SPONSOR: VICKY ORIGINAL AGENDA DATE: 12/14/20 AGENDA ITEM TITLE Authorize Mayor to sign contracts relating to ERP project CATEGORY Discussion Motion Resolution Ordinance Bid Award Public Hearing Other Mtg Date 12/14/20 Mtg Date 12/14/20 Mtg Date Mtg Date Mtg Date Mtg Date Mtg Date SPONSOR Council Mayor HR DCD Finance Fire TS P&R Police PW Court SPONSOR’S SUMMARY Authorize Mayor to sign contract with CentralSquare to replace Eden financial software system and contract with NeoGov for the human resources component of the financial software system REVIEWED BY Trans&Infrastructure CommunitySvs/Safety Finance Comm. Planning/Economic Dev. LTAC Arts Comm. Parks Comm. Planning Comm. DATE: 11/23/20 COMMITTEE CHAIR: SEAL RECOMMENDATIONS: SPONSOR/ADMIN. COMMITTEE COST IMPACT / FUND SOURCE EXPENDITURE REQUIRED AMOUNT BUDGETED APPROPRIATION REQUIRED $ $ $ Fund Source: Comments: MTG. DATE RECORD OF COUNCIL ACTION 12/14/20 MTG. DATE ATTACHMENTS 12/14/20 Informational Memorandum dated 11/18/20 CentralSquare Solutions Agreement (Updated after 11/23 Finance Committee) NeoGov Contract Minutes from November 23, 2020 Finance Committee meeting COUNCIL AGENDA SYNOPSIS ----------------------------------Initials --------------------------------- ITEM NO. Meeting Date Prepared by Mayor’s review Council review 12/14/20 Vicky 4.D. & Spec 2.B. 3333 3434 City of Tukwila Allan Ekberg, Mayor INFORMATIONAL MEMORANDUM TO: Finance Committee FROM: Vicky Carlsen, Finance Director CC: Mayor Ekberg DATE: November 18, 2020 SUBJECT: Approve Contracts Relating to ERP Project – Replace Eden Financial Software System ISSUE Authorize the Mayor to sign two contracts to replace the City’s current financial software system, Eden. BACKGROUND The City currently utilizes Eden, a Tyler Technology product for financial processes, including, but not limited to, payroll, utility billing, financial reporting, and limited human resources functions. The City has utilized this product since at least 1997 with minor upgrades/updates as needed. The system no longer meets the needs of the City and has not met our reporting and processing needs for a number of years. Per Tyler Technologies, there are currently only 168 remaining Eden clients, supported by 36 Tyler staff. These 36 individuals are currently being trained to support Munis, which is the next generation of Eden. For comparison, Munis has 1,900 clients and is supported with 1,000 staff. Even though Tyler Technologies has stated that support for Eden will continue for a while, they have notified the City that there will no further enhancements to the product. Tyler is focusing on building out Munis. Our current system includes a number of deficiencies including, but not limited to: - Significant lack of reporting capabilities - Chart of accounts that is out of compliance with State requirements - Chart of accounts that does not have adequate transparency for informative reporting. - No budgeting module. All budgeting is currently done in Excel, which no longer provides the functionality needed to build a comprehensive, transparent budget - Is very paper intensive. Staff is currently taking source documents home in order to perform certain job functions at home. Otherwise, all Finance staff would be required to work onsite - Extremely limited human resources functionality. Benefit administration is paper and labor intensive - We are unable to streamline our processes using Eden without incurring additional costs (in excess of the $100 thousand in annual maintenance fees) - Manual processes and work-arounds are required to meet current processing needs - Eden will sunset in the foreseeable future and will require the City to expend funds to replace it - Staff is unable to respond to customer requests to create electronic utility billing statements without expending additional funds 3535 INFORMATIONAL MEMO Page 2 {KZS2293070.DOCX;1/13175.000001/ } - Business owners must pay business taxes (except for business licenses, which is paid at the State site) with a check and fill out a paper form to calculate taxes due DISCUSSION Staff has spent the last year searching for a replacement to the City’s current financial software system. An RFP was drafted, which consisted of detailed requirements for all financial modules, and issued in February of 2020. The City received a total of four responses. One response did not meet the minimum requirements of the City and was rejected during the first round of review. A second response was also eliminated during the first round due to very high pricing as well as not fully meeting the needs of the City. The two remaining proposals were moved to the second round of review, which included demonstrations, virtual site visits, and reference checks. After extensive review, the City has chosen to move forward with a best of breed approach to replace Eden. Finance Enterprise, a product owned by CentralSquare will replace the financial modules of Eden and NeoGov will provide human resources functionality. Both products are cloud-based and will move the City into an almost paperless environment. Finance Enterprise and NeoGov will address the deficiencies listed in the previous section and will position the City well to respond to changing needs for financial functions well into the future. The full project includes implementing Finance Enterprise and NeoGov , integration between these two products and integrations between other, department specific, systems including Laserfiche, Telestaff, Perfect Mind, TRAKiT, and Lucity, to name a few. CentralSquare Solutions agreement: Included in the contract is the cost of the annual subscription fee as well as implementation costs. Annual subscription fees begin at $111,388 and payment would begin after implementation of each phase. Implementation fees are expected to be $706,945, which includes project management, configuration, data conversion, interfaces, custom reports, and training. Payment is based on completion and acceptance of milestones. Details of the phasing and payment terms can be found in the attached contract. NeoGov contract and order form: The contract for NeoGov includes implementation costs and first year subscription of $69,195, year 2 of $75,317 and year 3 for $98,853. Due to the pandemic, NeoGov has recognized the financial challenges of government entities and has discounted the subscription fees for the first three years. Savings in year one is $66,965, savings in year two exceeds $30,000 and the third year of the contract includes a bundled incentive pricing. RECOMMENDATION Council is being asked to authorize the Mayor to sign two contracts to replace Eden and consider this at the December 14, 2020 Committee of the whole and subsequent special meeting on the same night. ATTACHMENTS CentralSquare Solutions Agreement NeoGov Contract 3636 {EFM2297012.DOCX;4/13175.000001/ } CentralSquare Solutions Agreement This CentralSquare Solutions Agreement (the "Agreement"), effective as of the latest date shown on the signature block below (the "Effective Date"), is entered into between CentralSquare Technologies, LLC, a Delaware Limited Liability Company with its principal place of business in Lake Mary, FL ("CentralSquare") and City of Tukwila, WA a Washington municipal corporation ("Customer"), collectively the "Parties", and each, a "Party". WHEREAS, CentralSquare licenses and gives access to certain software applications (“Solutions”) to its customers and also provides maintenance, support, migration, installation and other professional services ; and WHEREAS, Customer desires to license and/or gain access to certain Solutions and receive professional services described herein, and CentralSquare desires to grant and provide Customer license and access to such offerings as well as to support them with professional services, subject to the terms and conditions set forth in this Agreement. NOW, THEREFORE, in consideration of the mutual covenants, terms, and conditions set forth herein, and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, by the signatures of their duly authorized representative below, the Parties intending to be legally bound, agree to all of the following provisions and exhibits of this Agreement: CentralSquare Technologies, LLC City of Tukwila 1000 Business Center Dr. Lake Mary, FL 32746 6300 Southcenter Blvd, Suite 100 Tukwila, WA 98188 By: By: Print Name: Print Name: Print Title: Print Title: Date Signed: Date Signed: 1. Solution(s) provided by CentralSquare: Finance Enterprise, Utilities, HCM, Citizen Engagement, Certent Disclosure Management (third-party). 2. Term. 2.1. Initial Term. The Initial Term of this Agreement commences as of the Effective Date and will continue in effect for five (5) years from such date unless terminated earlier pursuant to any of the Agreement’s express provisions (the “Initial Term”). 2.2. Renewal Term. This Agreement will automatically renew for additional successive two (2) year terms unless earlier terminated pursuant to any of the Agreement’s provisions (a “Renewal Term” and, collectively, with the Initial Term, the “Term”). 2.3. Non-Renewal. Either party may elect to end renewal of the contract by issuing a notice of non-renewal, in writing, to the other party twelve (12) months prior to the expiration of the current contract term. 3. Fees. In consideration of the rights and services granted by CentralSquare to Customer under this Agreement, Customer shall make undisputed payments to CentralSquare pursuant to the amounts and payment terms outlined in Exhibit 1 (the “Project Cost Summary”). 4. Definitions. Capitalized terms not otherwise defined in this Agreement have the meanings set forth below: 4.1. "Action" means any claim, action, cause of action, demand, lawsuit, arbitration, inquiry, audit, notice of violation, proceeding, litigation, citation, summons, subpoena, or investigation of any nature, civil, criminal, administrative, regulatory or other, whether at law, in equity, or otherwise. 4.2. "Affiliate" of a Person means any other Person that directly or indirectly, through one or more intermediaries, controls, is controlled by, or is under common control with, such Person. 4.3. "Authorized User" means Customer's employees, consultants, contractors, and agents who are authorized by Customer to access and use the Solutions under the rights granted to Customer pursuant to this Agreement, and for whom access to the Solutions has been purchased. 3737 {EFM2297012.DOCX;4/13175.000001/ } 2 4.4. “Baseline” means the version of a Solution updated to the particular time in question through CentralSquare ’s warranty services and maintenance, but without any other modification whatsoever. 4.5. “Component System” means any one of the Solutions identified in Exhibit 1, including all copies of Source Code, Object Code and all related specifications, Documentation, technical information, and all corrections, modifications, additions, development work, improvements and enhancements to and all Intellectual Property Rights for such Component System. 4.6. "Customer Data" means information, data, and content, in any form or medium, collected, downloaded, or otherwise received, directly or indirectly from Customer, an Authorized User or end-users by or through the Solutions, provided the data is not personally identifiable and not identifiable to Customer. 4.7. “Custom Modification” means a change that CentralSquare has made at Customer’s request to any Component System in accordance with a CentralSquare -generated specification, but without any other changes whatsoever by any Person. 4.8. "Customer Systems" means the Customer's information technology infrastructure, including computers, software, hardware, databases, electronic systems (including database management systems), and networks, whether operated by Customer or through the use of third-party services. 4.9. “Defect” means a material deviation between the Baseline Solution and its Documentation, for which Defect Customer has given CentralSquare enough information to enable CentralSquare to replicate the deviation on a computer configuration that is both comparable to the Customer Systems and that is under CentralSquare’s control. Further, with regard to each Custom Modification, Defect means a material deviation between the Custom Modification and the CentralSquare generated specification and documentation for such Custom Modification, and for which Defect Customer has given CentralSquare enough information to enable CentralSquare to replicate the deviation on a computer configuration that is both comparable to the Customer Systems and that is under CentralSquare’s control. 4.10. "Documentation" means any manuals, instructions, or other documents or materials that CentralSquare provides or makes available to Customer in any form or medium and which describe the functionality, components, features, or requirements of the Solutions, including any aspect of the installation, configuration, integration, operation, use, support, or maintenance thereof. 4.11. “Enhancements” means general release (as opposed to custom) changes to a Baseline Component System or Custom Modification which increase the functionality of the Baseline Component System or Custom Modification in question. 4.12. “Go Live Date” means the date the Customer certifies in writing that (a) CentralSquare provided the current version of the Solution(s) to the Customer and (b) said Solution(s) is fully functioning, including being free from any viruses or Harmful Code. 4.13. "Harmful Code" means any software, hardware, device or other technology, including any virus, worm, malware, or other malicious computer code, the purpose or effect of which is to (a) permit unauthorized access to, or to destroy, disrupt, disable, distort, or otherwise harm or impede any (i) computer, software, firmware, hardware, system, or network; or (ii) any application or function of any of the foregoing or the security, integrity, confidentiality, or use of any data Processed thereby; or (b) prevent Customer or any Authorized User from accessing or using the Solutions as intended by this Agreement. 4.14. "Intellectual Property Rights" means any and all registered and unregistered rights granted, applied for, or otherwise now or hereafter in existence under or related to any patent, copyright, trademark, trade secret, database protection, or other intellectual property rights laws, and all similar or equivalent rights or forms of protection, in any part of the world. 4.15. “Maintenance” means optimization, error correction, modifications, and updates to CentralSquare Systems to correct any known Defects and improve performance. Maintenance will be provided for each Component System, the hours and details of which are described in Exhibit 2 (“Support Standards”). 4.16. “New Releases” means new editions of a Baseline Component System or Custom Modification. 4.17. “Person” means an individual, corporation, partnership, joint venture, limited liability entity, governmental authority, unincorporated organization, trust, association, or other entity. 4.18. "Personal Information" means any information that does or can identify a specific individual or by or from which a specific individual may be identified, contacted, or located. Personal Information includes all information defined by RCW 42.56.590, excluding subsection 10(b), as well as "nonpublic personal 3838 {EFM2297012.DOCX;4/13175.000001/ } 3 information" as defined under the Gramm-Leach-Bliley Act, "protected health information" as defined under the Health and Insurance Portability and Accountability Act of 1996, "Personal Data" as defined in the EU General Data Protection Regulation (GDPR 2018), "Personal Information" as defined under the Children's Online Privacy Protection Act of 1998, and all rules and regulations issued under any of the foregoing. 4.19. “Professional Services” means installation, implementation, development work, training or consulting services including custom modification programming, support relating to custom modifications, on-site support services, assistance with data transfers, system restarts and reinstallations provided by CentralSquare. 4.20. “Representatives" means, with respect to a Party, that Party's employees, officers, directors, agents, subcontractors, and legal advisors. 4.21. “CentralSquare’s Request for Proposal” or “CentralSquare’s RFP” means the proposal that CentralSquare submitted to the City April 3, 2020 in response to the City’s request for proposals for Cloud Based Enterprise Resource Planning Software Solution and which demonstrates CentralSquare’s ability to meet the software functionality and requirements requested by the City. CentralSquare’s RFP is hereby adopted and incorporated by reference in this Agreement. 4.22. "CentralSquare Personnel" means all individuals involved in the performance of Support Services and Professional Services as employees, agents, Subcontractors or independent contractors of CentralSquare. 4.23. "Solutions" means the Component Systems, Documentation, Custom Modifications, development work, CentralSquare Systems and any and all other information, data, documents, materials, works, and other content, devices, methods, processes, hardware, software, technologies and inventions, including any deliverables, technical or functional descriptions, requirements, plans, or reports, provided or used by CentralSquare or any Subcontractor in connection with Professional Services or Support Services rendered under this Agreement. 4.24. "CentralSquare Systems" means the information technology infrastructure used by or on behalf of CentralSquare to deliver Solutions, including all computers, software, hardware, databases, electronic systems (including database management systems), and networks, whether operated directly by CentralSquare or through the use of third-party services. 4.25. “Support Services” means Maintenance, Enhancements, implementation of New Releases, and general support efforts to respond to incidents reported by Customer in accordance with the detailed Support Standards outlined in Exhibit 2. 4.26. "Third-Party Materials" means materials and information, in any form or medium, including any software, documents, data, content, specifications, products, related services, equipment, or components of or relating to the Solutions that are not proprietary to CentralSquare. 5. License, Access & Services and Audit. 5.1. License Grant. Subject to and conditioned on the payment of Fees and compliance with all other terms and conditions of this Agreement, CentralSquare hereby grants to Customer a non-exclusive, non- sublicenseable, and non-transferable license to use the current version of the Solution(s), on a subscription basis, outlined in Exhibit 1 at the time of this Agreement’s execution. 5.2. Access and Scope of Use. Subject to and conditioned on Customer and their Authorized Users' compliance with the terms and conditions of this Agreement, CentralSquare hereby grants Customer a non-exclusive, non-transferable right to access and use the Solutions, solely by Authorized Users. Such use is limited to Customer's internal use. CentralSquare shall deliver to Customer the initial copies of the Solutions outlined in Exhibit 1 by (a) electronic delivery, by posting it on CentralSquare’s network for downloading, or similar suitable electronic file transfer method, or (b) physical shipment, such as on a disc or other suitable media transfer method. Physical shipment is on FOB- CentralSquare’s shipping point, and electronic delivery is deemed effective at the time CentralSquare provides Customer with access to download the Solutions. The date of such delivery shall be referred to as the “Delivery Date.” 5.3. Documentation License. CentralSquare hereby grants to Customer a non-exclusive, non-sublicenseable, non-transferable license to use the Documentation during the Term solely for Customer's internal business purposes in connection with its use of the Solutions. 3939 {EFM2297012.DOCX;4/13175.000001/ } 4 5.4. Audit. Customer shall maintain for a reasonable period of time, but not less than three (3) years after expiration or termination of this Agreement, the systems, books, and records necessary to accurately reflect compliance with software licenses and the use thereof under this Agreement. Upon reasonable request but not less than thirty (30) days, Customer shall permit CentralSquare and its directors, officers, employees, and agents to have on-site access at Customer’s premises (or remote access as the case may be) during normal business hours to such systems, books, and records for the purpose of verifying such licensed use the performance of such obligations and amounts. Customer shall render reasonable cooperation to CentralSquare as requested. If as a result of any audit or inspection CentralSquare substantiates a deficiency or non-compliance, and which deficiency or non-compliance is not cured by Customer within thirty (30) days notice of such deficiency or non-compliance Customer will be required to pay for any delinquencies in compliance with software licenses. 5.5. Service and System Control. Except as otherwise expressly provided in this Agreement: 5.5.1. CentralSquare has and will retain sole control over the operation, provision, maintenance, and management of the Solutions; and 5.5.2. Customer has and will retain sole control over the operation, maintenance, and management of, and all access to and use of, the Customer Systems, and sole responsibility for access to and use of the Solutions by any Person by or through the Customer Systems or other means controlled by Customer or any Authorized User, including any reports or results obtained from any use of the Solutions, and conclusions, decisions, or actions based on such use. 5.6. Limitations. Customer must provide CentralSquare with such facilities, equipment, and support as are reasonably necessary for CentralSquare to perform its obligations under this Agreement, including, if required by CentralSquare, remote access to the Customer Systems. CentralSquare is not responsible or liable for any delay or failure of performance caused in whole or in part by any Customer delay or Customer’s failure to perform any obligations under this Agreement, unless the Customer delay or failure to perform results from CentralSquare’s actions or lack thereof. 5.7. Exceptions. CentralSquare has no obligation to provide Support Services relating to any Defect with the Solutions that, in whole or in part, arise out of or result from any of the following: 5.7.1. software, or media on which provided, that is modified or damaged by Customer or unauthorized third-party; 5.7.2. any operation or use of, or other activity relating to, the Solutions other than as specified in the Documentation, including any incorporation, or combination, operation or use of the Solutions in or with, any technology (software, hardware, firmware, system, or network) or service not specified for Customer's use in the Documentation; 5.7.3. any negligence, abuse, misapplication, or misuse of the Solution other than by CentralSquare personnel, including any Customer use of the Solution other than as specified in the Documentation or expressly authorized in writing by CentralSquare; 5.7.4. the operation of, or access to, Customer's or a third-party's system, materials or network not otherwise identified in Exhibit 5: Statement of Work; 5.7.5. any relocation of the Solution other than by CentralSquare personnel; 5.7.6. any beta software, software that CentralSquare makes available for testing or demonstration purposes, temporary software modules, or software for which CentralSquare does not receive a fee; 5.7.7. any breach of or noncompliance with any provision of this Agreement by Customer or any of its Representatives or any Force Majeure Event (including abnormal physical or electrical stress). 5.8. Reservation of Rights. Except for the specified rights outlined in this Section, nothing in this Agreement grants any right, title, or interest in or to any Intellectual Property Rights in or relating to the Support Services, Professional Services, Solutions, or Third-Party Materials, whether expressly, by implication, estoppel, or otherwise. All right, title, and interest in the Solutions, and the Third-Party Materials are and will remain with CentralSquare and the respective rights holders. 4040 {EFM2297012.DOCX;4/13175.000001/ } 5 5.9. Changes. CentralSquare reserves the right, in its sole discretion, to make any changes to the Support Services and Solutions that it deems necessary or useful to: (a) maintain or enhance the quality or delivery of CentralSquare 's services to its customers, the competitive strength of or market for CentralSquare 's services, or the Support Services' cost efficiency or performance; or (b) to comply with applicable law. If such changes or modifications restrict or eliminate Customer’s usage of the Service, Customer may terminate this Agreement and shall be entitled to a pro-rata refund of any prepaid fees. Without limiting the foregoing, either Party may, at any time during the Term, request in writing changes to particular Support Services, Professional Services or their product suite of Solutions. The Parties shall evaluate and, if agreed, implement all such requested changes. No requested changes will be effective unless and until memorialized in either a CentralSquare issued Add-On Quote signed by the Customer, or a written change order or amendment to this agreement signed by both Parties. 5.10. Subcontractors. Upon prior written notice to, and acceptance by Customer, CentralSquare may engage third parties to perform Professional Services or Support Services (each, a "Subcontractor"). Subcontractors engaged to perform Professional Services and/or Support Services are held to the same requirements and obligations under this Agreement as CentralSquare. 5.11. Security Measures. The Solution may contain technological measures designed to prevent unauthorized or illegal use of the Solution. Customer acknowledges and agrees that: (a) CentralSquare may use these and other lawful measures to verify compliance with the terms of this Agreement and enforce CentralSquare ’s rights, including all Intellectual Property Rights, in and to the Solution; (b) CentralSquare may deny any individual access to and/or use of the Solution if CentralSquare, in its reasonable discretion, believes that person’s use of the Solution would violate any provision of this Agreement, regardless of whether Customer designated that person as an Authorized User; provided that CentralSquare will notify Customer within 24 hours of terminating an Authorized User’s access and in the event CentralSquare determines that no security breach occurred, CentralSquare will reinstate the Authorized User’s access; and (c) CentralSquare may collect, maintain, process, use and disclose technical, diagnostic and related non-identifiable data gathered periodically which may lead to improvements in the performance and security of the Solutions. 5.12. CentralSquare Responsibility. In addition to complying with all terms and provision in this Agreement, CentralSquare shall also comply with all terms and provisions in Exhibits 6 and 7- Vendor Security Requirements and Data Protection and Information Security Agreement, attached and incorporated herein. 6. Use Restrictions. Customer shall not, and shall not intentionally permit any other Person to, access or use the Solutions except as expressly permitted by this Agreement. For purposes of clarity and without limiting the generality of the foregoing, Customer shall not, except as this Agreement expressly permits: 6.1. copy, modify, or create derivative works or improvements of the Solutions, or rent, lease, lend, sell, sublicense, assign, distribute, publish, transfer, or otherwise make available any Solutions to any Person, including on or in connection with the internet or any time-sharing, service bureau, software as a service, cloud, or other technology or service; 6.2. reverse engineer, disassemble, decompile, decode, adapt, or otherwise attempt to derive or gain access to the source code of the Solutions, in whole or in part; 6.3. bypass or breach any security device or protection used by Solutions or access or use the Solutions other than by an Authorized User through the use of his or her own then valid access; 6.4. input, upload, transmit, or otherwise provide to or through the CentralSquare Systems, any information or materials that are unlawful or injurious, or contain, transmit, or activate any Harmful Code; 6.5. damage, destroy, disrupt, disable, impair, interfere with, or otherwise impede or harm in any manner the CentralSquare Systems, or CentralSquare 's provision of services to any third-party, in whole or in part; 6.6. remove, delete, alter, or obscure any trademarks, Specifications, Documentation, warranties, or disclaimers, or any copyright, trademark, patent, or other intellectual property or proprietary rights notices from any Documentation or Solutions, including any copy thereof; 6.7. access or use the Solutions in any manner or for any purpose that infringes, misappropriates, or otherwise violates any Intellectual Property Right or other right of any third-party, or that violates any applicable law; 6.8. access or use the Solutions for purposes of competitive analysis of the Solutions, the development, provision, or use of a competing software service or product or any other purpose that is to 4141 {EFM2297012.DOCX;4/13175.000001/ } 6 CentralSquare's detriment or commercial disadvantage or otherwise access or use the Solutions beyond the scope of the authorization granted under this Section. 7. Customer Obligations. 7.1. Customer Systems and Cooperation. Customer shall at all times during the Term: (a) set up, maintain, and operate in good repair all Customer Systems on or through which the Solutions are accessed or used; (b) provide CentralSquare Personnel with such access to Customer's premises and Customer Systems as is necessary for CentralSquare to perform the Support Services in accordance with the Support Standards and Specifications; and (c) provide all cooperation as CentralSquare may reasonably request to enable CentralSquare to exercise its rights and perform its obligations under and in connection with this Agreement. 7.2. Effect of Customer Failure or Delay. CentralSquare is not responsible or liable for any delay or failure of performance caused in whole or in part by Customer's delay in performing, or failure to perform, any of its obligations under this Agreement. 7.3. Corrective Action and Notice. If Customer becomes aware of any actual or threatened activity prohibited by Section 66, Customer shall, and shall cause its Authorized Users to, immediately: (a) take all reasonable and lawful measures within their respective control that are necessary to stop the activity or threatened activity and to mitigate its effects (including, where applicable, by discontinuing and preventing any unauthorized access to the Solutions and permanently erasing from their systems and destroying any data to which any of them gained unauthorized access); and (b) notify CentralSquare of any such actual or threatened activity. 7.4. Prevention of Unauthorized Use. Customer shall not intentionally sell, transfer, publish, disclose or otherwise make available any portion of the Software or its associated documentation to others. Customer shall use its reasonable best efforts to cooperate with and assist CentralSquare in identifying and preventing any unauthorized use, copying or disclosure of the Software or any portion thereof or any of the algorithms or logic contained therein or any other deliverables. 8. Professional Services. 8.1. Assistance with Integration of Third-Party Vendors. CentralSquare agrees to fully assist and cooperate with all Third Party vendor interfaces as outlined in the scope of work attached and incorporated as Exhibit 5. 8.2. Compliance with Customer Policies. While CentralSquare Personnel are performing services at Customer's site, CentralSquare will ensure that such personnel comply with Customer’s reasonable security procedures and site policies that are generally applicable to Customer’s other suppliers providing similar services and that have been provided to CentralSquare in writing or in advance. Contributed Material. In the process of CentralSquare’s performing Professional Services, Customer may, from time to time, provide CentralSquare with designs, plans, or specifications, improvements, works or other material for inclusion in, or making modifications to, the Solutions, the Documentation or any other deliverables (“Contributed Material”). Customer grants to CentralSquare a nonexclusive, irrevocable, perpetual, transferable right, without the payment of any royalties or other compensation of any kind and without the right of attribution, for CentralSquare, CentralSquare’s Affiliates and CentralSquare’s licensees to make, use, sell and create derivative works of the Contributed Material. 9. Confidentiality. Confidential Information. Each Party possesses certain non-public proprietary information, which has economic value and is protected with reasonable safeguards to maintain its secrecy ("Confidential Information"). Confidential Information may include, but is not limited to any financial data, business and other plans, specifications, equipment designs, electronic configurations, design information, product architecture algorithms, quality assurance plans, inventions (whether or not the subject of pending patent applications), ideas, discoveries, formulae, models, requirements, standards, trade and manufacturing secrets, drawings, samples, devices, demonstrations, technical information, all personal information as defined in RCW 42.56.590 that come within CentralSquare’s possession in the course of performance under this Agreement, as well as any and all intellectual and industrial property rights contained therein or in relation thereto. Confidential Information will be disclosed either: (i) in writing and conspicuously marked with a restrictive legend identifying it as being a Party's Confidential Information; or (ii) orally or visually and identified at the time of disclosure as Confidential Information. Notwithstanding the foregoing, Confidential Information shall not include any information that (i) is or becomes generally known to the public without breach of any obligation owed to the 4242 {EFM2297012.DOCX;4/13175.000001/ } 7 Disclosing Party, (ii) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party, (iii) is received from a Third Party without breach of any obligation owed to the Disclosing Party, or (iv) was independently developed by the Receiving Party. 9.1. Protection of Confidential Information. The Receiving Party agrees that it shall (i) hold the Disclosing Party’s Confidential Information in strict confidence and shall use the same degree of care in protecting the confidentiality of the Disclosing Party’s Confidential Information that it uses to protect its own Confidential Information, but in no event less than reasonable care, (ii) not use the Confidential Information of the Disclosing Party for any purpose not permitted by this Agreement; (iii) not copy any part of the Disclosing Party’s Confidential Information except as expressly permitted by this Agreement, (iv) limit access to the Confidential Information of the Disclosing Party to those of its employees, contractors and agents who need such access for purposes consistent with this Agreement or who have signed confidentiality agreements with the Receiving Party containing protections no less stringent than those herein. 9.2. Compelled Disclosures. If the either Party or any of its Representatives is compelled by applicable law to disclose any Confidential Information then, to the extent permitted by law, that Party shall: (a) promptly, and prior to such disclosure, notify the other Party in writing of such requirement so that they can seek a protective order or other remedy or waive its rights under Section 9.3; and (b) provide reasonable assistance, at the Disclosing Party’s cost, to the Disclosing Party in opposing such disclosure or seeking a protective order or other limitations on disclosure. If the Disclosing Party waives compliance or, after providing the notice and assistance required under this Section, the Receiving Party remains required by law to disclose any Confidential Information, the Receiving Party shall disclose only that portion of the Confidential Information that the Receiving Party is legally required to disclose. This Section 9.2 shall not apply to Subscriber’s response to a request made under the Public Records Act, Chapter 42.56 RCW. 9.3. Termination. Upon expiration or termination of this Agreement, or upon written demand by CentralSquare, Customer shall either (i) return to CentralSquare all copies of CentralSquare's Confidential Information in Customer's possession, or (ii) destroy all copies of CentralSquare's Confidential Information in Customer’s possession and so certify such destruction to CentralSquare in writing. Notwithstanding the foregoing, Customer may retain data or records in electronic form containing Confidential Information for the purposes of backup, recovery, contingency planning, or business continuity planning, so long as such data or records, to the extent not permanently deleted or overwritten in the ordinary course of business, are not accessible in the ordinary course of business and are not accessed except as required by Customer only for backup, recovery, contingency planning, or business continuity purposes. 9.4. Records Requests. CentralSquare acknowledges that Customer is a public entity and is subject to the Public Records Act under Chapter 42.56 RCW. To the extent permitted by law, Customer shall treat as exempt from treatment as a public record, and shall not disclose in response to a request made pursuant to any applicable public records law, any of CentralSquare’s Confidential Information. If a request is received for records CentralSquare has submitted to Customer and has identified as Confidential Information, Customer will use its best efforts to provide CentralSquare with notice of the request in accordance with RCW 42.56.540 and a reasonable time (of no less than 10 days) within which CentralSquare may seek an injunction to prohibit Customer’s disclosure of the requested record. Customer shall comply with any injunction or court order requested by CentralSquare which prohibits the disclosure of any such Confidential Information; however, in the event a higher court overturns such injunction or court order, CentralSquare shall reimburse Customer for any fines or penalties imposed for failure to disclose such records. Nothing in this Section prohibits Customer from complying with RCW 42.56, or any other applicable law or court order requiring the release of public records, and Customer shall not be liable to CentralSquare for compliance with any law or court order requiring the release of public records. 10. Security. 10.1. CentralSquare will implement commercially reasonable administrative, technical and physical safeguards designed to ensure the security and confidentiality of Customer Data, protect against any anticipated threats or hazards to the security or integrity of Customer Data, and protect against unauthorized access or use of Customer Data. CentralSquare will review and test such safeguards on no less than an annual basis. 10.2. Customer shall maintain, in connection with the operation or use of the Solutions, adequate technical and procedural access controls and system security requirements and devices, necessary for data privacy, 4343 {EFM2297012.DOCX;4/13175.000001/ } 8 confidentiality, integrity, authorization, authentication and non-repudiation and virus detection and eradication. 10.3. To the extent that Authorized Users are permitted to have access to the Solutions, Customer shall maintain agreements with such Authorized Users that adequately protect the confidentiality and Intellectual Property Rights of CentralSquare in the Solutions and Documentation, and disclaim any liability or responsibility of CentralSquare with respect to such Authorized Users. 11. Personal Data. If CentralSquare processes or otherwise has access to any personal data or personal information on Customer’s behalf when performing CentralSquare’s obligations under this Agreement, then: 11.1. Customer shall be the data controller (where “data controller” means an entity which alone or jointly with others determines purposes for which and the manner in which any personal data are, or are to be, processed) and CentralSquare shall be a data processor (where “data processor” means an entity which processes the data only on behalf of the data controller and not for any purposes of its own); 11.2. Customer shall ensure that it has obtained all necessary consents and it is entitled to transfer the relevant personal data or personal information to CentralSquare so that CentralSquare may lawfully use, process and transfer the personal data and personal information in accordance with this Agreement on Customer’s behalf, which may include CentralSquare processing and transferring the relevant personal data or personal information outside the country where Customer and the Authorized Users are located in order for CentralSquare to provide the Solutions and perform its other obligations under this Agreement; and 11.3. CentralSquare shall process personal data and information only in accordance with lawful and reasonable written instructions given by Customer and as set out in and in accordance with the terms of this Agreement; and 11.4. each Party shall take appropriate technical and organizational measures against unauthorized or unlawful processing of the personal data and personal information or its accidental loss, destruction or damage so that, having regard to the state of technological development and the cost of implementing any measures, the measures taken ensure a level of security appropriate to the harm that might result from such unauthorized or unlawful processing or accidental loss, destruction or damage in relation to the personal data and personal information and the nature of the personal data and personal information being protected. If necessary, the parties will cooperate to document these measures taken. 12. Representations and Warranties. 12.1. GENERAL WARRANTY. CentralSquare warrants that it owns or otherwise has the rights in the Software and has the right to license the Software as described in this Agreement. 12.2. SOFTWARE WARRANTY. CentralSquare warrants to Customer that for a period of twelve (12) months from the Go Live Date, the Solutions (as delivered to Customer by CentralSquare and when properly used for the purpose and manner authorized by this Agreement), will perform as described in the Documentation in all material respects, including being free from any viruses or Harmful Code. The provisions of this Section and its subsections below, shall constitute the agreement of the Parties with respect to viruses. Customer’s sole remedy with respect to the foregoing software warranty shall be to receive a New Release to the CentralSquare Software that does not contain any of the above- described routines or devices. 12.3. PROFESSIONAL SERVICES REPRESENTATION AND WARRANTY. CentralSquare represents, warrants, and covenants to Customer that during the Term, CentralSquare will perform Professional Services using personnel of required skill, experience, and qualifications and in a professional and workmanlike manner in accordance with generally recognized industry standards for similar services and will devote adequate resources to meet its obligations under this Agreement. If Customer reasonably believes that any Professional Services were performed in violation of this warranty, it will notify CentralSquare within thirty ( 30) days of service performance describing the issue, together with adequate supporting documentation and data. Upon receipt of such notice, CentralSquare’s obligation will be to re -perform the particular Professional Services affected as soon as commercially reasonable at no additional charge 4444 {EFM2297012.DOCX;4/13175.000001/ } 9 12.4. SUPPORT SERVICES REPRESENTATION AND WARRANTY. CentralSquare represents, warrants, and covenants to Customer that during the Term, CentralSquare will perform the Support Services using personnel of required skill, experience, and qualifications and in a professional and workmanlike manner in accordance with both generally recognized industry standards including applicable local authority, laws or codes specified by Customer for similar services, and the specific guidance for support found in Exhibit 2, and will devote adequate resources to meet its obligations under this Agreement. If Customer reasonably believes that any Support Services failed to meet this warranty, they will follow their preferred escalation path outlined in the Support Standards below, including receipt of service credit. 12.5. DISCLAIMER OF WARRANTY. EXCEPT FOR THE EXPRESS LIMITED WARRANTY SET FORTH ABOVE, CENTRALSQUARE MAKES NO WARRANTIES WHATSOEVER, EXPRESSED OR IMPLIED, WITH REGARD TO THE SOLUTIONS, PROFESSIONAL SERVICES, SUPPORT SERVICES, AND/OR ANY OTHER MATTER RELATING TO THIS AGREEMENT, AND THAT CENTRALSQUARE DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHER, INCLUDING ALL WARRANTIES ARISING FROM COURSE OF DEALING, USAGE OR TRADE PRACTICE, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE. FURTHER, CENTRALSQUARE EXPRESSLY DOES NOT WARRANT THAT A SOLUTION, ANY CUSTOM MODIFICATION OR ANY IMPROVEMENTS WILL BE USABLE BY CUSTOMER IF THE SOLUTION OR CUSTOM MODIFICATION HAS BEEN MODIFIED BY ANYONE OTHER THAN CENTRALSQUARE PERSONNEL, OR WILL BE ERROR FREE, WILL OPERATE WITHOUT INTERRUPTION OR WILL BE COMPATIBLE WITH ANY HARDWARE OR SOFTWARE TO THE EXTENT EXPRESSLY SET FORTH IN THE DOCUMENTATION. ALL THIRD-PARTY MATERIALS ARE PROVIDED “AS-IS” AND ANY REPRESENTATION OR WARANTY OF OR CONCERNING ANY OF THEM IS STRICTLY BETWEEN CUSTOMER AND THE THIRD-PARTY OWNER. THIS AGREEMENT DOES NOT AMEND, OR MODIFY CENTRALSQUARE’S WARRANTY UNDER ANY AGREEMENT OR ANY CONDITIONS, LIMITATIONS, OR RESTRICTIONS THEREOF. 13. Notices. All notices and other communications, except breach notifications which are provided for in Exhibit 6 or 7, required or permitted under this Agreement must be in writing and will be deemed given when delivered personally, sent by United States registered or certified mail, return receipt requested; transmitted by facsimile or email confirmed by United States first class mail, or sent by overnight courier. Notices must be sent to a Party at its address shown below, or to such other place as the Party may subsequently designate for its receipt of notices in writing by the other Party. If to CentralSquare : CentralSquare 1000 Business Center Dr. Lake Mary, FL 32746 Phone: 407-304-3235 email: info@CentralSquare.com Attention: Legal/Contracts If to Customer: City of Tukwila 6300 Southcenter Blvd, Suite 100 Tukwila, WA 98188 Phone: (206)433-1835 email: finance@tukwilawa.gov Attention: Finance Director 14. Force Majeure. Neither Party shall be responsible for failure to fulfill its obligations hereunder or liable for damages resulting from delay in performance as a result of war, fire, strike, pandemic, riot or insurrection, natural disaster, delay of carriers, governmental order or regulation, complete or partial shutdown of plant, unavailability of Equipment, software, or services from suppliers, default of a subcontractor or vendor to the Party if such default arises out of causes beyond the reasonable control of such subcontractor or vendor, the acts or omissions of the other Party, or its officers, directors, employees, agents, contractors, or elected officials, and/or other occurrences beyond the Party’s reasonable control (“Excusable Delay” hereunder). In the event of such Excusable Delay, performance shall be extended on a day for day basis or as otherwise reasonably necessary to compensate for such delay. 4545 {EFM2297012.DOCX;4/13175.000001/ } 10 15. Indemnification. To the extent permitted under applicable law, each Party shall defend, indemnify, and hold harmless the other Party, its affiliates, and their elected officials, officers, directors, employees, and agents (the “indemnified parties”) against and from any and all losses, liabilities, damages, actions, claims, demands, settlements, judgments, and any other expenses (including reasonable attorneys' fees), which are asserted against the indemnified parties by a third party, but only to the extent caused by (i) violation of law in the performance of its obligations under this Agreement by the indemnifying Party, its affiliates, or the elected officials, officers, directors, employees, or agents of such Party (the “indemnifying parties”); (ii) the gross negligence or willful misconduct of the indemnifying Parties during the term of this Agreement; (iii) violation, infringement or misappropriation of any U.S. patent, copyright, trade secret or other intellectual property right; (iv) with respect to CentralSquare, a breach of Customer Data, or (v) with respect to Customer, violation of any of the license terms or restrictions contained in this Agreement. The indemnities in this section are subject to the indemnified Parties promptly notifying the indemnifying Parties in writing of any claims or suits; provided that an indemnified party’s failure to so notify and request indemnification shall not relieve the indemnifying party of any liability that the indemnifying party might have, except to the extent that such failure prejudices the indemnifying party’s ability to defend such claim or suit. 16. Termination. This Agreement may be terminated as follows: 16.1. For cause by either Party, effective on written notice to the other Party, if the other Party materially breaches this Agreement and: (i) is incapable of cure; or (ii) being capable of cure, remains uncured thirty (30) days after the non-breaching Party provides the breaching Party with written notice of such breach. 16.2. For lack of payment of undisputed invoices by written notice to Customer, if Customer’s failure to pay amounts due under this Agreement has continued more than ninety (90) days after delivery of written notice of non-payment. 17. Effect of Termination or Expiration. On the expiration or earlier termination of this Agreement: 17.1. each Party shall continue to hold such Confidential Information in confidence pursuant to Section 9 ; and 17.2. each Party shall pay to the other all undisputed amounts accrued prior to and through the date of termination of this Agreement; and 17.3. CentralSquare shall retain Customer Data in a format available for Customer to download for six (6) months. 17.4. The provisions set forth in the following sections, and any other right or obligation of the parties in this Agreement that, by its nature ( including but not limited to: Use Restrictions, Confidential Information, Warranty Disclaimers, Indemnification & Limitations of Liability), should survive termination or expiration of this Agreement, will survive any expiration or termination of this Agreement. 17.5. Return of Customer Data. CentralSquare shall within 60 days following such expiration or termination, deliver to Customer in a format as requested by Customer the then most recent version of Customer Data maintained by CentralSquare, provided that Customer has at that time paid all undisputed Fees then outstanding and any amounts payable after or as a result of such expiration or termination. 17.6. Deconversion. In the event of (i) expiration or earlier termination of this Agreement, or ( ii) Customer no longer purchasing certain CentralSquare Solutions (including those indicated to be Third-Party Materials), if Customer requests assistance in the transfer of Customer Data to a different vendor's applications (“Deconversion"), CentralSquare will provide reasonable assistance. CentralSquare and Customer will negotiate in good faith to establish the relative roles and responsibilities of CentralSquare and Customer in effecting Deconversion, as well as the appropriate date for completion. CentralSquare shall be entitled to receive compensation for any additional consultation, software and documentation required for Deconversion on a time and materials basis at CentralSquare’s then standard Professional Services rates. Work pursuant to this subsection shall be completed no later than 60 days after Customer’s written notification of such request to CentralSquare. 18. Assignment. Neither this Agreement nor any rights or obligations hereunder shall be assigned or otherwise transferred by either Party without the prior written consent of the other Party, which consent will not be unreasonably withheld; provided however, that in the event of a merger or acquisition of all or substantially all of CentralSquare’s assets, CentralSquare may assign this Agreement to an entity ready, willing and able to perform CentralSquare’s executory obligations hereunder, as evidenced by an express written assumption of the obligations hereunder by the assignee. 4646 {EFM2297012.DOCX;4/13175.000001/ } 11 19. Dispute Resolution. Any dispute, controversy or claim arising out of or relating to this Agreement, including the breach, termination, or validity thereof, shall be resolved as follows: 19.1. Customer agrees to provide CentralSquare with written notice within thirty (30) days of becoming aware of a dispute. Customer agrees to cooperate with CentralSquare in trying to reasonably resolve all disputes, including, if requested by either party, appointing a senior representative to meet and engage in good faith negotiations with our appointed senior representative. Senior representatives will convene within thirty (30) days of the written dispute notice, unless otherwise agreed. All meetings and discussions between senior representatives will be deemed confidential settlement discussions not subject to disclosure under Federal Rule of Evidence 408 or any similar applicable state rule. If the Parties fail to resolve the dispute, then the Parties shall participate in non-binding mediation in an effort to resolve the dispute. If the dispute remains unresolved after mediation, then either Party may assert their respective rights and remedies in court subject to section 20 below. Nothing in this section shall prevent Customer or CentralSquare from seeking necessary injunctive relief during the dispute resolution procedures. 20. Jurisdiction; Governing Law; Attorneys’ Fees. This Agreement and any dispute or claim arising directly or indirectly out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) is governed by, and shall be construed and enforced in accordance with, the laws of the State of Washington excluding choice of law. Any suit to enforce or relating to this Agreement shall only be filed in King County Superior Court, King County, Washington, and the Parties consent to the jurisdiction thereof. The Parties agree that the prevailing party shall be entitled to recover its reasonable attorney’s fees, court costs and other legal expenses from the other Party. 21. Waiver/Severability. The failure of either Party to enforce any of the provisions hereof will not be construed to be a waiver of the right of such Party thereafter to enforce such provisions. If any provision of this Agreement is found to be unenforceable, that provision will be enforced to the maximum extent possible, and the validity, legality and enforceability of the remaining provisions will not in any way be affected or impaired thereby. 22. LIABILITY. NOTWITHSTANDING ANY PROVISION WITHIN THIS AGREEMENT TO THE CONTRARY, AND REGARDLESS OF THE NUMBER OF LOSSES, WHETHER IN CONTRACT, EQUITY, STATUTE, TORT, NEGLIGENCE, OR OTHERWISE: 22.1. NEITHER PARTY SHALL HAVE LIABILITY TO THE OTHER PARTY FOR ANY SPECIAL, INDIRECT, INCIDENTAL, PUNITIVE, EXEMPLARY, LIQUIDATED, OR CONSEQUENTIAL DAMAGES OF ANY KIND, AND NEITHER PARTY SHALL BE LIABLE TO THE OTHER PARTY FOR LOSSES OF PROFIT, REVENUE, INCOME, BUSINESS, ANTICIPATED SAVINGS, DATA, REPUTATION, AND MORE GENERALLY, ANY LOSSES OF AN ECONOMIC OR FINANCIAL NATURE, REGARDLESS OF WHETHER SUCH LOSSES MAY BE DEEMED AS CONSEQUENTIAL OR ARISING DIRECTLY AND NATURALLY FROM THE INCIDENT GIVING RISE TO THE CLAIM, AND REGARDLESS OF WHETHER SUCH LOSSES ARE FORESEEABLE OR WHETHER EITHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSSES; AND 22.2. EXCEPT FOR A CLAIM FOR INDEMNIFICATION UNDER SECTION 15, EITHER PARTY’S TOTAL LIABILITY ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT SHALL NOT EXCEED THE SUBSCRIPTION FEE AMOUNT(S) ACTUALLY PAID BY CUSTOMER TO CENTRALSQUARE HEREUNDER FOR THE LAST TWELVE MONTHS. 23. Third-Party Materials. CentralSquare may from time to time, in its discretion engage third parties to perform services, provide software, or provide equipment. Customer acknowledges and agrees CentralSquare provides front-line support services for third parties, but these third parties assume all responsibility and liability in connection with the third-party software, equipment, or related services. CentralSquare is not authorized to make any representations or warranties that are binding upon the third-party or to engage in any other acts that are binding upon the third-party, excepting specifically that CentralSquare is authorized to represent third-party fees in the Agreement and to accept payment of such amounts from Customer on behalf of the third-party for as long as such third-party authorizes CentralSquare to do so. As a condition precedent to installing or accessing any third-party Materials, Customer may be required to execute a click-through, shrink-wrap End User License Agreement (EULA) or similar agreement provided by the Third-Party Materials provider. All third- party materials are provided “as-is” and any representation or warranty concerning them is strictly between Customer and the third-party. 4747 {EFM2297012.DOCX;4/13175.000001/ } 12 24. Entire Agreement. This Agreement, and any Exhibits specifically incorporated therein by reference, constitutes the entire agreement between the Parties with respect to the subject matter. These documents supersede and merge all previous and contemporaneous proposals of sale, communications, representations, understandings and agreements, whether oral or written, between the Parties with respect to the subject hereof. This Agreement may not be modified except by a writing subscribed to by authorized representatives of both Parties. 25. No Third-Party Beneficiaries. This Agreement is for the sole benefit of the Parties and their respective successors and permitted assigns and nothing herein, express or implied, is intended to or shall confer on any other person any legal or equitable right, benefit, or remedy of any nature under or by reason of this Agreement. 26. Counterparts. This Agreement may be executed in several counterparts, each of which when so executed shall be deemed to be an original, and such counterparts shall constitute one and the same instrument. This Amendment shall be considered properly executed by a Party if executed by that Party and transmitted by facsimile or other electronic means including, without limitation, Docusign, Tagged Image Format Files (TIFF), or Portable Document Format (PDF). 27. Material Adverse Change. If any Law, Regulatory Approval, applicable standard, process, OEM requirement is changed or comes into force after the Effective Date, including but not limited to PCI standards (collectively, a “Material Adverse Change”), which is not explicitly addressed within this Agreement and results in significant extra costs for either Party in relation to the performance of this Agreement, both Parties shall promptly meet, discuss in good faith how to reduce the technical, operational, and/or commercial impact of such Material Adverse Change. 28. Cooperative Purchases. This Contract may be used by other government agencies. CentralSquare has agreed to offer similar services to other agencies under the same terms and conditions as stated herein except that the compensation may be negotiated between CentralSquare and other agencies based on the specific revenue expectations, agency reimbursed costs, and other agency requirements. The Customer will in no way whatsoever incur any liability in relation to specifications, delivery, payment, or any other aspect of purchases by such agencies. 29. Order of Precedence. 29.1. In the event of any conflict or inconsistency between this Agreement, the Exhibits, or any purchase order, then the following priority shall prevail: 29.1.1. The main body of this Agreement, attached Exhibits to this Agreement, and any associated amendments or change orders. 29.1.2. Purchase Orders placed with CentralSquare in accordance with this Agreement. Customer’s purchase terms and conditions or CentralSquare’s sales terms and conditions are not applicable and shall have no force and effect, whether referenced or not in any document in relation to this Agreement. 29.2. Incorporated Exhibits to this Agreement: Exhibit 1 – Project Cost Summary Exhibit 2 - Maintenance & Support Standards Exhibit 3 – Travel Expense Guidelines Exhibit 4 – Insurance Requirements Exhibit 5 – Scope of Work Exhibit 6 - Vendor Security Requirements Exhibit 7- Data Protection and Information Security Agreement 4848 {EFM2297012.DOCX;4/13175.000001/ } 13 EXHIBIT 1 Project Cost Summary Software Subscriptions Services 4949 {EFM2297012.DOCX;4/13175.000001/ } 14 5050 {EFM2297012.DOCX;4/13175.000001/ } 15 City of Tukwila - CentralSquare Payment Terms CentralSquare RFP Checklist Annual Subscription Fee Finance Phase 1 Modules $44,958.00 General Ledger - Job/Project Ledger p. 55 – p. 61, p. 80, p. 183, p. 191, p. 193, p. 241, p. 245 – p. 246 Accounts Payable p. 184, p. 191, p. 248 – p. 249, Accounts Receivable p. 257, p. 287 Cashiering p. 78 -81, p. 85, p. 173, p. 258 Documents Online, Easy Laser Forms and Analytics (Cognos) specific to each module. p.262, p. 263, p. 283 - 285 Finance Phase 2 Modules $52,158.00 Purchase Orders p. 11, p.59, p. 99, p. 105-106 Fixed Assets p. 255 Grant Management p. 260 Project Allocation p. 246 Purchasing p. 251 - 252 Bank Reconciliation p. 114, p. 250 Budgeting p. 175, p. 177, Contract Management p. 191, p. 233, p. 261 Bid/Quote Management p. 103, p. 106 – p. 107 P-Cards p. 96, p. 97 Position Budgeting p. 178 Citizen Engagement (ARO, VMO) p. 19, p. 287 - 288 Certent Disclosure Management p. 54, p. 56, p. 61, p. 275 Documents Online, Easy Laser Forms and Analytics (Cognos) specific to each module. p. 262, p. 263, p. 283-285 HR/Payroll Modules $9,062.00 Human Resources p. 264 – p. 266 Payroll p. 122, p. 123, p. 269 Employee Online p. 126, p. 271 Documents Online, Easy Laser Forms and Analytics (Cognos) specific to each module. p. 262, p. 263, p. 283-285 5151 {EFM2297012.DOCX;4/13175.000001/ } 16 Utilities Modules $5,210.00 Utilities p. 277-280 Data Quality Suite p. 278 Meter Reading Interface p. 166, Online Utility Exchange Interface p. 280 Common Cash Receipts p. 278 OPTIO – Form Writer p. 277 Citizen Engagement (Utility Billing) p. 277 Total $111,388.00 A. ONE TIME FEES 1. Contract Startup Fee ($10,000). Finance Enterprise Advance SaaS Subscription Contract Startup Fee paid upon the Execution Date. 2. Subscription Modules. Subscription Modules will be implemented and stabilized in descending order of priority as set out above. Modules shall be delivered, to be completely implemented/integrated and shall meet all corresponding RFP Checklist requirements, including any mutually agreed upon changes documented as signed Change Orders, as noted before subscription fees are paid. i. If Phase 1 Subscription Modules have not been implemented, as defined by meeting all functionality stated in RFP, within30 days of the date agreed upon in the Product Planning Schedule, and the City has provided all reasonable requested assistance from CentralSquare, CentralSquare shall provide a credit equal to 40 hours of training/support to the City. 3. Professional Services. i. Fees for the existing implementation services shall be billed pursuant to the Milestone table set out below. ii. Any implementation fees not previously quoted, but necessary to complete installation of the Products shall be added pursuant to an additional quote. CentralSquare agrees that any additional implementation fees shall be billed at the same hourly rates as the previously quoted fees. iii. Fees for services needed by the City after the Go-Live of the products and during the Initial Term of this Agreement shall be added pursuant to an additional quote. CentralSquare agrees that any additional fees after Go-Live but during the Initial Term of the Agreement shall be billed at an hourly rate not to exceed 3% above the hourly rates used to quote the fees for implementation services. iv. Express written authorization from City is required before any Professional Services are provided to City via offshore resources. v. Extra Reporting/Workflow prior to the Go-Live date, $28,800, is billed as incurred at a rate of $180 per hour. 4. Third-Party Fees. i. Third-Party Professional Services Fees are due: 50% on Execution Date, and 50% due upon completion of services with invoice. B. RECURRING FEES 1. The Annual Subscription Fee is due pursuant to A.2. for the first year, and thereafter annually on the anniversary of the Execution Date. 2. The Annual Subscription Fee shall be limited an annual 3% escalation. C. ANCILLARY FEES 1. Customer is responsible for paying all taxes relating to this Agreement. Applicable tax amounts (if any) are not included in the fees set forth in this Agreement. If Customer is exempt from the 5252 {EFM2297012.DOCX;4/13175.000001/ } 17 payment of any such taxes, Customer must provide CentralSquare valid proof of exemption; otherwise, CentralSquare will invoice Customer and Customer will pay to CentralSquare all such tax amounts. 2. If Customer fails to make any payment when due, then CentralSquare may charge interest on the past due amount at the rate of .5% per month calculated daily and compounded monthly, or, if lower, the highest rate permitted under applicable law; and If such failure continues for 90 days following written notice thereof, CentralSquare may suspend performance or access until past due amounts have been paid. Professional Services - Payment Milestone Table Milestone Payment Milestone Description Percent of Services Cost 1 Baseline Project Schedule Provided The baseline project schedule is developed within the first 60 days of the project through careful planning with both the CentralSquare project manager and the Customer project manager. The baseline project schedule is the initial agreed upon schedule for the project, inclusive of all tasks from both project teams. Once the baseline project schedule has been delivered, this task is considered complete. A proof of delivery will be provided to the customer. Customer acknowledgement will trigger milestone invoice. 10% $69,695 2 Finance Phase I (GL, AP, AR, Cash Receipts) - Testing and Training Once all modules are tested and online, the CentralSquare team alongside the customer will participate in an integration test to include all modules. This testing is considered complete when the engagement for testing has concluded and results have been provided to the customer. A proof of delivery will be provided to the customer. Customer acknowledgement will trigger milestone invoice. Training for the application is considered complete once 75% of the participants, as identified and documented in the planning phase of the project, have passed the Train the Trainer program. A proof of delivery will be provided to the customer. Customer acknowledgement will trigger milestone invoice. 10% $69,695 3 Finance Phase I Go-live Customer is considered Live on the applications after 15 days of live operations in a production environment and wherein no urgent or critical error codes are recorded. A proof of delivery will be provided to the customer. Customer acknowledgement will trigger milestone invoice. 15% $104,541 5353 {EFM2297012.DOCX;4/13175.000001/ } 18 4 Finance Phase II (remaining Finance modules) - Testing and Training Once all modules are tested and online, the CentralSquare team alongside the customer will participate in an integration test to include all modules. This testing is considered complete when the engagement for testing has concluded and results have been provided to the customer. A proof of delivery will be provided to the customer. Customer acknowledgement will trigger milestone invoice. Training for the application is considered complete once 75% of the participants, as identified and documented in the planning phase of the project, have passed the Train the Trainer program. A proof of delivery will be provided to the customer. Customer acknowledgement will trigger milestone invoice. 10% $69,695 5 Finance Phase II Go-live Customer is considered Live on the applications after 15 days of live operations in a production environment and wherein no urgent or critical error codes are recorded. A proof of delivery will be provided to the customer. Customer acknowledgement will trigger milestone invoice. 15% $104,541 6 HR/Payroll - Testing and Training Once all modules are tested and online, the CentralSquare team alongside the customer will participate in an integration test to include all modules. This testing is considered complete when the engagement for testing has concluded and results have been provided to the customer. A proof of delivery will be provided to the customer. Customer acknowledgement will trigger milestone invoice. Training for the application is considered complete once 75% of the participants, as identified and documented in the planning phase of the project, have passed the Train the Trainer program. A proof of delivery will be provided to the customer. Customer acknowledgement will trigger milestone invoice.5 10% $69,695 7 HR/Payroll Go-live Customer is considered Live on the applications after 15 days of live operations in a production environment and wherein no urgent or critical error codes are recorded. A proof of delivery will be provided to the customer. Customer acknowledgement will trigger milestone invoice. 15% $104,541 5454 {EFM2297012.DOCX;4/13175.000001/ } 19 8 Utilities - Testing and Training Once all modules are tested and online, the CentralSquare team alongside the customer will participate in an integration test to include all modules. This testing is considered complete when the engagement for testing has concluded and results have been provided to the customer. A proof of delivery will be provided to the customer. Customer acknowledgement will trigger milestone invoice. Training for the application is considered complete once 75% of the participants, as identified and documented in the planning phase of the project, have passed the Train the Trainer program. A proof of delivery will be provided to the customer. Customer acknowledgement will trigger milestone invoice. 5% $34,847 9 Utilities Go-live Customer is considered Live on the applications after 15 days of live operations in a production environment and wherein no urgent or critical error codes are recorded. A proof of delivery will be provided to the customer. Customer acknowledgement will trigger milestone invoice. 10% $69,695 Total Services $696,945 5555 {EFM2297012.DOCX;4/13175.000001/ } 20 EXHIBIT 2 Support Standards 1. CentralSquare Cloud Security Program A. Access & Continuity. Logical access restrictions include VLAN data segregation, extensive deny-by- default access control lists, and Multi-Factor authentication required for System Administration. Business continuity is prioritized via daily encrypted backup stored offsite, virtual tape backup technology to counter loss of physical media, and full replication to disaster recovery site, with redundancy an availability through multiple carriers. B. Security & Monitoring. SSL and IPSEC VPN with 256 bit encryption, web application firewalls, multi- layered infrastructure model with recorded internal and external CCTV, card access control, best of breed HVAC/fire suppression/physical security, and backed by 24-7 x 365 monitoring by a staffed operations facility for: Intrusion detection & prevention, DDOS mitigation, and automated network incident creation and escalation. C. Testing, Audits & Compliance. third-party internal, external, perimeter vulnerability and penetration testing. Centrally managed patching, OS hardening program, and endpoint protection on all servers. Industry standard compliance includes annual completion of: SSAE18/ISAE Data Center Audit, SSAE18 Operations Audit, PCI-DSS Compliance Audit, Vulnerability Testing & CVSS Audit, and Control Self-Assessment Audit. 2. Service Level Commitments A. Target. In each Service Period, the target for availability of the Solutions is 99.9% (“Availability Target”). “Service Period” means 24 hours per day Monday through Sunday each calendar month that Customer receives the Solutions, excluding Sundays between 12:00 AM and 12:00 PM Eastern Time for scheduled maintenance. During this time, Customers may experience intermittent interruptions. CentralSquare will make commercially reasonable efforts to minimize the frequency and duration of these interruptions and CentralSquare will notify the Customer if the entire maintenance window will be required. B. Support Terms. Beginning on the Execution Date and continuing for twelve (12) months thereafter (“Initial Support Term”), CentralSquare shall provide the ongoing Support Services described herein pursuant to the rates governed by the terms of Exhibit 1. Upon expiration of the Initial Support Term, ongoing Support Services shall automatically renew, with Customer paying for additional annual support periods, each a (“Renewal Support Term”), pursuant to the rates governed by the terms of Exhibit 1. This renewal will continue until termination of this Agreement provided that, CentralSquare shall not give notice of termination if it would be effective prior to a period equal to two times the Agreement’s Initial Term. C. Measurement. Service availability is measured as the total time that the Solutions are available during each Service Period for access by Customer (“Service Availability”). Service Availability measurement shall be applied to the production environment, and the points of measurement for all monitoring shall be the servers 5656 {EFM2297012.DOCX;4/13175.000001/ } 21 and the Internet connections at CentralSquare’s hosted environment. CentralSquare has technology monitoring, measuring, and recording Service Availability. The Customer, at their discretion, may also employ monitoring tools, not to override CentralSquare’s measurements for the purposes of calculating Service Availability. Additionally, the monitoring tool must be: 1. mutually agreed upon by CentralSquare and the Customer. 2. paid, installed and maintained by the Customer. 3. non-invasive and may not reside on CentralSquare’s systems. D. Calculation. Service Availability for a given month shall be calculated using the following calculation: I. The total number of minutes which the service was NOT available in a given month shall be subtracted from the total number of minutes available in the given month. The resulting figure is divided by the total number of minutes available in the given month. II. Service Availability Targets are subject to change due to the variance of the number of days in a month. III. The total number of minutes which the service was NOT available in a given month shall exclude minutes associated with scheduled or emergency maintenance. E. Remedy. If the Service Period target measurement is not met then the Customer shall be entitled to a credit calculated as follows: Service Availability in the relevant Service Period Percentage Reduction in Monthly Fee for the Subsequent Service Period Less than 99.9% but greater than or equal to 99.0% 5% Less than 99.0% but greater than or equal to 95.0% 25% Less than 95% 50% F. If not directly reported by CentralSquare, credit entitlement must be requested by the Customer within sixty (60) days of the failed Target. Customer shall not be entitled to offset any monthly Solutions fee payments, nor withhold fee payments, on account of a pending credit. Customer shall not be eligible for credits for any period where Customer is more than thirty (30) days past due on their account. CentralSquare will provide reporting, showing performance and service levels. G. Chronic Outage. In the event the Customer experiences Service Availability that is below 95% for any three (3) or more months in a rolling twelve (12) month period, Customer shall have the right to claim that CentralSquare is in material breach of the Agreement and may terminate this Agreement in accordance with Section 16.1, excluding the rights and opportunity to cure provided under Section 16.1(ii). 3. Server Performance & Capacity. a. CentralSquare shall provide sufficient server capacity for the duration of this Agreement to meet the reasonable performance requirements for the number of concurrent system users provided for in this Agreement. If the Customer requests, at some later date, to add additional Solutions, increase user licenses, increase storage or processing requirements, and/or request additional environments, these requests will be evaluated and if additional resources are required to support modifications, additional fees may apply. In the event Service Availability is below 99.9% for any two (2) or months in a rolling twelve (12) month period, CentralSquare shall deploy additional server and network capacity to meet the performance requirements of this Agreement at no additional expense to Customer. a.b. Finance Enterprise standard database size is 100GB, Utility Billing’s standard database size is 50GB. Most customers do not require additional space, but in the event that it is needed, CentralSquare will provide up to 300GB at no charge. Additional 50GB costs are $50 per year. b.c. “In-network” is defined as any point between which the data packet enters the CentralSquare environment and subsequently departs the CentralSquare environment. Any point of communications outside of the CentralSquare protected network environment shall be deemed as “out-of-network.” CentralSquare is not responsible for Internet connectivity and/or performance out-of-network. 4. System Maintenance. a. Solutions maintenance and upgrades. CentralSquare will provide all hosted systems and network maintenance as deemed appropriate and necessary by CentralSquare. Maintenance and upgrades will be scheduled in advance with the Customer’s primary contact if they fall outside of the designated hours set aside for this function of Sundays from 12:00AM to 12:00 PM. 5757 {EFM2297012.DOCX;4/13175.000001/ } 22 b. Hardware maintenance and upgrades. Hardware maintenance and upgrades will be performed outside of the Customer’s standard business hours of operation and the Customer will be notified prior to the upgrade. c. Emergency maintenance. Emergency situations will be handled on a case-by-case basis in such a manner as to cause the least possible disruption to overall system operations and availability without negatively affecting system stability and integrity. CentralSquare will attempt to notify the Customer promptly, however if no contact can be made, CentralSquare management may deem it necessary to move forward with the emergency maintenance. 5. Incident Response. Incidents are defined as interruptions to existing service and can range in priority from urgent to low depending on the impact to the Customer. CentralSquare will make commercially reasonable efforts to respond to Solutions incidents for live production systems using the following guidelines: Priority Level Impact Description Performance Target Minimum Performance Goal % 1 Urgent An Incident that results in loss of Customer connectivity to all of the Solutions or results in loss, corruption or damage to Customer’s Data. CentralSquare will respond within 1 hour of the issue being reported with an initial assessment for rectification, with a progress report twice per day. 95% 2 Critical An Incident that has an adverse material impact on the performance of the Solutions or materially restricts Customer’s day-to- day operations. CentralSquare will respond within 2 hours of the issue being reported with an initial assessment for rectification, with a progress report once per day. 95% 3 Non-Critical An Incident that does not result in a failure of the Solutions but a fault exists that restricts the Customer’s use of the Solutions. CentralSquare will respond within 4 hours of the issue being reported an initial assessment for rectification, with a progress report every 3 business days. 95% 4 Minor An Incident that does not affect or which has minimal adverse impact on the use of the Solutions. CentralSquare will respond within 24 hours of the issue being reported. 95% a. Measurement. CentralSquare shall track and report on response and resolution time for application and hosting support issues identified by the Customer. 6. Disaster Recovery. CentralSquare provides disaster recovery services for Solutions. The costs for these disaster recovery services are included in the monthly fees. In the event that a disaster renders the Customer’s data center is inaccessible or rendered non-functional, CentralSquare will provide the ability to connect to the appropriate data center using software provided by CentralSquare. This will allow the Customer to connect to their systems from a remote site to the previously identified critical functions, however functionality may be diminished due to lack of access to hardware and/or software located in the Customer’s facilities. 7. Exceptions. CentralSquare shall not be responsible for failure to carry out its service and maintenance obligations under this Agreement if the failure is caused by adverse impact due to: a. defectiveness of the Customer’s environment, Customer’s systems, or due to Customer corrupt, incomplete, or inaccurate data reported to the Solutions, or documented Defect. b. denial of reasonable access to Customer’s system or premises preventing CentralSquare from addressing the issue. 5858 {EFM2297012.DOCX;4/13175.000001/ } 23 c. material changes made to the usage of the Solutions by Customer where CentralSquare has not agreed to such changes in advance and in writing or the modification or alteration, in any way, by Customer or its subcontractors, of communications links necessary to the proper performance of the Solutions. d. a force majeure event, or the negligence, intentional acts, or omissions of Customer or its agents. 8. Incident Resolution. Actual response times and resolutions may vary due to issue complexity and priority. For critical impact level and above, CentralSquare provides a continuous resolution effort until the issue is resolved. 9. Service Requests. Service requests are new requests that will take less than 8 hours to accomplish. For new requests that require additional time, CentralSquare will prioritize these requests, and determine if extra time is needed to order equipment or software. 10. Non-Production Environments. CentralSquare will make commercially reasonable efforts to provide non- production environment(s) during Customer business hours. Non-production environments are not included under the metrics or service credit schedules discussed in this Exhibit. a. Maintenance. All forms of maintenance to be performed on non-production environments will follow the exact structure and schedules outlined above in Section 3 for regular System Maintenance. b. Incidents and service requests. Non-production environment incidents are considered priority 3 or 4, dictated by circumstances and will be prioritized and scheduled similar to production service requests. 11. Responsibility Summary Matrix. Responsibility Summary Matrix Description CentralSquare Responsibility Customer Responsibility ASP Server Hardware management X ASP Server File system management X ASP Server OS upgrades and maintenance X ASP Database product upgrades and maintenance X ASP third-party product upgrades and maintenance X Application Update Installation Request to install application updates X Installation of application updates X ASP Backup Management X Data and or File restoration Request to restore data and or files X Restoration of data and or files X Network ASP Network up to and including the router at CentralSquare ’s location X ASP Router at Customer’s location X Customer’s network up to the router at Customer’s location X Customer Workstations X System Performance X X Add/Change users User add/change requests X User add/change implementation for System Access X X User add/change implementation for Solutions X Add/Change Printers Printer add/change requests X Printer add/change implementation on ASP network X X Printer add/change implementation for Solutions X Disaster Recovery X Password Management X X Application Management Application Configuration X X Application Security Management X X Accuracy and Control of Data X X 5959 {EFM2297012.DOCX;4/13175.000001/ } 24 Security Intrusion and Penetration Testing X X 12. Virtual Private Network (VPN) Concentrator. If Customer’s desired system configuration requires the use of a VPN concentrator, including router, this will be provided by CentralSquare . It will reside at Customer’s location but is, and shall remain the property of CentralSquare . 13. Customer Cooperation. Customer may be asked to perform problem determination activities as suggested by CentralSquare . Problem determination activities may include capturing error messages, documenting steps taken and collecting configuration information. Customer may also be requested to perform resolution activities including, for example, modification of processes. Customer agrees to cooperate with such requests, if reasonable. 14. Training. Outside the scope of training services purchased, if any, Customer is responsible for the training and organization of its staff in the operation of the Solutions. 15. Development Work. The Support Standards do not include development work either (i) on software not licensed from CentralSquare or (ii) development work for enhancements or features that are outside the documented functionality of the Solutions, except such work as may be specifically purchased and outlined in Exhibit 1. CentralSquare retains all Intellectual Property Rights in development work performed and Customer may request consulting and development work from CentralSquare as a separate billable service. 16. Telephone Support & Support Portal a. Hours. CentralSquare shall provide to Customer, Monday through Friday, 8:00 A.M. to 5:00 P.M. Customer’s Local Time within the continental United States, excluding holidays (“5x9”). CentralSquare shall provide to Customer, during the Support Hours, commercially reasonable efforts in solving errors reported by the Customer as well as making available an online support portal. Customer shall provide to CentralSquare reasonably detailed documentation and explanation, together with underlying data, to substantiate errors and to assist CentralSquare in its efforts to diagnose, reproduce and correct the error. This support shall be provided by CentralSquare at Customer location(s) if and when CentralSquare and Customer agree that on-site services are necessary to diagnose or resolve the problem. If a reported error did not, in fact, exist or was not attributable to a defect in the Solutions or an act or omission of CentralSquare, then Customer shall pay for CentralSquare 's investigation and related services at CentralSquare ’s standard professional services rates governed by the terms of Exhibit 1. Customer must provide CentralSquare with such facilities, equipment and support as are reasonably necessary for CentralSquare to perform its obligations under this Agreement, including remote access to the Specified Configuration b. Releases. Customer shall promptly install and/or use any Release provided by CentralSquare to avoid or mitigate a performance problem or infringement claim. All modifications, revisions and updates to the Solutions shall be furnished by means of new Releases of the Solutions and shall be accompanied by updates to the Documentation whenever CentralSquare determines, in its sole discretion, that such updates are necessary. c. Case Number. Measured from the moment a Case number is created. i. As used herein a “Case number” is created when (a) a CentralSquare support representative has been directly contacted by Customer either by phone, in person, or through CentralSquare’s online support portal, and (b) when CentralSquare’s support representative assigns a case number and conveys that case number to the Customer. ii. An incident must be reported and recorded in CentralSquare’s support system in order to be resolved and any associated escalation for resolution of the incident will proceed as follows: 1. Support Manager 2. Support Director or Director of Cloud 3. Assigned CSM (Customer Success Manager) 4. Support VP 5. Public Administration General Manager 6. COO of Company 7. CTO of Company 8. CEO of Company iii. Should the Support Manager or other key personnel assigned to Customer in Exhibit 5 (Scope of Work) change, CentralSquare will provide reasonable notification to Customer and assist in the personnel transition. 6060 {EFM2297012.DOCX;4/13175.000001/ } 25 6161 {EFM2297012.DOCX;4/13175.000001/ } 26 EXHIBIT 3 Travel Expense Guidelines CentralSquare will adhere to the following guidelines when incurring travel expenses: All arrangements for travel are to be made through the CentralSquare Corporate Travel Agent unless other arrangements have been made with the Customer and are documented in writing. AIR TRAVEL – CentralSquare will use the least expensive class of service available with a minimum of seven (7) day, maximum of thirty (30) day, advance purchase. Upon request, CentralSquare shall provide the travel itinerary as the receipt for reimbursement of the airfare and any fees. Fees not listed on the itinerary will require a receipt for reimbursement. Trips fewer than 250 miles round are considered local. Unless a flight has been otherwise approved by the Customer, Customer will reimburse the current IRS approved mileage rate for all local trips. LODGING –CentralSquare will use the most reasonable accommodations possible, dependent on the city. All movies, and phone/internet charges are not reimbursable. RENTAL CAR – Compact or Intermediate cars will be required unless there are three or more CentralSquare employees sharing the car in which case the use of a full size car is authorized. Gas is reimbursable however, pre-paid gas purchases will not be authorized and all rental cars are to be returned with a full tank of gas. Upon request, receipts for car rental and gas purchases will be submitted to Customer. CentralSquare shall decline all rental car insurance offered by the car rental agency as staff members will be covered under the CentralSquare auto insurance policy. Fines for traffic violations are not reimbursable expenses. OTHER TRANSPORTATION – CentralSquare staff members are expected to use the most economical means for traveling to and from the airport (Airport bus, hotel shuttle service). Airport taxi or mileage for the employee’s personal vehicle (per IRS mileage guidelines) are reimbursable if necessary. Upon request, receipt(s) for the taxi will be submitted to Customer. Proof of mileage may be required and may be documented by a readily available electronic mapping service. The mileage rate will be the then-current IRS mileage guideline rate (subject to change with any change in IRS guidelines). OTHER BUSINESS EXPENSES – Parking at the airport is reimbursable. Tolls to and from the airport and while traveling at the Customer site are reimbursable. Tipping on cab fare exceeding 15% is not reimbursable. Porter tips are reimbursable, not exceeding $1.00 per bag. Laundry is reimbursable when travel includes a weekend day or Company Holiday and the hotel stay is four nights or more. Laundry charges must be incurred during the trip and the limit is one shirt and one pair of pants/skirt per day. With the exception of tips, receipts shall be provided to Customer upon request for all of the aforementioned items. MEALS – Standard per Diem. Subject to change due to cost of living. 6262 {EFM2297012.DOCX;4/13175.000001/ } 27 EXHIBIT 4 Insurance A. Insurance Term CentralSquare shall procure and maintain for the duration of the Agreement, insurance against claims for injuries to persons or damage to property which may arise from or in connection with the performance of the work hereunder by the CentralSquare, its agents, representatives, or employees. B. No Limitation CentralSquare’s maintenance of insurance as required by the Agreement shall not be construed to limit the liability of the CentralSquare to the coverage provided by such insurance, or otherwise limit the Customer’s recourse to any remedy available at law or in equity. C. Minimum Scope of Insurance 1. CentralSquare shall obtain insurance with a current A.M Best rating of not less than A:VII., and including the types and coverage described below: 2. Automobile Liability insurance covering all, non-owned, hired, and leased vehicles. Coverage shall be written as least as broad as Insurance Services Office (ISO) form CA 00 01. 3. Commercial General Liability insurance shall be at least as broad as ISO occurrence form CG 00 01 and shall cover liability arising from premises, operations, stop-gap, independent contractors and personal injury and advertising injury. Customer shall be included as an additional insured under the CentralSquare’s Commercial General Liability insurance policy with respect to the work performed for the Customer using an additional insured endorsement at least as broad as ISO CG 20 26. 4. Workers’ Compensation coverage as required by the Industrial Insurance laws of the State of Washington. 5. Technology Errors & Omissions (E&O) 6. Network Security (Cyber) and Privacy Insurance shall include, but not be limited to, coverage, including defense, for the following losses or services: Claims involving infringement of intellectual property, infringement of copyright, trademark, trade dress, invasion of privacy violations, and information theft. Liability arising from theft, dissemination, and/or use of Customer confidential and personally identifiable information, including but not limited to, any information about an individual maintained by the Customer, including (i) any information that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother’s maiden name, or biometric records; and (ii) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information regardless of how or where the information is stored or transmitted. Network security liability arising from (i) the unauthorized access to, use of, or tampering with computer systems, including hacker attacks; or (ii) the inability of an authorized third party to gain access to supplier systems and/or Customer data, including denial of service, unless caused by a mechanical or electrical failure; (iii) introduction of any unauthorized software computer code or virus causing damage to the Customer or any other third party data. Lawfully insurable fines and penalties resulting or alleging from a data breach. 6363 {EFM2297012.DOCX;4/13175.000001/ } 28 Event management services and first-party loss expenses for a data breach response including crisis management services, credit monitoring for individuals, public relations, legal service advice, notification of affected parties, independent information security forensics firm, and costs to re-secure, re-create and restore data or systems. D. Minimum Amounts of Insurance 1. CentralSquare shall maintain the following insurance limits: 2. Automobile Liability insurance with a minimum combined single limit for bodily injury and property damage of $1,000,000 per accident. 3. Commercial General Liability insurance shall be written with limits no less than $1,000,000 each occurrence, $2,000,000 general aggregate. 4. Technology Errors & Omissions (E&O) shall be written with limits no less than $1,000,000 per claim and $1,000,000 policy aggregate limit. 5. Network Security (Cyber) and Privacy Insurance shall be written with limits no less than $5,000.000 per claim $5,000,000 policy aggregate for network security and privacy coverage, $100,000 per claim for regulatory action (fines and penalties), and $100,000 per claim for event management services. E. Other Insurance Provision CentralSquare’s Automobile Liability and Commercial General Liability insurance policies are to contain, or be endorsed to contain that they shall be primary insurance as respect Customer. Any insurance, self-insurance, or self-insured pool coverage maintained by Customer shall be excess of the CentralSquare’s insurance and shall not contribute with it. F. Verification of Coverage CentralSquare shall furnish Customer with certificates and a copy of the amendatory endorsements, including but not necessarily limited to the additional insured endorsement except for Technology Errors & Omissions (E&O) & Network Security (Cyber) and Privacy Issues, evidencing the insurance requirements of CentralSquare before commencement of the work. G. Notice of Cancellation CentralSquare shall provide Customer with written notice of any policy cancellation within two business days of their receipt of such notice. H. Failure to Maintain Insurance Failure on the part of CentralSquare to maintain the insurance as required shall constitute a material breach of contract, upon which Customer may, after giving five business days’ notice to CentralSquare to correct the breach, immediately terminate the contract or, at its discretion, procure or renew such insurance and pay any and all premiums in connection therewith, with any sums so expended to be repaid to Customer on demand, or at the sole discretion of Customer, offset against funds due CentralSquare from Customer. I. Customer Full Availability of CentralSquare Limits If CentralSquare maintains higher insurance limits than the minimums shown above, Customer shall be insured for the full available limits of Commercial General and Excess or Umbrella liability maintained by CentralSquare, irrespective of whether such limits maintained by CentralSquare are greater than those required by this contract or whether any certificate of insurance furnished Customer evidences limits of liability lower than those maintained by CentralSquare. J. Safeguarding of Personal Information 6464 {EFM2297012.DOCX;4/13175.000001/ } 29 CentralSquare shall not use or disclose Personal Information, as defined in RCW 19.255.010, in any manner that would constitute a violation of federal law or applicable provisions of Washington State law. CentralSquare agrees to comply with all federal and state laws and regulations, as currently enacted or revised, regarding data security and electronic data interchange of Personal Information. CentralSquare shall ensure its directors, officers, employees, subcontractors or agents use Personal Information solely for the purposes of accomplishing the services set forth in the Agreement. CentralSquare shall protect Personal Information collected, used, or acquired in connection with the Agreement, against unauthorized use, disclosure, modification or loss. CentralSquare and its sub-consultants agree not to release, divulge, publish, transfer, sell or otherwise make Personal Information known to unauthorized persons without the express written consent of Customer or as otherwise authorized by law. CentralSquare agrees to implement physical, electronic, and managerial policies, procedures, and safeguards to prevent unauthorized access, use, or disclosure of Personal Information. CentralSquare shall make the Personal Information available to amend as directed by Customer and incorporate any amendments into all the copies maintained by CentralSquare or its subcontractors. CentralSquare shall certify its return or destruction upon expiration or termination of the Agreement and CentralSquare shall retain no copies. If CentralSquare and Customer mutually determine that return or destruction is not feasible, CentralSquare shall not use the Personal Information in a manner other than those permitted or authorized by state and federal laws. CentralSquare shall notify Customer pursuant to Exhibit 6 upon becoming aware of any unauthorized access, use or disclosure of Personal Information. CentralSquare shall take necessary steps to mitigate the harmful effects of such use or disclosure. CentralSquare is financially responsible for notification of any unauthorized access, use or disclosure. The details of the notification must be approved by Customer. Any breach of this clause may result in termination of the Agreement and the demand for return of all Personal Information. 6565 {EFM2297012.DOCX;4/13175.000001/ } 30 EXHIBIT 5 Scope of Work 1.0 Implementation Statement of Work (“SOW”) This document is the Statement of Work (SOW) and contains the approach for the implementation of CentralSquare’s Technology’s (“CentralSquare”) Finance, Human Resources & Payroll Information Management (“Enterprise Finance”), Human Capital Management (“HCM”), Utilities software and related services with respect to the Solution software expressly identified in the Order (the “Agreement”) for the City of Tukwila. CentralSquare will provide implementation services identified in the Agreement and as further described in this SOW to assist the Customer in implementing the software solution. The SOW is an attachment incorporated as part of the Agreement signed by CentralSquare and the Customer, and all actions directed herein shall be performed in accordance with the aforementioned Agreement. This SOW is intended to be a planning and control document, not the detailed requirements or design of the solution. 2.0 Scope Overview The purpose of this project is to upgrade the Customer’s current Financial, Human Resources, Utilities Management software with CentralSquare’s Finance Enterprise, HCM, Utilities software system, to improve the Customer’s existing administrative processes in order to take advantage of industry best practices that best leverage the Finance Enterprise, HCM, Utilities software. The project scope is comprised of the software and services identified in the Agreement and further described throughout this SOW. Anything not specifically designated in the SOW should be considered out of scope and not part of this project. 2.1 Software Scope Covered software does not include hardware, hardware vendor operating systems and/or other system software, customer developed software, or third-party software. CentralSquare will deliver computer software and database structure for SQL/Server database. The following list depicts the software associated with the Agreement. Finance Enterprise  Accounts Payable  Accounts Receivable  Fixed Assets  Stores Inventory  General Ledger  Grants Management  Job/Project Ledger  Project Allocation  Punchout  Purchasing  Bank Reconciliation  Budgeting  Documents Online  Fusion  Cashiering  Base Analytics (COGNOS BI)  Easy Laser Forms  Contract Management  Bid and Quote Management  Position Budgeting 6666 {EFM2297012.DOCX;4/13175.000001/ } 31  Procurement Cards  Certent Disclosure Management (CAFR/Planning)  Business Process Review Human Capital Management  Human Resources (HRIS)  Payroll  Documents Online  Professional Development  Base Analytics (COGNOS BI)  Employee Online Utilities  Utilities  Data Quality Suite  Meter Reading Interface to Sensus  Online Utility Exchange Interface  Common Cash Receipts  Optio  Citizen Engagement 2.2 Services Scope The following outlines the proposed services for the project management, installation, configuration, training, testing, and other services work necessary for the implementation of the HCM, Finance Enterprise, Utilities, software and represents a good-faith estimate based on our knowledge at time of the Agreement. Service Description Engagement High Level Tasks Deliverables Planning/Project Initiation/Analysis Completion of the following tasks are accomplished remotely:  Kick-Off Meeting  Formal Discovery Sessions at Start of Project  Detailed Scope and Contract Review o Discovery/Design and Workflow Review o Conversion Scope Review  Assignment of Project Team and Identify Key Team Members  Review platform features, define business processes including current and future state  Kick-Off Meeting  Draft Project Plan  Decision Workbook 6767 {EFM2297012.DOCX;4/13175.000001/ } 32 Engagement High Level Tasks Deliverables  Define consultant hours with knowledge transfer during scope and discovery  Key dates and milestones on deliverables…project schedule  Identify improvement opportunities through a Workflow Analysis  Collaboratively Develop a Roadmap that Drives Implementation Monitoring and Control/ Configuration Remote installation tasks consisting of the following:  Software Installation  Application Installation  Network Architecture Review Comprehension design and configuration task for the software solution:  Creation of Workflow  Report Development see Section A-Reports  System Configuration  Data Converted  Third-party software Integration Remote Data Conversion and Testing:  After Initial Data Load occurred within respective processes, CentralSquare will upload the subsequent rounds of corrected Customer provided legacy extract files into “software”  Monthly Status Report  Issues Log  Risk Register  Implementation Guide Testing Shared responsibilities for the following tasks:  System Validation  Application Tests  Integration Testing  Parallel Testing (typically for 2-3 payroll cycles)  3-5 test runs for Req to Check batches Completion of the following tasks are accomplished through distance learning sessions:  Test Workbook 6868 {EFM2297012.DOCX;4/13175.000001/ } 33 Engagement High Level Tasks Deliverables  End User Training  System Administration Training Deployment/ Closeout Tasks to be completed at or near the end of the implementation project:  Mock Go Live/Readiness Review  Go-live Activities  Post Go-live Support  Complete Project Documentation  Transition to Support Team  You will be introduced to your Customer Success and Support around Go-Live of phase 1  Final phase post Go-Live implementation support a 30-day overlap  Transition to Customer Success Manager  Go Live Cutover Plan (determined at Mock Go Live)  Service to Support/Customer Service Team Project Closeout Report Service Assumptions  CentralSquare is implementing a Commercially Available Off-the-Shelf solution.  Customer and CentralSquare expect that this SOW may be modified from time to time as mutually agreed in writing, given that CentralSquare may be provided or may obtain a more thorough understanding of Customer’s existing policies, practices, and operations through the post-contract planning and discovery process.  Customer and CentralSquare will jointly develop a detailed and fully integrated project plan and schedule.  Customer may obtain the services of an additional consultant to provide project review, advice, and consultation at their own cost. CentralSquare will make every attempt to cooperate with the efforts of this consultant within the context of Customer’s participation, deliverable review, and approval timeframes identified within this SOW and the Agreement.  Both the Customer and CentralSquare will furnish resources with appropriate skills and experience to handle the roles and responsibility described in this SOW.  CentralSquare is not responsible for quality of Customer’s legacy data or for the correction or resolution of data quality issues unless previously agreed upon. City of Tukwila Responsibilities  Customer will consider and approve business processes as necessary to maximize efficiencies according to best practices.  Customer will make resources available to assist as needed to fulfill the responsibilities herein.  Customer will form a Project Team and will make their Project Team members available for meetings; consulting and training sessions; discussions and conference calls; and, other related project tasks or events requested by CentralSquare, or as indicated in the project plan.  Customer Project Team members will respond to information requests from CentralSquare staff in the timeframe requested in accordance with the project plan as to minimize delays in the project.  Customer Project Manager, Project Team, Subject Matter Experts, and other key personnel (as determined by Customer) will participate in the Kick-Off Meeting.  Customer and CentralSquare Project Manager to develop a mutually agreeable schedule and agenda for the workflow discovery.  Customer will review recommendations in the Workflow Analysis Report and attend the scheduled presentation of the findings. CentralSquare will take into consideration existing workloads and internal 6969 {EFM2297012.DOCX;4/13175.000001/ } 34 deadlines. Customer will submit written questions or requests for clarification/revision to the CentralSquare Project Manager within five (5) to seven (7) business days of the presentation, with the exception of unforeseen delays which are not due to the actions of either party. Delays in review and approval of the Workflow Analysis Report can impact timely development of the interfaces and ultimately delay the Go-Live of the system.  Customer will participate in planning activities (conference calls, emails) with CentralSquare Application Installation Consultant and Technical Lead.  Customer will provide access to servers as required for CentralSquare Technical Lead and Application Installation Consultant to perform interface testing.  Customer will designate a representative as the Project Team’s Project Manager. The Project Manager will be the primary point of contact for project coordination throughout the project.  Customer will provide adequate training space and computers for the scheduled training throughout the project. The training spaces will include fully functioning networked computers, meeting the required CentralSquare hardware standards. CentralSquare may consider alternative meeting options such as WebEx, video conferencing, remote desktop, and conference calls when appropriate.  Customer’s Project Manager will act as the primary point of contact with non-CentralSquare third parties, including other vendors, state agencies, and local agencies that control products and/or databases with which CentralSquare products are to be interfaced.  Customer will provide expertise in third-party data, data mapping, and data validation.  Customer will be responsible for validating all data transferred into the HCM, Finance Enterprise, Utilities, and data transferred from HCM, Finance Enterprise, Utilities, into other third-party applications.  Customer will be responsible to get the legacy data “conversion ready”, meaning it is clean (duplicates, typos, missing information, etc. have been corrected) and in a format that CentralSquare can read for import purposes (Excel spreadsheet, for example).  Customer staff will provide a Customer data dictionary or equivalent documentation to facilitate mapping data elements between the legacy system and Finance Enterprise and HCM databases. If sufficient documentation is not available, Customer will need to provide screenshots of the legacy system to assist in mapping data elements.  Customer application owners will participate in testing activities.  Customer will provide verification and validation of the converted data into the designated non-production environment according to the Test Plan.  Approval to proceed: Customer will provide sign off of the converted data set in a non-production environment, approving the cycle to be completed in a production environment.  Customer will identify and schedule appropriate personnel to attend training.  Customer will complete all tasks on the Customer Go-Live preparation checklist in the designated timeframes.  Customer Project Manager and other key personnel (as determined by Customer) provide support and assistance throughout Go-Live event.  Final conversion sign off: Customer will provide sign off of the converted data set into the production environment. Out of Scope  Customized interfaces unless otherwise stated in this SOW. 3.0 Interfaces and Integrations The software Integrations and Interfaces identified during the sales process are described below. During the project, further discussion and discovery will take place and the Customer may request that modifications to the integration and/or interface services scope be performed by CentralSquare. Interfaces Scope 7070 {EFM2297012.DOCX;4/13175.000001/ } 35 Interfaces are process where data from the system is compiled in a format (stored procedure/batch export) for use into another Customer system. This is typically a single direction data transfer. Integrations Scope Integrations allow for the automatic communication and data transfer between systems. Integration development is the joint responsibility of the Customer and CentralSquare. The integrations included in this SOW were identified by CentralSquare based on the RFP and discovery. During the project, further discussion and discovery will take place and the Customer may request that modifications to the integration services scope be performed by CentralSquare. CentralSquare will provide necessary assistance with integration setup, testing, and implementation to verify communications and basic functionality. Upon completion of the Discovery work session(s), CentralSquare will provide the Customer with a list of triggers for extracting data from the CentralSquare database(s) to be submitted to the Customer’s third-party vendors and with the configuration details for data import. CentralSquare agrees to answer any database/interface questions and work with Customer’s vendors to complete integrations as necessary and in a timely manner. Roles and Responsibilities CentralSquare:  CentralSquare Project Team members will respond to information requests from Tukwila in the timeframe requested in accordance with the project plan as to minimize delays in the project.  CentralSquare consultants will advise and train Customer on using the CentralSquare standard file uploads to complete the data interface if applicable. CentralSquare will assist and advise on data mapping as required. CentralSquare supplies numerous API’s for integration the Customer can use should they choose. The API’s are part of the Fusion integration tool. Future APIs will be available at no additional cost; however, there may be additional implementation hours for configuration.  CentralSquare will assist and advise Customer on API integration.  CentralSquare will work with the Customer on testing and perfecting the integrations, until Customer signs off on each integration. Customer understands that any delay on their part may have an impact on the overall project schedule. CentralSquare understands that any delay on their part may also have an impact on the overall project schedule.  Where an existing CentralSquare relationship exists, work directly with CentralSquare third parties, including other vendors, state agencies, and local agencies that control products and/or databases with which CentralSquare products are to be interfaced.  Install all interfaces required for Go Live prior to System Integration Testing.  Training for SME’s on functionality and maintenance of each interface as installed and configured.  Provide Interface Control Documents to Customer upon request.  Where interfaces are custom, CentralSquare will work with the third-party consultants to receive a detailed statement of work around each custom item. CentralSquare will assist Customer as necessary in performing the integration testing and validation. Tukwila:  Customer will share with CentralSquare the planning and tasks of creating the integrations.  Act as the primary point of contact with third parties, including other vendors, state agencies, and local agencies that control products and/or databases with which CentralSquare products are to be interfaced.  Provide detailed schema, protocol, query specifications, as needed, and as available per interface.  Ensure design decisions are made conclusively and in a timely fashion.  Provide a Customer point of contact for each interface who is knowledgeable of the workflow and data requirements.  Responsible for validating all data transferred into Finance Enterprise, HR/Payroll, Utility Billing and data transferred from Finance Enterprise, HR/Payroll, Utility Billing to another application.  Provide SME(s) familiar with existing data structures in the legacy system to assist with the interface process.  Provide expertise in third-party data, data mapping, and data validation. 7171 {EFM2297012.DOCX;4/13175.000001/ } 36  Review and provide written feedback on Interface Control Documents within ten (10) business days of delivery, with the exception of unforeseen delays which are not due to the actions of either party. CentralSquare will take into consideration existing workloads and internal deadlines. Delays in review and approval of the ICDs can impact timely development of the interfaces and ultimately delay the Go-Live of the system. Assumptions:  CentralSquare is not responsible for the applicable third-party software, third-party hardware or third-party system software costs which may be required for the development of the interfaces describe  Additional requests and changes to the scope of the below interfaces will require a change order and may incur additional charges. Changes include any additional requirements including building integration via API and Web Services (if not already listed as the interface method.)  Standard interfaces are supported by CentralSquare without additional yearly services for maintenance. Custom interfaces will require additional development fees prior to installation as well as additional yearly services.  Following is a description of the interfaces to be provided. Interface Name Description of Interface (i.e. what data is expected to interface) Type of Interface (i.e. API, Web service, Batch) 1=way/2- way/Bi- directional Standard/ Custom Automated or manual Kronos TeleStaff Timekeeping for Payroll (Fire and Police) Batch 2-way Standard Manual NeoGov Timekeeping Time and attendance data into Payroll Time and Attendance Batch 2-way Standard Manual NeoGov Recruiting New hire information into Employee Master Batch 1-way Standard Automated NeoGov PAFs Position change information into Position Change PAF Batch 2-way Standard Automated Everything Benefits Online benefit forms Batch 1-way Standard Manual Washington State Dept. Retirement Systems Enrollment, retirement contributions, reporting. Batch 1-way Standard Manual US Bank Banking Batch 1-way Standard Manual 7272 {EFM2297012.DOCX;4/13175.000001/ } 37 Lucity Time data for Payroll. Asset information. API 2-way Standard Automated Utilities Cash Receipts Batch 1-way Standard Automated TRAKiT Cash Receipts Batch 1-way Standard Automated Golfnow Cash Receipts Batch 1-way Standard Automated Laserfiche Enterprise Content Management System Link 2-way Standard Automated Sensus Meter reading system for Utilities Batch 2-way Standard Automated PerfectMind Summary Transactions for Recreation Batch 1-way Standard Automated Cardknox Credit Card Processing Link 2-way Standard Automated ESRI ArcGIS* Utility Meter and Customer Location Mapping API 1-way Standard Automated Community Development* GTUR export into Utilities via the Land Import Utility Batch 1-way Standard Automated *Interface not currently available. If/when they are available, Customer will not be charged an additional subscription fee. 4.0 Application Software Implementation CentralSquare and Customer will conduct the following Installation as part of this project. SAAS Tasks Name Description Customer Role CentralSquare Role 1. Installation Initial Installation of CentralSquare’s Finance Enterprise software  Attend Discovery Call  Discovery Call  Complete install and data migration 2. Test Account Creation Test Account Creation is the creation of the test account which is cloned from the pre- production environment.  Validate Account  Create Test Account 7373 {EFM2297012.DOCX;4/13175.000001/ } 38 Assumptions  CentralSquare will migrate all Customer data into the HCM, Utilities, database and confirm that the Finance Enterprise software’s primary system functions are available.  CentralSquare will install the Finance, HCM, Utilities, software into our Hosted Cloud environment, managed by our Cloud services team centers and provide access to the Customer through a standard URL.  CentralSquare will complete all installation remotely  CentralSquare will create one (1) Production Account and one (1) Test Account as part of the Agreement. Additional accounts will require additional hours added under separate quote by mutual written agreement at CentralSquare’s prevailing rates.  CentralSquare provides one free Account refresh per year after Go-Live, Each additional refresh will require additional hours and additional cost. Refreshes that occur during the migration and during new version upgrades will not incur additional costs. Average refreshes are completed in approximately 4 hours at the current hourly rate and are performed within two weeks.  CentralSquare’s standard methodology for implementation of Enterprise Resource Planning systems is a structured sequence of product deployment beginning with Finance Enterprise then continuing with the deployment of HCM. Roles and Responsibilities CentralSquare:  Load files and perform initial configuration of all licensed CentralSquare applications, including base and add-on modules, and interfaces to third-party applications. Configuration includes activating appropriate modules, table set up, and selection of mandatory configuration settings based on combination of CentralSquare applications purchased.  Set up test environment as mirror copy of the production environment.  Conduct knowledge transfer of installation/set up procedures to Customer IT staff and/or other designated personnel responsible for set up and maintenance of end-user computers (4-6 people maximum).  Conduct a test to verify that CentralSquare applications have been installed and configured successfully, operating properly, and are ready to begin the implementation and configuration process. Note: Not all CentralSquare components may be ready at this point, for a full test, but a reasonable effort ensures CentralSquare components are ready for the next step in the process. CentralSquare installation services will ensure that all needed components are prepared and ready prior to conducting subsequent activities for the specific application area according to the agreed upon Project Schedule. Customer:  Participate in planning activities (conference calls, emails) with CentralSquare Application Installation Consultant and Technical Lead.  Provide access to Customer’s servers (including third-party) as required for CentralSquare Technical Lead and Application Installation Consultant to perform installation and migration tasks.  Attend knowledge transfer sessions focusing on how to prepare workstations or mobile computers to run CentralSquare applications. 5.0 Project Governance The purpose of the project governance is to define the resources required to adequately establish the business needs, objectives and priorities of the project, communicate the goals to other Project participants and provide support and guidance to accomplish these goals. Project governance also defines the structure for issue escalation and resolution, change control review and authority, and organizational change management activities. 7474 {EFM2297012.DOCX;4/13175.000001/ } 39 The preliminary governance structure establishes a clear escalation path when issues and risks require escalation above the Project Manager level. Further refinement to the structure, the process and specific roles and responsibilities may occur throughout the project. Changes to the governance will be mutually agreed upon, documented in writing and communicated to all impacted parties. Organizational change management plays a vital role in achieving high levels of user adoption and realization of benefits from efficiencies gained during prescriptive process changes throughout the implementation. Managing the organizational change acceptance through the establishment of a formal Change Management Team is a key function that drives project success. Customer Personnel Sponsorship Team (ST) The Customer’s ST provides support to the project by allocating resources, providing strategic direction, communicating key issues about the project and the project’s overall importance to the Customer’s organization. When called upon, the ST will also act as the final authority on all escalated project issues. The ST engages in the project, as needed, to provide necessary support, oversight, guidance, and escalation, and may participate in day-to-day activities in their normal job roles. The ST will empower the Product Owner, Project Manager, Change Manager, Project Management Team and the functional team leads to make critical business decisions for the Customer. Specifically, the ST will:  Understand and support the cultural change necessary for the project  Foster an appreciation of the value of an integrated system throughout the organization  Oversee the project team and the project as a whole  Participate in regular meetings so it is current on all project progress, project decisions, and achievement of project milestones  Communicate the importance of the project to City departments along with other department directors and the Change Manager.  Be responsible for making timely decisions on critical project or policy issues. The Project Management Team (PMT) Customer project team members will work under the direction of the designated Functional Team Leads for each area in the system. The Functional Team leads have detailed subject matter expertise and are empowered to make or obtain from the Steering Committee appropriate business process and configuration decisions in their respective areas. The Functional Team Leads are tasked, by the Customer Project Manager, with carrying out all project tasks described in the SOW including business process analysis, configuration, documentation, testing, training, and all other required Customer tasks. The Functional Team Leads will be responsible for and empowered to implement the new system in the best interests of the Customer consistent with the project goals, project vision, and direction from the Project Manager, the PMT and the ST. Product Owner The Product Owner (PO) is the management level resource that will be responsible for accurately communicating the requirements, assumptions and constraints of the business unit to the Implementation team, (listed in the CentralSquare personnel section.) The work performed by the PO will include the clarification of business requirements, testing and communication of project status to staff. The PO will work closely with the City’s PM and Central Square’s PM.  The Customer’s Product Owner will communicate and reinforce the vision  Collaborate with stakeholders and the Implementation team to define and communicate the roadmap  Collaborate with the Change Management Team  Clarify requirements and priorities with stakeholders and team  Manage the Functional Team Leads and SMEs 7575 {EFM2297012.DOCX;4/13175.000001/ } 40 Project Manager (PM) The Customer’s PM will:  Be the primary contact for the project  Coordinate Customer’s project team members  Coordinate all CentralSquare activities with the CentralSquare Project Manager  Coordinate the subject matter experts (SMEs) in the Customer’s organization City  Be responsible for reporting to the ST  Ensure all deliverables are reviewed on a timely basis by the Customer  Co-manage the overall implementation schedule with the CentralSquare PM  Collaborate with the Change Management Team Functional Team Leads Project team members will work under the direction of the designated Functional Team Leads for each area in the system. The Functional Team Leads have detailed subject matter expertise and are empowered to make appropriate business process and configuration decisions in their respective areas. The Functional Team Leads are tasked with carrying out all project tasks described in the SOW including planning, business process analysis, configuration, documentation, testing, training, and all other required Customer tasks. The Functional Team Leads will be responsible for and empowered to implement the new system in the best interests of the Customer consistent with the project goals, project vision, and direction from the Project Manager, the PMT and the ST. Subject Matter Experts (SMEs) SMEs have special, in-depth knowledge of Customer’s current legacy systems and processes. Their opinions will be sought in defining business needs, test requirements, and software functionality. During the implementation, the Customer’s SMEs will dedicate a considerable amount of their time to the project because they may be involved in multiple roles, including participating in training and other workshops, conducting end user training, reviewing project deliverables, performing various testing tasks, etc. Quality Assurance Team (QAT) The Customer will form a QAT made up of individual(s) who will participate in the review and acceptance of each CentralSquare deliverable and conduct periodic project health checks to ensure tasks are completed on time, on budget and to the satisfaction of the Customer. Furthermore, the QAT will work closely with the Project Manager to ensure all contractual matters are in compliance and services delivered are in accordance with the terms and conditions of the CentralSquare/Customer agreement as well as with the SOW. Assumptions:  The Customer may have multiple staff providing the roles outlined above and the same staff providing multiple roles. CentralSquare Personnel Project Sponsor CentralSquare Project Sponsor will have indirect involvement with the project and is part of the escalation process. The Project’s sponsor will offer additional support to the CentralSquare project team and collaborate with other third-party consultants who are involved on this project. Specifically, the Project Sponsor will:  Provide support to CentralSquare’s Project Managers in reporting project progress to ST.  Approve and sign-off on any material changes to project scope or staffing changes. Project Manager 7676 {EFM2297012.DOCX;4/13175.000001/ } 41 The CentralSquare Project Manager will coordinate all project activities with the Customer and perform the following:  Serve as the point person for all project issues (the first escalation point)  Be responsible for project performance, deliverables as they are outlined in the SOW, and the milestones.  Provide updates to the Customer’s ST and the PMT in accordance with project plan.  Fulfill Go Live dates.  Support the Customer Project Manager in monitoring and reporting overall implementation progress  Monitor and report progress on CentralSquare’s responsibilities on a weekly basis  Immediately notify the Customer Project Manager, the PMT and the ST of any issue that could delay the project.  Ensure Software installation occurs as per the project schedule.  Schedule CentralSquare Staff according to the project plan.  Facilitate coordination between all CentralSquare departments.  Monitor the work plan and schedule and make course corrections as necessary.  Prepare bi-weekly status reports along with notes from meetings and calls.  Develop meeting agendas.  Provide issue resolution status, tracking, and procedures.  Identify personnel, equipment, facilities and resources that will be required to perform services by CentralSquare. Functional Leads (Consultants, Developers, and Technical resources)  Install application in agreed upon environments.  Work with the Customer Functional Team Leads and SMEs to design and configure the functional components of the Finance Enterprise software for optimal long-term use.  Document decisions made during configuration in the weekly site reports.  Lead the Finance Enterprise software configuration with assistance from the Customer’s Functional Team Lleads.  Check that software operates after configuration as per its documentation.  Assist with the resolution of issues and tasks.  Schedule the training of the Customer Functional Team Lleads and SMEs during the configuration of software.  Provide and assist with data conversion guides.  Create and deliver interface programs according to Customer specifications and this SOW.  Provide training on security and assist with set up.  Provide training on workflow and assist with set up.  Provide samples of and training on the creation of forms and reports. 6.0 Quality Assurance Project Oversight The CentralSquare Project Management Organization (PMO) will provide Project Oversight throughout the project life cycle. Assuring the project is progressing as outlined in the project management plan and is achieving the Customer’s goals is critical to overall project success and eventual adoption of the system by Customer. Said oversite includes, but is not necessarily limited to:  Reviewing project deliverables in Section 2.2 – Service Description for quality and assisting the Project Team in making corrections as required.  Providing assistance with any areas of high risk identified throughout the project.  Holding a monthly meeting with the Customer PMT to discuss and assess their view of the project progress. 7777 {EFM2297012.DOCX;4/13175.000001/ } 42  Communicating any challenges internally to leadership throughout CentralSquare’s organization to assist in resolving issues.  Providing feedback to CentralSquare project staff and CentralSquare PMO on the results of the oversight activities.  Helping identify lessons learned that can improve performance on future phases.  Issues that will impact the quality, timeline, and overall goals will be identified, tracked, resolved and documented in the Issues/Tasks Log. These issues will be presented to the PMT and the Steering Committee during the regular cadence meetings as required. 7.0 Deliverable and Milestone Approval & Acceptance The Customer will review, approve, and provide written acceptance for all Milestones outlined in the Agreement by following the below process:  CentralSquare will submit in writing to the Customer a Deliverable Acceptance form for each completed Deliverable outlined on the table in Section 2.2 – Service Description.  The Customer will identify in writing any required changes, deficiencies, and/or additions necessary, within ten (10) business days from the form being delivered to the Customer for each completed Deliverable, unless the review timeframe is deemed by the Customer to be insufficient for a proper review. In such cases, the Customer Project Manager will request an extension in writing to the CentralSquare Project Manager, and the parties will mutually agree to a reasonable alternative to the original deadline. Delays in providing notification of required changes can impact timely development of the interfaces and ultimately delay the Go-Live of the system.  CentralSquare will review deliverables which are not approved and create a plan to address the deficiencies within ten (10) business days, with the exception of unforeseen delays which are not due to the actions of either party. CentralSquare will take into consideration existing workloads and internal deadlines. Once the deliverable has been corrected or the milestone achieved, a revised completion form will be submitted. The Customer will then review the deliverable or milestone and provide any additional comments on any required changes, deficiencies, and/or additions necessary within ten (10) business days from the updated completion form being delivered to Customer. Again, if the review timeframe is deemed to be insufficient for a proper review, the Customer Project Manager will request an extension in writing to the CentralSquare Project Manager, and the parties will mutually agree to a reasonable alternative to the original deadline. This process will be repeated until the Customer grants approval and signoff on the deliverable or milestone.  Upon approval of the deliverable or milestone, the Customer Project Manager will sign the completion form and return it to CentralSquare Project Manager.  CentralSquare has agreed to phase implementation and to the best of resource availability. The proposed phases include: PHASE Installations 1 General Ledger, Accounts Payable, Accounts Receivable, Cash Receipts 2 Remaining Finance 3 HR, Payroll 4 Utilities 8.0 Dispute Resolution Procedure The Customer and CentralSquare should anticipate challenging issues to arise throughout the implementation process due to the complex magnitude of this project. (eg. CentralSquare staff is not performing to the expectations of CentralSquare and Tukwila.) In order for these issues to be remedied the Customer and CentralSquare will utilize the following Dispute Resolution Procedure: All communication regarding the project should be directed to each party’s Project Managers and the Customer to maintain consistent communication between the parties. Scheduled weekly calls/meetings will be maintained between the two Project Managers and the Customer’s PMT. 7878 {EFM2297012.DOCX;4/13175.000001/ } 43 All issues or concerns will be discussed actively and openly between all parties. If issues begin to interfere with the progression of the project, the Customer and/or CentralSquare should escalate issues to CentralSquare management in the sequence below, as needed: Name and Role Phone Email Michael DiOrio, Sr. Director of Professional Services 407-304-3024 michael.diorio@centralsquare.com George Slyman, Sr. Director of Professional Services 360-303-9362 George.Slyman@centralsquare.com Mike Poth, VP Professional Services 703-328-0979 michael.poth@CentralSquare.com Escalation to Customer Management Team should be as follows: Name and Role Phone Email Joel Bush 206-454-7569 Joel.Bush@TukwilaWA.gov Tami Eberle-Harris 206-433-7153 Tami.Harris@TukwilaWA.gov Vicky Carlsen 206-433-1839 Vicky.Carlsen@TukwilaWA.gov Tony Cullerton 206-433-1838 Tony.cullerton@tukwilawa.gov Any changes to either party’s Implementation Team or Management Team will be communicated to the other party at the following scheduled weekly call/meeting at the latest. The Customer and CentralSquare may request a change to this scope of work by following the process outlined in the Agreement. 9.0 Change Requests and Changes to this Statement of Work The Customer and CentralSquare may request changes to the services outlined in this SOW by following the process outlined in this section. Such a request is considered acceptable only upon full execution of a written Change Order form signed by both parties. The change order will provide sufficient detail including the following.  Detailed description of resources (both Customer and CentralSquare) required to perform the change.  Specifications if applicable  Implementation plans  Schedule for completion  Verification and approval criteria  Impact on current milestones and payment schedule  Additional milestones (if applicable)  Impact on project goals and objectives  Price The other party has five (5) business days (or as mutually agreed upon) to determine whether it agrees to the Change Request. If agreement to pursue a Change Order does not occur in five (5) business days of the initiation of the Change Request (or as mutually agreed upon), it is assumed that the Change Request has been rejected and any remaining issues will be identified on the Issues Log and/or follow the above-mentioned dispute resolution process. 10.0 Acts or Omissions of Customer If CentralSquare’s performance of its obligations under this SOW is prevented or delayed by any act or omission of Customer, any Authorized Service Recipient, or their agents, subcontractors, consultants, or employees 7979 {EFM2297012.DOCX;4/13175.000001/ } 44 outside of CentralSquare's control, CentralSquare Provider shall not be deemed in breach of its obligations under this SOW or otherwise liable for any costs, charges, or losses sustained or incurred by Customer, in each case, or for any delays in delivery of any services, products or deliverables under this SOW to the extent arising directly or indirectly from such prevention or delay. Additionally, if either parties’ performance of its obligations under this SOW is prevented or delayed by any act or omission of the other, and the non-delaying party expends reasonable costs, charges, or sustains losses, then the party causing the delay is responsible to reimburse the other party for all costs, charges, or sustained losses to the extent they arise directly or indirectly from such prevention or delay. To avoid penalties associated with cancelation or delay of any deliverables, products, or services that were to be provided in accordance with the terms of this SOW as defined in the mutually agreed upon project schedule, either party must provide notice of cancellation a minimum of ten (10) business days prior to scheduled event. Section A - Reporting The below list details Tukwila’s desired reports. CentralSquare and Tukwila will collaborate during the project plan phase to ensure all reporting needs are evaluated and met. Benefit Administration Report Pull all benefit eligible employees by department/fixed cost designation. Provide a count of employees per fixed cost and allocated 3.85 per employee per month. Split cost for employees with more than one fixed cost account. New Hire Report The report includes a parameter to choose all newly hired employees within a specified time period and includes all report fields needed. Exportable to excel as a CSV. Teamsters Dues Report Pulls all employees of a bargaining unit with name, address, hourly rate, employee status, calculated dues and term date. The report includes parameters to pull for a specific payroll. PERS3 Check Detail Provides a report of all PERS3 members, split by those that have chosen WSIB and Self Directed investments. Subtotal benefits and deductions by investment choice and a grand total for all PERS3 members. Includes parameters to choose the pay period. Employee List by Salary Group Group employees by salary group with name, address, hire, term, position title, hourly rate, monthly salary and annual salary. Medical/Dental Report Group by medical election (Kaiser or HMA). Include employee name, emp number, bargaining unit, medical, dental, vision elections. Include the employee deduction total, benefit total, and indicate employee coverage, spouse coverage and number of covered dependents. Include parameter to pull information for a specific pay period. Include ability to show/hide fields of this report. Dependent Report Report includes employee name, all covered dependents, dependent SSN, dependent birthdate and relationship to the employee. Employee List Employee list with employee name, hire date, shift code, position appointment date, City department. Ability to sort various ways and filter by union group, department, etc. Benefit/Deduction Report Pull information by employee or bargaining unit to choose any ben/ded plan and report on the current information in place for the specified plan. OSHA Hours Report Pull report to show the nember of hours worked for all employees charged to each fixed cost account for a specified date range. OSHA Emp Count Total number of employees charged to each fixed cost account number by pay period for a specified range of periods. Includes a grand total of employees. Census Report Employee first name, last name, SSN, Gender, Birth Date, Hire Date, Monthly salary, Annual hours worked, address, bargaining unit. 8080 {EFM2297012.DOCX;4/13175.000001/ } 45 Census Report 2 Emp name, hire, title, annual salary earned for a specified year. Include ability to filter by group of employee bargaining unit or by full or part time employees. Extra Labor Report Report to show all part time employees by department showing monthly hours worked for each month of the past 12 months. Shows pension eligibility, number of months worked over 70 hours, and average number of hours worked over the 12 month period. Also shows the total hours worked during the specified period. Activity History Pull all hour types paid for an employee or group of employees for a specified period. Ability to filter for specific hour types. Used for retro calculations. Employee time reporting for open pay periods A report showing all activity entered for all employees by day with daily totals, total by hourtype and total hours entered for the period. Includes activity notes, supervisor approval, approval date and time and supervisor comments. Expense detail report A report showing all activity for a specified period, filtered by a department or departments including name, fixed cost, pa code, activity notes, earnings and benefits. Labor Cost Analysis A report showing the total cost of labor for an employee or employees for a specific period of time or specific hours. Hours could include regular or overtime hours including benefits. Compensated Abscense Report A report showing employees and leave accruals/ liability at year end Leave Balance Report Ability to pull current and historial leave balances, usage, and accruals Statutory Quarterly/ Annual Reporting 941, PFMLA, SUTA, FUTA, L&I, W-2 Employee Position Report Ability to pull current and historial position data by position number and employee details Hourly Labor Cost by EE Pull employee data to annualize hourly rate to include ER benefit costs DRS Pension Reports Ability to build DRS Pension report to capture DRS reporting requirements to align with City CBA Metro Report Quarterly report of sewerage customers Valley View quarterly Quarterly report of sewer usage each month. Main meter consumption less deduct meter consumption for total sewer consumption. Master meter list List of acct. no, acct. type, name, service location, phone no. meter size, meter number, register no. and radio no. Deduct meter list List of acct no., acct type, name, service location, phone no., mtr size, mtr no., register no. and radio no Consumption Report by Type Report for main and sub-consumption by meter size Zero Consumption Report List of active accounts with no consumption for the month Highest Monthly Consumption Top consumption users each month Monthly Reclaimed Water Readings List of reclaimed water accounts with read dates, meter read, and consumption 8181 {EFM2297012.DOCX;4/13175.000001/ } 46 EXHIBIT 6 Vendor Security Requirements City of Tukwila Security Requirements Introduction During the term of this agreement, the Company shall operate an information security program designed to meet the confidentiality, integrity, and availability requirements of the service or product being supplied. The program shall include at a minimum the following security measures. Governance 1. Information Security Policy: Company shall develop, implement, and maintain an information security policy and shall communicate the policy to all staff and contractors. 2. Information Security Accountability: Company shall appoint an employee of at least manager level who shall be accountable for the overall information security program. 3. Risk Management: Company shall employ a formal risk assessment process to identify security risks which may impact the products or services being supplied, and mitigate risks in a timely manner commensurate with the risk. Asset Management 4. Asset Inventory: Company shall maintain an inventory of all hardware and software assets, including asset ownership. 5. Data Classification: Company shall develop, implement, and maintain a data classification scheme and process designed to ensure that data is protected according to its confidentiality requirements. Supply Chain Risk Management 6. Supplier Security Assessments: Company shall engage in appropriate due diligence assessments of potential suppliers which may impact the security of the services or products being supplied. 7. Security in Supplier Agreements: Company shall ensure that agreements with suppliers who may impact the security of the services or products being supplied contain appropriate security requirements. Human Resource Security 8. Information Security Awareness: Company shall develop and implement an information security awareness program designed to ensure that all employees and contractors receive security education as relevant to their job function. 9. Background Checks: Company shall conduct appropriate background checks on all new employees based on the sensitivity of the role that they are being hired for. Identity Management, Authentication and Access Control 10. Authentication: Company shall ensure that all access, by employees or contractors, to its information systems used to provide services or products being supplied shall require appropriate authentication controls that at a minimum will include: a. Strong passwords or multi-factor authentication for users b. Multi-factor authentication for all remote access 11. Authorization: Company shall ensure that all access to its information systems used to provide services or products being supplied shall be approved by management. 8282 {EFM2297012.DOCX;4/13175.000001/ } 47 12. Privileged Account Management: Company shall appropriately manage and control privileged accounts on its information systems that at a minimum will include: a. Use of dedicated accounts for privileged activity b. Maintaining an inventory of privileged accounts 13. Access Termination: Company shall develop and maintain a process designed to ensure that user access is revoked upon termination of employment, or contract for contractors. Data Security 14. Encryption: Company shall ensure that all laptops, mobile devices, and removable media, including those that are owned by Company employees or contractors, which may be used to store, process, or transport organizational data are encrypted at all times. [Scoping guideline: this requirement may be removed if the Company is not expected to possess any confidential or sensitive organizational data] 15. Secure Disposal: Company shall ensure that all media which may be used to store, process, or transport organizational data is disposed of in a secure manner. [Scoping guideline: this requirement may be removed if the Company is not expected to possess any confidential or sensitive organizational data] System Acquisition, Development and Maintenance 16. Security Requirements: Company shall ensure that information security requirements are defined for all new information systems, whether acquired or developed. 17. Separation of Environments: Company shall ensure that development and testing environments are separate from their production environment. 18. Data Anonymization: Company shall ensure that [Company’s name]’s data will not be used in the development or testing of new systems unless the data is appropriately anonymized. 19. Secure Coding: Company shall ensure that all applications are developed with secure coding practices, including OWASP Top 10 Most Critical Web Application Security Risks. Physical and Environmental Security 20. Risk Assessment: Company shall use a formal risk assessment methodology to identify physical and environmental threats and shall implement controls to minimize the risks. Information Protection Processes and Procedure 21. Hardening: Company shall develop and implement security configuration baselines for all endpoint and network devices types. 22. Network Segregation: Company shall segregate its network into zones based on trust levels, and control the flow of traffic between zones. 23. Anti-Malware: Company shall ensure that all information systems that are susceptible to malware are protected by up-to-date anti-malware software. 24. Wireless Access Control: Company shall ensure that wireless network access is protected, including at a minimum: a. All wireless network access should be encrypted b. All wireless network access to the production network should be authenticated using multi-factor authentication such as machine certificates c. Wireless network access for personal devices and guest access should be segregated from the production network 25. Patching: Company shall evaluate, test, and apply information system patches in a timely fashion according to their risk. 26. Backup and Recovery: Company shall implement a backup and recovery process designed to ensure that data can be recovered in the event of unexpected loss. Protective Technology 8383 {EFM2297012.DOCX;4/13175.000001/ } 48 27. Logging: Company shall ensure that security event logging requirements been defined, and that all information systems are configured to meet logging requirements. 28. Intrusion Detection: Company shall deploy intrusion detection or prevention systems at the network perimeter. 29. URL Filtering: Company shall deploy tools to limit web browsing activity based on URL categories. 30. Denial of Service Protection: Company shall deploy controls to detect and mitigate denial of service attacks. Security Continuous Monitoring 31. Security Monitoring: Company shall deploy automated tools to collect, correlate, and analyze security event logs from multiple sources, and monitor them for suspected security incidents. 32. Vulnerability Assessments: Company shall conduct vulnerability assessments against all Internet- facing information systems on a regular basis, no less often than quarterly. 33. Penetration Testing: Company shall perform penetration tests on all web applications and services, in accordance with standard penetration testing methodologies, on a regular basis, no less often than annually. Information Security Incident Management 34. Incident Response: Company shall develop, implement, and maintain an information security incident response process, and will test the process on a regular basis, no less often than annually. 8484 {EFM2297012.DOCX;4/13175.000001/ } 49 Exhibit 7 City of Tukwila Data Protection and Information Security Agreement This Data Protection and Information Security Exhibit (“Exhibit”) is an attachment to the Agreement and sets forth the data protection and information security requirements of City of Tukwila. This Exhibit includes by reference the terms and conditions of the Agreement. In the event of any inconsistencies between this Exhibit and the Agreement, the parties agree that the terms and conditions of the Exhibit will prevail. Throughout the term of the Agreement and for as long as Vendor controls, possesses, stores, transmits, or processes Confidential Information as part of the Services provided to City of Tukwila, Vendor will comply with the requirements set forth in this Exhibit. Any breach of this Exhibit will be deemed a material breach under the Agreement. 1. Definitions “Authorized Personnel” for the purposes of this Exhibit, means Vendor’s employees or subcontractors who: (i) have a need to receive or access Confidential Information or Personal Information to enable Vendor to perform its obligations under the Agreement; and (ii) are bound in writing with Vendor by confidentiality obligations sufficient for the protection of Confidential Information and Personal Information in accordance with the terms and conditions set forth in the Agreement and this Exhibit. “Common Software Vulnerabilities” (CSV) are application defects and errors that are commonly exploited in software. This includes but is not limited to: (i) The CWE/SANS Top 25 Programming Errors – see http://cwe.mitre.org/top25/ and http://www.sans.org/top25-software-errors/ (ii) The Open Web Application Security Project’s (OWASP) “Top Ten Project” – see http://www.owasp.org “Confidential Information” is as defined in the Agreement, and includes Personal Information; provided that, Personal Information shall remain Confidential Information even if at the time of disclosure or collection, or later, it is or becomes known to the public. “Industry Standards” mean generally recognized industry standards, best practices, and benchmarks including but not limited to: (i) Payment Card Industry Data Security Standards (“PCI DSS”) – see http://www.pcisecuritystandards.org/ (ii) National Institute for Standards and Technology – see http://csrc.nist.gov/ (iii) ISO / IEC 27000-series – see http://www.iso27001security.com/ (iv) COBIT 5 – http://www.isaca.org/cobit/ (v) Cyber Security Framework – see http://www.nist.gov/cyberframework/ (vi) Cloud Security Alliance – see https://cloudsecurityalliance.org/ (vii) Other standards applicable to the services provided by Vendor to City of Tukwila “Information Protection Laws” mean all local, state, federal and international laws, standards, guidelines, policies, regulations and procedures applicable to Vendor or City of Tukwila pertaining to data security, confidentiality, privacy, and breach notification. “Personal Information” also known as Personally Identifiable Information (PII), is information of City of Tukwila customers, employees and subcontractors or their devices gathered or used by Vendor that can be used on its own or combined with other information to identify, contact, or locate a person, or to identify an individual or his or her device in context. Examples of Personal Information include name, social security number or national identifier, biometric records, driver’s license number, device identifier, IP address, MAC address, either alone or when combined with other personal or identifying information which is linked or linkable to a specific individual or 8585 {EFM2297012.DOCX;4/13175.000001/ } 50 device, such as date and place of birth, mother’s maiden name, etc. Personal Information might also be defined under applicable state or federal law in the event of a Security Incident. “Security Incident” is any actual or suspected occurrence of: (i) Unauthorized access, use, alteration, disclosure, loss, theft of, or destruction of Confidential Information or the systems / storage media containing Confidential Information (ii) Illicit or malicious code, phishing, spamming, spoofing (iii) Unauthorized use of, or unauthorized access to, Vendor’s systems (iv) Inability to access Confidential Information or Vendor systems as a result of a Denial of Service (DOS) or Distributed Denial of Service (DDOS) attack (v) Loss of Confidential Information due to a breach of security “Security Vulnerability” is an application, operating system, or system flaw (including but not limited to associated process, computer, device, network, or software weakness) that can be exploited resulting in a Security Incident. 2. Roles of the Parties and Compliance with Information Protection Laws As between City of Tukwila and Vendor, City of Tukwila shall be the principal and Vendor shall be its agent with respect to the collection, use, processing and disclosure of all Confidential Information. The Parties shall comply with their respective obligations as the principal (e.g., data owner/controller/covered entity) and agent (e.g., data processor/business associate/trading partner) under all Information Protection Laws. The Parties acknowledge that, with respect to all Confidential Information processed by Vendor for the purpose of providing the Services under this Agreement: a) City of Tukwila shall determine the scope, purpose, and manner in which such Confidential Information may be accessed or processed by Vendor, and Vendor shall limit its access to or use of Confidential Information to that which is necessary to provide the Services, comply with applicable laws, or as otherwise directed by City of Tukwila; b) Each party shall be responsible for compliance with Information Protection Laws in accordance with their respective roles; and c) Vendor and City of Tukwila shall implement the technical and organizational measures specified in this Exhibit and any additional procedures agreed upon pursuant to a Statement of Work (“SOW”) to protect Confidential Information against unauthorized use, destruction or loss, alteration, disclosure or access. 3. General Security Requirements Vendor will have an information security program that has been developed, implemented and maintained in accordance with Industry Standards. At a minimum, Vendor’s information security program will include, but not be limited to, the following elements: 3.1 Information Security Program Management. Vendor will have or assign a qualified member of its workforce or commission a reputable third-party service provider to be responsible for the development, implementation and maintenance of Vendor’s enterprise information security program. 3.2 Policies and Standards. To protect City of Tukwila Confidential Information, Vendor will implement and maintain reasonable security that complies with Information Protection Laws and meets data security Industry Standards. a) Security Policies and Standards. Vendor will maintain formal written information security policies and standards that: (i) Define the administrative, physical, and technological controls to protect the confidentiality, integrity, and availability of Confidential Information, City of Tukwila systems, and Vendor systems (including mobile devices) used in providing Services to City of Tukwila (ii) Encompasses secure access, retention, and transport of Confidential Information (iii) Provide for disciplinary or legal action in the event of violation of policy by employees or Vendor subcontractors and vendors 8686 {EFM2297012.DOCX;4/13175.000001/ } 51 (iv) Prevent unauthorized access to City of Tukwila data, City of Tukwila systems, and Vendor systems, including access by Vendor’s terminated employees and subcontractors (v) Employ the requirements for assessment, monitoring and auditing procedures to ensure Vendor is compliant with the policies (vi) Conduct an annual assessment of the policies, and upon City of Tukwila written request, provide attestation of compliance. b) In the SOW or other document, Vendor will identify to City of Tukwila all third-party vendors (including those providing subcontractors to Vendor) involved in the provision of the Services to City of Tukwila, and will specify those third-party vendors that will have access to Confidential Information. 3.3 Security and Privacy Training. Vendor, at its expense, will train new and existing employees and subcontractors to comply with the data security and data privacy obligations under this Agreement and this Exhibit. Ongoing training is to be provided at least annually and more frequently as appropriate or requested by City of Tukwila. City of Tukwila may provide specific training material to Vendor to include in its employee/subcontractor training. 3.4 Access Control. Vendor will ensure that City of Tukwila Confidential Information will be accessible only by Authorized Personnel after appropriate user authentication and access controls (including but not limited to two-factor authentication) that satisfy the requirements of this Exhibit. Each Authorized Personnel shall have unique access credentials and shall receive training which includes a prohibition on sharing access credentials with any other person. Vendor should maintain access logs relevant to City of Tukwila Confidential Information for a minimum of six (6) months or other mutually agreed upon duration. 3.5 Data Backup. The parties shall agree in an SOW or other document upon the categories of City of Tukwila Confidential Information that are required to be backed up by Vendor. Unless otherwise agreed to in writing by City of Tukwila, backups of City of Tukwila Confidential Information shall reside solely in the United States. For the orderly and timely recovery of Confidential Information in the event of a service interruption: a) Vendor will store a backup of Confidential Information at a secure offsite facility and maintain a contemporaneous backup of Confidential Information on-site to meet needed data recovery time objectives. b) Vendor will encrypt and isolate all City of Tukwila backup data on portable media from any backup data of Vendor’s other customers. 3.6 Business Continuity Planning (BCP) and Disaster Recovery (DR). Vendor will maintain an appropriate business continuity and disaster recovery plan to enable Vendor to adequately respond to, and recover from business interruptions involving City of Tukwila Confidential Information or services provided by Vendor to City of Tukwila. a) At a minimum, Vendor will test the BCP & DR plan annually, in accordance with Industry Standards, to ensure that the business interruption and disaster objectives set forth in this Exhibit have been met and will promptly remedy any failures. Upon City of Tukwila’s request, Vendor will provide City of Tukwila with a written summary of the annual test results. b) In the event of a business interruption that activates the BCP & DR plan affecting the Services or Confidential Information of City of Tukwila, Vendor will notify City of Tukwila’s designated Security Contact as soon as possible. c) Vendor will allow City of Tukwila or its authorized third party, upon a minimum of thirty (30) days’ notice to Vendor’s designated Security Contact, to perform an assessment of Vendor’s BCP and DR plans once annually, or more frequently if agreed to in an SOW or other document. Following notice provided by City of Tukwila, the parties will meet to determine the scope and timing of the assessment. 3.7 Network Security. Vendor agrees to implement and maintain network security controls that conform to Industry Standards including but not limited to the following: a) Firewalls. Vendor will utilize firewalls to manage and restrict inbound, outbound and internal network traffic to only the necessary hosts and network resources. 8787 {EFM2297012.DOCX;4/13175.000001/ } 52 b) Network Architecture. Vendor will appropriately segment its network to only allow authorized hosts and users to traverse areas of the network and access resources that are required for their job responsibilities. c) Demilitarized Zone (DMZ). Vendor will ensure that publicly accessible servers are placed on a separate, isolated network segment typically referred to as the DMZ. d) Wireless Security. Vendor will ensure that its wireless network(s) only utilize strong encryption, such as WPA2. e) Intrusion Detection/Intrusion Prevention (IDS/IPS) System – Vendor will have an IDS and/or IPS in place to detect inappropriate, incorrect, or anomalous activity and determine whether Vendor’s computer network and/or server(s) have experienced an unauthorized intrusion. 3.8 Application and Software Security. Vendor, should it provide software applications or Software as a Service (SaaS) to City of Tukwila, agrees that its product(s) will remain secure from Software Vulnerabilities and, at a minimum, incorporate the following: a) Malicious Code Protection. Vendor’s software development processes and environment must protect against malicious code being introduced into its product(s) future releases and/or updates. b) Application Level Security. Vendor must use a reputable 3rd party to conduct static/manual application vulnerability scans on the application(s) software provided to City of Tukwila for each major code release or at the time of contract renewal. An internally produced static/manual test from the Vendor will not be accepted. Results of the application testing will be provided to City of Tukwila in a summary report and vulnerabilities categorized as Very High, High or that have been identified as part of the OWASP top 10 and SANS top 25 within ten (10) weeks of identification. c) Vulnerability Management. Vendor agrees at all times to provide, maintain and support its software and subsequent updates, upgrades, and bug fixes such that the software is, and remains secure from Common Software Vulnerabilities. d) Logging. Vendor software that controls access to Confidential Information must log and track all access to the information. e) Updates and Patches. Vendor agrees to promptly provide updates and patches to remediate Security Vulnerabilities that are exploitable. Upon City of Tukwila’s request, Vendor shall provide information on remediation efforts of known Security Vulnerabilities. 3.9 Data Security. Vendor agrees to preserve the confidentiality, integrity and accessibility of City of Tukwila Confidential Information with administrative, technical and physical measures that conform to Industry Standards that Vendor then applies to its own systems and processing environment. Unless otherwise agreed to in writing by City of Tukwila, Vendor agrees that any and all City of Tukwila Confidential Information will be stored, processed, and maintained solely on designated systems located in the continental United States. Additionally: a) Encryption. Vendor agrees that all City of Tukwila Confidential Information and Personal Information will be encrypted with a Federal Information Processing Standard (FIPS) compliant encryption product, also referred to as 140-2 compliant. Symmetric keys will be encrypted with a minimum of 128-bit key and asymmetric encryption requires a minimum of 1024 bit key length. Encryption will be utilized in the following instances:  City of Tukwila Confidential Information and Personal Information will be stored on any portable computing device or any portable storage medium.  City of Tukwila Confidential Information and Personal Information will be transmitted or exchanged over a public network. b) Data Segregation. Vendor will segregate City of Tukwila Confidential Information and Personal Information from Vendor’s data and from the data of Vendor’s other customers or third parties. 3.10 Data Re-Use. Vendor agrees that any and all data exchanged shall be used expressly and solely for the purposes enumerated in the Agreement. Data shall not be distributed, repurposed or shared across other applications, environments, or business units of Vendor. Vendor further agrees that no Confidential Information of any kind shall be transmitted, exchanged or otherwise passed to other parties except on a case-by-case basis as specifically agreed to in writing by City of Tukwila. 8888 {EFM2297012.DOCX;4/13175.000001/ } 53 3.11 Data Destruction and Data Retention. Upon expiration or termination of this Agreement or upon City of Tukwila’s written request, Vendor and its Authorized Personnel will promptly return to City of Tukwila all City of Tukwila Confidential Information and/or securely destroy City of Tukwila Confidential Information. At a minimum, destruction of data activity is to be performed according to the standards enumerated by the National Institute of Standards, Guidelines for Media Sanitization - see http://csrc.nist.gov/. If destroyed, an officer of Vendor must certify to City of Tukwila in writing within ten (10) business days all destruction of City of Tukwila Confidential Information. If Vendor is required to retain any City of Tukwila Confidential Information or metadata to comply with a legal requirement, Vendor shall provide notice to both the general notice contact in the Agreement as well as City of Tukwila’s designated Security Contact. 3.12 .Upon written request, CentralSquare shall provide City copies of internally conducted SSAE18 reports. 3.13 Security Testing. Vendor, at its expense, will allow City of Tukwila to conduct static, dynamic, automated, and/or manual security testing on its software products and/or services, hardware, devices, and systems to identify Security Vulnerabilities on an ongoing basis. Should any vulnerabilities be discovered, Vendor agrees to notify City of Tukwila and create a mutually agreed upon remediation plan to resolve all vulnerabilities identified. City of Tukwila has the right to request or conduct additional reasonable security testing throughout the Term of the Agreement. 4. Security Incident / Data Breach 4.1 Security Contact. The individuals identified below shall serve as each party’s designated Security Contact for security issues under this Agreement. City of Tukwila Security Contact: Bao Trinh Network Architect Bao.trinh@tukwilawa.gov 206-454-7572 Vendor Security Contact: Name: Troy Saunders Director of Security Troy.saunders@centralsquare.com 407-304-3218 4.2 Requirements. Vendor will take commercially reasonable actions to ensure that City of Tukwila is protected against any and all reasonably anticipated Security Incidents, including but not limited to: (i) Vendor’s systems are continually monitored to detect evidence of a Security Incident (ii) Vendor has a Security Incident response process to manage and to take corrective action for any suspected or realized Security Incident (iii) Upon request Vendor will provide City of Tukwila with a copy of its Security Incident policies and procedures. If a Security Incident affecting City of Tukwila occurs, Vendor, at its expense and in accordance with applicable Information Protection Laws, will immediately take action to prevent the continuation of the Security Incident. 4.3 Notification. Within twenty-four (24) hours of Vendor’s confirmation of a Security Incident or other mutually agreed upon time period, Vendor will notify City of Tukwila of the incident by calling by phone the City of Tukwila Security Contact(s) listed above. 4.4 Investigation and Remediation. Upon Vendor’s notification to City of Tukwila of a Security Incident, the parties will coordinate to investigate the Security Incident. Vendor shall be responsible for leading the investigation of the Security Incident, but shall cooperate with City of Tukwila to the extent City of Tukwila requires involvement in the investigation. Vendor shall involve law enforcement in the investigation if requested by City of Tukwila. Depending upon the type and scope of the Security Incident, City of Tukwila personnel may participate in: (i) interviews with Vendor’s employees and subcontractors involved in the 8989 {EFM2297012.DOCX;4/13175.000001/ } 54 incident; and (ii) review of all relevant records, logs, files, reporting data, systems, Vendor devices, and other materials as otherwise required by City of Tukwila. Vendor will cooperate, at its expense, with City of Tukwila in any litigation or investigation deemed reasonably necessary by City of Tukwila to protect its rights relating to the use, disclosure, protection and maintenance of Confidential Information. Vendor will reimburse City of Tukwila for actual costs incurred by City of Tukwila in responding to, and mitigating damages caused by any Security Incident, including all costs of notice and remediation which City of Tukwila, in its sole discretion, deems necessary to protect such affected individuals in light of the risks posed by the Security Incident. Vendor will, at Vendor’s own expense, provide City of Tukwila with all information necessary for City of Tukwila to comply with data breach recordkeeping, reporting and notification requirements pursuant to Information Protection Laws. Vendor will use reasonable efforts to prevent a recurrence of any such Security Incident. Additionally, Vendor will provide (or reimburse City of Tukwila) for at least one (1) year of complimentary access for one (1) credit monitoring service, credit protection service, credit fraud alert and/or similar services, which City of Tukwila deems necessary to protect affected individuals in light of risks posed by a Security Incident. 4.5 Reporting. Vendor will provide City of Tukwila with a final written incident report within five (5) business days after resolution of a Security Incident or upon determination that the Security Incident cannot be sufficiently resolved. 5. Confidential Information or Personal Information 5.1 Authorized Personnel. Vendor will require all Authorized Personnel to meet Vendor’s obligations under the Agreement with respect to Confidential Information or Personal Information. Vendor will screen and evaluate all Authorized Personnel and will provide appropriate privacy and security training, as set forth above, in order to meet Vendor’s obligations under the Agreement. Upon City of Tukwila’s written request, Vendor will provide City of Tukwila with a list of Authorized Personnel. Vendor will remain fully responsible for any act, error, or omission of its Authorized Personnel. 5.2 Handling of Confidential Information or Personal Information. Vendor will: (i) Keep and maintain all Confidential Information and Personal Information in strict confidence in accordance with the terms of the Agreement (ii) Use and disclose Confidential Information and/or Personal Information solely and exclusively for the purpose for which the Confidential Information or Personal Information is provided pursuant to the terms and conditions of the Agreement. Vendor will not disclose Confidential Information or Personal Information to any person other than to Authorized Personnel without City of Tukwila’s prior written consent, unless and to the extent required by applicable law, in which case, Vendor will use best efforts to notify City of Tukwila before any such disclosure or as soon thereafter as reasonably possible. In addition, Vendor will not produce any Confidential Information or Personal Information in response to a non-legally binding request for disclosure of such Personal Information. 5.3 Data and Privacy Protection Laws. Vendor represents and warrants that its collection, access, use, storage, disposal, and disclosure of Personal Information complies with all applicable federal, state, local and foreign data and privacy protection laws, as well as all other applicable regulations and directives. 6. Third Party Security 6.1 Vendor will conduct thorough background checks and due diligence on any third and fourth parties which materially impact Vendor’s ability to provide the products and/or Services to City of Tukwila as described in the Agreement. 6.2 Vendor will not outsource any work related to its products or the Services provided to City of Tukwila in countries outside the United States of America, which have not been disclosed in the Agreement or without prior written approval from City of Tukwila Legal and Information Security. If Vendor desires to outsource certain work during the Term of the Agreement, Vendor shall first notify City of Tukwila so that the parties 9090 {EFM2297012.DOCX;4/13175.000001/ } 55 can ensure adequate security protections are in place with respect to the Services provided to City of Tukwila. 7. Payment Cardholder Data 7.1 If Vendor accesses, collects, processes, uses, stores, transmits, discloses, or disposes of City of Tukwila and/or City of Tukwila customer credit, debit, or other payment cardholder information, Vendor agrees to the following additional requirements: a) Vendor, at its sole expense, will comply with the Payment Card Industry Data Security Standard (“PCI DSS”), as may be amended or changed from time to time, including without limitation, any and all payment card industry validation actions (e.g., third party assessments, self-assessments, security vulnerability scans, or any other actions identified by payment card companies for the purpose of validating Vendor’s compliance with the PCI DSS). b) Vendor will maintain a continuous PCI DSS compliance program. Annually, Vendor agrees to provide evidence of PCI DSS compliance in the form of a Qualified Security Assessor (“QSA”) Assessment Certificate, a PCI Report on Compliance (“ROC”), or evidence that Vendor is included on the Visa or MasterCard list of PCI DSS Validated Service Providers. c) Vendor will ensure that subcontractors approved by City of Tukwila, in accordance with Section 6.2, comply with and maintain a continuous PCI DSS compliance program if the subcontractor provides any service on behalf of Vendor that falls within PCI DSS scope. The Subcontractor must provide evidence of PCI DSS compliance in the form of a Qualified Security Assessor (“QSA”) Assessment Certificate, a PCI Report on Compliance (“ROC”), or evidence that Subcontractor is included on the Visa or MasterCard list of PCI DSS Validated Service Providers. d) Vendor will immediately notify City of Tukwila if Vendor is found to be non-compliant with a PCI DSS requirement or if there is any breach of cardholder data impacting City of Tukwila or its customers. 8. Changes In the event of any change in City of Tukwila’s data protection or privacy obligations due to legislative or regulatory actions, industry standards, technology advances, or contractual obligations, Vendor will work in good faith with City of Tukwila to promptly amend this Exhibit accordingly. 9191 9292 1 {EFM2296863.DOCX;4/13175.000001/ } NEOGOV SERVICES AGREEMENT V09012020 You agree that by placing an order through a NEOGOV standard ordering document (the “Order” or “Ordering Document”) you agree to follow and be bound by the terms and conditions set forth herein. “Governmentjobs.com”, “NEOGOV”, “we”, and “our” means Governmentjobs.com, Inc.(dba “NEOGOV”) and, where applicable, its affiliates; “Customer”, “you”, “your” means the Governmentjobs.com client, customer, or subscriber identified in the Ordering Document. If you are placing such an Order on behalf of a legal entity, you represent that you have the authority to bind such entity to the terms and conditions of the Ordering Document and these terms and, in such event, “you” and “your” as used in these agreement terms shall refer to such entity. “Agreement” shall be used to collectively refer to this NEOGOV Services Agreement (the “Services Agreement”), documents incorporated herein including the applicable Ordering Document and Schedule(s), and Special Conditions (if any). 1. Provision of Services. Subject to the terms of this Agreement NEOGOV hereby agrees to provide Customer with access to its SaaS Applications and Professional Services (each defined below) included or ordered by Customer in the applicable Ordering Document (collectively referred to as the “Services”). Customer hereby acknowledges and agrees that NEOGOV’s provision and performance of, and Customer’s access to, the Services is dependent and conditioned upon Customer’s full performance of its duties, obligations and responsibilities hereunder. This Agreement entered into as of the date of your signature on an applicable Ordering Document or use of the Services commences (the “Effective Date”). The Agreement supersedes any prior and contemporaneous discussions, agreements or representations and warranties. 2. SaaS Subscription. a) Subscription Grant. “SaaS Applications” means each proprietary NEOGOV web-based software-as-a-service application that may be set forth on an Order and subsequently made available by NEOGOV to Customer, and associated components as described in the Service Specifications made available to Customer by NEOGOV. Subject to and conditioned on Customer's and its Authorized Users' compliance with the terms and conditions of this Agreement, NEOGOV hereby grants to Customer a limited, non-exclusive, non-transferable, and non-sublicensable right to (a) access and use, and to permit Authorized Users to access and use, the SaaS Applications specified in the Order solely for Customer’s internal, non-commercial purposes; (b) generate, print, and download Customer Data as may result from any access to or use of the SaaS Applications; and (c) train Authorized Users in uses of the SaaS Applications permitted hereunder (these rights shall collectively be referred to as the “SaaS Subscription”). “Authorized Users” means (i) Customer employees, agents, contractors, consultants who are authorized by Customer to access and use the Services under the rights granted to Customer pursuant to this Services Agreement and (ii) for whom access to the Services has been purchased hereunder. You may not access the SaaS Applications if you are a direct competitor of NEOGOV or its affiliates. In addition, you may not access the SaaS Applications for purposes of monitoring their availability, performance, or functionality, or for any other benchmarking or competitive purposes. b) Delivery and Subscription Term. NEOGOV delivers each SaaS Application by providing Customer with online access. When you access NEOGOV SaaS Applications, you are accepting it for use in accordance with this Agreement. Unless otherwise specified in an applicable Ordering Document, SaaS Subscriptions shall commence on the Effective Date and remain in effect for twelve (12) consecutive months, unless terminated earlier in accordance with this Agreement (the “Initial Term”). Thereafter, SaaS Subscriptions shall automatically renew for successive twelve (12) month terms (each a “Renewal Term” and together with the Initial Term, collectively, the “Term”) unless a party delivers to the other party, at least sixty (60) days prior to the expiration of the Initial Term or the applicable Renewal Term, written notice of such party’s intention to not renew this Agreement, or unless terminated earlier in accordance with this Agreement. NEOGOV shall provide Customer access to the SaaS Applications within a reasonable time following the Effective Date unless otherwise agreed. c) Content and Program Documentation. Should Customer purchase access to SaaS Applications containing audio-visual content (“Licensed Content”), NEOGOV grants to Customer a non-exclusive, non-transferable, and non-sublicensable license, during the applicable Term, for Authorized Users to access and view the Licensed Content within the SaaS Application. Customer shall not knowingly permit the Licensed Content to be, or appear to be, reproduced, performed, displayed, or distributed on, as part of or in connection with any website or other online area other than the SaaS Application. Customer shall not knowingly edit, alter, modify, combine with other content, or create any derivative works of the Licensed Content. “Program Documentation” shall mean all user guides, training, and implementation material, and Service descriptions provided by 9393 2 {EFM2296863.DOCX;4/13175.000001/ } NEOGOV to Customer in connection with the Services. NEOGOV hereby grants to Customer a non-exclusive, non- sublicensable, non-transferable license to use, print, and distribute internally via non-public platforms, the Program Documentation during the Term solely for Customer's internal business purposes in connection with its use of the Services. 3. Professional Services. “Professional Services” shall mean consulting, training services purchased by Customer in an applicable Ordering Document or NEOGOV Scope of Work (SOW) relating to assistance, training, deployment, usage, customizations, accessory data processing, and best practices of and concerning the SaaS Applications. NEOGOV shall provide the Professional Services purchased in the applicable Order Form or SOW, as the case may be. Professional Services may be ordered by Customer pursuant to a SOW and Service Specifications describing the work to be performed, fees, and any applicable milestones, dependencies, and other technical specifications or related information. Order Forms or SOWs must be signed by both parties before NEOGOV shall commence work. If the parties do not execute a separate Statement of Work, the Services shall be provided as stated on the Order Form and this Agreement and documents incorporated herein shall control. 4. Payment Terms. Unless otherwise stated in an Ordering Document, Customer shall pay all undisputed Subscription fees (“Subscription Fees”) and undisputed Professional Service fees (“Professional Service Fees”, collectively the “Fees”) within forty-five (45) days of Customer’s receipt of NEOGOV’s invoice. Fees shall be invoiced annually in advance and in a single invoice for each Term. Invoices shall be delivered to the stated “Bill To” party on the Ordering Document. Unless explicitly provided otherwise, once placed, the Ordering Document is non-cancellable and sums paid nonrefundable. Subscription Fees are based upon the Customer’s employee count. Customer shall not exceed the employee amount its Subscription Fees are based off of unless applicable supplemental Subscription Fees are paid. The Term for the Services is a continuous and non-divisible commitment for the full duration regardless of any invoice schedule. The purchase of any Service is separate from any other order for any other Service. Customer may purchase certain Services independently of other Services. Your obligation to pay for any Service is not contingent on performance of any other Service or delivery of any other Service. If Customer issues a purchase order, then it shall be for the full amount set forth in the applicable NEOGOV invoice or Ordering Document. Failure to provide NEOGOV with a corresponding purchase order shall not relieve Customer of its payment obligations. Except as otherwise specifically stated in the Ordering Document, NEOGOV may change the charges for the Services with effect from the start of each Renewal Term by giving Customer at least sixty (60) day notice prior to commencement of a Renewal Term but any increase in cost for annual Renewal Term one and two shall not exceed three percent (3%) of the prior year’s Fees. Thereafter, increase in cost for annual Renewal Term shall not exceed five percent (5%) of the prior year’s Fees Customer will pay all taxes, duties and levies imposed by all federal, state, and local authorities (including, without limitation, export, sales, use, excise, and value-added taxes) based on the transactions or payments under this Agreement, except those taxes imposed or based on NEOGOV’s net income or those exempt by applicable state law. Customer shall provide NEOGOV with a certificate or other evidence of such exemption with ten (10) days of NEOGOV’s request therefor. 5. Term and Termination. a) Term. Unless otherwise specified in an applicable Ordering Document, this Agreement shall commence on the Effective Date. This Agreement shall remain in effect until all SaaS Subscriptions have expired and/or both parties have achieved full performance of Professional Services or other services detailed in a SOW, unless it is terminated earlier in accordance with this Agreement. b) Termination for Cause; Effect of Termination. Either Party may terminate this Agreement immediately if the other is in material breach of this Agreement and such breach is not cured within thirty (30) days following non-breaching party’s written specification of the breach. NEOGOV may suspend the Services or terminate this Agreement immediately in the event the Services or Customer’s use of the Services provided hereunder become illegal or contrary to any applicable law, rule, regulation, or public policy. Upon expiration or any termination of this Agreement, Customer shall cease all use and refrain from all further use of the Services and other NEOGOV intellectual property. Additionally, Customer shall be obligated to pay, as of the effective date of such expiration or termination, all undisputed amounts due and unpaid to NEOGOV under this Agreement. Further, upon written request from Customer, NEOGOV will make Customer Data available for export to Customer, in a form approved by Customer, for a period of sixty (60) days following the expiration or termination of this Agreement along with a certification that all Customer Data has been properly and completely transferred to Customer. After such sixty (60) day period has expired, NEOGOV shall have no obligation to maintain such data and may destroy the data. c) Termination for Non-appropriation. If sufficient funds are not appropriated or allocated for payment under this Agreement for any future fiscal period, Customer shall not be obligated to make payments for Services or amounts incurred after the end of the current fiscal period, and this Agreement will terminate upon the completion of all remaining Services for which funds are allocated. No penalty or expense shall accrue to Customer in the event this provision applies. 9494 3 {EFM2296863.DOCX;4/13175.000001/ } 6. Service Specifications. “Service Specifications” means Program Documentation, Service Schedules, Security Statements, and Service Level Warranties if applicable. The Service Specifications describe and govern the Services and are incorporated herein by reference. Online Service Specifications may be made available at https://www.neogov.com/service-specifications or provided upon Customer request. Excluding Service Schedules, NEOGOV may update the Service Specifications to reflect changes in, among other things, laws, regulations, rules, technology, industry practices, patterns of system use, Updates and Upgrades, and availability of third-party services. 7. Maintenance; Modifications; Support Services; Interfaces and Integrations. a) Maintenance, Updates, Upgrades. NEOGOV maintains NEOGOV’s hardware and software infrastructure for the Services and is responsible for maintaining the NEOGOV server operation and NEOGOV database security. NEOGOV may in its sole discretion, periodically modify, Update, and Upgrade the features, components, and functionality of the Services during the Term. “Update” means any update, bug fix, patch or correction of the Services or underlying NEOGOV software that NEOGOV makes generally available to its customers of the same module, excluding Upgrades. Updates are automatic and available upon Customer’s next login to the Services following an Update at no additional cost to Customer. “Upgrade” means any update of the Services or underlying NEOGOV software such as platform updates, and major product enhancements and/or new features that NEOGOV makes commercially available. NEOGOV shall have no obligation to provide Upgrades to customers and retains the right to offer Upgrades free of cost or on a per customer basis at additional cost. NEOGOV shall have no liability for, or any obligations to, investments in, or modifications to Customer’s hardware, systems or other software which may be necessary to use or access the Services due to a modification, Update, or Upgrade of the Services. b) Training Materials; Support. Primary training of NEOGOV Services is conducted by self-review of online materials. NEOGOV’s pre-built, online training consists of a series of tutorials to introduce the standard features and functions (the “Training Materials”). The Training Materials may be used as reference material by Customer Personnel conducting day-to-day activities. c) Implementation. For Services requiring implementation, NEOGOV implementation supplements the Training Materials and is conducted off-site unless otherwise agreed in the Ordering Document. NEOGOV personnel will provide consultation on best practices for setting up the Services, answer Customer questions during the implementation period, and ensure Authorized User Admins grasp the system. d) Support. Phone support for the Services is available to Customer Monday through Friday, excluding NEOGOV holidays. Online support for the Services is available 24 hours a day, seven days a week. The length of time for a resolution of any problem is dependent on the type of case. e) Limitations. Unless otherwise specified in the Ordering Document, this Agreement does not obligate NEOGOV to render any maintenance or support services that are not expressly provided herein, including, but not limited to data uploads, manual data entry, migration services, data conversion, refinement, purification, reformatting, SQL dump, or process consultation. f) Interfaces and Integrations. NEOGOV agrees to answer any interface questions and to assist with Customer’s other vendors to complete required integrations in timely manner. 8. NEOGOV Intellectual Property. NEOGOV shall exclusively own all right, title and interest in and to all pre-existing and future intellectual property developed or delivered by NEOGOV including all Services, products, systems, software (including any source code or object code) or Service Specifications related thereto, Updates or Upgrades, trademarks, service marks, logos and other distinctive brand features of NEOGOV and all proprietary rights embodied therein (collectively, the “NEOGOV Intellectual Property”). This Agreement does not convey or transfer title or ownership of the NEOGOV Intellectual Property to Customer or any of its users. All rights not expressly granted herein are reserved by NEOGOV. Other than recommendation use or as required by law, all use of NEOGOV Trademarks must be pre-approved by NEOGOV prior to use. Trademarks shall include any word, name, symbol, color, designation or device, or any combination thereof that functions as a source identifier, including any trademark, trade dress, service mark, trade name, logo, design mark, or domain name, whether or not registered. 9. Data Processing and Privacy. a) Customer & Platform Data. “Customer Data” shall mean all data that is owned or developed by Customer, whether provided to NEOGOV by Customer or provided by a third party to NEOGOV in connection with NEOGOV’s provision of Services to Customer, including Personnel or Job Seeker Profile Data collected, loaded into, or located in Customer data files maintained by NEOGOV. NEOGOV intellectual property, including but not limited to the Services and all derivative works thereof, NEOGOV Confidential Information, 9595 4 {EFM2296863.DOCX;4/13175.000001/ } and Platform Data do not fall within the meaning of the term “Customer Data”. Customer exclusively own all right, title, and interest in and to all Customer Data. Customer grants NEOGOV a license to host, use, process, display, create non-personal derivative works of, and transmit Customer Data to provide the Services. “Platform Data” shall mean any data reflecting the access or use of the Services by or on behalf of Customer or any user, including statistical or other analysis and performance information related to the provision and operation of the Services including any end user visit, session, impression, clickthrough or click stream data, as well as log, device, transaction data. or other analysis, information, or data based on or derived from any of the foregoing. NEOGOV shall exclusively own all right, title and interest in and to all Platform Data. NEOGOV grants to Customer a limited, non-perpetual, non-exclusive, non-transferable, and non- sublicensable license during the Term to use and access, and to permit Authorized Users to use and access, Platform Data of which NEOGOV makes available through the SaaS Applications solely for Customer’s internal purposes. Customer acknowledges NEOGOV may compile Platform Data based on Customer Data input into the Services. Customer agrees that NEOGOV may (i) make Platform Data publicly available in compliance with applicable law, and (ii) use Platform Data to the extent and in the manner permitted under applicable law; provided that NEOGVO shall be solely responsible and liable for de-identifying Platform Data in a manner that ensures that such de-identification cannot be traced back to Customer. b) Privacy Policy; Data Processing Agreement. NEOGOV shall process all data in accord with the NEOGOV Privacy Policy available at https://www.neogov.com/privacy-policy. The defined terms in the Privacy Policy shall have the same meaning in this Agreement unless otherwise specified herein. To the extent Customer uses the Services to target and collect personal information form users located in the European Union, European Economic Area, or Switzerland (the “EU”), or has Authorized Users accessing the Services from the EU, the NEOGOV Data Processing Addendum ("DPA") available at https://www.neogov.com/service- specifications is incorporated herein by reference. c) Data Responsibilities. Customer is solely responsible for the development, content, operation, maintenance, and use of Customer Data. NEOGOV will have no responsibility or liability for the accuracy of the Customer Data prior to receipt of such data into the Services. Customer shall be solely responsible for and shall comply with all applicable laws and regulations relating to (i) the accuracy and completeness of all information input, submitted, or uploaded to the Services, (ii) the privacy of users of the Services, including, without limitation, providing appropriate notices to and obtaining appropriate consents from any individuals to whom Customer Data relates; and (iii) the collection, use, modification, alteration, extraction, retention, copying, external storage, disclosure, transfer, disposal, and other processing of any Customer Data. NEOGOV is not responsible for lost data caused by the action or inaction of Customer or Authorized Users. d) Breach Notice. In the event of a data or security breach, as defined by applicable law, by anyone other than your employee, contractor, or agent, upon discovery of such breach, NEOGOV will initiate remedial actions and notify Customer of the breach as required by and in compliance with applicable law. NEOGOV’s notification of, or response to, a data breach under this Section will not be construed as an acknowledgement by NEOGOV of any fault or liability with respect to the breach. In the event of a security breach, as defined by applicable law, by your Personnel, Authorized, or unauthorized user, contractor or agent, you shall have sole responsibility for initiating remedial actions and you shall notify NEOGOV of the breach and steps you will take to remedy the breach as soon as possible. Customer is solely responsible for complying with data breach notification laws applicable to the Customer and fulfilling any third-party notification obligations related to any data breach(es). 10. Subcontractors; Third Party Products. NEOGOV may from time to time in its discretion engage third parties to perform Services (each, a “Subcontractor”). ”Third-Party Products” means any products, content, services, information, websites, or other materials that are owned by third parties and are incorporated into or accessible through the Services. The Services may permit access to Third-Party Products. For purposes of this Services Agreement, such Third-Party Products are subject to their own terms and conditions presented to you for acceptance by website link or otherwise. If you do not agree to abide by the applicable terms for any such Third- Party Products, then you should not install, access, or use such Third-Party Products. NEOGOV cannot guarantee the continued availability of such Third-Party Products and may cease providing them without entitling Customer to any refund, credit, or other compensation, if for example and without limitation, the provider of a Third-Party Product ceases to make the third-party application available for interoperation with the corresponding NEOGOV Service in a manner acceptable to NEOGOV. 11. Nondisclosure. Through exercise of each party’s rights under this Agreement, each party may be exposed to the other party’s technical, financial, business, marketing, planning, and other information and data in written, oral, electronic, magnetic, photographic, and/or other forms, including, but not limited to (a) oral and written communications of one party with the officers and staff of the other party which are marked or identified as confidential or secret or similarly marked or identified, (b) other communications which a reasonable person would recognize from the surrounding facts and circumstances to be confidential or secret, and (c) trade secrets (collectively, “Confidential Information”). In recognition of the other party’s need to protect its legitimate business 9696 5 {EFM2296863.DOCX;4/13175.000001/ } interests, each party hereby covenants and agrees that it shall regard and treat each item of information or data constituting Confidential Information of the other party as strictly confidential and wholly owned by such other party and that it will not, (x) without the express prior written consent of the other party, (y) except as permitted or authorized herein or, (z) except as required by law including the Public Records Act of the Customer’s State, redistribute, market, publish, disclose, or divulge to any other person, firm or entity, or use or modify for use, directly or indirectly in any way for any person or entity: (i) any of the other party’s Confidential Information during the Term and for a period of three (3) years thereafter or, if later, from the last date Services (including any warranty work) are performed by the disclosing party hereunder; and (ii) any of the other party’s trade secrets at any time during which such information shall constitute a trade secret under applicable law. In association with NEOGOV’s concern for the protection of trade secrets, Confidential Information, and fair market competition, Customer acknowledges all photos, “screen captures”, videos, or related media of NEOGOV products, pages, and related documentation shall be approved by NEOGOV prior to any publicly accessible disclosure of such media. 12. Public Records Requests. NEOGOV acknowledges that Customer is a public entity and is subject to the Public Records Act under Chapter 42.56 RCW. To the extent permitted by law, Customer shall treat as exempt from treatment as a public record, and shall not disclose in response to a request made pursuant to any applicable public records law, any of NEOGOV’s Confidential Information. If a request is received for records NEOGOV has submitted to Customer and has identified as Confidential Information, Customer will use its best efforts to provide NEOGOV with notice of the request in accordance with RCW 42.56.540 and a reasonable time within which NEOGOV may seek an injunction to prohibit Customer’s disclosure of the requested record. Customer shall comply with any injunction or court order requested by NEOGOV which prohibits the disclosure of any such Confidential Information; however, in the event a higher court overturns such injunction or court order, NEOGOV shall reimburse Customer for any fines or penalties imposed for failure to disclose such records. Nothing in this Section prohibits Customer from complying with RCW 42.56, or any other applicable law or court order requiring the release of public records, and Customer shall not be liable to NEOGOV for compliance with any law or court order requiring the release of public records. 13. Representations, Warranties, and Disclaimers. a) Limited Warranty. NEOGOV warrants that it provides the Services using a commercially reasonable level of care and skill. NEOGOV further warrants that: (i) it has all rights, title and interest to license the Services on the terms and conditioned contained in this Agreement; (ii) to NEOGOV’s knowledge, the Services do not contain any viruses at the time of delivery, and no instructions, routines, devices, key-locks, time bombs or similar mechanisms that could disrupt Customer’s use of the Services or Customer’s system; and (iii) any update, upgrade, patch and software release will improve, and will not reduce or eliminate, any function, feature, or option present in the Services at the time of the update, upgrade, patch and/or software release. THE FOREGOING WARRANTY DOES NOT APPLY, AND NEOGOV STRICTLY DISCLAIMS ALL WARRANTIES, WITH RESPECT TO ANY THIRD-PARTY PRODUCTS. b) No Other Warranty. EXCEPT FOR THE EXPRESS WARRANTIES SET FORTH IN THIS WARRANTY SECTION, THE SERVICES ARE PROVIDED ON AN “AS IS” BASIS, AND CUSTOMER’S USE OF THE SERVICES IS AT ITS OWN RISK. NEOGOV DOES NOT MAKE, AND HEREBY DISCLAIMS, ANY AND ALL OTHER EXPRESS AND/OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, , AND ANY WARRANTIES ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. NEOGOV DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, OR COMPLETELY SECURE, OR THAT ANY ERROR WILL BE CORRECTED. c) Disclaimer of Actions Caused by and/or Under the Control of Third Parties. NEOGOV DOES NOT AND CANNOT CONTROL THE FLOW OF DATA TO OR FROM THE NEOGOV SYSTEM AND OTHER PORTIONS OF THE INTERNET. SUCH FLOW DEPENDS IN LARGE PART ON THE PERFORMANCE OF INTERNET SERVICES PROVIDED OR CONTROLLED BY THIRD PARTIES. AT TIMES, ACTIONS OR INACTIONS OF SUCH THIRD PARTIES CAN IMPAIR OR DISRUPT CUSTOMER’S CONNECTIONS TO THE INTERNET (OR PORTIONS THEREOF). ALTHOUGH NEOGOV WILL USE COMMERCIALLY REASONABLE EFFORTS TO TAKE ALL ACTIONS IT DEEMS APPROPRIATE TO REMEDY AND AVOID SUCH EVENTS, NEOGOV CANNOT GUARANTEE THAT SUCH EVENTS WILL NOT OCCUR. ACCORDINGLY, NEOGOV DISCLAIMS ANY AND ALL LIABILITY RESULTING FROM OR RELATED TO SUCH EVENTS. d) Services Do Not Constitute Advice or Credit Reporting. NEOGOV does not provide its customers with legal advice regarding compliance, data privacy, or other relevant applicable laws in the jurisdictions in which you use the Services. YOU ACKNOWLEDGE AND AGREE THAT THE SERVICES PROVIDED HEREUNDER ARE NOT INTENDED TO BE AND WILL NOT BE RELIED UPON BY YOU AS EITHER LEGAL, FINANCIAL, 9797 6 {EFM2296863.DOCX;4/13175.000001/ } INSURANCE, OR TAX ADVICE. TO THE EXTENT YOU REQUIRE ANY SUCH ADVICE, YOU REPRESENT THAT YOU WILL SEEK SUCH ADVICE FROM QUALIFIED LEGAL, FINANCIAL, INSURANCE, ACCOUNTING, OR OTHER PROFESSIONALS. YOU SHOULD REVIEW APPLICABLE LAW IN ALL JURISDICTIONS WHERE YOU OPERATE AND HAVE EMPLOYEES AND CONSULT EXPERIENCED COUNSEL FOR LEGAL ADVICE. YOU ACKNOWLEDGE THAT NEOGOV IS NOT A "CONSUMER REPORTING AGENCY" AS THAT TERM IS DEFINED IN THE FAIR CREDIT REPORTING ACT AS AMENDED. e) Configurable Services. The Services can be used in ways that do not comply with applicable laws and it is Customer’s sole responsibility to monitor the use of the Services to ensure that such use complies with and is in accordance with applicable law. In no event shall NEOGOV be responsible or liable for Customer failure to comply with applicable law in connection with your use of the Services. NEOGOV is not responsible for any harm caused by users who were not authorized to have access to the Services but who were able to gain access because usernames, passwords, or accounts were not terminated on a timely basis by Customer. Customer acknowledges that NEOGOV exercises no control over specific human resource practices implemented using the Service or Customer’s decisions as to employment, promotion, termination, or compensation of any personnel or Authorized User of the Services. Customer further agrees and acknowledge that NEOGOV does not have a direct relationship with Customer employees and that Customer is responsible for all contact, questions, Customer Data updates and collection, with Customer employees. 14. Customer Compliance. Customer shall be responsible for ensuring that Customer’s use of the Services and the performance of Customer’s other obligations hereunder comply with all applicable rules, regulations, laws, codes, and ordinances. Customer is responsible for Customer's information technology infrastructure, including computers, software, databases, electronic systems (including database management systems), and networks, whether operated directly by Customer or through the use of third-party services equipment and facilities required to access the Services. All users of the Services are obligated to abide by the Terms of Use available at https://www.neogov.com/terms-of-use. Customer shall be responsible for procuring all licenses of third-party software necessary for Customer’s use of the Services. Customer is responsible and liable for all uses of the Services, directly or indirectly, whether such access or use is permitted by or in violation of this Agreement. 15. Indemnification. a) Indemnity. Subject to subsections (b) through (d) of this Section, if a third party makes a claim against Customer that any NEOGOV intellectual property furnished by NEOGOV and used by Customer infringes a third party’s intellectual property rights, NEOGOV will defend the Customer against the claim and indemnify the Customer from the damages and liabilities awarded by the court to the third-party claiming infringement or the settlement agreed to by NEOGOV, if Customer does the following: i) Notifies NEOGOV promptly in writing, not later than thirty (30) days after Customer receives notice of the claim (or sooner if required by applicable law); ii) Gives NEOGOV sole control of the defense and any settlement negotiations; and iii) Gives NEOGOV the information, authority, and assistance NEOGOV needs to defend against or settle the claim; Provided that, Customer’s failure to so notify and request indemnification shall not relieve NEOGOV of any liability that NEOGOV might have, except to the extent that such failure prejudices NEOGOV’s ability to defend such claim or suit. b) Alternative Resolution. If NEOGOV believes or it is determined that any of the Services may have violated a third party’s intellectual property rights, NEOGOV may choose to either modify the Services to be non- infringing or obtain a license to allow for continued use. If these alternatives are not commercially reasonable, NEOGOV may end the subscription or license for the Services and refund a pro-rata portion of any fees covering the whole months that would have remained, absent such early termination, following the effective date of such early termination. c) No Duty to Indemnify. NEOGOV will not indemnify Customer if Customer knowingly alters the Service or Service Specifications, or uses it outside the scope of use or if Customer uses a version of the Service or Service Specifications which has been superseded, if the infringement claim could have been avoided by using an unaltered current version of the Services or Service Specifications which was provided to Customer, or if the Customer continues to use the infringing material after the subscription expires. NEOGOV will not indemnify the Customer to the extent that an infringement claim is based upon any information, design, specification, instruction, software, data, or material not furnished by NEOGOV. NEOGOV will not indemnify Customer for any portion of an infringement claim that is based upon the combination of Service or Service Specifications with any products or services not provided by NEOGOV. NEOGOV will not indemnify Customer for infringement caused by Customer’s actions against any third party if the Services as delivered to Customer and used in accordance with the terms of the Agreement would not otherwise infringe any third-party 9898 7 {EFM2296863.DOCX;4/13175.000001/ } intellectual property rights. d) Exclusive Remedy. This Section provides the exclusive remedy for any intellectual property infringement claims or damages against NEOGOV. 16. Limitations of Liability. a) EXCLUSION OF DAMAGES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL EITHER PARTY BE LIABLE UNDER OR IN CONNECTION WITH THIS AGREEMENT OR ITS SUBJECT MATTER UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, AND OTHERWISE, FOR ANY: (a) LOSS OF PRODUCTION, USE, BUSINESS, REVENUE, OR PROFIT OR DIMINUTION IN VALUE; (b) IMPAIRMENT, INABILITY TO USE OR LOSS, INTERRUPTION OR DELAY OF THE SERVICES; (c) LOSS, DAMAGE, CORRUPTION OR RECOVERY OF DATA, OR BREACH OF DATA OR SYSTEM SECURITY; (d) COST OF REPLACEMENT GOODS OR SERVICES; (e) LOSS OF GOODWILL, LOSS OF BUSINESS OPPORTUNITY OR PROFIT, OR LOSS OF REPUTATION; OR (f) CONSEQUENTIAL, INCIDENTAL, INDIRECT, EXEMPLARY, SPECIAL, ENHANCED, OR PUNITIVE DAMAGES, REGARDLESS OF WHETHER SUCH PERSONS WERE ADVISED OF THE POSSIBILITY OF SUCH LOSSES OR DAMAGES OR SUCH LOSSES OR DAMAGES WERE OTHERWISE FORESEEABLE, AND NOTWITHSTANDING THE FAILURE OF ANY AGREED OR OTHER REMEDY OF ITS ESSENTIAL PURPOSE. b) CAP ON MONETARY LIABILITY. WITHOUT LIMITATION OF THE PREVIOUS SECTION, EXCEPT FOR DAMAGES ARISING OUT OF LIABILITY WHICH CANNOT BE LAWFULLY EXCLUDED OR LIMITED, CUSTOMER’S OBLIGATIONS TO MAKE PAYMENT UNDER THIS AGREEMENT, OR LIABILITY FOR INFRINGEMENT OR MISAPPROPRIATION OF NEOGOV INTELLECTUAL PROPERTY RIGHTS, THE TOTAL LIABILITY OF EITHER PARTY FOR ANY AND ALL CLAIMS AGAINST THE OTHER PARTY UNDER THIS AGREEMENT, WHETHER ARISING UNDER OR RELATED TO BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR ANY OTHER LEGAL OR EQUITABLE THEORY, SHALL NOT EXCEED THE AMOUNT OF ALL PAYMENTS ACTUALLY RECEIVED BY NEOGOV FROM CUSTOMER DURING THE RELEVANT YEAR OF THIS AGREEMENT DURING WHICH THE CAUSE OF ACTION AROSE. THE FOREGOING LIMITATION OF LIABILITY IS CUMULATIVE WITH ALL PAYMENTS FOR CLAIMS OR DAMAGES IN CONNECTION WITH THIS AGREEMENT BEING AGGREGATED TO DETERMINE SATISFACTION OF THE LIMIT. THE EXISTENCE OF ONE OR MORE CLAIMS WILL NOT ENLARGE THE LIMIT. THE PARTIES ACKNOWLEDGE AND AGREE THAT THIS LIMITATION OF LIABILITY IS AN ESSENTIAL ELEMENT OF THE BASIS OF THE BARGAIN BETWEEN THE PARTIES AND SHALL APPLY NOTWITHSTANDING THE FAILURE OF THE ESSENTIAL PURPOSE OF ANY LIMITED REMEDY. EACH PARTY ACKNOWLEDGES THAT THIS LIMITATION OF LIABILITY REFLECTS AN INFORMED, VOLUNTARY ALLOCATION BETWEEN THE PARTIES OF THE RISKS (KNOWN AND UNKNOWN) THAT MAY EXIST IN CONNECTION WITH THIS AGREEMENT AND HAS BEEN TAKEN INTO ACCOUNT AND REFLECTED IN DETERMINING THE CONSIDERATION TO BE GIVEN BY EACH PARTY UNDER THIS AGREEMENT AND IN THE DECISION BY EACH PARTY TO ENTER INTO THIS AGREEMENT. 17. E-Signatures. a) E-Signature Provisioning & Consent. NEOGOV E-Forms and other electronically signed services (“E- Signatures”) are provided by NEOGOV for two counterparties (generally a government employer (the “sending party”) subscribing to NEOGOV Services and Personnel or Job Seekers) to electronically sign documents. If you use E-Signatures offered by NEOGOV, you agree to the statements set forth in this Section. Whenever you sign a document using E-Signatures you affirmatively consent to using electronic signatures via the E- Signatures and consent to conducting electronic business transactions. You also confirm that you are able to access the E-Signatures and the document you are signing electronically. When using E-Signatures for a document, your consent applies only to the matter(s) covered by that particular document. b) Right to Opt-Out of E-Signatures. You are not required to use E-Signatures or accept electronic documents provided thereby. Personnel and Job Seekers can choose to not use E-Signatures and may sign the document manually instead by notifying the sending party they are choosing to do so and by obtaining a non-electronic copy of the document. NEOOGV assumes no responsibility for providing non-electronic documents. In the event a non-sending party elects to sign the document manually, do not use E-Signatures to sign the document. c) Electronic Download. If you have signed a document electronically using E-Signatures and transmitted it back to the sending party, NEOGOV provides the opportunity to download and print a paper copy of the document at no charge. If you later withdrawn your consent to using E-Signatures, please notify the sending party and stop using E-Signatures. Note that the decision to stop using E-Signatures after you have already used it does 9999 8 {EFM2296863.DOCX;4/13175.000001/ } not change the legality of the documents you have previously signed using an electronic signature. d) E-Signature Validity. PLEASE NOTE THAT NEOGOV’S STATEMENTS CONTAINED HEREIN OR ELSEWHERE CONCERNING THE VALIDITY OF ELECTRONIC DOCUMENTS AND/OR THE SIGNATURE LINES OF DOCUMENTS THAT ARE ELECTRONICALLY SIGNED ARE FOR INFORMATIONAL PURPOSES ONLY; THEY SHOULD NOT BE CONSTRUED AS LEGAL ADVICE. UNDER FEDERAL AND STATE LAWS GOVERNING ELECTRONIC SIGNATURES, ELECTRONIC SIGNATURES ON CERTAIN TYPES OF AGREEMENTS ARE NOT ENFORCEABLE. NEOGOV HEREBY DISCLAIMS ANY RESPONSIBILITY FOR ENSURING THAT DOCUMENTS ELECTRONICALLY SIGNED THROUGH E- SIGNATURE’S ARE VALID OR ENFORCEABLE UNDER THE LAWS OF THE UNITED STATES OF AMERICA, ANY PARTICULAR STATE, OR ANY OTHER LEGAL JURISDICTION. YOU SHOULD CONSULT WITH LEGAL COUNSEL CONCERNING THE VALIDITY OR ENFORCEABILITY OF ANY DOCUMENT YOU MAY SIGN ELECTRONICALLY USING NEOGOV’S E-SIGNATURE’S. 18. Text Message Communications. NEOGOV may offer Job Seekers and Personnel the opportunity to receive text messages regarding job application or hiring process reminders, applicant status updates, or other human resource related notices. Since these text message services depend on the functionality of third-party providers, there may be technical delays on the part of those providers. NEOGOV may make commercially reasonable efforts to provide alerts in a timely manner with accurate information, but cannot guarantee the delivery, timeliness, or accuracy of the content of any alert. NEOGOV shall not be liable for any delays, failure to deliver, or misdirected delivery of any alert; for any errors in the content of an alert; or for any actions taken or not taken by you or any third party in reliance on an alert. NEOGOV cannot vouch for the technical capabilities of any third parties to receive such text messages. NEOGOV MAKES NO WARRANTIES OR REPRESENTATIONS OF ANY KIND, EXPRESS, STATUTORY, OR IMPLIED AS TO: (i) THE AVAILABILITY OF TELECOMMUNICATION SERVICES; (ii) ANY LOSS, DAMAGE, OR OTHER SECURITY INTRUSION OF THE TELECOMMUNICATION SERVICES; AND (iii) ANY DISCLOSURE OF INFORMATION TO THIRD PARTIES OR FAILURE TO TRANSMIT ANY DATA, COMMUNICATIONS, OR SETTINGS CONNECTED WITH THE SERVICES. 19. Cooperative Agreement. As permitted by law, it is understood and agreed by Customer and NEOGOV that any (i) federal, state, local, tribal, or other municipal government (including all administrative agencies, departments, and offices thereof); (ii) any business enterprise in which a federal, state, local, tribal or other municipal entity has a full, majority, or other controlling interest; and/or (iii) any public school (including without limitation K-12 schools, colleges, universities, and vocational schools) (collectively referred to as the “New Entity”) may purchase the Services specified herein in accordance with the terms and conditions of this Agreement. It is also understood and agreed that each New Entity will establish its own contract with NEOGOV, be invoiced therefrom and make its own payments to NEOGOV in accordance with the terms of the contract established between the New Entity and NEOGOV. With respect to any purchases by a New Entity pursuant to this Section, Customer: (i) shall not be construed as a dealer, re-marketer, representative, partner or agent of any type of NEOGOV, or such New Entity; (ii) shall not be obligated, liable or responsible for any order made by New Entities or any employee thereof under the agreement or for any payment required to be made with respect to such order; and (iii) shall not be obliged, liable or responsible for any failure by any New Entity to comply with procedures or requirements of applicable law or to obtain the due authorization and approval necessary to purchase under the agreement. Termination of this Agreement shall in no way limit NEOGOV from soliciting, entering into, or continuing a contractual relationship with any New Entity. 20. Publicity. Each party hereto may advertise, disclose, and publish its relationship with the other party under this Agreement. 21. Force Majeure. NEOGOV shall not be liable for any damages, costs, expenses or other consequences incurred by Customer or by any other person or entity as a result of delay in or inability to deliver any Services due to circumstances or events beyond NEOGOV’s reasonable control, including, without limitation: (a) acts of God; (b) changes in or in the interpretation of any law, rule, regulation or ordinance; (c) strikes, lockouts or other labor problems; (d) transportation delays; (e) unavailability of supplies or materials; (f) fire or explosion; (g) riot, military action or usurped power; or (h) actions or failures to act on the part of a governmental authority. 22. Independent Contractor; Third Party Agreements. The relationship of the parties shall be deemed to be that of an independent contractor and nothing contained herein shall be deemed to constitute a partnership between or a joint venture by the parties hereto or constitute either party the employee or agent of the other. Customer acknowledges that nothing in this Agreement gives Customer the right to bind or commit NEOGOV to any agreements with any third parties. This Agreement is not for the benefit of any third party and shall not be deemed to give any right or remedy to any such party whether referred to herein or not. 23. Entire Agreement; Amendment. This Services Agreement and documents incorporated herein, the applicable Ordering Document, and Special Conditions (if any) constitute the entire agreement between the parties with respect to the subject matter hereof and supersede all prior or contemporaneous oral and written statements of 100100 9 {EFM2296863.DOCX;4/13175.000001/ } any kind whatsoever made by the parties with respect to such subject matter. “Special Conditions” means individually negotiated variations, amendments and/or additions to this Service Agreement of which are either drafted, or incorporated by reference, into the Ordering Document. Any Customer proposal for additional or different terms, or Customer attempt to vary in any degree any of the terms of this Agreement is hereby objected to and rejected but such proposal shall not operate as a rejection of this Service Agreement and Ordering Document unless such variances are in the terms of the description, quantity, or price but shall be deemed a material alteration thereof, and this Service Agreement and the applicable Ordering Document shall be deemed accepted by the Customer without said additional or different terms. It is expressly agreed that the terms of this Agreement and any NEOGOV Ordering Document shall supersede the terms in any non-NEOGOV purchase order or other ordering document. Notwithstanding the foregoing, any conflict of terms shall be resolved by giving priority in accordance with the following order: 1) Special Conditions (if any), 2) the NEOGOV Services Agreement and incorporated documents, 3)NEOGOV Ordering Document , 4) Customer terms and conditions (if any). In the event of a conflict between the Agreement and a subsequent Service or Order Document, the parties may agree to the inconsistent terms in a writing, signed by a duly-authorized representative of each party, that expresses an intent to alter the specific terms of the Agreement as it relates to the Service or Order Document. This Agreement supersedes the terms and conditions of any clickthrough agreement associated with the Services. This Agreement may not be modified or amended (and no rights hereunder may be waived) except through a written instrument signed by the party to be bound. 24. General. This Agreement shall be governed by and construed in accordance with the laws of Customer’s State, without giving effect to conflict of law rules. If any provision of this Agreement is held to be illegal or unenforceable, such provision shall be limited or eliminated to the minimum extent necessary so that the remainder of this Agreement will continue in full force and effect. Provisions that survive termination or expiration are those relating to indemnification, limitation of liability, payment, and others which by their nature are intended to survive. All notices or other communications required or permitted hereunder shall be in writing and shall be deemed to have been duly given either when personally delivered, one (1) business day following delivery by recognized overnight courier or electronic mail, or three (3) business days following deposit in the U.S. mail, registered or certified, postage prepaid, return receipt requested. All such communications shall be sent to (i) Customer at the address set forth in the Ordering Document and (ii) NEOGOV at 300 Continental Blvd., Suite 565, El Segundo, CA 90245. The waiver, express or implied, by either party of any breach of this Agreement by the other party will not waive any subsequent breach by such party of the same or a different kind. This Agreement may be executed in two or more counterparts, each of which will be deemed an original, but all of which taken together shall constitute one and the same instrument. Delivery of a copy of this Agreement bearing an original signature by facsimile transmission, by electronic mail or by any other electronic means will have the same effect as physical delivery of the paper document bearing the original signature. Each party represents and warrants to the other party that (i) it has full power and authority under all relevant laws and regulations and is duly authorized to enter into this Agreement; and (ii) to its knowledge, the execution, delivery and performance of this Agreement by such party does not conflict with any agreement, instrument or understanding, oral or written, to which it is a party or by which it may be bound, nor violate any law or regulation of any court, governmental body or administrative or other agency having jurisdiction over it. Neither Party may assign this Agreement without the express written approval of the other Party and any attempt at assignment in violation of this Section shall be null and void. The parties intend this Agreement to be construed without regard to any presumption or rule requiring construction or interpretation against the party drafting an instrument or causing any instrument to be drafted. The exhibits, schedules, attachments, and appendices referred to herein are an integral part of this Agreement to the same extent as if they were set forth verbatim herein. 101101 {EFM2300057.DOCX;1/13175.000001/ } 1 NEOGOV ORDER FORM NEOGOV: Governmentjobs.com, Inc. (dba “NEOGOV”) 300 Continental Blvd., Suite 565 El Segundo, CA 90245 accounting@neogov.com Customer Name & Address: City of Tukwila, WA 6200 Southcenter Blvd Tukwila, WA 98188-2599 Quote Creation Date: 10/1/20 Contact Name: Juan Padilla Quote Expiration Date: 12/30/20 Contact Email: juan.padilla@tukwilawa.gov Payment Terms Annual. Net 30 from NEOGOV invoice. Fee Summary Service Description Term Term Fees NEOGOV Bundle: Core HR Time & Attendance Position Management Benefit Management eForms Insight GovernmentJobs.com Onboard Perform Learning Management Candidate Text Messaging Single Sign On Integration HRIS/Payroll Additional Integration 12 Months $61,195 NEOGOV Bundle 12 Months $75,317 NEOGOV Bundle 12 Months $98,853 Professional Services – Implementation and Training - $8,000 Year 1Total: $69,195 Year 2 Total: $75,317 Year 3 Total: $98,853 A. Terms and Conditions 1. Agreement. This Ordering Document and the Services purchased herein are expressly conditioned upon the acceptance by Customer of the terms of the NEOGOV Services Agreement either affixed hereto or the version most recently published prior to execution of this Ordering Form available at https://www.neogov.com/service-specifications. Unless otherwise stated, all capitalized terms used but not defined in this Order Form shall have the meanings given to them in the NEOGOV Services Agreement. 2. Effectiveness & Modification. Neither Customer nor NEOGOV will be bound by this Ordering Document until it has been signed by its authorized representative (the “Effective Date”). Unless otherwise stated, all SaaS Subscriptions shall commence on the Effective Date. This Order Form may not be modified or amended except through a written instrument signed by the parties. 3. Summary of Fees. Listed above is a summary of Fees under this Order. Once placed, your order shall be non-cancelable and the sums paid nonrefundable, except as provided in the Agreement. 4. Order of Precedence. The following order of precedence applies: (1) Special Conditions (if any), (2) the NEOGOV Services Agreement and incorporated documents, (3) NEOGOV Ordering Document , and (4) Customer terms and conditions (if any). In the event of a conflict between the Agreement and a subsequent Service or Order Document, the parties may agree to the inconsistent terms in a writing, signed by a duly-authorized representative of each party, that expresses an intent to alter the specific terms of the Agreement as it relates to the Service or Order Document. B. Special Conditions (if any). Initial Term: 36 Months 102102 {EFM2300057.DOCX;1/13175.000001/ } 2 IN WITNESS WHEREOF, the parties have caused this Order to be executed by their respective duly authorized officers as of the date set forth below, and consent to the Agreement. Customer Governmentjobs.com, Inc. (DBA “NEOGOV”) Entity Name: Signature: Signature: Print Name: Print Name: Date: Date: 103103 104104 City of Tukwila City Council Finance Committee Meeting Minutes November 23, 2020 – 5:30 p.m. – Electronic Meeting due to COVID-19 Emergency Councilmembers Present: Verna Seal, Chair; Kathy Hougardy, Zak Idan Staff Present: Rachel Bianchi, Garron Herdt, Marty Roberts, Vicky Carlsen, Tony Cullerton, Laurel Humphrey, Juan Padilla Chair Seal called the meeting to order at 5:30 p.m. I.BUSINESS AGENDA A.Equipment Purchase: Fire Department Aid Unit Staff is seeking Council approval to purchase an Aid Unit in the amount of $280,000 for the Fire Department. Committee Recommendation Unanimous approval. Forward to November 23, 2020 Committee of the Whole. B.Contracts: Enterprise Resource Planning (ERP) System Staff is seeking Council approval of two contracts to replace the City’s current financial software system. One contract is with CentralSquare Solutions for an annual subscription fee of $111,388 and implementation costs estimated to be $706,945. The second is with NeoGov for a year 1 subscription of $69,195, year 2 of $75,317, and year 3 for $98, 853. Committee Recommendation Unanimous approval. Forward to December 14, 2020 Committee of the Whole. C.Land Acknowledgement Practice Committee members continued discussion on implementing a land acknowledgement practice. Committee Recommendation •Continue use of the phrasing installed in the Public Safety Plan buildings and recommended by the City’s cultural resources consultant: o “The City of Tukwila is located on the ancestral lands of the Coast Salish people. We acknowledge their continuing connections to land, waters and culture. We pay our respects to their elders past, present and emerging.” o •Perform the land acknowledgement in the following ways: o Dedication of city facilities on public land o Installation at new city facilities o Add language to City website o Suggest that Planning Commission include a land acknowledgement in its meetings 105105