The URL can be used to link to this page

Home My WebLink AboutCLEAN POWER RESEARCH, L.L.C. - CONTRACT - RFP - 9502 DISTRIBUTED ENERGY RESOURCE APPLICATION MANAGOfficial Purchasing Document Last updated 9/2021 Master Software Services Agreement 9502 Distributed Energy Resource Application Management Platform Page 1 of 42 MASTER SOFTWARE SERVICES AGREEMENT (Cloud Based) THIS MASTER SERVICES AGREEMENT (“Agreement”) is made between the CITY OF FORT COLLINS, a municipal corporation of the State of Colorado (the “City”) and CLEAN POWER RESEARCH, L.L.C., a Limited Liability Corporation registered to do business in Colorado, whose address 1541 Third St, Napa, CA, 94559 (“Consultant”), jointly “the parties.” RECITALS WHEREAS, the City is desirous of engaging a hosted third-party solution provider to aid the City in Project number 9502 Distributed Energy Resource Application Management Platform; and; WHEREAS, the Consultant has agreed to provide the hosted solution under the terms and conditions as set out below. IT IS HEREBY AGREED BETWEEN THE PARTIES AS FOLLOWS: The recitals set forth above are incorporated herein. 1. DEFINITIONS. Whenever used herein, any schedules, exhibits, order forms, or addenda to this Agreement, the following terms shall have the meanings assigned below unless otherwise defined therein. Other capitalized terms used in this Agreement are defined in the context in which they are used. 1.1 “Acceptance" means the Deliverable demonstrates to the City's reasonable satisfaction that the Deliverable conforms to and operates in all material respects according to the Acceptance Criteria, and if required, has successfully completed Acceptance Testing in all material respects, and for Deliverables not requiring Acceptance Testing that the Deliverable reasonably conforms in all material respects to the Acceptance Criteria or the City's requirements. 1.2 "Acceptance Certificate" means a written instrument by which the City promptly notifies Consultant that a Deliverable has been Accepted or Accepted with exceptions, and Acceptance Criteria have been met or waived, in whole or in part. 1.3 "Acceptance Criteria" means functionality and performance requirements determined by the City and set forth on the Order Form for the applicable Product or Service, based upon the Specifications, which must be satisfied prior to City's Acceptance of a Deliverable, or the System. City and Consultant shall agree upon written Acceptance Criteria in the Order Form for the applicable Product or Service. 1.4 "Acceptance Date" means the date on which the City issues an Acceptance Certificate for the System or a Deliverable. DocuSign Envelope ID: 6054AE6C-E57E-4BF1-8A43-AAC9C349BB1D Official Purchasing Document Last updated 9/2021 Master Software Services Agreement 9502 Distributed Energy Resource Application Management Platform Page 2 of 42 1.5 "Acceptance Test" means the evaluation and testing method, procedures, or both, that are set forth in the Order Form for the applicable Product or Service and are used to determine whether or not the System or a Deliverable requiring Acceptance Testing performs in accordance with the Acceptance Criteria. 1.6 “Agreement” means this cloud computing Master Services Agreement between City and Consultant, inclusive of all schedules, exhibits, attachments, addenda and other documents incorporated by reference between the City and Consultant, Contract Number 9502 Distributed Energy Resource Application Management Platform. 1.7 “City Data” means all information, whether in oral or written (including electronic) form, created by or in any way originating with City and all information that is the output of any computer processing, or other electronic manipulation, of any information that was created by or in any way originating with City, in the course of using and configuring the Services provided under this Agreement, and includes all records relating to City’s use of Consultant Services. 1.8 "Cloud Unavailability" means a running virtual machine stops functioning due to cloud infrastructure failure below the applicable commitment level, and such failure is recorded in Consultant's trouble ticket system. 1.9 “Confidential Information” means any and all records or data that is disclosed in written, graphic or machine recognizable form and is marked, designated, labeled or identified at the time of disclosure as being confidential or its equivalent, or, if the information is in verbal form, it is identified as confidential or proprietary at the time of disclosure and is confirmed in writing within thirty (30) Calendar Days of the disclosure and is not subject to disclosure under CORA. Confidential Information shall include, but is not limited to, PII, PHI, PCI, Tax Information, CJI, personnel records, financial, statistical, personnel, human resources data or Personally Identifiable Information and/or Personal Information as described in the C.R.S 24- 73-101, et seq; attorney/client privileged communications; information which is exempt per federal laws (including but not limited to copyright, HIPPA), all of which is not subject to disclosure under CORA. Confidential Information does not include information which: (a) is public or becomes public through no breach of the confidentiality obligations herein; (b) is disclosed by the party that has received Confidential Information (the "Receiving Party") with the prior written approval of the other party; (c) was known by the Receiving Party at the time of disclosure; (d) was developed independently by the Receiving Party without use of the Confidential Information; (e) becomes known to the Receiving Party from a source other than the disclosing party through lawful means; (f) is disclosed by the disclosing party to others without confidentiality obligations; or (g) is required by law to be disclosed. 1.10 “CORA” means the Colorado Open Records Act, §§24-72-200.1, et. seq., C.R.S. DocuSign Envelope ID: 6054AE6C-E57E-4BF1-8A43-AAC9C349BB1D Official Purchasing Document Last updated 9/2021 Master Software Services Agreement 9502 Distributed Energy Resource Application Management Platform Page 3 of 42 1.11 "Critical Incident" means that City's Service (whether colocation or Cloud) is unavailable or has been materially impacted. 1.12 “Data Incident” means any accidental or deliberate event that results in or constitutes an imminent threat of the unauthorized access, loss, disclosure, modification, disruption, or destruction of any communications or information resources of the City. Data Incidents include, without limitation (i) successful attempts to gain unauthorized access to a City system or City information regardless of where such information is located; (ii) unwanted disruption or denial of service; (iii) the unauthorized use of a City system for the processing or storage of data; or (iv) changes to City system hardware, firmware, or software characteristics without the City’s knowledge, instruction, or consent. It shall also include any actual or reasonably suspected unauthorized access to or acquisition of computerized City Data that compromises the security, confidentiality, or integrity of the City Data, or the ability of City to access the City Data. 1.13 “Deliverable” means the Products or Services, or documents or tangible work products described in an Order Form to be provided to the City by Consultant or the outcome to be achieved or output to be provided, in the form of a tangible object or software that is produced as a result of Consultant’s work that is intended to be delivered to the City by Consultant under this Agreement. 1.14 “Documentation” means, collectively: (a) all materials published or otherwise made available to City by Consultant that relate to the functional, operational and/or performance capabilities of the Services; (b) all user, operator, system administration, technical, support and other manuals and all other materials published or otherwise made available by Consultant, including marketing materials that describe the functional, operational and/or performance capabilities of the Services; (c) any Requests for Information and/or Requests for Proposals (or documents of similar effect) issued by City, and the responses thereto from Consultant, and any document which purports to update or revise any of the foregoing; and (d) the results of any Consultant “Use Cases Presentation”, “Proof of Concept” or similar type presentations or tests provided by Consultant to City or as required to be produced by Consultant subject to the terms of this Agreement. 1.15 “Downtime” means any period of time of any duration that the Services are not made available by Consultant to City for any reason, including scheduled maintenance or Enhancements. 1.16 “Effective Date” means the date on which this Agreement is fully approved and signed by the City as shown on the Signature Page for this Agreement. The Effective Date for Services may be set out in an order form or similar exhibit. 1.17 “Enhancements” means any improvements, modifications, upgrades, updates, fixes, revisions and/or expansions to the Services that Consultant may develop or DocuSign Envelope ID: 6054AE6C-E57E-4BF1-8A43-AAC9C349BB1D Official Purchasing Document Last updated 9/2021 Master Software Services Agreement 9502 Distributed Energy Resource Application Management Platform Page 4 of 42 acquire and incorporate into its standard version of the Services or which the Consultant has elected to make generally available to its customers. 1.18 "Equipment" means any hardware, machinery, device, tool, computer, computer component, computer system, including add-ons, or peripherals of tangible form together with the necessary supplies for upkeep and maintenance, and other apparatus, to be provided to the City by Consultant under this Agreement. 1.19 "Error" means any defect, problem, condition, bug, or other partial or complete inability of a Product to operate in accordance with the applicable Specifications. 1.20 “Intellectual Property Rights” includes without limitation all right, title, and interest in and to all (a) Patent and all filed, pending, or potential applications for Patent, including any reissue, reexamination, division, continuation, or continuation in part applications throughout the world now or hereafter filed; (b) trade secret rights and equivalent rights arising under the common law, state law, and federal law; (c) copyrights, other literary property or authors rights, whether or not protected by copyright or as a mask work, under common law, state law, and federal law; and (d) proprietary indicia, trademarks, trade names, symbols, logos, and/or brand names under common law, state law, and federal law. 1.21 "Order Form" means a quote in the form attached hereto as an Exhibit, setting forth certain Products and/or Services to be provided pursuant to this Agreement. Any reference to an "Order Form" in this Agreement includes Products and/or Services purchased by City pursuant to Consultant's online ordering process. 1.22 “PCI” means payment card information including any data related to credit card holders’ names, credit card numbers, or other credit card information as may be protected by state or federal law. 1.23 “PII” means personally identifiable information including, without limitation, any information maintained by the City about an individual that can be used to distinguish or trace an individual’s identity, such as name, social security number, date and place of birth, mother ‘s maiden name, or biometric records. PII includes, but is not limited to, all information defined as personally identifiable information in §§24-72-501 and 24-73-101, C.R.S. 1.24 “PHI” means any protected health information, including, without limitation any information whether oral or recorded in any form or medium: (i) that relates to the past, present, or future physical or mental condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; and (ii) that identifies the individual or with respect to which there is a reasonable basis to believe the information can be used to identify the individual. PHI includes, but is not limited to, any information defined as Individually Identifiable Health Information by the federal Health Insurance DocuSign Envelope ID: 6054AE6C-E57E-4BF1-8A43-AAC9C349BB1D Official Purchasing Document Last updated 9/2021 Master Software Services Agreement 9502 Distributed Energy Resource Application Management Platform Page 5 of 42 Portability and Accountability Act. If this Agreement involves the transmission of PHI a separate Business Associates Agreement will become a part of this Agreement. 1.25 "Product(s)" means software, Equipment, and supplies delivered, or to be delivered, pursuant to an Order Form. 1.26 “Protected Information” includes, but is not limited to, personally identifiable information, student records, protected health information, criminal justice information or individual financial information and other data defined under §24-72- 101 et seq., and personal information that is subject to local, state or federal statute, regulatory oversight or industry standard restricting the use and disclosure of such information. The loss of such Protected Information would constitute a direct damage to the City. 1.27 “Project Manager” means the individual who shall serve as each party’s point of contact with the other party’s personnel as provided in this Agreement. 1.28 “RFP Response” means any proposal submitted by Consultant to City in response to City's Request for Proposal ("RFP") titled 9502 Distributed Energy Resource Application Management Platform dated February 4, 2022. 1.29 “Service” means Consultant’s computing solutions, provided to City pursuant to this Agreement, that provide the functionality and/or produce the results described in the Documentation, including without limitation all Enhancements thereto and all interfaces. 1.30 "Service Level Agreement(s)" mean the provisions set forth on Exhibit A attached hereto, which are incorporated into this Agreement by this reference. 1.31 "Specifications" means the most current cumulative statement of capabilities, functionality, and performance requirements for the Products or Services as set out in the Acceptance Criteria, Order Forms, Documentation, Consultant's representations, Consultant's proposal in response to the City's Request for Proposals. 1.32 “Subcontractor” means any third party engaged by Consultant to aid in performance of the work or the Service. Consultant shall provide to the City upon request a list of Subcontractors providing material services to the Service. 1.33 “Subservice Provider” means any software, technology, or service providers (e.g., Amazon, DocuSign, Google, Microsoft, Stripe, etc.) that furnish critical infrastructure or capabilities to Consultant’s service(s) or platform(s). Subservice Providers are not included under the umbrella of a Subcontractor. DocuSign Envelope ID: 6054AE6C-E57E-4BF1-8A43-AAC9C349BB1D Official Purchasing Document Last updated 9/2021 Master Software Services Agreement 9502 Distributed Energy Resource Application Management Platform Page 6 of 42 1.34 "System" means the operational combination of all Products and Services to be provided by Consultant to City under this Agreement. 1.35 “Third Party” means persons, corporations, and entities other than Consultant, City or any of their employees, Consultants or agents. 1.36 “Third Party Host” means that the servers where the Consultant’s software resides is at physical location, which is not controlled by the Consultant, sometimes called “managed hosting”, for example, Amazon Web Service. 2. SCOPE OF SERVICE, SOFTWARE LICENSE, AND SERVICE LEVELS. See Exhibit A. Scope of Services – implementation. Service Level Agreements. 3. TERM. The term of the Agreement shall commence upon the full execution of this document and shall continue in full force and effect for one (1) calendar year unless sooner terminated as herein provided. In addition, at the option of the City, the Agreement may be extended for additional one-year periods not to exceed five (5) additional one-year periods. Renewals and price changes shall be negotiated by and agreed to by both parties. Written notice of renewal shall be provided to the Consultant via email no later than thirty (30) days prior to contract end. 4. COMPENSATION AND PAYMENT: 4.1 Compensation: In consideration of the services to be performed pursuant to this Agreement, the City agrees to pay the Consultant in accordance with Exhibit D and the milestone payments within, consisting of five (5) pages, attached hereto and incorporated herein, with maximum compensation not to exceed One Hundred Twenty Four Thousand One Hundred Dollars ($124,100.00). Upon final payment, all designs, plans, reports, specifications, drawings, and other services rendered by the Consultant shall become the sole property of the City. 4.2 Reimbursement Expenses: The fees specified above include all expenses, and no other expenses shall be separately reimbursed or incurred hereunder for the provision of the Service(s). 4.3 Tax Exempt: The City is exempt from sales and use tax. The City’s Certificate of Exemption license number is 09804502. A copy of the license is available upon written request. 4.4 Invoicing: Consultant must submit invoice(s) to invoices@fcgov.com. Each invoice shall include the City’s purchase order number, clear identification of the milestone that has been completed, and other information reasonably requested by the City. Payment on all uncontested amounts shall be made Net 30 days from the date of the invoice. DocuSign Envelope ID: 6054AE6C-E57E-4BF1-8A43-AAC9C349BB1D Official Purchasing Document Last updated 9/2021 Master Software Services Agreement 9502 Distributed Energy Resource Application Management Platform Page 7 of 42 5. TERMINATION: 5.1 Notwithstanding the time periods contained herein, the City may terminate this Agreement at any time without cause by providing written notice of termination to the Consultant. Such notice shall be delivered at least thirty (30) days prior to the termination date contained in said notice unless otherwise agreed in writing by the parties. All notices provided under this Agreement shall be effective immediately when emailed or three business days from the date of the notice when mailed to the following addresses: Consultant City: Copy to: Clean Power Research Attn: Alan Saunders 1541 Third St Napa, CA 94559 alans@cleanpower.com City of Fort Collins Attn: Leland Keller 222 N Mason St Fort Collins, CO 80524 lkeller@fcgov.com City of Fort Collins Attn: Purchasing Dept. PO Box 580 Fort Collins, CO 80522 purchasing@fcgov.com 5.2 Each and every term and condition hereof shall be deemed to be a material element of this Agreement. In the event either party should fail or refuse to perform according to the terms of this agreement, such party may be declared in default. In the event a party has been declared in default, such defaulting party shall be allowed a period of thirty (30) days within which to cure said default. In the event the default remains uncorrected, the party declaring default may elect to (a) terminate the Agreement and seek damages; (b) treat the Agreement as continuing and require specific performance; or (c) avail itself of any other remedy at law or equity. 5.3 Upon termination of the Agreement, with or without cause, the Consultant shall have no claim against the City by reason of, or arising out of, incidental or relating to termination, except for compensation for work duly requested and satisfactorily performed as of the termination date in the notice and as described in the Agreement and shall refund to the City any prepaid cost or expenses. 6. RIGHTS AND LICENSE IN AND TO DATA 6.1 The parties agree that as between them, all rights in and to City Data shall remain the exclusive property of City, and Consultant has a limited, nonexclusive license to access and use City Data as provided in this Agreement solely for the purpose of performing its obligations hereunder. 6.2 All City Data created and/or processed by the Service is and shall remain the property of City and shall in no way become attached to the Service, nor shall Consultant have any rights in or to the City Data without the express written permission of the City and may not include Protected Information. DocuSign Envelope ID: 6054AE6C-E57E-4BF1-8A43-AAC9C349BB1D Official Purchasing Document Last updated 9/2021 Master Software Services Agreement 9502 Distributed Energy Resource Application Management Platform Page 8 of 42 6.3 This Agreement does not give a party any rights, implied or otherwise, to the other’s data, content, or intellectual property, except as expressly stated in the Agreement. 6.4 City retains the right to use the Service to access and retrieve data stored on Consultant’s Service infrastructure at any time during the term of this Agreement at its sole discretion. 7. DATA PRIVACY 7.1 Consultant will use City Data only for the purpose of fulfilling its duties under this Agreement and for City’s sole benefit and will not share City Data with or disclose it to any Third Party without the prior written consent of City or as otherwise required by law. By way of illustration and not of limitation, Consultant will not use City Data for Consultant’s own benefit and, in particular, will not engage in “data mining” of City Data or communications, whether through automated or human means, except as specifically and expressly required by law or authorized in writing by City. 7.2 Consultant will provide access to City Data only to those Consultant employees, contractors, Third Party, and Subcontractors (collectively, “Consultant Staff”) who need to access the City Data to fulfill Consultant’s obligations under this Agreement. Consultant will ensure that, prior to being granted access to the City Data, Consultant Staff who perform work under this Agreement have all undergone and passed criminal background screenings; have successfully completed annual instruction of a nature sufficient to enable them to effectively comply with all data protection provisions of this Agreement; have signed a non-disclosure agreement similar in form and content to paragraph 15; and possess all qualifications appropriate to the nature of the employees’ duties and the sensitivity of the City Data they will be handling. 7.3 If Consultant receives PII under this Agreement, Consultant shall implement and maintain reasonable written security procedures and practices that are appropriate to the nature of the PII and the nature and size of Consultant’s business and its operations. Unless Consultant agrees to provide its own security protections for the information it discloses to Consultant Staff, Consultant shall require all Consultant Staff to implement and maintain reasonable written security procedures and practices that are appropriate to the nature of the personal identifying information disclosed and reasonably designed to help protect the personal identifying information subject to this Agreement from unauthorized access, use, modification, disclosure, or destruction. Consultant and its third-party service providers that maintain electronic or paper documents that contain personal identifying information under this Agreement shall develop a written policy for the destruction of such records by shredding, erasing, or otherwise modifying the personal identifying information to make it unreadable or indecipherable when the records are no longer needed. DocuSign Envelope ID: 6054AE6C-E57E-4BF1-8A43-AAC9C349BB1D Official Purchasing Document Last updated 9/2021 Master Software Services Agreement 9502 Distributed Energy Resource Application Management Platform Page 9 of 42 7.4 Consultant may provide City Data to its agents, employees, assigns, and Consultant Staff, as necessary to perform the work, but shall restrict access to Confidential Information to those agents, employees, assigns, and Consultant Staff who require access to perform their obligations under this Agreement. Consultant shall ensure all such agents, employees, assigns, Consultant Staff, sign agreements containing nondisclosure provisions at least as protective as those in this Agreement, and that the nondisclosure provisions are in force at all times the agent, employee, assign, or Consultant Staff has access to any Confidential Information. Consultant shall provide copies of those signed nondisclosure instruments to the City upon execution of the nondisclosure provisions if requested by the City. 8. DATA SECURITY AND INTEGRITY 8.1 All facilities, whether Consultant hosted or Third Party Hosted, used to store and process City Data will implement and maintain administrative, physical, technical, and procedural safeguards and best practices at a level sufficient to provide the requested Service availability and to secure City Data from unauthorized access, destruction, use, modification, or disclosure appropriate for the City Data. Such measures include, but are not limited to all applicable laws, rules, policies, publications, and guidelines including, without limitation: (i) the most recently promulgated IRS Publication 1075 for all Tax Information, (ii) the most recently updated PCI Data Security Standard from the PCI Security Standards Council for all PCI, (iii) the most recently issued version of the U.S. Department of Justice, Federal Bureau of Investigation, Criminal Justice Information Services Security Policy for all CJI, (iv) the Colorado Consumer Protection Act, (v) the Children’s Online Privacy Protection Act (COPPA), (vi) the Family Education Rights and Privacy Act (FERPA), (vii) §24-72-101 et seq., (viii) the Telecommunications Industry Association (TIA) Telecommunications Infrastructure Standard for Data Centers (TIA-942); (ix) the federal Health Insurance Portability and Accountability Act for all PHI and the HIPAA Business Associate Addendum attached to this Agreement, if applicable. The Consultant shall submit to the Manager, within fifteen (15) days of the Manager’s written request, copies of the Consultant’s policies and procedures to maintain the confidentiality of protected health information to which the Consultant has access, and if applicable, Consultant shall comply with all HIPAA requirements contained herein or attached as an Exhibit. [If applicable, attach HIPAA Exhibit]. 8.2 Consultant warrants that all City Data will be encrypted in transmission (including via web interface) and in storage by a mutually agreed upon National Institute of Standards and Technology (NIST) approved strong encryption method and standard. The City may allow exceptions to encryption, however any limitations to this provision will be by written agreement between the Parties. 8.3 Consultant shall at all times use industry-standard and up-to-date security tools, technologies and procedures including, but not limited to anti-virus and anti-malware DocuSign Envelope ID: 6054AE6C-E57E-4BF1-8A43-AAC9C349BB1D Official Purchasing Document Last updated 9/2021 Master Software Services Agreement 9502 Distributed Energy Resource Application Management Platform Page 10 of 42 protections and intrusion detection and reporting in providing Services under this Agreement. 8.4 Consultant shall, and shall cause its Consultant Staff to do all of the following: 8.4.1 Provide physical and logical protection for all hardware, software, applications, and data that meets or exceeds industry standards and the requirements of this Agreement. 8.4.2 Maintain network, system, and application security, which includes, but is not limited to, network firewalls, intrusion detection (host and network), annual security testing, and improvements or enhancements consistent with evolving industry standards. 8.4.3 Comply with State and federal rules and regulations related to overall security, privacy, confidentiality, integrity, availability, and auditing. 8.4.4 Provide that security is not compromised by unauthorized access to workspaces, computers, networks, software, databases, or other physical or electronic environments. 8.4.5 Promptly report all Data Incidents, including Data Incidents that do not result in unauthorized disclosure or loss of data integrity. 8.4.6 Comply with all rules, policies, procedures, and standards issued by the City’s information technology cyber security team. 8.4.7 Subject to Consultant’s reasonable access security requirements and upon reasonable prior notice, Consultant shall provide the City with scheduled access for the purpose of inspecting and monitoring access and use of City Data, maintaining City systems, and evaluating physical and logical security control effectiveness. 8.4.8 Consultant shall perform background checks at the time of hiring in a form reasonably acceptable to the City on all of its respective employees and agents performing services or having access to City Data provided under this Agreement, including any Subcontractors or the employees of Subcontractors. 8.4.9 Consultant will provide notice to the Project Manager for the City indicating that background checks have been performed. Such notice will inform the City of any action taken in response to such background checks, including any decisions not to take action in response to negative information revealed by a background check. DocuSign Envelope ID: 6054AE6C-E57E-4BF1-8A43-AAC9C349BB1D Official Purchasing Document Last updated 9/2021 Master Software Services Agreement 9502 Distributed Energy Resource Application Management Platform Page 11 of 42 8.5 Consultant shall use, hold, and maintain Confidential and Protected Information in compliance with any and all applicable laws and regulations only in facilities located within the United States, and shall maintain a secure environment that ensures confidentiality of all Confidential and Protected Information. 8.6 Prior to the Effective Date of this Agreement, Consultant, will at its expense conduct or have conducted the following, and thereafter, Consultant will at its expense conduct or have conducted the following at least once per year, and, with the exception of 8.6.1, immediately after any Data Incident: 8.6.1 A SSAE 16/SOC 2 or other mutually agreed upon audit of Consultant’s security policies, procedures and controls; 8.6.2 A quarterly external and internal vulnerability scan of Consultant’s systems and facilities, to include public facing websites, that are used in any way to deliver Services under this Agreement. The report must include the vulnerability, age and remediation plan for all issues identified as critical or high; 8.6.3 A formal penetration test, performed by process and qualified personnel of Consultant’s systems and facilities that are used in any way to deliver Services under this Agreement. 8.6.4 No part of this agreement should be construed to prevent Consultant from taking action to protect Consultant systems, the data within them, the infrastructure upon which they run, or the systems accessing them from (1) malicious activity (“hacking”), computer viruses, worms, “trojan horses,” or other attacks (e.g., “flood” or denial of service attacks), or (2) issues caused by end user-, applicant-, customer-, admin- or third-party-sourced malformed calls, addresses, coordinates, code or data, whether resident in Consultant systems or not, or (3) any vulnerability scan, penetration test, scalability or performance test or other, similar probing of any Internet- reachable websites or devices used for the provision of services or support without prior written consent, whether or not such activities cause system performance degradation, network latency, timeouts, email bounces or other operational issues. In the event of service degradation in operational systems and so as to ensure the security, performance and operational integrity of those system(s), Consultant reserves the right to use automated and/or manual intervention to do any of the following: detect an issue; mitigate the issue by throttling or blocking offending calls, addresses, coordinates, code or data; temporarily deny access to one or more otherwise authorized users (or accounts in the case of API or softwar e-to- software integration); suspend City access to Services; inform the City of the issue. Inaccessibility or performance degradation of the Services resulting from such protective measures will not be deemed Downtime or DocuSign Envelope ID: 6054AE6C-E57E-4BF1-8A43-AAC9C349BB1D Official Purchasing Document Last updated 9/2021 Master Software Services Agreement 9502 Distributed Energy Resource Application Management Platform Page 12 of 42 degradation for the purposes of any service level agreement (SLA). Further, a vulnerability scan, scalability test or other probing of any Internet- reachable websites or devices used for the provision of services or support under this Agreement conducted by City or by a third party on behalf of City without prior written consent by Consultant will be assumed to be a hostile attack event, prompting Consultant to automatically or manually throttle or suspend City’s access to said services. Inaccessibility of the services resulting from such protective measures will not be deemed Downtime for the purposes of any service level agreement (SLA). City recognizes that it must proactively take steps to ensure that any third-party audit, scan, test, probing, or similar activity performed on its behalf and that impacts Consultant’s systems is compliant with these written consent requirements. Consultant will notify the City with twenty-four (24) hours of such an event or occurrence. 8.7 Consultant will provide City the reports or other documentation resulting from the above audits, certifications, scans, and tests annually upon request of City within fourteen (14) calendar days of Consultant’s receipt of such results. Notwithstanding this, Consultant will not provide specific results of security scans. Annual SOC 2 and related reports will be provided upon request and under a one- way NDA. 8.8 Based on the results and recommendations of the above audits, certifications, scans and tests, Consultant will, within thirty (30) calendar days of receipt of such results, promptly modify its security measures in order to meet its obligations under this Agreement and provide City with written evidence of remediation. 8.9 City may request, at its expense and with reasonable advance notice and justification, that Consultant perform additional audits and tests, to be initiated within thirty (30) calendar days of such request, the results of which will be provided to City within seven (7) business days of Consultant’s receipt of such results. 8.10 Consultant shall protect data against deterioration or degradation of data quality and authenticity, including, but not limited to annual Third-Party data integrity audits. Consultant will provide City the results of the above audits. 9. RESPONSE TO LEGAL ORDERS, DEMANDS OR REQUESTS FOR DATA 9.1 Except as otherwise expressly prohibited by law, Consultant will: 9.1.1 If required by a court of competent jurisdiction or an administrative body to disclose City Data, Consultant will notify City in writing immediately upon receiving notice of such requirement and prior to any such disclosure; 9.1.2 Consult with City regarding its response; DocuSign Envelope ID: 6054AE6C-E57E-4BF1-8A43-AAC9C349BB1D Official Purchasing Document Last updated 9/2021 Master Software Services Agreement 9502 Distributed Energy Resource Application Management Platform Page 13 of 42 9.1.3 Cooperate with City’s reasonable requests in connection with efforts by City to intervene and quash or modify the legal order, demand or request; and 9.1.4 Upon City’s request, provide City with a copy of its response. 9.2 If City receives a subpoena, warrant, or other legal order, demand or request seeking data maintained by Consultant, City will promptly provide a copy to Consultant. Consultant will make all reasonable efforts to supply City with copies of data required for City to respond within forty-eight (48) hours after receipt of copy from City and will cooperate with City’s reasonable requests in connection with its response. 10. DATA INCIDENT RESPONSE 10.1 The Consultant shall maintain documented policies and procedures for Data Incident and breach reporting, notification, and mitigation. If the Consultant becomes aware of any Data Incident, it shall notify the City immediately and cooperate with the City regarding recovery, remediation, and the necessity to involve law enforcement, as determined by the City. If there is a Data Incident impacting City Data, the Consultant shall cooperate with the City to satisfy notification requirements as currently defined in either federal, state, or local law. If demonstrated that Consultant or any of its agents, employees, assigns, or Consultant Staff are the cause or source of the Data Incident, Consultant shall be responsible for the cost of notifying each person who may have been impacted by the Data Incident. After a Data Incident, Consultant shall take steps to reduce the risk of incurring a similar type of Data Incident in the future as directed by the City, which may include, but is not limited to, developing, and implementing a remediation plan that is approved by the City at no additional cost to the City. 10.2 Consultant shall report, either orally or in writing, to City any Data Incident involving City Data, or circumstances that could have resulted in unauthorized access to or disclosure or use of City Data, not authorized by this Agreement or in writing by City, including any reasonable belief that an unauthorized individual has accessed City Data. Consultant shall make the report to City immediately upon discovery of the unauthorized disclosure, but in no event more than forty-eight (48) hours after Consultant reasonably believes there has been such unauthorized use or disclosure. Oral reports by Consultant regarding Data Incidents will be reduced to writing and supplied to City as soon as reasonably practicable, but in no event more than forty- eight (48) hours after oral report. 10.3 Immediately upon becoming aware of any such Data Incident, Consultant shall fully investigate the circumstances, extent and causes of the Data Incident, and report the results to City and continue to keep City informed daily of the progress of its investigation until the issue has been effectively resolved. DocuSign Envelope ID: 6054AE6C-E57E-4BF1-8A43-AAC9C349BB1D Official Purchasing Document Last updated 9/2021 Master Software Services Agreement 9502 Distributed Energy Resource Application Management Platform Page 14 of 42 10.4 Consultant’s report discussed herein shall identify: (i) the nature of the unauthorized use or disclosure, (ii) the data used or disclosed, (iii) who made the unauthorized use or received the unauthorized disclosure (if known), (iv) what Consultant has done or shall do to mitigate any deleterious effect of the unauthorized use or disclosure, and (v) what corrective action Consultant has taken or shall take to prevent future similar unauthorized use or disclosure. 10.5 Within five (5) calendar days of the date Consultant becomes aware of any such Data Incident, Consultant shall have completed implementation of corrective actions to remedy the Data Incident, restore City access to the Services as directed by City, and prevent further similar unauthorized use or disclosure. 10.6 Consultant, at its expense, shall cooperate fully with City’s investigation of and response to any such Data Incident. 10.7 Except as otherwise required by law, Consultant will not disclose or otherwise provide notice of the incident directly to any person, regulatory agencies, or other entities, without prior written permission from City. 10.8 Notwithstanding any other provision of this Agreement, and in addition to any other remedies available to City under law or equity, Consultant will promptly reimburse City in full for all costs incurred by City in any investigation, remediation or litigation resulting from any such Data Incident, including but not limited to providing notification to Third Parties whose data were compromised and to regulatory bodies, law-enforcement agencies or other entities as required by law or contract; establishing and monitoring call center(s), and credit monitoring and/or identity restoration services to assist each person impacted by a Data Incident in such a fashion that, in City’s sole discretion, could lead to identity theft; and the payment of legal fees and expenses, audit costs, fines and penalties, and other fees imposed by regulatory agencies, courts of law, or contracting partners as a result of the Data Incident. 11. DATA RETENTION AND DISPOSAL 11.1 Consultant will retain Data in an End User’s account, including attachments, until the End User deletes them or for the time period mutually agreed to by the parties in this Agreement. 11.2 Using appropriate and reliable storage media, Consultant will regularly backup Data and retain such backup copies consistent with the City’s data retention policies. 11.3 At the City’s election, Consultant will either securely destroy or transmit to City repository any backup copies of City. Consultant will supply City a certificate indicating the records disposed of the date disposed of, and the method of disposition used. DocuSign Envelope ID: 6054AE6C-E57E-4BF1-8A43-AAC9C349BB1D Official Purchasing Document Last updated 9/2021 Master Software Services Agreement 9502 Distributed Energy Resource Application Management Platform Page 15 of 42 11.4 Consultant will retain logs associated with End User activity consistent with the City’s data retention policies. 11.5 Consultant will immediately preserve the state of the data at the time of the request and place a “hold” on data destruction or disposal under its usual records retention policies of records that include data, in response to an oral or written request from City indicating that those records may be relevant to litigation that City reasonably anticipates. Oral requests by City for a hold on record destruction will be reduced to writing and supplied to Consultant for its records as soon as reasonably practicable under the circumstances. City will promptly coordinate with Consultant regarding the preservation and disposition of these records. Consultant shall continue to preserve the records until further notice by City. 12. DATA TRANSFER UPON TERMINATION OR EXPIRATION 12.1 Upon expiration or earlier termination of this Agreement or any Services provided in this Agreement, Consultant shall accomplish a complete transition of the Services from Consultant to the City, or any replacement provider designated solely by the City without any interruption of or adverse impact on the Services or any other services provided by third parties in this Agreement. Consultant shall cooperate fully with the City or such replacement provider and promptly take all steps required to assist in effecting a complete transition of the Services designated by the City. All reasonable services related to such transition shall be performed at no additional cost beyond what would be paid for the Services in this Agreement. Consultant shall extend the Agreement on a quarterly basis if additional time is required beyond the termination of the Agreement, if necessary, to effectuate the transition and the City shall pay a proration of the subscription fee. 12.2 Upon the expiration or termination of this Agreement, Consultant shall return City Data provided to Consultant or destroy City Data and certify to the City that it has done so, as directed by the City. If Consultant is prevented by law or regulation from returning or destroying Confidential Information, Consultant warrants it will guarantee the confidentiality of, and cease to use, such Confidential Information. To the extent that Consultant is requested to perform any services beyond the return of the City’s Data in connection with termination assistance, the same shall be performed pursuant to a written statement of work under this Agreement and paid for by City, applying Consultant’s then-current rates for daily/hourly work, as the case may be. 13. COMPLIANCE WITH APPLICABLE LAWS AND CITY POLICIES. Consultant warrants it has complied and will comply with all applicable federal, state, and local laws and regulations in performing the Services under this Agreement. Any Consultant personnel visiting City’s facilities will comply with all applicable City policies regarding access to, use of, and conduct within such facilities. City will provide copies of such policies to Consultant upon request. DocuSign Envelope ID: 6054AE6C-E57E-4BF1-8A43-AAC9C349BB1D Official Purchasing Document Last updated 9/2021 Master Software Services Agreement 9502 Distributed Energy Resource Application Management Platform Page 16 of 42 14. WARRANTIES, REPRESENTATIONS AND COVENANTS. Consultant represents and warrants that. 14.1 The Service will conform to applicable specifications, and operate and produce results substantially in accordance with the Documentation and the Exhibits attached hereto, and will be free from deficiencies and defects in materials, workmanship, design and/or performance during the Term of this Agreement; 14.2 All technology related services will be performed by qualified personnel in a professional and workmanlike manner, consistent with industry standards; 14.3 Consultant has the requisite ownership, rights and licenses to perform its obligations under this Agreement fully as contemplated hereby and to grant to the City all rights with respect to the software and Services free and clear from all liens, adverse claims, encumbrances and interests of any Third Party; 14.4 There are no pending or threatened lawsuits, claims, disputes or actions: (i) alleging that any software or service infringes, violates or misappropriates any Third-Party rights; or (ii) adversely affecting any software, service or supplier's ability to perform its obligations hereunder; 14.5 The Service will not violate, infringe, or misappropriate any patent, copyright, trademark, trade secret, or other intellectual property or proprietary right of any Third Party. 14.6 The software and Service will contain no malicious or disabling code that is intended to damage, destroy or destructively alter software, hardware, systems or data. Consultant’s obligations for breach of the Services warranty shall be limited to using its best efforts, at its own expense, to correct or replace that portion of the Services which fails to conform to such warranty, and, if Consultant is unable to correct any breach in the Services Warranty by the date which is sixty (60) calendar days after City provides notice of such breach, City may, in its sole discretion, either extend the time for Consultant to cure the breach or terminate this Agreement and receive a full refund of all amounts paid to Consultant during the current annual license period under this Agreement. 14.7 Disabling Code Warranty. Consultant represents, warrants and agrees that the Services do not contain and City will not receive from Consultant any virus, worm, trap door, back door, timer, clock, counter or other limiting routine, instruction or design, or other malicious, illicit or similar unrequested code, including surveillance software or routines which may, or is designed to, permit access by any person, or on its own, to erase, or otherwise harm or modify any City system or Data (a "Disabling Code"). In the event a Disabling Code is identified, Consultant shall take all steps necessary, at no additional cost to City, to: (a) restore and/or reconstruct any and all Data lost by City as a result of Disabling Code; (b) furnish to City a DocuSign Envelope ID: 6054AE6C-E57E-4BF1-8A43-AAC9C349BB1D Official Purchasing Document Last updated 9/2021 Master Software Services Agreement 9502 Distributed Energy Resource Application Management Platform Page 17 of 42 corrected version of the Services without the presence of Disabling Codes; and (c) as needed, re-implement the Services at no additional cost to City. This warranty shall remain in full force and effect as long as this Agreement remains in effect. 14.8 Third Party Warranties and Indemnities. Consultant will assign to City all Third-Party warranties and indemnities that Consultant receives in connection with any products provided to City. To the extent that Consultant is not permitted to assign any warranties or indemnities through to City, Consultant agrees to specifically identify and enforce those warranties and indemnities on behalf of City to the extent Consultant is permitted to do so under the terms of the applicable Third-Party agreements. 14.9 Delivery of Products shall not be construed to represent Acceptance, nor shall Delivery of Products relieve Consultant from its responsibility under any representation or warranty. If the City makes a payment for a Product prior to Acceptance, the payment does not grant a waiver of any representation or warranty by Consultant. 15. CONFIDENTIALITY 15.1 Consultant shall keep confidential, and cause all Subcontractors to keep confidential, all City Data, unless the City Data are publicly available. Consultant shall not, without prior written approval of the City, use, publish, copy, disclose to any third party, or permit the use by any third party of any City Data, except as otherwise stated in this Agreement, permitted by law, or approved in writing by the City. Consultant shall provide for the security of all Confidential Information in accordance with all applicable laws, rules, policies, publications, and guidelines. If Consultant or any of its Subcontractors will or may receive the following types of data, Consultant or its Subcontractors shall provide for the security of such data according to the following: (i) the most recently promulgated IRS Publication 1075 for all Tax Information and in accordance with the Safeguarding Requirements for Federal Tax Information, attached to this Contract as an Exhibit if applicable; (ii) the most recently updated PCI Data Security Standard from the PCI Security Standards Council for all PCI; (iii) the most recently issued version of the U.S. Department of Justice, Federal Bureau of Investigation, Criminal Justice Information Services Security Policy for all CJI; and (iv) the federal Health Insurance Portability and Accountability Act for all PHI and in accordance with the HIPAA Business Associate Agreement attached to this Agreement as an Exhibit if applicable. 15.2 The Receiving Party agrees to exercise the same degree of care and protection with respect to the Confidential Information that it exercises with respect to its own similar Confidential Information and not to directly or indirectly provide, disclose, copy, distribute, republish, or otherwise allow any Third Party to have access to any Confidential Information without prior written permission from the disclosing party. However: (a) either party may disclose Confidential Information to its employees and DocuSign Envelope ID: 6054AE6C-E57E-4BF1-8A43-AAC9C349BB1D Official Purchasing Document Last updated 9/2021 Master Software Services Agreement 9502 Distributed Energy Resource Application Management Platform Page 18 of 42 authorized agents who have a need to know; (b) either party may disclose Confidential Information if so required to perform any obligations under this Agreement; and (c) either party may disclose Confidential Information if so required by law (including court order or subpoena). Nothing in this Agreement shall in any way limit the ability of City to comply with any laws or legal process concerning disclosures by public entities. Consultant acknowledges that any responses, materials, correspondence, documents, or other information provided to City are subject to applicable state and federal law, including the CORA, and that the release of Confidential Information in compliance with those acts or any other law will not constitute a breach or threatened breach of this Agreement. 15.3 The Receiving Party will inform its employees and officers of the obligations under this Agreement, and all requirements and obligations of the Receiving Party under this Agreement shall survive the expiration or earlier termination of this Agreement. The Receiving Party shall not disclose City Data or Confidential Information to Subcontractors unless such Subcontractors are bound by non-disclosure and confidentiality provisions at least as strict as those contained in this Agreement. 16. COLORADO OPEN RECORDS ACT. The City is subject to §§ 24-72-201 et seq. of the Colorado Revised Statute (CORA). This Agreement is subject to public disclosure to the extent required by CORA. 17. SOFTWARE AS A SERVICE, SUPPORT AND SERVICES TO BE PERFORMED: (SAAS) 17.1 Consultant, under the general direction of, and in coordination with, the City’s Chief Information Officer or other designated supervisory personnel (the “Manager”) agrees to provide the Services listed on Exhibit A and perform the technology related services described on attached Exhibit B (the “Statement of Work”). 17.2 As the Manager directs, the Consultant shall diligently undertake, perform, and complete all of the technology related services and produce all the deliverables set forth on Exhibit A and B to the City’s satisfaction. 17.3 The Consultant is ready, willing, and able to provide the technology related services and the Services required by this Agreement. 17.4 The Consultant shall faithfully perform the technology related services in accordance with the standards of care, skill, training, diligence, and judgment provided by highly competent individuals performing services of a similar nature to those described in the Agreement and in accordance with the terms of the Agreement. 17.5 User ID Credentials. Internal corporate or customer (tenant) user account credentials shall be restricted as per the following, ensuring appropriate identity, entitlement, and access management and in accordance with established policies and procedures: DocuSign Envelope ID: 6054AE6C-E57E-4BF1-8A43-AAC9C349BB1D Official Purchasing Document Last updated 9/2021 Master Software Services Agreement 9502 Distributed Energy Resource Application Management Platform Page 19 of 42 17.5.1 Identity trust verification and service-to-service application (API) and information processing interoperability (e.g., SSO and Federation) 17.5.2 Account credential lifecycle management from instantiation through revocation 17.5.3 Account credential and/or identity store minimization or re-use when feasible 17.5.4 Adherence to industry acceptable and/or regulatory compliant authentication, authorization, and accounting (AAA) rules (e.g., strong/multi-factor, expire able, non-shared authentication secrets) 17.6 Vendor Supported Releases. The Consultant shall maintain the currency all third-party Deliverables used in the development and execution or use of the software including, but not limited to: all code libraries, frameworks, components, and other products (e.g., Java JRE, code signing certificates, .NET, jQuery plugins, etc.), whether commercial, free, open-source, or closed-source; with third-party vendor approved and supported releases. 18. GRANT OF LICENSE; RESTRICTIONS: 18.1 Consultant hereby grants to City a right and license to: (a) display, perform, and use the Service; and (b) use all intellectual property rights necessary to use the Service as authorized in subparagraph (a). 18.2 Title to and ownership of the Service will remain with Consultant. City will not reverse engineer or reverse compile any part of the Service. City will not remove, obscure or deface any proprietary notice or legend contained in the Service or Documentation without Consultant's prior written consent. 19. DELIVERY AND ACCEPTANCE: 19.1 Right to Perform Acceptance Testing. Prior to Accepting Deliverables, the City shall have the right to perform Acceptance Testing to evaluate the Deliverable(s) to ensure they meet Acceptance Criteria, if any, set forth on the applicable Order Form or Statement of Work. Consultant shall cooperate with the City in the development of Acceptance Criteria that shall be codified in the applicable Order Form or Statement of Work that will set forth the location, date, and other specifications of the Acceptance Testing, if any. Acceptance Testing may occur in one or more phases, depending on the integration of contingent products, scalability, performance tuning or other measurable features or milestones. City shall not unreasonably delay Acceptance Testing. 19.2 After an Acceptance Test and if at any time the Service does not conform, the City will notify Consultant in writing within sixty (60) days and will specify in reasonable DocuSign Envelope ID: 6054AE6C-E57E-4BF1-8A43-AAC9C349BB1D Official Purchasing Document Last updated 9/2021 Master Software Services Agreement 9502 Distributed Energy Resource Application Management Platform Page 20 of 42 detail the identified failures and possible reasons for failure. Consultant will, at its expense, repair or replace the nonconforming product within thirty (30) days after receipt of the City’s notice of deficiency, unless otherwise mutually agreed by the parties. 19.3 If the City issues an Acceptance Certificate for an "Acceptance with Exception(s)" the City will list the exception(s) and the date for Consultant's correction of the Error(s). If Error(s) are corrected by the listed date(s) the City agrees to commence further Acceptance Testing of the Deliverable or affected portion(s). If the Deliverable passes the Acceptance Tests, the City will issue an Acceptance Certificate. 19.4 If a Deliverable fails a second or subsequent Acceptance Test (or in the event of a single Acceptance Test, the Acceptance Test) in no event shall there be an increase to the original price agreed to by the Parties for the Deliverable. 19.5 The foregoing procedure will be repeated until the City accepts or finally rejects the Deliverable, in whole or part, in its sole discretion. In the event that the Service does not perform to the City’s satisfaction, the City reserves the right to repudiate acceptance. In the event that the City finally rejects the Service, or repudiates acceptance of it, Consultant will refund to the City all fees paid, if any, by the City with respect to the Service. 19.6 If the City is not satisfied with the Consultant’s performance of the technology related services described in the Statement of Work, the City will so notify Consultant within thirty (30) days after Consultant’s performance thereof. Consultant will, at its own expense, re-perform the service within thirty (30) days after receipt of City's notice of deficiency. The foregoing procedure will be repeated until City accepts or finally rejects the technology related service in its sole discretion. In the event that City finally rejects any technology related service, Consultant will refund to City all fees paid by City with respect to such technology related service. 19.7 The Consultant warrants that during the term of this Agreement that the Service and any associated components will not materially diminish during the subscription Term. 20. STATUS OF CONSULTANT: The Consultant is an independent contractor retained to perform professional or technical services for a limited period of time. It is understood that the City enters into the Agreement based on the special abilities of the Consultant and that this Agreement shall be considered as an agreement for personal services. Accordingly, the Consultant shall neither assign any responsibilities nor delegate any duties arising under the Agreement without the prior written consent of the City. 21. EXAMINATION OF RECORDS: The City or any authorized agent of the City, , has the right to access and the right to examine any pertinent books, documents, papers, and records of the Consultant, involving transactions related to the Agreement until the latter of three (3) DocuSign Envelope ID: 6054AE6C-E57E-4BF1-8A43-AAC9C349BB1D Official Purchasing Document Last updated 9/2021 Master Software Services Agreement 9502 Distributed Energy Resource Application Management Platform Page 21 of 42 years after the final payment under the Agreement or expiration of the applicable statute of limitations. 22. WHEN RIGHTS AND REMEDIES NOT WAIVED: In no event shall any action by either Party hereunder constitute or be construed to be a waiver by the other Party of any breach of covenant or default which may then exist on the part of the Party alleged to be in breach, and the non-breaching Party’s action or inaction when any such breach or default shall exist shall not impair or prejudice any right or remedy available to that Party with respect to such breach or default; and no assent, expressed or implied, to any breach of any one or more covenants, provisions or conditions of the Agreement shall be deemed or taken to be a waiver of any other breach. 23. INSURANCE: During the term of the Agreement, the Consultant shall maintain insurance in accordance with the requirement of Exhibit C. For Commercial General Liability, Auto Liability and Cyber Liability, the Consultant’s insurer(s) shall include the City, its elected and appointed officials, employees, and volunteers as additional insured. 24. DEFENSE AND INDEMNIFICATION: 24.1 Consultant hereby agrees to defend, indemnify, reimburse and hold harmless City, its appointed and elected officials, agents and employees (“Indemnified Parties”) for, from and against all liabilities, claims, judgments, suits or demands for damages to persons or property arising out of, resulting from, or relating to the work performed under this Agreement (“Claims”), unless such Claims have been specifically determined by the trier of fact to be due to the gross negligence or willful misconduct of the City. 24.2 Consultant’s duty to defend and indemnify City shall arise at the time written notice of the Claim is first provided to City regardless of whether claimant has filed suit on the Claim. Consultant’s duty to defend and indemnify City shall arise even if City is the only party sued by claimant and/or claimant alleges that City’s negligence or willful misconduct was the sole cause of claimant’s damages. 24.3 Consultant will defend any and all Claims which may be brought or threatened against City and will pay on behalf of City any expenses incurred by reason of such Claims including, but not limited to, court costs and attorney fees incurred in defending and investigating such Claims or seeking to enforce this indemnity obligation. Such payments on behalf of City shall be in addition to any other legal remedies available to City and shall not be considered City’s exclusive remedy. 24.4 Insurance coverage requirements specified in this Agreement shall in no way lessen or limit the liability of the Consultant under the terms of this indemnification obligation. The Consultant shall obtain, at its own expense, any additional insurance that it deems necessary for the City’s protection. DocuSign Envelope ID: 6054AE6C-E57E-4BF1-8A43-AAC9C349BB1D Official Purchasing Document Last updated 9/2021 Master Software Services Agreement 9502 Distributed Energy Resource Application Management Platform Page 22 of 42 24.5 Consultant shall indemnify, save, and hold harmless the Indemnified Parties, against any and all costs, expenses, claims, damages, liabilities, and other amounts (including attorneys’ fees and costs) incurred by the Indemnified Parties in relation to any claim that any Deliverable, Service, software, or work product provided by Consultant under this Agreement (collectively, “IP Deliverables”), or the use thereof, infringes a patent, copyright, trademark, trade secret, or any other intellectual property right. 24.6 This defense and indemnification obligation shall survive the expiration or termination of this Agreement. 25. COLORADO GOVERNMENTAL IMMUNITY ACT: The parties hereto understand and agree that the City is relying upon, and has not waived, the monetary limitations and all other rights, immunities and protection provided by the Colorado Governmental Act, § 24-10-101, et seq., C.R.S. (2003). 26. PROHIBITED TERMS. Any term included in this Agreement or exhibits that requires the City to indemnify or hold Consultant harmless; requires the City to agree to binding arbitration; limits Consultant’s liability for damages resulting from death, bodily injury, or damage to tangible property; or that conflicts with this provision in any way shall be void ab initio. Nothing in this Agreement shall be construed as a waiver of any provision of §24- 106-109 C.R.S. 27. TAXES, CHARGES AND PENALTIES: The City shall not be liable for the payment of taxes, late charges or penalties of any nature other than the compensation stated herein, except for any additional amounts which the City may be required to pay under D.R.M.C. § 20-107 to § 20-115. 28. ASSIGNMENT; SUBCONTRACTING: The Consultant shall not voluntarily or involuntarily assign any of its rights or obligations, or subcontract performance obligations, under this Agreement without obtaining the Manager’s prior written consent. Any assignment or subcontracting without such consent will be ineffective and void and shall be cause for termination of this Agreement by the City. The Manager has sole and absolute discretion whether to consent to any assignment or subcontracting, or to terminate the Agreement because of unauthorized assignment or subcontracting. In the event of any subcontracting or unauthorized assignment: (i) the Consultant shall remain responsible to the City; and (ii) no contractual relationship shall be created between the City and any sub-consultant, Subcontractor or assign. 29. NO THIRD PARTY BENEFICIARY: Enforcement of the terms of the Agreement and all rights of action relating to enforcement are strictly reserved to the parties. Nothing contained in the Agreement gives or allows any claim or right of action to any third person or entity. Any person or entity other than the City or the Consultant receiving services or benefits pursuant to the Agreement is an incidental beneficiary only. DocuSign Envelope ID: 6054AE6C-E57E-4BF1-8A43-AAC9C349BB1D Official Purchasing Document Last updated 9/2021 Master Software Services Agreement 9502 Distributed Energy Resource Application Management Platform Page 23 of 42 30. NO AUTHORITY TO BIND CITY TO CONTRACTS: The Consultant lacks any authority to bind the City on any contractual matters. Final approval of all contractual matters that purport to obligate the City must be executed by the City in accordance with the City’s Charter. 31. AGREEMENT AS COMPLETE INTEGRATION-AMENDMENTS: The Agreement is the complete integration of all understandings between the parties as to the subject matter of the Agreement. No prior, contemporaneous, or subsequent addition, deletion, or other modification has any force or effect, unless embodied in the Agreement in writing. No oral representation by any officer or employee of the City at variance with the terms of the Agreement or any written amendment to the Agreement will have any force or effect or bind the City. 32. SEVERABILITY: Except for the provisions of the Agreement requiring appropriation of funds and limiting the total amount payable by the City, if a court of competent jurisdiction finds any provision of the Agreement or any portion of it to be invalid, illegal, or unenforceable, the validity of the remaining portions or provisions will not be affected if the intent of the parties can be fulfilled. 33. NOTICES: All notices required by the terms of the Agreement must be hand delivered, sent by overnight courier service, mailed by certified mail, return receipt requested, or mailed via United States mail, postage prepaid, to the addresses set forth in Paragraph 5. Notices hand delivered or sent by overnight courier are effective upon delivery. Notices sent by certified mail are effective upon receipt. Notices sent by mail are effective upon deposit with the U.S. Postal Service. The parties may designate substitute addresses where or persons to whom notices are to be mailed or delivered. However, these substitutions will not become effective until actual receipt of written notification. 34. GOVERNING LAW; VENUE: The Agreement will be construed and enforced in accordance with applicable federal law, the laws of the State of Colorado, and the Charter, Revised Municipal Code, ordinances, regulations, and Executive Orders of the City, which are expressly incorporated into the Agreement. Unless otherwise specified, any reference to statutes, laws, regulations, charter or code provisions, ordinances, executive orders, or related memoranda, includes amendments or supplements to same. The parties further agree that Larimar County District Court is the proper venue for all disputes. If the City subsequently agrees in writing that the matter may be heard in federal court, venue will be in Denver District Court. In the event any provision of this Agreement shall be held invalid or unenforceable by any court of competent jurisdiction, such holding shall not invalidate or render unenforceable any other provision of this Agreement 35. NO DISCRIMINATION IN EMPLOYMENT: In connection with the performance of work under this contract, the Consultant may not refuse to hire, discharge, promote or demote, or discriminate in matters of compensation against any person otherwise qualified, solely because of race, color, religion, national origin, gender, age, military status, sexual DocuSign Envelope ID: 6054AE6C-E57E-4BF1-8A43-AAC9C349BB1D Official Purchasing Document Last updated 9/2021 Master Software Services Agreement 9502 Distributed Energy Resource Application Management Platform Page 24 of 42 orientation, gender identity or gender expression, marital status, or physical or mental disability. The Consultant shall insert the foregoing provision in all subcontracts. 36. LEGAL AUTHORITY: Consultant represents and warrants that it possesses the legal authority, pursuant to any proper, appropriate, and official motion, resolution or action passed or taken, to enter into the Agreement. Each person signing and executing the Agreement on behalf of Consultant represents and warrants that he has been fully authorized by Consultant to execute the Agreement on behalf of Consultant and to validly and legally bind Consultant to all the terms, performances and provisions of the Agreement. The City shall have the right, in its sole discretion, to either temporarily suspend or permanently terminate the Agreement if there is a dispute as to the legal authority of either Consultant or the person signing the Agreement to enter into the Agreement. 37. NO CONSTRUCTION AGAINST DRAFTING PARTY: The parties and their respective counsel have had the opportunity to review the Agreement, and the Agreement will not be construed against any party merely because any provisions of the Agreement were prepared by a particular party. 38. ORDER OF PRECEDENCE: In the event of any conflicts between the language of the Agreement and the exhibits, the language of the Agreement controls. 39. SURVIVAL OF CERTAIN PROVISIONS: The terms of the Agreement and any exhibits and attachments that by reasonable implication contemplate continued performance, rights, or compliance beyond expiration or termination of the Agreement survive the Agreement and will continue to be enforceable. Without limiting the generality of this provision, the Consultant’s obligations to provide insurance and to indemnify the City will survive for a period equal to any and all relevant statutes of limitation, plus the time necessary to fully resolve any claims, matters, or actions begun within that period. 40. INUREMENT: The rights and obligations of the parties herein set forth shall inure to the benefit of and be binding upon the parties hereto and their respective successors and assigns permitted under this Agreement. 41. TIME IS OF THE ESSENCE: The parties agree that in the performance of the terms, conditions, and requirements of this Agreement, time is of the essence. 42. FORCE MAJEURE: Neither party shall be responsible for failure to fulfill its obligations hereunder or liable for damages resulting from delay in performance as a result of war, fire, strike, riot or insurrection, natural disaster, unreasonable delay of carriers, governmental order or regulation, complete or partial shutdown of plant, unreasonable unavailability of equipment or software from suppliers, default of a Subcontractor or vendor (if such default arises out of causes beyond their reasonable control), the actions or omissions of the other party or its officers, directors, employees, agents, Consultants or elected officials and/or other substantially similar occurrences beyond the party’s reasonable control (“Excusable Delay”) herein. In the event of any such Excusable Delay, time for performance shall be DocuSign Envelope ID: 6054AE6C-E57E-4BF1-8A43-AAC9C349BB1D Official Purchasing Document Last updated 9/2021 Master Software Services Agreement 9502 Distributed Energy Resource Application Management Platform Page 25 of 42 extended for a period of time as may be reasonably necessary to compensate for such delay. 43. PARAGRAPH HEADINGS: The captions and headings set forth herein are for convenience of reference only and shall not be construed so as to define or limit the terms and provisions hereof. 44. APPROPRIATION. To the extent this Agreement constitutes a multiple fiscal year debt or financial obligation of the City, it shall be subject to annual appropriation by City Council as required by Article V, Section 8(b) of the City Charter, City Code §§8-186, and Article X, Section 20 of the Colorado Constitution. The City shall have no obligation to continue this Contract in any fiscal year in which no such appropriation is made and any termination required due to non-appropriation shall not result in any damages or be considered default. 45. CITY EXECUTION OF AGREEMENT: This Agreement is expressly subject to and shall not be or become effective or binding on the City until it has been fully executed by all signatories of the City. 46. COUNTERPARTS OF THIS AGREEMENT: This Agreement may be executed in counterparts, each of which shall be deemed to be an original of this Agreement. 47. ELECTRONIC SIGNATURES AND ELECTRONIC RECORDS: Consultant consents to the use of electronic signatures by the City. The Agreement, and any other documents requiring a signature hereunder, may be signed electronically by the City in the manner specified by the City. The Parties agree not to deny the legal effect or enforceability of the Agreement solely because it is in electronic form or because an electronic record was used in its formation. The Parties agree not to object to the admissibility of the Agreement in the form of an electronic record, or a paper copy of an electronic document, or a paper copy of a document bearing an electronic signature, on the ground that it is an electronic record or electronic signature or that it is not in its original form or is not an original. 48. ADVERTISING AND PUBLIC DISCLOSURE: The Consultant shall not include any reference to the Agreement or to services performed pursuant to the Agreement in any of the Consultant’s advertising or public relations materials without first obtaining the written approval of the Manager. Any oral presentation or written materials related to services performed under the Agreement will be limited to services that have been accepted by the City. The Consultant shall notify the Manager in advance of the date and time of any presentation. Nothing in this provision precludes the transmittal of any information to City officials. 49. ON-LINE AGREEMENT DISCLAIMER. Notwithstanding anything to the contrary herein, the City shall not be subject to any provision included in any terms, conditions, or agreements appearing on Consultant’s or a Subcontractor’s website or any provision incorporated into any click-through or online agreements related to the work unless that provision is specifically referenced in this Agreement. DocuSign Envelope ID: 6054AE6C-E57E-4BF1-8A43-AAC9C349BB1D Official Purchasing Document Last updated 9/2021 Master Software Services Agreement 9502 Distributed Energy Resource Application Management Platform Page 26 of 42 50. PCI/DSS COMPLIANCE: [ONLY FOR CREDIT CARD INTERFACE] 50.1 Any Consultant who provides or has access to software, systems, hardware, or devices which process and/or interact with payment card information or payment cardholder data must be compliant with the current version of the Payment Card Industry Data Security Standard (PCI DSS). 50.2 The Consultant covenants and agrees to comply with Visa’s Cardholder Information Security Program/CISP, MasterCard’s Security Data Program and SDP Rules, and with all other credit card association or National Automated Clearing House Association (NACHA) rules or rules of member organizations (generally “Association”), and further covenants and agrees to maintain compliance with the Payment Card Industry Data Security Standards (PCI DSS), MasterCard Site Data Protection (SDP), and (where applicable) the VISA Payment Application Best Practices (PABP) (collectively, the “Security Guidelines”). Consultant represents and warrants that all of the hardware and software components that it utilizes for the City or uses under this Agreement is and will be PCI DSS compliant. All service providers that Consultant uses under the Agreement must be recognized by VISA as compliant with PABP. Consultant further agrees to exercise reasonable due diligence to ensure that all of its service providers, agents, business partners, contractor, Subcontractors and any person or entity that may have access to credit card information under this Agreement maintain compliance with the Security Guidelines and comply in full with the terms and conditions set out in this Section. Consultant further certifies that the equipment, as described herein, will be deployed in a manner that meets or exceeds the PADSS and/or PCI certification and will be deployed on a network that meets or exceeds PCI standards. Consultant shall demonstrate its compliance with PCI DSS by annually providing the City an executed Attestation of Compliance. Consultant must provide verification to the City, prior to start up and ongoing annually during the term of this Agreement, that all modules of the Consultant’s system(s) that interface with or utilize credit card information in any manner or form of collection are Payment Card Industry Data Security Standards (PCI DSS) compliant. 50.3 The Consultant shall not retain or store CVV2/CVC2 data subsequent to authorization of a credit card transaction, shall prohibit disclosure of any and all cardholder information, and in the event of a compromise of credit card information of any kind, Consultant shall immediately notify the City in writing, and shall provide, at Consultant’s sole expense, all necessary and appropriate notification to parties and persons affected by such disclosure and compromise. 50.4 The Consultant must provide quarterly results of a network scan for all Internet or IVR payment acceptance modules that verify PCI DSS compliance, or in the City’s sole discretion, allow the City’s contracted PCI DSS compliance auditor full access to the Consultant’s system(s) at any time to provide this verification to the City. Any cost associated with the City’s contracted PCI DSS compliance auditor will be paid DocuSign Envelope ID: 6054AE6C-E57E-4BF1-8A43-AAC9C349BB1D Official Purchasing Document Last updated 9/2021 Master Software Services Agreement 9502 Distributed Energy Resource Application Management Platform Page 27 of 42 by the City. If any Association requires an audit of the Consultant or any of Consultant’s service providers, agents, business partners, contractors, or Subcontractors due to a data security compromise event related to this Agreement, Consultant agrees to cooperate with such audit. If as a result of an audit of the City it is determined that any loss of information is attributable to the Consultant, the Consultant shall pay the City’s reasonable costs relating to such audit, including attorney’s fees. No review, approval, or audit by the City shall relieve the Consultant from liability under this section or under other provisions of this Agreement. 50.5 Incident Response. In the event Consultant becomes aware of a confirmed or suspected Data Incident involving the unauthorized disclosure or theft of PCI Data, Consultant shall (a) notify the City promptly, (b) cooperate in any investigation, (c) promptly take reasonable measures included in the Services contracted by the City hereunder to prevent further unauthorized access or use of City Data, (d) cooperate with the City's notification to affected individuals if such notification is required by applicable law or regulation, and (e) perform all such other acts, or cooperate with the City's performance of all such other acts, that are required with respect to such security incident by applicable law or regulation, Consultant shall provide assistance as reasonably requested by the City for any additional requirements related to a security incident. 50.6 In the event of a Data Incident, or if, in the City's reasonable opinion, there is a suspected violation of security, fraud, or a potential data or security breach, the City may request an investigation by an independent third-party qualified PCI Forensic Investigator (PFI). If the investigation reasonably finds that such violation, fraud, or breach is the result of Consultant's actions or omissions Consultant shall reimburse the City as set forth below. 50.7 In addition to all other defense and indemnity obligations undertaken by the Consultant under this Agreement, the Consultant, to the extent that its performance of this Agreement includes the allowance or utilization by members of the public of credit cards to pay monetary obligations to the City or the Consultant, or includes the utilization, processing, transmittal and/or storage of credit card data by the Consultant, shall defend, release, indemnify and save and hold harmless the City against any and all fines, penalties, assessments, costs, damages or other financial obligations, however denominated, assessed against the City and/or the Consultant by credit card company(s), financial institution(s) or by the National Automated Clearing House Association (NACHA) or successor or related entity, including but not limited to, any credit card company fines, regardless of whether considered to be consequential, special, incidental or punitive damages, costs of notifying parties and persons affected by credit card information disclosure, the cost of replacing active credit cards, and any losses associated with fraudulent transaction(s) occurring after a security breach or loss of information with respect to credit card information, and shall defend, release, indemnify, and save and hold harmless the DocuSign Envelope ID: 6054AE6C-E57E-4BF1-8A43-AAC9C349BB1D Official Purchasing Document Last updated 9/2021 Master Software Services Agreement 9502 Distributed Energy Resource Application Management Platform Page 28 of 42 City from any and all claims, demands, suits, actions, liabilities, causes of action or legal or equitable proceedings of any kind or nature, of or by anyone whomsoever, in any way affected by such credit card data or utilizing a credit card in the performance by Consultant of this Agreement. In furtherance of this, Consultant covenants to defend and indemnify the City and the Consultant shall maintain compliance with the Payment Card Industry Data Security Standard (PCI DSS) and with all other requirements and obligations related to credit card data or utilization set out in this Agreement. DocuSign Envelope ID: 6054AE6C-E57E-4BF1-8A43-AAC9C349BB1D Official Purchasing Document Last updated 9/2021 Master Software Services Agreement 9502 Distributed Energy Resource Application Management Platform Page 29 of 42 THE CITY OF FORT COLLINS, COLORADO By: Gerry Paul, Purchasing Director Date: ATTEST: APPROVED AS TO FORM: CLEAN POWER RESEARCH L.L.C. By: Printed: Title: Date: DocuSign Envelope ID: 6054AE6C-E57E-4BF1-8A43-AAC9C349BB1D Vice President, Sales and Business Devel Alan Saunders 5/31/2022 Assistant City Attorney ll 6/2/2022 City Clerk Official Purchasing Document Last updated 9/2021 Master Software Services Agreement 9502 Distributed Energy Resource Application Management Platform Page 30 of 42 EXHIBIT A SCOPE OF SERVICE The following Scope of Service provides additional detail on how Clean Power Research (Consultant) will satisfy Statement of Work within Exhibit B. Clean Power Research will implement the DER interconnection workflow in a ready-to-launch online application portal configured in Consultant’s PowerClerk software, which we will license to the City. This collaborative process begins by leveraging input from key city stakeholders to map out the workflow, identify the user roles and privileges, build the forms, communication templates, deadline definitions, and documents involved. Following the requirements gathering and design implementation phases, the Consultant’s professional services team will coordinate and execute end-to-end testing. After completion of testing the City may opt for a pilot launch to allow select applicants access. This feedback can be used to guide any final configuration changes required prior to a formal, public launch. The PowerClerk software and its configuration by Consultant will meet all the requirements and processes outlined in the Statement of Work Exhibit B, attached hereto. Primary Items A thru L and requirement items 4 thru 8 outlined in the Additional Capabilities Disclosure section. Additional Capabilities Disclosure Items 1 thru 3 are also met via PowerClerk, however comments below provide additional guidance and dependencies: Additional Capabilities Disclosure Items 1 and 2 – API’s and Data Integration (e.g. Accela) A PowerClerk license includes access to the PowerClerk API which can be leveraged to integrate with external software. These integrations are externally initiated and can be used to populate and update external systems (e.g., ERP, CRM, CIS, billing etc.) with PowerClerk data, to create and/or update PowerClerk projects programmatically, to integrate distribution planning systems to automate technical screening and to provide real-time information about distributed generation penetration on utility circuits via Geographic Information Systems (GIS) maps. The complete PowerClerk API documentation may be accessed on the Consultant developers’ site at https://developers.cleanpower.com/application_process_automation/ Exchanges initiated from within PowerClerk can utilize either PowerClerk’s custom or standardized web adapter framework to call utility-specific web services. These adapters can support real-time validation of application field data with for example, the Utilities Customer Information System, or can kick off processes in other systems (e.g., a “set meter request”). This functionality requires a reachable web service which can be called using a secure mechanism agreed upon for passing credentials (e.g., BasicAuth over http, mutual authentication, or OAuth). There are line-item costs for web adapter maintenance, as well as custom one-time development if a special web adapter needs to be created. Additional Capabilities Disclosure Item 3 –Additional Application and Use Case Support PowerClerk software was built as self-service software in anticipation that other utility DER (and non-DER) programs could also take advantage of the feature set. As covered in the executive summary, we have customers currently using PowerClerk for many non-solar related programs including EV charging, real estate right-of-way, new service delivery, etc. The pricing offered is specific to the solar interconnection use case requested. However, we have designed DocuSign Envelope ID: 6054AE6C-E57E-4BF1-8A43-AAC9C349BB1D Official Purchasing Document Last updated 9/2021 Master Software Services Agreement 9502 Distributed Energy Resource Application Management Platform Page 31 of 42 PowerClerk pricing to enable our utility clients to explore new use cases and share the volumetric application costs among participating programs via a flexible applications “point” system (covered in reference quote included in our response). Gantt chart outlining the schedule for completing tasks: DocuSign Envelope ID: 6054AE6C-E57E-4BF1-8A43-AAC9C349BB1D Official Purchasing Document Last updated 9/2021 Master Software Services Agreement 9502 Distributed Energy Resource Application Management Platform Page 32 of 42 SERVICE DESCRIPTION SERVICE LEVEL AGREEMENT If the Monthly Uptime Percentage falls below 99.9% for any given month, The City may be eligible for the following Service Credit for the affected month based on a prorated subscription fee: Monthly Uptime Percentage Service Credit < 99.9% 10% < 99% 25% Monthly Uptime Percentage shall be defined as the percentage of time that Services are available according to a 3rd party monitoring service as determined by Consultant. Any time that Services are unavailable due to planned downtime for maintenance and communicated to City, a general internet outage, infrastructure or services outside of control of Consultant such as the unavailability of Amazon Web Services, shall not be included in the numerator or denominator when calculating the Monthly Uptime Percentage. If Consultant fails to meet the minimum Monthly Uptime Percentage described above for Services, City may submit a claim for a Service Credit. City must submit a claim to customer support at support@cleanpower.com that includes: (i) a detailed description of the incident; (ii) information regarding the duration of the downtime; (iii) the number and location(s) of affected users (if applicable); and (iv) descriptions of attempts to resolve the incident at the time of occurrence. Consultant must receive the claim and all required information by the end of the calendar month following the month in which the incident occurred. For example, if the incident occurred on February 15th, Consultant must receive the claim and all required information by March 31st. Consultant will evaluate all information reasonably available—particularly logs and reports from Consultant automated, distributed monitoring services—to make a good faith judgment on whether a Service Credit is owed. Consultant will use commercially reasonable efforts to process claims within forty-five (45) days of receipt. City must be in compliance with the other contractual and license terms in order to be eligible for a Service Credit. If Consultant determines that a Service Credit is owed to City, Consultant will apply the Service Credit to City’s applicable fees or extend service if service would otherwise terminate and no additional fees are due. DocuSign Envelope ID: 6054AE6C-E57E-4BF1-8A43-AAC9C349BB1D Official Purchasing Document Last updated 9/2021 Master Software Services Agreement 9502 Distributed Energy Resource Application Management Platform Page 33 of 42 EXHIBIT B STATEMENT OF WORK BACKGROUND & OBJECTIVE Objective The City of Fort Collins Utilities (Utilities) is requesting that Clean Power Research provide a solution accessible online that supports streamlined application processing for solar, battery storage, and other Distributed Energy Resource (DER) interconnection as well as incentive program application processing, program administration and tracking functions. Utilities is seeking to configure software to meet the described requirements to the greatest extent possible and is not interested in customized software solutions. Background Solar photovoltaic (PV) adoption has grown rapidly in Fort Collins over the past decade. Over the past 16 years, Utilities has interconnected more than 23 megawatts (MW) of customer- owned generation. The volume of unique project applications, once dozens per year, now exceeds 600 per year with an annual growth rate as high as 40%. This growth has strained the existing business process and spreadsheet-based tracking and reporting system to its limits. Fort Collins Utilities seeks to enhance the speed and efficiency of processing DER interconnection and rebate applications, reduce administrative burdens, and updated record storage systems associated with those applications. These enhancements will improve the speed of project approval, reducing the timeframe for project installation and associated benefits to customers and solar contractors. Fort Collins has ambitious climate and energy goals including an 80% reduction in community carbon emissions and 100% renewable electricity by 2030. Fort Collins Utilities serves nearly 77,000 (both single family and multi-family) electric customers with total annual sales of approximately 1,500 gigawatt-hours. The Utility also provides water, wastewater, stormwater, internet, and financing services. Primary Requirements: Capabilities of the software platform should include the following: A. Web form(s) for contractors to submit DE interconnection project applications for generators of various sizes and types, energy storage, upgrades, or enhancements to existing DER systems, and other generation or energy storage options which may be allowed in the future. B. Accept applications via web form using required fields and field-conditional logic for intake of data associated with a project, including: a. Details about the equipment, customer, DER equipment owner, and contractors involved, b. Details such as size and orientation of solar sub-arrays and inverter model info, c. Application fields that are only displayed conditionally based on other field input. For example, battery system component details are required only if the contractor indicates that battery storage is included in the project. d. Support the attachment of supplemental documentation including plans, customer contract, etc. DocuSign Envelope ID: 6054AE6C-E57E-4BF1-8A43-AAC9C349BB1D Official Purchasing Document Last updated 9/2021 Master Software Services Agreement 9502 Distributed Energy Resource Application Management Platform Page 34 of 42 C. Capture digital signature of contractor submitting application as well as host electric customer D. Collect application fees based on logic and type of DE application E. Trigger email notification to contractor and / or electric customer with message templates for different scenarios such as: a. Electronic approval of project application b. Issue permission to operate F. Support modifications to DER projects in progress by contractor, such as a change in the size of a PV array and addition or removal of battery storage. Archive outdated versions of plans and approvals. Modification triggers certain business processes to repeat from a certain point, such as Technical Review. G. Support the application for DER incentives offered through Utilities programs for solar installation, battery storage installation, and other DER equipment incentives that may emerge in the future. Incentive program functionality required: a. Display available incentive(s) to applicant b. Compute incentive based on data provided by applicant c. Approve project installation with or without incentive based on incentive program rules H. Administrative business process management for Utilities staff: a. Review project applications and monitor the progress of each application in unique stages of application lifecycle from initiation to conclusion, b. Save staff notes associated to applications which may be incomplete or contain erroneous entries, c. Provide stage-level approval (such as intake review, technical review, etc.) or assignment and automated notification for internal assignments according to business rules (example: technical review, distribution system impact study (SIS), d. Track the date and name of staff approving stages of review, e. Provide automated notification via email to one or multiple external stakeholders according to business rules for a project (example: email project approval, missing documentation, fire department project review, etc.), f. Update application status and advance through lifecycle according to stage-gate process rules, g. Organize, store, and track data entered via form for each project application in conjunction with supplemental application documents uploaded, h. Report on status of all project applications in-process, i. Report on key performance indicators of handling interconnections and rebate applications from initial receipt through interconnection and incentive payment, j. Notify contractor and/or customer of project applications driven by status and age: i. For purging unsubmitted draft applications ii. For purging inactive approved projects that haven’t been completed or have been canceled without notification to Utilities DocuSign Envelope ID: 6054AE6C-E57E-4BF1-8A43-AAC9C349BB1D Official Purchasing Document Last updated 9/2021 Master Software Services Agreement 9502 Distributed Energy Resource Application Management Platform Page 35 of 42 k. Support tracking multiple contractors associated with a project, such as: i. Applicant contractor ii. Sales contractor iii. Design contractor iv. Installation contractor v. Designated subcontractor(s) I. Data warehousing of project applications received, organized by a premises- specific identification number correlating to Utilities’ customer information system, including: a. Attached documents uploaded to the platform by contractor for each application b. Field inspection forms completed by Utilities staff c. Photos and video documentation posted by contractor or by Utilities staff d. Project review notes generated by staff J. Ability to apply a decommissioned status to DER projects that received permission to operate but were later removed, K. Periodic export or transfer of a secure flat-file of project database records with designated data fields, L. Periodic export or transfer of all documents, notes and records associated with each project to archive or document management system under Utilities’ control. Tasks for the Clean Power Research include: 1. Develop detailed plan for implementation of the Scope of Service to configure, deliver, commission, test, and support roll out of platform within specified timeframe. 2. Develop detailed plan which imports historic data to the platform database. 3. Complete configuration of Clean Power Research software to the agreed upon Scope of Service. 4. Complete import and quality assurance review of historic DER project data (not supporting project files). 5. Support Utilities staff through platform testing and resolution of identified issues. 6. Provide training materials and training events for operators and stakeholders at Fort Collins Utilities (in-person or by interactive web meetings), deliver documentation for platform configuration. 7. Participate in one training event offered to solar contractors (to be recorded), 8. Provide a plan for periodic records transfer compatible with a Utilities future data warehouse solution. Describe end of contract records transfer if different than archive process. 9. Maintain a schedule of project meetings necessary for project completion. DocuSign Envelope ID: 6054AE6C-E57E-4BF1-8A43-AAC9C349BB1D Official Purchasing Document Last updated 9/2021 Master Software Services Agreement 9502 Distributed Energy Resource Application Management Platform Page 36 of 42 Additional Capabilities Disclosure Beyond discussion of software platform requirements, Utilities requests information for the following optional capabilities: 1. Integration or API to Accela software. 2. Integration with databases such as distribution system ESRI ArcGIS, Utilities Customer Information System, etc. which could support real-time validation of application field data with these other software systems. 3. Support applications for, and tracking of, distributed energy technologies such as electric vehicle chargers or grid-integrated controllable electric water heaters. 4. Complete project field inspection forms remotely on tablets, linking inspection records to specific project in the database. 5. Support maintaining a database of contractors which can: a. Distinguish contractors authorized by Utilities as active in ‘Participating Solar Contractor Network’. b. Match DER application contractors to approved Participating Solar Contractors list. c. Maintain status of contractor, employee contacts within each contractor organization. 6. Reporting functionality to support incentive program management and standardized industry reporting, such as: a. Monthly and annual project and incentive application volume, incentive dollars reserved and released for payment, by resource type (solar, battery, etc.) and by sector (residential, commercial). b. Total aggregate project applications and capacity additions by year, year-to- date by DER type. c. Energy Information Administration standardized reporting as required for solar projects, battery storage, etc. i. Identify changes made on projects since previous quarter or year to explain amended data reporting. 7. Support interfacing to an enterprise content management system managed by Utilities for storing project documents. 8. Track the records for each DER installed over time based on a premises identification number, updating the record as the electric account holder for the premises of each installation changes over time. a. Support requesting and capturing signatures for a new Net Metering Agreement triggered based on change of account holder. DocuSign Envelope ID: 6054AE6C-E57E-4BF1-8A43-AAC9C349BB1D Official Purchasing Document Last updated 9/2021 Master Software Services Agreement 9502 Distributed Energy Resource Application Management Platform Page 37 of 42 EXHIBIT C INSURANCE REQUIREMENTS The Consultant will provide, from insurance companies acceptable to the City, the insurance coverage designated hereinafter and pay all costs. Before commencing work under this bid, the Consultant shall furnish the City with certificates of insurance showing the type, amount, class of operations covered, effective dates and date of expiration of policies. In case of the breach of any provision of the Insurance Requirements, the City, at its option, may take out and maintain, at the expense of the Consultant, such insurance as the City may deem proper and may deduct the cost of such insurance from any monies which may be due or become due the Consultant under this Agreement. Insurance certificates should show the certificate holder as follows: City of Fort Collins Purchasing Division PO Box 580 Fort Collins, CO 80522 The City, its officers, agents, and employees shall be named as additional insureds on the Consultant 's general liability and automobile liability insurance policies by marking the appropriate box or adding a statement to this effect on the certificate, for any claims arising out of work performed under this Agreement. Insurance coverages shall be as follows: A. Workers' Compensation & Employer's Liability. The Consultant shall maintain during the life of this Agreement for all of the Consultant's employees engaged in work performed under this agreement. Workers' Compensation & Employer’s Liability insurance shall conform with statutory limits of $100,000 per accident, $500,000 disease aggregate, and $100,000 disease each employee, or as required by Colorado law. B. General Liability. The Consultant shall maintain during the life of this Agreement such General Liability as will provide coverage for damage claims of personal injury, including accidental death, as well as for claims for property damage, which may arise directly or indirectly from the performance of work under this Agreement. Coverage for property damage shall be on a "broad form" basis. The amount of insurance for General Liability, shall not be less than $1,000,000 combined single limits for bodily injury and property damage. C. Automobile Liability. The Consultant shall maintain during the life of this Agreement such Automobile Liability insurance as will provide coverage for damage claims of personal injury, including accidental death, as well as for claims for property damage, which may arise directly or indirectly from the performance of work under this Agreement. Coverage for property damage shall be on a "broad form" basis. The amount of insurance for Automobile Liability, shall not be less than $1,000,000 combined single limits for bodily injury and property damage. In the event any work is performed by a subcontractor, the Consultant shall be responsible for any liability directly or indirectly arising out of the work performed under this Agreement by a subcontractor, which liability is not covered by the subcontractor's insurance. D. Cyber Insurance. The Consultant shall maintain cyber insurance in the amount of not less than $3,000,000. DocuSign Envelope ID: 6054AE6C-E57E-4BF1-8A43-AAC9C349BB1D Official Purchasing Document Last updated 9/2021 Master Software Services Agreement 9502 Distributed Energy Resource Application Management Platform Page 38 of 42 EXHIBIT D COMPENSATION IMPLEMENTATION AND YEAR ONE POWERCLERK ANNUAL SUBSCRIPTION DocuSign Envelope ID: 6054AE6C-E57E-4BF1-8A43-AAC9C349BB1D Official Purchasing Document Last updated 9/2021 Master Software Services Agreement 9502 Distributed Energy Resource Application Management Platform Page 39 of 42 Milestone Payment Structure Consultant shall invoice for all software license services annually, in advance of the provisions of such services. First year software license fee of Fifty-One Thousand Seven Hundred Dollars ($51,700) shall be invoiced as of the execution date of this agreement. Initial implementation, and one-time items, comprising the labor portion of the first-year costs shall not exceed Seventy-Two Thousand Four Hundred Dollars ($72,400) and will be paid in accordance with the following milestones: 1. Fifty percent (50%) upon contract execution: Thirty-Six Thousand Two Hundred Dollars ($36,200). 2. Thirty Five percent (35%) at Program Launch soft rollout to contractors, including contractor training supported by Consultant and City staff training delivered by Consultant: Twenty-Five Thousand Three Hundred and Forty Dollars ($25,340). 3. Fifteen percent (15%) at back-end completion & City acceptance (data import from existing tracker, all scheduled imports and exports proven, all training and documentation delivered): Ten Thousand Eight Hundred Sixty Dollars ($10,860). DocuSign Envelope ID: 6054AE6C-E57E-4BF1-8A43-AAC9C349BB1D Official Purchasing Document Last updated 9/2021 Master Software Services Agreement 9502 Distributed Energy Resource Application Management Platform Page 40 of 42 ONE TIME CLEAN POWER RESEARCH SERVICE HOURS AND COST FOR POWERCLERK CONFIGURATION AND IMPLEMENTATION DocuSign Envelope ID: 6054AE6C-E57E-4BF1-8A43-AAC9C349BB1D Official Purchasing Document Last updated 9/2021 Master Software Services Agreement 9502 Distributed Energy Resource Application Management Platform Page 41 of 42 HOURS BY TASK The hours in this table include meetings, conference calls, and general support of the planning, configuration, testing & Q/A, and associated task to get solar program launched. DocuSign Envelope ID: 6054AE6C-E57E-4BF1-8A43-AAC9C349BB1D Official Purchasing Document Last updated 9/2021 Master Software Services Agreement 9502 Distributed Energy Resource Application Management Platform Page 42 of 42 SCHEUDLE OF BILLING RATES FOR ADDITIONAL SERVICES DocuSign Envelope ID: 6054AE6C-E57E-4BF1-8A43-AAC9C349BB1D