The URL can be used to link to this page

Home My WebLink About460556 OPOWER INC - CONTRACT - RFP - 7570 HOME EFFICIENCY REPORTS7570 Home Efficiency Reporting Program Page 1 of 27 SERVICES AGREEMENT THIS AGREEMENT made and entered into the day and year set forth below, by and between THE CITY OF FORT COLLINS, COLORADO, a Municipal Corporation, hereinafter referred to as the "City" and OPOWER, INC., a Delaware Corporation, hereinafter referred to as "Service Provider". WITNESSETH: In consideration of the mutual covenants and obligations herein expressed, it is agreed by and between the parties hereto as follows: 1. Services to be Performed. a. This Agreement shall constitute the basic agreement between the parties for services for 7570 Home Efficiency Reporting Program. The conditions set forth herein shall apply to all services performed by the Service Provider on behalf of the City and particularly described in the Scope of Work as agreed upon in writing by the parties. The Scope of Work shall be attached hereto as Exhibit "A", and including the Statement of Work contained in Attachment A thereto, consisting of twenty (20) pages and incorporated herein by this reference. Irrespective of references in Exhibit A to certain named third parties, Service Provider shall be solely responsible for performance of all duties hereunder, including all obligations regarding data security, confidential information, or protection of information. b. The City may, at any time during the term of the Scope of Work, and without invalidating the Agreement, request changes within the general scope of the particular services assigned and Service Provider shall work with the City in good faith to provide the requested changes pursuant to a mutually agreed upon written change order. DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 7570 Home Efficiency Reporting Program Page 2 of 27 2. Changes in the Work. The City reserves the right to independently bid any services rather than issuing work to the Service Provider pursuant to this Agreement. Nothing within this Agreement shall obligate the City to have any particular service performed by the Service Provider other than as specifically set forth in the executed Scope of Work. 3. Time of Commencement and Completion of Services. The services to be performed pursuant to this Agreement shall be initiated as specified in the Scope of Work. 4. Contract Period. This Agreement shall commence May 1, 2014 and shall continue in full force and effect until July 31, 2015, unless sooner terminated as herein provided (“Initial Contract Period”). In addition, at the option of the City, the Agreement may be extended for additional one year periods not to exceed four (4) additional one year periods. Renewals and pricing changes shall be negotiated by and agreed to by both parties. Written notice of renewal shall be provided to the Service Provider and mailed no later than 90 days prior to contract end. In the event the Agreement is renewed, the final term of the Agreement shall be a program year of twelve (12) months plus an additional 2 months during which period services will end, however, Service Provider will provide final reporting for the program year. 5. Delay. If either party is prevented in whole or in part from performing its obligations by unforeseeable causes beyond its reasonable control and without is fault or negligence, then the party so prevented shall be excused from whatever performance is prevented by such cause. To the extent that the performance is actually prevented, the nonperforming party must provide written notice to the other party of such condition within fifteen (15) days from the onset of such condition. 6. Termination/Notices. Notwithstanding the time periods contained herein, at any time after the Initial Contract Period, the City may terminate this Agreement at any time without cause by providing written notice of termination to the Service Provider. Such notice shall DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 7570 Home Efficiency Reporting Program Page 3 of 27 be mailed at least thirty (30) days prior to the termination date contained in said notice unless otherwise agreed in writing by the parties. All notices provided under this Agreement shall be effective when mailed, postage prepaid and sent to the following address: Service Provider: City: Copy to: Opower, Inc. Attn: General Counsel 1515 N. Courthouse Rd., 8th Fl. Arlington, VA 22201 City of Fort Collins Attn: John Phelan PO Box 580 Fort Collins, CO 80522 City of Fort Collins Attn: Purchasing Dept. PO Box 580 Fort Collins, CO 80522 In the event of early termination by the City, the Service Provider shall be paid for services rendered to the termination date, subject only to the satisfactory performance of the Service Provider's obligations under this Agreement. Such payment shall be the Service Provider's sole right and remedy for such termination. 7. Contract Sum. The City shall pay the Service Provider for the performance of this Contract, subject to additions and deletions provided herein, as per the attached Exhibit "A", and incorporated herein by this reference. 8. Payments. a. The City agrees to pay and the Service Provider agrees to accept as full payment for all work done and all materials furnished and for all costs and expenses incurred in performance of the work the sums set forth in the Scope of Work. b. To the extent Service Provider is providing the City with deliverables that will be subject to acceptance procedures as specified in the Scope of Work, payment for such deliverables shall be made by the City only upon acceptance of the deliverables by the City. For the sake of clarity, the parties acknowledge and agree that the general, ongoing provision of Service Provider’s SaaS-based platform shall not be subject to acceptance. DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 7570 Home Efficiency Reporting Program Page 4 of 27 9. City Representative. The City's representative will be shown in the Scope of Work and shall make, within the scope of his or her authority, all necessary and proper decisions with reference to the work requested. All requests concerning this Agreement shall be directed to the City Representative. 10. Independent Contractor. It is agreed that in the performance of any services hereunder, the Service Provider is an independent contractor responsible to the City only as to the results to be obtained in the particular work assignment and to the extent that the work shall be done in accordance with the terms, plans and specifications furnished by the City. 11. Subcontractors. Service Provider may not subcontract any of the Work except to such subcontractors set forth in the Scope of Work or otherwise without prior written notice to the City. If any of the Work is subcontracted hereunder, the following provisions shall apply: (a) the subcontractor must be a reputable, qualified firm with an established record of successful performance in its respective trade performing identical or substantially similar work as reasonably determined by Service Provider, (b) the subcontractor will be required to comply with all applicable terms of this Agreement or substantially similar terms at least as protective of the City’s interests as those herein, and (c) the subcontract will not create any contractual relationship between any such subcontractor and the City, nor will it obligate the City to pay or see to the payment of any subcontractor and (d) the work of the subcontractor will be subject to inspection by the City to the same extent as the work of the Service Provider. Acknowledgement by City that subcontractors may be used by Service Provider does not release or absolve Service Provider from any liability for release of data, confidential information, or any failure to protect information under this Agreement by a subcontractor or affiliated party. All such acts and omissions shall be attributed to Service Provider without set off. DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 7570 Home Efficiency Reporting Program Page 5 of 27 12. Personal Services. It is understood that the City enters into the Agreement based on the special abilities of the Service Provider and that this Agreement shall be considered as an agreement for personal services. Accordingly, except for assignments made in connection with a merger, acquisition or similar transaction, the Service Provider shall neither assign any responsibilities nor delegate any duties arising under the Agreement without the prior written consent of the City. 13. Acceptance Not Waiver. The City's approval or acceptance of, or payment for any of the services shall not be construed to operate as a waiver of any rights under the Agreement or of any cause of action arising out of the performance of this Agreement. 14. Warranty. a. Service Provider warrants that all work performed hereunder shall be performed with the highest degree of competence and care in accordance with accepted standards for work of a similar nature. Service Provider warrants that the Services will conform in all material respects to the requirements set forth in the Statement of Work (Exhibit A) and Additional Software as a Service Terms (Exhibit D); provided, however, that Service Provider does not warrant that the SaaS-based platform will be error free or will operate without interruption. In the event of any breach of this Section 14.a, Service Provider shall re-perform the breaching Services at no charge to the City. If Service Provider is unable to re-perform the breaching Services as warranted within 30 days of receipt of notice of breach, the City shall be entitled to recover the fees paid to Service Provider for the breaching Services, subject to Section 5.3 of Exhibit D. b. Each party hereby represents and warrants that (i) it has the rights, power and authority necessary to enter into this Agreement; and (ii) this Agreement, when executed and delivered by the other party, will constitute a valid and binding obligation of such party and will be enforceable against such party in accordance with its terms. DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 7570 Home Efficiency Reporting Program Page 6 of 27 15. Default. Each and every term and condition hereof shall be deemed to be a material element of this Agreement. In the event either party should fail or refuse to perform according to the terms of this agreement, such party may be declared in default thereof. 16. Remedies. In the event a party has been declared in default, such defaulting party shall be allowed a period of thirty (30) days within which to cure said default. In the event the default remains uncorrected, the party declaring default may elect to (a) terminate the Agreement and seek damages; (b) treat the Agreement as continuing and require specific performance; or (c) avail himself of any other remedy at law or equity. If a party commences any legal or equitable actions arising from a default of the terms and conditions of this Agreement, the prevailing party in such action shall be entitled to compensation for its reasonable attorney fees and costs incurred. 17. Binding Effect. This writing, together with the exhibits hereto, constitutes the entire agreement between the parties and shall be binding upon said parties, their officers, employees, agents and assigns and shall inure to the benefit of the respective survivors, heirs, personal representative, successors and assigns of said parties. 18. Indemnity/Insurance. a. The Service Provider agrees to indemnify and save harmless the City, its officers, agents and employees against and from any and all actions, suits, claims, demands or liability of any character whatsoever, brought or asserted against the City (i) for injuries to or death of any person or persons, or damages to property arising out of, result from or occurring in connection with the performance of the Services hereunder, including those arising from attacks on City systems and customer identity theft achieved by means of Service Provider’s interface with City systems, (ii) for infringement by the Services of a third party’s patents issued as of the effective date of the Agreement, or (iii) a third party’s copyrights or trade secret rights under applicable laws of any relevant jurisdiction. DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 7570 Home Efficiency Reporting Program Page 7 of 27 b. The Service Provider shall take all necessary precautions in performing the work hereunder to prevent injury to persons and property. c. Without limiting any of the Service Provider's obligations hereunder, the Service Provider shall provide and maintain insurance coverage naming the City as an additional insured under this Agreement of the type and with the limits specified within Exhibit "B", consisting of one (1) page, attached hereto and incorporated herein by this reference. The Service Provider before commencing services hereunder, shall deliver to the City's Director of Purchasing and Risk Management, P. O. Box 580, Fort Collins, Colorado 80522 one copy of a certificate evidencing the insurance coverage required from an insurance company acceptable to the City. 19. Entire Agreement. This Agreement, along with all Exhibits and other documents incorporated herein, shall constitute the entire Agreement of the parties and shall supersede any prior written or oral agreement or understanding between the parties. Covenants or representations not contained in this Agreement shall not be binding on the parties. 20. Law/Severability. This Agreement shall be governed in all respect by the laws of the State of Colorado. In the event any provision of this Agreement shall be held invalid or unenforceable by any court of competent jurisdiction such holding shall not invalidate or render unenforceable any other provision of this Agreement. 21. Prohibition Against Employing Illegal Aliens. Pursuant to Section 8-17.5-101, C.R.S., et. seq., Service Provider represents and agrees that: a. As of the date of this Agreement: 1. Service Provider does not knowingly employ or contract with an illegal alien who will perform work under this Agreement; and 2. Service Provider will participate in either the e-Verify program created in Public Law 208, 104th Congress, as amended, and expanded in Public Law 156, 108th Congress, as amended, administered by the United States Department of Homeland Security (the “e- DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 7570 Home Efficiency Reporting Program Page 8 of 27 Verify Program”) or the Department Program (the “Department Program”), an employment verification program established pursuant to Section 8-17.5-102(5)(c) C.R.S. in order to confirm the employment eligibility of all newly hired employees to perform work under this Agreement. b. Service Provider shall not knowingly employ or contract with an illegal alien to perform work under this Agreement or knowingly enter into a contract with a subcontractor that knowingly employs or contracts with an illegal alien to perform work under this Agreement. c. Service Provider is prohibited from using the e-Verify Program or Department Program procedures to undertake pre-employment screening of job applicants while this Agreement is being performed. d. If Service Provider obtains actual knowledge that a subcontractor performing work under this Agreement knowingly employs or contracts with an illegal alien, Service Provider shall: 1. Notify such subcontractor and the City within three days that Service Provider has actual knowledge that the subcontractor is employing or contracting with an illegal alien; and 2. Terminate the subcontract with the subcontractor if within three days of receiving the notice required pursuant to this section the subcontractor does not cease employing or contracting with the illegal alien; except that Service Provider shall not terminate the contract with the subcontractor if during such three days the subcontractor provides information to establish that the subcontractor has not knowingly employed or contracted with an illegal alien. e. Service Provider shall comply with any reasonable request by the Colorado Department of Labor and Employment (the “Department”) made in the course of an investigation that the Department undertakes or is undertaking pursuant to the authority established in Subsection 8-17.5-102 (5), C.R.S. f. If Service Provider violates any provision of this Agreement pertaining to the duties imposed by Subsection 8-17.5-102, C.R.S. the City may terminate this Agreement. If this Agreement is DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 7570 Home Efficiency Reporting Program Page 9 of 27 so terminated, Service Provider shall be liable for actual and consequential damages to the City arising out of Service Provider’s violation of Subsection 8-17.5-102, C.R.S. g. The City will notify the Office of the Secretary of State if Service Provider violates this provision of this Agreement and the City terminates the Agreement for such breach. 22. Special Provisions. Special provisions or conditions relating to the services to be performed pursuant to this Agreement are set forth in Exhibit C - Confidentiality consisting of one (1) page, attached hereto and incorporated herein by this reference; Exhibit D – Additional Software as a Service Terms consisting of three (3) pages, attached hereto and incorporated herein by this reference; and Exhibit E – Data Protection and Data Security consisting of three (3) pages, attached hereto and incorporated herein by this reference. DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 DocuSign Envelope ID: 9EF85C9C-C04C-47 4A-ACF6-228223A48A48 ATTEST: City Clerk APPROVED AS TO FORM: Assistant City Attorney CITY OF FORT COLLINS, COLORADO a municipal corporation By : ~------------ on behalf of Gerry Paul Acting Director of Purchasing and Risk Management r{)~OWER, INC., Ii ~'?By: ______S __r~ _____ _ Tua V\A ctS' J::;cc,fr1 ec Print Name Title CRJ Gori:ioi:.te President or Vice President- Date: 5/ J3 I / /t 7570 Home Efficiency Reporting Program Page 10 of 27 DocuSign Envelope ID: 39864FE7-0D8E-4D21-B952-DB99DF3C5129 5/16/2014 Director of Purchasing & Risk Management Gerry Paul 1 EXHIBIT A Statement of Work Attachment A This Statement of Work (“Statement of Work”), which incorporates Attachment A-4, subcontractor Watersmart statement of work, is issued under the Services Agreement, , between Opower and Utility (the “Agreement”) and is effective as of the date of the Agreement. Capitalized terms have the meanings given in the Agreement. OVERVIEW: Opower will provide (i) its Software-as-a-Service platform and (ii) professional services pursuant to this Statement of Work, including the services to be provided by Opower’s subcontractor, WaterSmart. These services are described in detail in the following attachments. The term “Program” means the services to be provided by Opower under this Statement of Work to Utility’s customers, including any services or work provided by any subcontractor to Opower (for the sake of clarity, the term “Program” as it relates to the portion of the services provided by Watersmart shall solely be as described in Attachment A-4). • Attachment A-1: Product Order Form • Attachment A-2: Professional Services Order Form • Attachment A-3: Fees and pricing • Attachment A-4: WaterSmart SOW Services described on Attachment A-1 are Opower’s standardized Software-as-a-Service offerings. Any variations from these services are customizations and will be described in Attachment A-2 as a Professional Service. PROGRAM TIME FRAME: • The initial period contract period shall be fifteen (15) months in duration to allow for a three (3) month implementation period of Opower and Watersmart products and twelve (12) months for the actual Program. • If the agreement is extended annually, years two (2), three (3), and four (4) are twelve (12) months in length. • The final term of the Agreement shall be a program year of twelve (12) months plus an additional 2 months during which period services will end, however, Service Provider will provide final reporting for additional reporting on the program year. SUBCONTRACTORS: For the purposes of this Statement of Work, the following entities are deemed to be approved subcontractors pursuant to Section 11 of the Agreement: • Water Efficiency Program! o Watersmart Software! ! • Scalable Data Storage Architecture! o Equinix (equinox.com)! o Softlayer (softlayer.com)! o Amazon Web Services (aws.amazon.com)! ! • API Management Solutions.! o Amazon (aws.amazon.com)! DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 2 o Mashery (mashery.com)! o Apigee (apigee.com)! ! • Outbound Customer Communications! o Print and Mail: RR Donnelley (rrdonnelley.com) and DataMail (data-mail.com)! o Email: ExactTarget (exacttarget.com) and SmartSource (smartsource.com) DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 3 Statement of Work – Attachment A-1 PRODUCT ORDER FORM Opower provides a proprietary Software-as-a-Service (“SaaS”) platform. This Attachment A-1 identifies the SaaS services being purchased by Utility. Professional Services are described in Attachment A-2. Features of Opower’s SaaS platform include: • Ready-made content: Opower’s services and platform are ready-made and built upon standard templates enabling efficient Program implementation. Any customizations will be documented in the Professional Services Statement of Work on Attachment A-2 and may require additional fees. • Ongoing Enhancement: Opower continually seeks to improve its platform and services by leveraging its insight and experience working with its utility partners. Accordingly, the services described in this Attachment A-1 may be modified and improved during the term of this Statement of Work; however Opower shall not materially reduce or limit the scope or functionality of these services during the term. 1. GENERAL RELEASE SERVICES Opower shall provide the following services to Utility. Descriptions of these services can be found at the following link, which may be updated from time to time: support.opower.com. Opower may update the descriptions of the relevant Services during the term to reflect modifications or improvements as provided above but shall not reflect any reduction or limitation in the scope of functionality of such services. PROGRAM YEAR 1* Home Energy Reports (PRINT) Up to 50,000 Designated Customers Average of 6 reports per customer Home Energy Reports (EMAIL) Up to 50,000 Designated Customers Average of 12 reports per customer Customer Service Application Sign On Configuration: (Stand-alone) Designated utility customer service representatives *Note: The actual number of Designated Customers may be affected by attrition, opt-outs, customer eligibility and data (including email) availability. Otherwise, the number of Designated Customers may be modified only pursuant to a change order signed by Utility and Opower. Note: For optional program years 2 – 5, Designated Customers will receive substantially the same service as in Program Year 1. DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 4 Statement of Work – Attachment A-2 PROFESSIONAL SERVICES ABOUT OPOWER’S PROFESSIONAL SERVICES In addition to Opower’s SaaS offering described in Attachment A-1, the Program includes certain Professional Services that are specific to Utility. This Professional Services Statement of Work includes the following elements: 1. Additional service offerings and/or customizations being purchased by Utility 2. Program Implementation 3. Program Management 4. Program results and reporting; Measurement and verification 1. ADDITIONAL SERVICE OFFERINGS: In addition to the delivery of the core Opower SaaS platform, Opower will perform the following additional Professional Services for Utility: PROFESSIONAL SERVICE / CUSTOMIZATION DESCRIPTION Welcome Insert Enclosed with first Printed Home Energy Report sent to new Designated Customers Promotional Module Up to 2 promotional modules per year Rolling Enrollment Opower will dynamically enroll new customers as they become eligible for the Opower Home Energy Reporting Program. URL Update Opower will update URL on applicable areas of the Home Energy Report Details of each Additional Service Offering are set forth in this Section 1, below: A. Welcome Insert for all new Designated Customers Opower will design and Utility will approve any requested changes to the welcome insert used in previous Opower programs with Utility, such approval not to be unreasonably withheld or delayed. All new Designated Customers who have not previously received communications from the Opower Home Energy Reporting program will receive a Welcome Insert. Welcome insert will be sent with Designated Customers’ initial home energy report. B. Promotional Modules on Printed Home Energy Reports Opower will include a Utility promotional module for Utility on up to 2 printed Home Energy Reports per year. Promotional modules can be used for marketing of energy efficiency, demand response, new rate plans and other DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 5 Utility programs. Opower will work with Utility to determine module content and Opower will design the module, which will be subject to Utility approval. The promotional content will appear in one of the “swappable” modules on the printed Home Energy Report template. Only one promotion per Home Energy Report can be run at any one time. C. Rolling Enrollment In addition to the standard Opower data transfer process currently used by Utility and Opower, Opower will dynamically enroll new customers as they become eligible for the Opower Home Energy Reporting Program. D. URL Update Opower will update the URL currently used on Opower Home Energy Reports (www.fcgov.com/energyreports) with a new URL in applicable areas of the Home Energy Report template. Utility will provide the new URL, and Opower will update URL upon notification from Utility. 2. PROGRAM IMPLEMENTATION: This section describes the key tasks required to implement the Program. A. Data Transfer Opower’s services require that certain Utility data be transferred to Opower on a regular basis. Except for the additional work required for Rolling Enrollment, Opower and Utility anticipate that data will be transferred to Opower in a manner substantially similar to the way it has been transferred under prior agreements. Opower will evaluate Utility data at the start of the program for quality assurance purposes and will identify any issues for Utility to address in the data feed. Opower’s data transfer standards are set forth in the Opower Platform Data Transfer Standards, which can be found at: support.opower.com. A summary of Opower’s data transfer requirements is below: • Data Extracts: Opower requires the following data extracts: o Ongoing iterative billing (billed usage) data extracts for all customers (including test, control and neighbor groups): This data will be provided in a single data file per instance that contains all customer account and energy usage data. The expected data transfer will include data updates, which will seamlessly join to the historical data extracts. These data extracts will be supplied during the Program implementation phase and on a weekly basis (except AMI data, if applicable, which shall be provided daily) throughout the term of the Program. o AMR/AMI Data: If the implementation includes AMI functionality (as indicated in the cover page of this SOW), AMR/AMI data shall be included in the data extracts described above. • Illustrative Data Fields: Examples of billing data fields that Utility shall provide via data extracts include the following: DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 6 o Customer, account, unique premise identifiers, mailing address, e-mail address (if available), telephone number (if available), service address, electricity or natural gas (as applicable) billed usage and usage cost data, active and inactive dates, read cycle o If applicable; AMR/AMI interval data, customer rate plans and rate plan effective dates, rate plan definitions, EE and demand response program participation (if available) o Please see the Opower Platform Data Transfer Standards for a complete list of all fields • Other Data: Opower further requires that Utility provide the following: o Notification of new and terminating customers. Identify new, active and inactive customers within the iterative data extract. • Optional Data o Customer selection inputs. Participation data for programs similar to the Program, including other energy efficiency programs, within the iterative data extract. o Support Notes and Ticketing Metrics. Extract and transfer to Opower Utility’s customer service support notes and ticketing metrics from the appropriate Utility call center system monthly. o Existing marketing initiatives: Descriptions of energy efficiency and other relevant marketing campaigns (used to market Utility rebates, programs and recommendations, if available). • Executing the Data Transfers: o Secure file transfer protocol. Opower will host a secure file transfer protocol (SFTP) server to which Utility will post all required data files. o Ongoing data file transfers. Utility will establish an automated process for transferring iterative files on a weekly basis, AMI data file updates (if applicable) on a daily basis, and price updates for rate plans as appropriate. Except to the extent that specific exceptions have been identified in Attachment A-2, Utility acknowledges that it has received, and can meet, the data transfer standards set forth in the Opower Platform Data Transfer Standards. Any additional work required to meet Utility’s exceptions to the Opower Data Transfer Standards may require additional fees. B. Program branding The appearance of Program content is determined by Opower’s Template Content. Opower will use the same branding inputs as previously provided by Utility to Opower as part of the Services previously provided under the Services Agreement between the parties dated June 15, 2009. • Utility Branding. Opower will brand Program content with the Utility’s logo and color palette in the designated Template Content configuration areas allowable by Opower’s SaaS platform.  Review. Utility will review and approve all branding elements and Utility related information displayed in Template Content, such as the Home Energy Report template and the email Home Energy Report template, during Program implementation Utility will provide Opower: DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 7 • Branding inputs. The elements within the Opower Marketing Checklist (e.g., branding and marketing style guidelines and related marketing elements, such as logos, taglines, websites). C. Program messaging Opower will provide the following services to select and target energy-savings advice provided to Utility customers. • A selection of geographically-appropriate tips, from Opower’s library of energy efficiency tips • Opower will work with Utility to include custom Utility program promotion information in a sub-set of tips • Tips will be targeted to Designated Customers using Opower’s targeting methodology that selects tips personalized to customers based on their household and usage information  Review: Utility may review Opower’s energy efficiency tip library and de-select any non-relevant tips during the implementation phase. Utility shall review and approve the sub-set of tips with custom Utility program promotion information prior to Program launch. Thereafter, Utility may update program promotion information in the sub-set of tips on an annual basis. D. Opower Implementation Schedule Opower anticipates that Rolling Enrollment will take 12 weeks to deploy. The total time required to deploy the Rolling Enrollment will depend on whether additional time is required for Utility to complete additional tasks and whether more than one approval party is required. Opower will work closely with Utility to establish firm dates to replace approximations by the time of the expansion kickoff. Assumptions In addition to any assumptions noted above, the program expansion activities and schedule assume: Week$1 Week$2 Week$3 Week$4 Week$5 Week$6 Week$7 Week$8 Week$9 Week$10 Week$11 Week$12 1.1 Conduct$Kick9Off$Meeting Opower,$Utility 1.2 Utility$Commits$to$Project$Dates$and$Allocates$Resources Utility 1.3 Confirm Receipt of Utility Client Data Files and Reference Data Files Opower 1.4 Provide sample customer classification flat file Utility 1.5 Analyze sample customer classification flat file, Resolve Issues, and Accept Data Opower,$Utility 1.6 Utility provides final customer classification flat file Utility 1.7 Confirm$Reference$Data$(Demographic,$Weather,$etc.) Opower 2.1 Review Report Template Opower,$Utility 2.2 Welcome$insert$and/or$module Opower,$Utility 2.3 Review FAQs Opower,$Utility 2.4 Review Tip Content Opower,$Utility 3.1 Define$Program$Scope$and$Customer$Recipients Opower,$Utility 3.2 Enable$continuous$eligibility Opower 3.3 Enable$rolling$enrollment Opower 4.1 CSR$Training Opower 4.2 Generate,$Print,$and$Mail$Reports$to$Customers Opower 4.3 Reports$Hit$Customer$Mailboxes Opower Phase&3:&Load/Integrate&Data&and&Configure&Application Phase&4:&Go&Live! Project&Start&Date:&Program&Kickoff Program&Expansion&Assumptions: 9$No$new$Client$or$Reference$(3rd$party)$data$is$required.$$ 9$Opower$is$currently$receiving$Client's$comprehensive,$automated,$iterative$data$files 9$Client$delivers$all$materials$according$to$OPOWER$specifications,$within$timelines$indicated$below Phase&1:&KickGOff&Program Phase&2:&Approve&Marketing&Materials&&&Content DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 8 • New Designated Customers’ initial Home Energy Report will include an accompanying Welcome Insert • As of the program expansion kickoff, Utility will assign technologically-qualified professionals with knowledge of Utility’s billing and other related systems to conduct the work required in support of the Program. E. WaterSmart Implementation Working with its subcontractor, WaterSmart Software, Inc. (“WaterSmart”), Opower will provide water reporting services in the form of the WaterSmart Platform for up to 10,000 residential customers in Program Year 1, up to 15,000 residential customers in Program Year 2, and up to 20,000 residential customers in Program Years 3 through 5. Details regarding such services are set out in Attachment “A-4”. Utility acknowledges and agrees that the WaterSmart Program and the Opower Home Energy Reporting Program are separate and distinct (including but not limited to: paper reports) and do not link in any meaningful way. Accordingly, the platforms are not integrated into one another, and there is no assurance each of the platforms’ user experience, log-in and access protocols, deployment and support methodologies, or similar matters will be similar or integrated. In addition, Opower will lead co-ordination with WaterSmart so that the timing of the communications sent for each Program will be sent to customers in alternating months. The parties acknowledge that this cadence of report mailings may be adjusted or modified during the term of service due to factors beyond each party’s control. 3. Program Management A. Program Management Teams Opower and Utility will each designate and provide contact information for members for their respective Program management teams. The roles shall be roughly as follows: • Opower Program Management Team. o Engagement Lead. Primary point of contact, overall Program responsibility, general communication, marketing decisions, Program scope, customer service training, Program performance and optimization, and strategic planning. o Technical Project Manager. Primary point of contact for Program launch work streams, project scheduling, resource management, technical dependency management, engineering coordination and test coordination. • Utility Program Management Team. o Program Lead. Primary point of contact, overall program responsibility, general communication, pilot/control selection, measurement and verification. Utility’s Program lead will be authorized on behalf of Utility to provide preliminary approval, and support execution of all documents and take all actions relating to the Program o Project Manager. Project scheduling, resource management, dependency tracking. o Technical Lead. Data extracts, data analysis, system configuration & set-up. o Marketing Lead. Consumer content, presentation, branding, segmentation, collateral approvals o Customer Service Lead. Customer service preparation, training coordination, customer feedback. DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 9 B. Program responsibilities • Opower Program Responsibilities. Opower will: o During Program implementation:  Oversee the Program implementation  Make Utility aware of critical dependencies that could impact a timely Program launch  Set a standing regular status call and separate marketing and data calls as required  Provide a weekly progress report including risks and key decisions o After Program Launch, the Opower Engagement Manager will manage the Program, deliver Program results reports, drive ongoing optimization efforts, and closely monitor key milestones. • Utility Program Responsibilities. Utility will: o Provide names and contact information for Program Management Team members o Attend regular status calls, as appropriate o Make available the appropriate resources, experts and decision-makers for acquiring, transferring and utilizing data necessary for the delivery of Opower’s services C. Client Support Opower will continue to provide the following to Utility’s customer service representatives (CSRs), including: • Continue to make the Customer Service Application available to Utility’s CSR team • Conduct one web based training session. Opower will work with Utility to enable its CSRs to answer questions on Opower's Home Energy Report program or any other Opower related products and services. • Monitor the implementation and communicate with Utility Program Management Team members to advise them of Program status and solicit input as required Utility Customer Service Representatives will: • Respond to customer inquiries with Utility’s Program Lead as the escalation point for customer service questions (or other relevant escalation processes for resolution internal to Utility). • Access to Client Support Operations. Utility may reach Client Support Operations via: o Support Portal: http://support.opower.com o Email: support@opower.com • Client Support Portal. The Client Support Portal provides Utility access to resources, information, and problem-solving solutions related to the Program. Functionality includes: o Submit and view cases o Track communication and follow-up o Follow email conversations between the case owner and support engineers o Access knowledge-base articles and read Opower Support-related news DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 10 4. PROGRAM RESULTS & EVALUATION A. Program Reporting Reporting will include: • Each Year, Program information delivered via email or the internet containing: o Subscription metrics, including:  Energy savings (percent and absolute) for the program year. The first results will not be available until after 3 full months of Home Energy Report generation has occurred. • Each Quarter, Program information delivered via email or the internet containing: o Subscription metrics, including:  Number of Designated Customers in the program  Number of opt-outs B. Additional reporting requests Any Utility ad-hoc reporting requests will be assessed on a case-by-case basis between Opower and Utility. Additional or ad-hoc reporting may require additional fees and are contingent on execution of an amendment or change order by Opower and Utility. C. Evaluation, Measurement & Verification (“EM&V”) Opower will evaluate energy savings through the use of industry-standard statistical analysis. Utility does not have a test and control group so Opower will use a modeled savings approach to estimate energy savings. The methodology to calculate energy savings is based on: • Measuring savings using treatment and control data from similar Opower-run Utility programs in the same geographic area as Utility • Controlling for variables such as program size, number of reports per household, monthly usage and other Utility specific variables • Calculating Utility’s savings based on the regression of the Utility specific variables and the measured savings from the comparable programs mentioned above This approach is consistent with best practices for measuring behavioral efficiency programs supported by (1) the U.S. Department of Energy, (2) the National Action Plan for Energy Efficiency guidelines, (3) the California Evaluators Manual, and (4) The Brattle Group’s Principles of Behavior-Based Energy Efficiency. (1) “Evaluation, Measurement, and Verification (EM&V) of Residential Behavior-Based Energy Efficiency Programs: Issues and Recommendations,” May 2012, The State and Local Energy Efficiency Action Network, available here: http://www1.eere.energy.gov/seeaction/pdfs/emv_behaviorbased_eeprograms.pdf DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 11 (2) National Action Plan for Energy Efficiency. “Model Energy Efficiency Program Impact Evaluation Guide.” November 2007. Available online at: http://www1.eere.energy.gov/office_eere/pdfs/napee_evaluation_guide.pdf (3) California Public Utilities Commission. “California Energy Efficiency Evaluation Protocols: Technical, Methodological, and Reporting Requirements for Evaluation Professionals.” April 2006. Available Online at: http://www.calmac.org/events/EvaluatorsProtocols_Final_AdoptedviaRuling_06-19-2006.pdf (4) Sergici, Sanem and Ahmad Faruqui. “Measurement and Verification Principles for Behavior-Base efficiency Programs.” May 2011. Available online at: http://opower.com/uploads/library/file/10/brattle_mv_principles.pdf • Support of Independent Evaluation: Opower and Utility will work together to support an accurate and timely independent evaluation. o Pre-kickoff: Opower will work with Utility to determine independent EM&V needs and share best practice documents, including a list of recommended EM&V vendors and recommended approaches for both the impact and the process evaluation. o Program kick-off: Opower and Utility will discuss and determine a preferred EM&V plan. o Post kick-off: Opower and Utility will meet with an evaluator to achieve a common understanding of EM&V for behavioral programs, answer technical questions, convey program specifics, develop an evaluation plan, and agree on data requirements, timing, and measurement plans. (If Utility prefers the evaluator to perform third party randomization, Opower will provide a CSV file containing account numbers for customers targeted for Opower's program prior to launch. Opower will also provide desired sizes for treatment and control groups. The evaluator will then return to Opower the initial CSV file with a new column identifying customer treatment/control status). o Data transfer: Opower will provide a CSV file containing customer account numbers and their Opower treatment/control status to Utility and the evaluator. o Review draft evaluation: Utility will share the draft evaluation with Opower. Opower will inform Utility and the evaluator of any flaws or errors identified in the report before the evaluation is completed. DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 OPOWER PROPRIETARY AND CONFIDENTIAL 12 Statement of Work – Attachment A-3 Payment Table Opower will invoice Utility $413,500 upon execution of this Order Form and Utility shall pay such amount in accordance with the Agreement. Thereafter, Opower will invoice Utility for each payment set forth in the table below up to 30 days prior to each Payment Due Date set forth in the table below. Utility will pay each such invoice prior to the applicable payment due date and in accordance with the Agreement. Program Years 2 through 5 are designated as optional. Utility will notify Opower in writing at least 60 days before the end of a program year if it wishes to renew the program. Program Year 1 Contract Signature Launch Launch + 3 mos Launch + 6 mos Launch + 9 mos Data Analytics 316,000 - - - - Print & Mail - 48,750 48,750 48,750 48,750 Setup & Configuration 83,000 - - - - Year 1 Total 399,000 48,750 48,750 48,750 48,750 - - - - - - Program Year 2 Launch + 12 mos Launch + 15 mos Launch + 18 mos Launch + 21 mos Data Analytics - 316,000 - - - Print & Mail - 48,750 48,750 48,750 48,750 Year 2 Total - 364,750 48,750 48,750 48,750 - - - - - - Program Year 3 Launch + 24 mos Launch + 27 mos Launch + 30 mos Launch + 33 mos Data Analytics - 316,000 - - - Print & Mail - 48,750 48,750 48,750 48,750 Year 3 Total - 364,750 48,750 48,750 48,750 - - - - - - Program Year 4 Launch + 36 mos Launch + 39 mos Launch + 42 mos Launch + 45 mos Data Analytics - 316,000 - - - Print & Mail - 48,750 48,750 48,750 48,750 Year 4 Total - 364,750 48,750 48,750 48,750 - - - - - - Program Year 5 Launch + 48 mos Launch + 51 mos Launch + 54 mos Launch + 57 mos Data Analytics - 316,000 - - - Print & Mail - 48,750 48,750 48,750 48,750 Year 5 Total - 364,750 48,750 48,750 48,750 Year 1 Total 316,000 195,000 83,000 594,000 - Year 2 Total 316,000 195,000 511,000 - Year 3 Total 316,000 195,000 511,000 - Year 4 Total 316,000 195,000 511,000 - Year 5 Total 316,000 195,000 511,000 DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 OPOWER PROPRIETARY AND CONFIDENTIAL 13 Payment notes: Print Management, Printing & Mailing: Fee calculation for Print Management, Printing & Mailing is based upon one-page double-sided 8.5” by 11” Home Energy Reports delivered at applicable postage prices (currently calculated at $0.30 per report). To the extent mailing costs associated with the Program increase as a result of postage rate increases, classification decisions or other actions of the United States Postal Service, Opower may increase the print and mail fees above by a percentage equal to (but not greater than) the percentage of such mailing cost increases. Additional services may be subject to additional Fees as quoted by Opower. All Fees are non-refundable except as expressly provided herein. WATERSMART Note:-All-prices-are-in-USD Program Year 1 Contract Signature Launch Launch + 3 mos Launch + 6 mos Launch + 9 mos Year 1 Total Data Analytics 4,500 4,500 5,750 5,750 20,500 Print & Mail 36,000 15,500 19,925 19,925 91,350 Setup & Configuration 14,500 14,500 Deferred Setup 2,500 2,500 5,000 Deferred Data Analytics 1,250 1,250 2,500 Deferred Print&Mail 6,725 6,725 13,450 Year 1 Total 14,500 40,500 20,000 36,150 36,150 147,300 Program Year 2 Launch + 12 mos Launch + 15 mos Launch + 18 mos Launch + 21 mos Year 2 Total Data Analytics 5,750 5,750 5,750 5,750 23,000 Print & Mail 41,163 28,613 28,613 28,613 127,000 Year 2 Total - 46,913 34,363 34,363 34,363 150,000 Program Year 3 Launch + 24 mos Launch + 27 mos Launch + 30 mos Launch + 33 mos Year 3 Total Data Analytics 5,750 5,750 5,750 5,750 23,000 Print & Mail 46,825 34,275 34,275 34,275 149,650 Year 3 Total - 52,575 40,025 40,025 40,025 172,650 Program Year 4 Launch + 36 mos Launch + 39 mos Launch + 42 mos Launch + 45 mos Year 4 Total Data Analytics 5,750 5,750 5,750 5,750 23,000 Print & Mail 32,819 32,819 32,819 32,819 131,275 Year 4 Total - 38,569 38,569 38,569 38,569 154,275 Program Year 5 Launch + 48 mos Launch + 51 mos Launch + 54 mos Launch + 57 mos Year 5 Total Data Analytics 5,750 5,750 5,750 5,750 23,000 Print & Mail 32,819 32,819 32,819 32,819 131,275 Year 5 Total - 38,569 38,569 38,569 38,569 154,275 DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 OPOWER PROPRIETARY AND CONFIDENTIAL 14 SOW Attachment A-4 WaterSmart SOW PROFESSIONAL SERVICES TO IMPLEMENT A CUSTOMER ENGAGEMENT PLATFORM TO INCREASE WATER USE EFFICIENCY Executive Summary WaterSmart Software’s (“WaterSmart”) mission is to help water utilities make it easier for their residential customers to conserve water. Water efficiency is an important priority for the City of Fort Collins (the “Utility”). Utility wants WaterSmart to provide certain services in support of an outreach program intended to facilitate communication with residents (the “Customers”) regarding their water use and water efficiency, improve Utility’s understanding of water use by their residential customers, and reduce annual water usage (the “Program”). In support of the Program, WaterSmart will employ water use reports (the “Home Water Report” or “Report”) and Web-based applications. WaterSmart will launch Web-based applications that Utility staff can access at their convenience, referred to as the “Water Efficiency Dashboard” Web application. The aforementioned Reports and Web-based services may present customer-specific water use data and comparisons and customized water saving recommendations. WaterSmart will send print Home Water Reports to up to 10,000 enrolled accounts in Program Year 1, up to 15,000 enrolled accounts in Program Year 2, and up to 20,000 enrolled accounts in Program Years 3 through 5. Each account will receive up to six (6) Home Water Reports per year. This SOW is for one (1) Program Year. In addition, at the option of the City, the Agreement may be extended for additional one year periods not to exceed four (4) additional one year periods. The scope of renewals and pricing changes shall be negotiated by and agreed to by both parties. The Program’s goals are to reduce annual water usage and increase customer engagement. Prior to the Program, WaterSmart and Utility will work together to establish quantifiable goals to evaluate the Program’s effectiveness. WaterSmart Subcontractors: For the purposes of this Statement of Work, the following entities are deemed to be approved subcontractors pursuant to Section 11 of the Agreement: • PRINT AND MAIL SERVICES o Infosend, Inc. (infosend.com) o Data-Mail, Inc. (data-mail.com) • Data Storage o Rackspace (rackspace.com) 1. Scope of Work DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 OPOWER PROPRIETARY AND CONFIDENTIAL 15 Utility will designate a single point of contact to oversee the completion of the tasks assigned to Utility and approve all materials. Utility’s contact will work with the assigned Opower and WaterSmart project managers to ensure the successful implementation of this program. 1.1 — Participant Selection WaterSmart will randomly select an initial set of up to 10,000 participants, the experimental group, to be enrolled in the Program. These 10,000 participants will not include any initial accounts marked for exclusions listed in 1.2. The initial participants will receive Home Water Report(s). Additionally, WaterSmart will select a randomized control group of at least 5,000 homes. This group will not receive any communications from WaterSmart, including Home Water Reports. The 5,000 account control group will be used to as a control and compared to the 10,000 participant experimental group to measure the result of the program throughout the three years of the program covered in this scope. Though additional homes will be added to the program in years 2 and 3, they will not be used to measure the results of the experimental approach. While the program results for all participants will be available, the experimental group and control group used throughout will remain the same as that selected in Year 1 of the program. WaterSmart will follow a substantially similar random selection process for the additional customers enrolled in Program Year 2 to select an additional 5,000 participants from among those accounts that were not placed in either the control or experimental group in year 1. The control group from Year 1 will continue to serve as a control and be compared to the experimental group from Year 1, which will continue to receive WaterSmart communications. An additional 5,000 homes will be added in Year 3 from among those not currently enrolled in the program or in the initial control group. The control group from Year 1 will continue to serve as a control and be compared to the experimental group from Year 1, which will continue to receive WaterSmart communications. WaterSmart will be able to scientifically measure the impact of the program for 3 years based on usage data for the experimental group and the control group from Year 1. WaterSmart will not be able to scientifically measure results for the additional recipients added in Year 2 and Year 3, but will be able to provide reasonable estimates of savings impact for these groups. 1.2 — Participant Exclusions WaterSmart recommends excluding certain households from the initial set of accounts to receive Home Water Reports, and will work with Utility to define parameters, starting with the following criteria: o Zero Reads — residences with more than one meter read of 0 gallons over the last 2 years o Suspect Data — accounts that have at least one data point over the last 2 years that is considered to be so inaccurate or abnormal as to preclude its inclusion in the study. o Incomplete or No Data — residences that have incomplete or no meter read records over the last 2 years o Inactive Accounts — accounts with no active water service connection o Customers who have recently (one to two years) opted out of OPower reports within the last year of service. WaterSmart will work with Utility to further define exclusions once data has been transferred and exclusion rates from specific criteria can be estimated. 1.3 — Cohort Group Methodology DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 OPOWER PROPRIETARY AND CONFIDENTIAL 16 Based on prior experience implementing similar programs, WaterSmart proposes dividing households into sets of comparable residences based on one or more of the following variables: o Number of occupants per home (based on user-generated information) o Irrigable area (i.e. small, medium, large) to be determined based on home size and lot size information contained in real estate data obtained by WaterSmart, or optionally at no additional cost, provided by Utility if it already possesses such information o Residence type (i.e. condos, single family homes, etc.) o Age of home? In the absence of customer-supplied occupancy data, WaterSmart recommends using the number of bedrooms (based on real estate or census Data) per residence as a proxy for number of occupants. 2. Program Implementation 2.1 — Print Home Water Reports WaterSmart will produce and print customized Home Water Reports to separately mail to each Customer. Initially, WaterSmart will send print Reports to up to 10,000 single-family accounts for a total of up to six (6) Reports per household per year. In subsequent years, Watersmart will send print reports to up to 15,000 enrolled accounts in Program Year 2, and up to 20,000 enrolled accounts in Program Years 3 through 5. 2.2 Survey WaterSmart will prepare and mail a copy of a paper survey to all first-time Home Water Report recipients upon the start of the program. The Survey has been prepared with input and guidance from Maddaus Water Management and UC Berkeley Professor Michael Hanemann. The survey may have approximately 30 questions related to occupancy, fixtures, appliances, demographics, water-related attitudes and behaviors. The generic Survey will be updated with Utility’s specific information, such as service area and mailing address. If it wishes, Utility may add/replace two additional questions to the Survey, in coordination with WaterSmart. The results of the Survey are used to establish baseline attitudes and customer satisfaction, occupancy rates, saturation rates of fixtures and appliances, and customer willingness to implement various water use efficiency behaviors and upgrades, and to gather email addresses. The Surveys help WaterSmart and Utility improve the targeting of water-saving actions at the household level and in aggregate. WaterSmart will share all results of the Surveys with Utility. WaterSmart will provide a report to Utility with an analysis of aggregate survey responses. WaterSmart also can provide access to the complete set of Survey responses, so that Utility may view all entries, including residents’ responses to open- ended questions, to which Utility may wish to respond. Paper survey responses are typically collected for one month. WaterSmart then takes an additional two to three weeks to process and digitize results. WaterSmart will provide a Powerpoint presentation of results, a Word document with all of written comments so that Utility can respond if it wishes, and an Excel spreadsheet (or other format, if preferred) of the raw data. Individual survey responses are also logged in the Utility Dashboard. DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 OPOWER PROPRIETARY AND CONFIDENTIAL 17 2.3 Welcome Letter WaterSmart will draft and send, in conjunction with the Survey, a one-page welcome letter to be printed on Utility’s letterhead and sent to all first-time Home Water Report recipients upon the start of the program. WaterSmart will provide one or more samples, which Utility may edit or approve as-is. The finalization of this content will be completed at the start of the Program within the same times and timeframes as the customization of other program content. Utility may also provide a postcard mailer to recipients in advance of the first home water report which will describe the program. 2.4 — Customer Service Support Utility shall have the primary responsibility for providing customer service to its Customers and opting out customers from receiving Home Water Reports as requested by customers. WaterSmart will provide a list of Frequently Asked Questions to Utility staff to facilitate this process. WaterSmart also provides the Customer Support section within the Water Efficiency Dashboard, which is designed to help customer service representatives respond to Customers. WaterSmart will provide service and support to Utility’s staff regarding their technical questions about WaterSmart’s Water Efficiency Dashboard Web application and Home Water Reports between the hours of 8 a.m. and 5 p.m. PST on Monday thru Friday, excluding federal holidays. For clarity, this does not include questions related to hardware, software, third party services, or other technical questions beyond the specific scope of the Water Efficiency Dashboard or Home Water Reports. WaterSmart’s project manager will work with Utility’s primary contact to assist in addressing additional customer issues. All inquiries from Utility customers outside the scope indicated above, including without limitation questions about water data, will be directed to Utility. 2.5 — Marketing and Advertising Utility agrees to allow WaterSmart to use Utility’s name in promotional materials including, but not limited to, a name and logo listing on the corporate website of WaterSmart and in press releases and in conversations with the public, investors, partners and media, subject to Utility’s prior approval of all materials on which its name and/or logo may appear. Utility shall have the right to request its name and logo be removed from any material at any time. 3. Format and Design of Web-Based Applications and Reports 3.1 — Design All of the customer-facing materials that WaterSmart develops for Utility, including the print Home Water Reports, are based on existing WaterSmart product templates. These materials will be white- labeled with Utility’s name and logo. Content and design of all materials are subject to change over time, as WaterSmart incorporates new features. All significant changes will be reviewed with Utility prior to release. The utility-facing Water Efficiency Dashboard features WaterSmart branding. Dashboard pages may include a credit to WaterSmart (including the WaterSmart logo), a link to the WaterSmart Web site, and a link to WaterSmart’s privacy policy and terms and conditions. 3.2 — Customization of Home Water Reports & Web Applications DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 OPOWER PROPRIETARY AND CONFIDENTIAL 18 WaterSmart provides a customizable SaaS (Software-as-a-Service) solution. The product set is fully functional and ready to launch as soon as Utility provides the Consumption and Residence data files specified in Section 5.1 below, as well as a high-resolution file of Utility’s logo. Product can be launched after WaterSmart completes its standard quality assurance setup procedures. Product content may be customized to the extent permissible by the SaaS platform, at Utility’s option, at the start of the program. Utility has some flexibility to add or substitute content, as applicable to the then current design of the Home Water Report, which will be outlined during the implementation phase – such as availability and/or value of the Utility’s incentive/rebate programs. Additionally, by project launch, WaterSmart will customize its platform so that Home Water Reports do not reference WaterSmart’s “Water Efficiency Portal”. Reports may contain reference to Utility customer web portal (when ready). The WaterSmart project manager assigned to Utility will assist in customizing this content at the start of the Program. 4. Web Applications 4.1 —Water Efficiency Dashboard WaterSmart will launch the Water Efficiency Dashboard Web applications prior to the delivery of the first Home Water Reports. WaterSmart will update the Web application on a monthly basis, contingent upon Utility’s delivery of the required data files for each billing period. The Water Efficiency Dashboard Web application, provided by WaterSmart, shall be viewable only by Utility staff and can have an unlimited number of individual logins for staff. 5. Data Specifications, Procurement, Security and Transfer Protocols 5.1 — Data Specifications & Transfer Protocols WaterSmart will work with Utility to provide file specifications that maximize the ease of data extraction on Utility’s behalf and optimize the process of data integration on WaterSmart’s behalf. In general, the Utility will provide two files, one that describes residences and accounts (“the Residence File”) and another that details consumption history and billing amounts (the “Consumption File”). In the Residence File, WaterSmart will request such fields as, but not limited to: • Account Number • Account Sequence Number • Property APN, where available • Meter Size • Service Address • Billing Address • Customer Name • Customer Email, where available In the Consumption File, WaterSmart will request, for at least the last two years, but ideally for five to ten years in the past, such fields as, but not limited to: • Account Number DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 OPOWER PROPRIETARY AND CONFIDENTIAL 19 • Account Sequence Number • Meter I.D. (serial number) • Current Meter Read • Previous Meter Read • Days in Billing Cycle • Consumption • Bill and water allocation details as mutually agreed The above list of fields is intended to serve as an example. During the project kickoff process, WaterSmart and Utility will work together to discuss the ramifications of the presence or absence of data in the feeds. WaterSmart will provide Utility with an encrypted, private, and password-protected FTP destination for regular delivery of the data. This FTP site will be hosted on WaterSmart’s server infrastructure. 5.2 — Customer Confidentiality & Data Security WaterSmart will not share personally identifiable customer information or customer-specific water use information with any third party without prior consent from Utility, as stipulated in the Agreement. Data transferred to WaterSmart from Utility will be stored in a database dedicated to Utility and its WaterSmart project. The data will not be comingled with the data provided by any other entity; provided, however, that certain anonymous data may be consolidated with data provided by one or more other entities for the research and product development purposes subject to the terms of the Agreement. WaterSmart will continue to enact standard controls, policies, and procedures to ensure the security of Utility’s data and customer provided information, including but not limited to choosing a reputable cloud- server vendor with appropriate physical security of server infrastructure, secure public-private key- based login to all WaterSmart server infrastructure, password authentication on all Web site interaction, and audit logging. Watersmart shall provide details of all such controls, policies, and procedures for Utility’s review and reference, including all such measures employed by any cloud server vendor Watersmart may use. Watersmart’s obligations under this Section 5.2 are in addition to and not in lieu of its obligations under Exhibit E of this Agreement. 6. Implementation Meetings At the start of the Program, WaterSmart will conduct an in-person training with Utility staff. The standard training will orient Utility staff involved in the Program with the Reports and Web Applications. WaterSmart suggests Utility include a representative from each functional group that will be involved with the implementation of the program. Additional training may be available subject to the mutual agreement of the parties and may require additional compensation. Following initial implementation, WaterSmart will meet with Utility to report on program results alongside Opower on an annual basis. 7. Project Management DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 OPOWER PROPRIETARY AND CONFIDENTIAL 20 In order to ensure adherence to the agreed-upon schedule and budget WaterSmart will designate an individual to serve as a Project Manager, who will, among other responsibilities: • Attend initial project kickoff meeting organized by Opower • Monitor the status of all deliverables • Provide regular project status report updates • Prepare meeting agendas (including input from Utility) • Monitor engagement rates and message effectiveness • Communicate project feature requests to WaterSmart team While Opower will serve at the primary point of contact for both Utility and WaterSmart for the program term, it is understood that Utility and WaterSmart will contact each other directly as needed to ensure smooth and timely implementation and program operations, copying Opower POC on any written correspondence. WaterSmart Project Team • Project Management: Peter Yolles • IT and Analytics Program Management: Doug Flanzer • Engagement Manager: Ora Chaiken 7.1 Implementation Schedule WaterSmart proposes the following indicative schedule to complete all work required to launch the Program. The dates listed below represent the number of weeks from to the date of a signed Services Agreement between Opower and Utility. Description Dates Step 1: Finalize our Partnership Identify staff involved & clarify roles Schedule weekly status calls Complete Pre-Launch Questionnaire Weeks 1 - 3 Step 2: Share Your Data Export water consumption & residence data to WaterSmart Export program participation data to WaterSmart Export existing rebate/incentive program information Finalize the participation & control groups Weeks 3-7 Step 3: Approve the Content Approve written copy of water-saving recommendations Approve any Utility-specific or special promotions Approve the welcome letter Approve the Customer Insight Survey Approve the envelope messaging and email subject lines Weeks 3-7 Step 4: Implementation Weeks 7-10 DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 OPOWER PROPRIETARY AND CONFIDENTIAL 21 Implement Product Quality Assurance and Testing DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 7570 Home Efficiency Reporting Program Page 12 of 27 EXHIBIT B INSURANCE REQUIREMENTS 1. The Service Provider will provide, from insurance companies acceptable to the City, the insurance coverage designated hereinafter and pay all costs. Before commencing work under this bid, the Service Provider shall furnish the City with certificates of insurance showing the type, amount, class of operations covered, effective dates and date of expiration of policies, and containing substantially the following statement: "The insurance evidenced by this Certificate will not be cancelled or materially altered, except after ten (10) days written notice has been received by the City of Fort Collins." In case of the breach of any provision of the Insurance Requirements, the City, at its option, may take out and maintain, at the expense of the Service Provider, such insurance as the City may deem proper and may deduct the cost of such insurance from any monies which may be due or become due the Service Provider under this Agreement. The City, its officers, agents and employees shall be named as additional insureds on the Service Provider's general liability and automobile liability insurance policies for any claims arising out of work performed under this Agreement. 2. Insurance coverage shall be as follows: A. Workers' Compensation & Employer's Liability. The Service Provider shall maintain during the life of this Agreement for all of the Service Provider's employees engaged in work performed under this agreement: 1. Workers' Compensation insurance with statutory limits as required by Colorado law. 2. Employer's Liability insurance with limits of $100,000 per accident, $500,000 disease aggregate, and $100,000 disease each employee. B. Commercial General & Vehicle Liability. The Service Provider shall maintain during the life of this Agreement such commercial general liability and automobile liability insurance as will provide coverage for damage claims of personal injury, including accidental death, as well as for claims for property damage, which may arise directly or indirectly from the performance of work under this Agreement. Coverage for property damage shall be on a "broad form" basis. The amount of insurance for each coverage, Commercial General and Vehicle, shall not be less than $500,000 combined single limits for bodily injury and property damage. In the event any work is performed by a subcontractor, the Service Provider shall be responsible for any liability directly or indirectly arising out of the work performed under this Agreement by a subcontractor, which liability is not covered by the subcontractor's insurance. DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 7570 Home Efficiency Reporting Program Page 13 of 27 EXHIBIT C CONFIDENTIALITY IN CONNECTION WITH SERVICES to be provided by Opower, Inc. (“Service Provider”) to the City of Fort Collins (the “City”) pursuant to this Agreement (the “Agreement”), the parties hereby agree to comply with reasonable established policies and procedures with regard to the exchange and handling of confidential information and other sensitive materials between the parties. In consideration of access to certain information, data and material (hereinafter individually and collectively, regardless of nature, referred to as “information”) that are the property of and/or relate to the City or Service Provider or their respective employees, customers or suppliers, which access is related to the performance of each parties obligations that the City and Service Provider have agreed to perform under the Agreement, the City and Service Provider hereby agree as follows: That information that each party (“Receiving Party”) has or will come into its possession or knowledge in connection with the performance of the Agreement may be confidential and/or proprietary to the other party (“Disclosing Party”). The Receiving Party agrees to treat as confidential (a) all nonpublic information that is owned by the Disclosing Party, or that relates to the business of the Disclosing Party, or that is used by the Disclosing Party in carrying on business, and (b) all nonpublic information that is proprietary to a third party (in the case of the City, including but not limited to customers and suppliers of the City) and provided to Receiving Party by Disclosing Party. The Receiving Party shall not disclose any such information to any person not having a legitimate need-to-know for purposes authorized by the Disclosing Party or as expressly necessary to perform the Receiving Party’s obligations under the Agreement. Further, the Receiving Party shall not use such information to obtain any economic or other benefit for itself, or any third party, except as specifically authorized by the Disclosing Party. The foregoing to the contrary notwithstanding, the Receiving Party understands that it shall have no obligation under this Agreement with respect to information and material that (a) is or becomes generally known to the public by publication or some means other than a breach of duty of this Agreement, (b) is in the possession of the Receiving Party without confidentiality obligation at the time of disclosure; or (c) is independently developed by the Receiving Party. Nothing herein shall prohibit the Receiving Party from disclosing any information that is required by law, regulation or court order to be disclosed, provided that the request for such disclosure is proper and the disclosure does not exceed that which is required and provided that the Receiving Party shall if permitted by applicable law first have given written notice to the Disclosing Party and made a reasonable effort to seek protective treatment of the Confidential Information disclosed. In the event that the Service Provider ceases to perform services for the City, or the City so requests for any reason, each party shall promptly return to the other party any and all information described hereinabove, including all copies, notes and/or summaries (handwritten or mechanically produced) thereof, in its possession or control or as to which it otherwise has access. The Receiving Party understands and agrees that the Disclosing Party’s remedies at law for a breach of the Receiving Party’s obligations under this Confidentiality Agreement may be inadequate and that the Disclosing Party shall, in the event of any such breach, be entitled to seek equitable relief (including without limitation preliminary and permanent injunctive relief and specific performance) in addition to all other remedies provided hereunder or available at law. DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 7570 Home Efficiency Reporting Program Page 14 of 27 EXHIBIT D Additional Software as a Service Terms 1. DEFINITIONS. Certain capitalized terms used in this Exhibit D, not otherwise defined on the cover page, shall have the meanings set forth below. 1.1 “Access Term” means the period during which the Services are made available to Utility or its Designated Customers according to a Work Order. 1.2 “Administrative User” means an employee or contractor of Utility to whom Utility has assigned a unique identification number for access to the Opower Customer Service Application and the Opower Website Portal for Utility own use as specified in a Statement of Work. 1.3 “Brand” means any trademarks, service marks, trade names, domain names, logos, business names, product names and slogans, and all registrations and applications for registration thereof owned by or licensed to a Party or to which the Party has rights. 1.4 “Customer” means any current or former Utility customer. 1.5 “Designated Customers” means the group of Customers that, pursuant to a Statement of Work, is targeted to receive the Opower Energy Report or access to the Opower Website Portal. 1.6 “Opower Analytics” means any data or information collected or processed by Service Provider under this Agreement and the results and data from any analysis, calculation, or processing thereof, which shall in no event include Personally Identifiable Information. 1.7 “Opower Content” means all content, including any text, copy, images, graphics, designs, photos, video, sound, works of authorship, data, statistics, analyses, forecasts, Opower Analytics and any similar information that is either owned, developed or licensed by Service Provider and that Service Provider makes available through the Services. 1.8 “Opower Customer Service Application” means the online portal provided by Service Provider enabling customer service staff to access the Opower Energy Reports and other features and functions of the Services. 1.9 “Opower Energy Report” means the paper and emailed reports prepared by Service Provider and sent to Customers, as further defined in the Work Order. 1.10 “Opower Energy Reporting System” means (i) Opower Energy Reports; (ii) the Opower Website Portal; and (iii) the Opower Customer Service Application. 1.11 “Opower Intellectual Property” means: (i) any proprietary work; (ii) any system owned, licensed, or developed by Service Provider, including Opower Content; (iii) any analysis, compilation, aggregation, derivative work or work of authorship created by Service Provider; (iv) data independently developed or created by Service Provider; and (v) data entered by Customers via the Opower Website Portal, so long as such data does not include Personally Identifiable Information. 1.12 “Opower Terms of Use” means any applicable Service Provider terms of service (including the Service Provider privacy policy) for the Customer Service Application or the Opower Website Portal, which Service Provider may amend from time to time. 1.13 “Opower Website Portal” means a web-based feature created and maintained by Service Provider to provide Customers with information about their energy usage. 1.14 “Personally Identifiable Information” means any individual Customer name, address, telephone number, e- mail address, account number, Social Security number, credit card number, debit card number, banking information, or other financial information or financial account information regarding a Customer. 1.15 “Program Report” means the evaluations of the Opower Energy Reporting System as further defined in the Statement of Work. 1.16 “Services” means the services to be made available by Service Provider that are specified in a Work Order. 1.17 “Third Party Content” means all content received by Service Provider from a third party or made available by a third party through the Services, including any text, images, graphics, designs, photos, video, sound, works of authorship, data, statistics, analyses, forecasts and similar information. 1.18 “Utility” means as used in this Exhibit __ and as may be used in a Work Order means The City of Fort Collins. 1.19 Utility Data” means any data or information supplied by Utility to Service Provider under this Agreement, including Personally Identifiable Information provided by Utility to Service Provider. Utility Data excludes Opower Content and Third Party Content. 2. STATEMENT OF WORK; ACCESS AND USE 2.1 Access to Opower Website Portal. Subject to the terms and conditions of this Agreement, Service Provider hereby grants to Utility a non-exclusive, non-transferable right to permit access to the Opower Website Portal for the number of Designated Customers specified in the Work Order. Opower may deny access to any Designated Customers who have not agreed to comply with or violate the Opower Terms of Use. 2.2 Access to Opower Customer Service Application. Subject to the terms and conditions of this Agreement and subject to the Work Order, Service Provider hereby grants to Utility a non-exclusive, non-sublicensable, non- transferable right to access the features and functions of the Opower Customer Service Application during the Access DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 Service Agreement – Work Order Type with Red Flags & Confidentiality Page 15 of 27 Term, solely for use by Administrative Users for the purpose specified in the Work Order and pursuant to reasonable access procedures to be specified by Service Provider. 2.3 Access to Utility Data. Subject to the terms and conditions herein, Utility grants Service Provider a worldwide, perpetual, fully-paid non-exclusive, non-transferable, royalty-free license to (i) use, reproduce, adapt, modify, translate and distribute the Utility Data for the purpose of performing the Services and Service Provider’s obligations under this Agreement, including, without limitation, the creation of Opower Analytics; and (ii) use individual Customer data in the Utility Data (which, for the avoidance of doubt, shall not include any Personally Identifiable Information) during the Term and for a period of 180 days thereafter, provided that all such data is used in compliance with all applicable laws and regulations, and Service Provider shall only use such Utility Data (i) as necessary for the provision of the Services hereunder and (ii) on an anonymized basis to perform analytics for the purpose of the evaluation and improvement of Service Provider’s services and offerings. 2.4 Brand Licenses. The parties shall cooperate with each other to develop a mutually agreeable strategy for co- branding the Opower Energy Reports and the Opower Website Portal. Notwithstanding the foregoing, (i) Utility grants to Service Provider a non-exclusive, non-sublicenseable, non-transferable, royalty-free, fully-paid license to use the Utility Brand during the Term in accordance with such reasonable branding guidelines as Utility may specify for the limited purposes of performing Service Provider’s obligations under this Agreement, (ii) Service Provider may, upon prior notice to Utility and a reasonable opportunity to review, identify Utility as a Service Provider customer and use the Utility Brand for marketing and sales purposes, provided that such identification shall not state an endorsement by Utility, as applicable; and (iii) Service Provider may identify the Services with the Opower Brand and “runs on Opower” or other similar phrasing and include in the Services an indication of its copyrights and other intellectual property rights therein. Except as expressly permitted by this Agreement, each party shall have a written right of approval over the use of its Brand by the other party, not to be unreasonably withheld. 2.5 Usage Restrictions. (i) Utility shall not (a) decompile, disassemble, reverse engineer or otherwise attempt to obtain or perceive the source code from which any software component of the Services is compiled or interpreted; (b) modify the Services, Opower Content, Third Party Content or the Opower Energy Reports, or create any derivative product from any of the foregoing, except with the prior written consent of Service Provider; or (c) assign, sublicense, sell, resell, lease, rent or otherwise transfer or convey, or pledge as security or otherwise encumber, Utility’s rights under this Section 2. Utility shall use the Services and all Utility Data solely in compliance with all applicable laws, regulations or rules, including the Opower Terms of Use. (ii) Utility shall be responsible for the security of Administrative Users’ accounts and passwords, and shall notify Opower immediately of any unauthorized use of any password or account or any other known or suspected breach of security. Utility shall be responsible for the acts or omissions of Administrative Users in connection with the use of, and access to, the Opower Customer Service Application, and any such act or omission which would constitute a breach of this Agreement if undertaken by Utility, shall be deemed to be a breach by Utility hereunder. 2.6 Retained Rights; Ownership. (i) Subject to the rights granted in this Agreement, Utility retains all right, title and interest in and to the Utility Brand and Utility Data, and Service Provider acknowledges that it neither owns nor acquires and hereby disclaims any rights in and to the Utility Brand or Utility Data not expressly granted by this Agreement. (ii) Subject to the rights granted in this Agreement and except to the extent set forth in Section 2.6(iii), (a) Service Provider retains all right, title and interest in and to the Services, the Opower Content and the Opower Intellectual Property, (b) Utility acknowledges that it neither owns nor acquires and hereby disclaims any rights in and to the foregoing not expressly granted by this Agreement. (iii) Utility owns (a) the Program Reports; and (b) each tangible Opower Energy Report created as part of these Services, including any sample reports, and all right, title and interest therein, provided that Service Provider retains ownership in the: (I) design, look, and feel; (II) graphical elements; (III) content other than the Utility Data; and (IV) any intellectual property therein. Each of (I), (II), (III) and (IV) are Opower Intellectual Property. Notwithstanding the foregoing, nothing in this section shall prevent Service Provider from using the Program Reports for internal business purposes, subject to the confidentiality obligations stated in this Agreement. 2.7 Suggestions. Utility hereby grants to Service Provider a royalty-free, worldwide, irrevocable, perpetual license to use and incorporate into the Services any suggestions, enhancement requests, recommendations or other feedback provided by Utility or Customers relating to the operation of the Services. 3. OPOWER OBLIGATIONS. 3.1 Performance of Services. Service Provider shall perform the Services set forth in each Work Order in accordance with, and subject to, the terms and conditions herein (including such Work Order and the Service Level Agreement attached hereto as Exhibit F). 3.2 Responsibility for Hosting of Service. As between the parties, Service Provider shall, at its expense, bear sole responsibility for the design, development, hosting, operation, maintenance and management of the Opower Energy Service Agreement – Work Order Type with Red Flags & Confidentiality Page 16 of 27 Reporting System, including development of its features, functions and technology, and any adaptation or reconfiguration thereof as may be necessary for purposes of providing access to, and use of, the content therein. 3.3 Data Protection. Service Provider shall maintain appropriate managerial, operational, physical and technical safeguards designed to preserve the integrity and security of the Utility Data while in its possession and control as set forth in Service Provider’s Data Protection and Data Security Exhibit attached hereto as Exhibit E. Utility shall have the right, at its own expense and during the Term upon seven (7) days notice and during Service Provider’s normal business hours, to conduct an audit of Service Provider’s compliance of this Section 3.3, as it relates solely to the Utility Data, provided that such audit shall: (i) be conducted by an independent third party approved by Service Provider (such approval not to be unreasonably withheld); and (ii) not unreasonably disrupt Service Provider’s business or operations. Service Provider shall notify Utility within twenty four (24) hours of a confirmed breach of this Sections 3.3. Service Provider shall receive data security protections similar in scope to those provided in this Agreement from any subcontractor engaged by Service Provider. 3.4 Communication with Designated Customers. As part of the provision of the Services, Service Provider may need to communicate with Designated Customers from time-to-time. Utility hereby grants Service Provider, , upon prior notice to Utility and a reasonable opportunity to refuse, the limited right to communicate with Designated Customers as may be necessary to provide the Services. 4. UTILITY OBLIGATIONS. 4.1 Utility Data. Utility shall provide the Utility Data to Service Provider in the format and at the times specified in the Work Order. Utility shall be responsible for, and Service Provider shall not be liable for, (i) ensuring that Utility has obtained all consents and given all notices required under applicable law, rules, regulations and Utility policies to authorize the communication with Customers and use of Utility Data contemplated by this Agreement and (ii) any breach of this Agreement resulting from the Utility Data, including the delivery, accuracy, completeness and consistency thereof. Utility shall make available in a timely manner at no charge to Service Provider all content, graphic files, Utility Brand information and other information and resources of Utility reasonably required by Service Provider for the performance of its obligations under this Agreement. 4.2 Feedback. Utility shall provide Service Provider with prompt written notification of any comments or complaints about the Opower Energy Reporting System that are made to Utility by Designated Customers, and of any problems with the Services or their use that Utility becomes aware of during the Term. 4.3 Assistance to Service Provider. Utility shall, at its expense, provide reasonable assistance and access to Service Provider to the limited extent necessary to enable Service Provider to perform its obligations under this Agreement, including any obligations with respect to a Statement of Work. 5. DISCLAIMERS, EXCLUSIONS AND LIMITATIONS OF LIABILITY. 5.1 Third Party Content. Service Provider makes no representations or warranties regarding any Third Party Content made available in connection with, the Services. Service Provider is not responsible for the accuracy, reliability, legality or validity of any Third Party Content. 5.2 Disclaimer. EXCEPT AS EXPRESSLY REPRESENTED OR WARRANTED IN THE AGREEMENT, THE SERVICES, THE OPOWER CONTENT, THE THIRD PARTY CONTENT AND ALL OTHER DATA, MATERIALS, OR INFORMATION PROVIDED BY SERVICE PROVIDER ARE PROVIDED “AS IS,” AND SERVICE PROVIDER DISCLAIMS ANY AND ALL OTHER PROMISES, REPRESENTATIONS AND WARRANTIES, WHETHER EXPRESS OR IMPLIED. 5.3 Exclusions of Remedies; Limitation of Liability. IN NO EVENT WILL SERVICE PROVIDER BE LIABLE TO UTILITY FOR ANY INDIRECT DAMAGES, REGARDLESS OF THE NATURE OF THE CLAIM (INCLUDING, WITHOUT LIMITATION, LOSS OF CUSTOMERS, LOSS OF PROFITS, INJURY TO REPUTATION, LOSS OF CONTRACTS OR SIMILAR LOSSES, IN EACH CASE WHETHER FORESEEABLE OR NOT). EXCEPT FOR DAMAGES CAUSED BY FRAUD, GROSS NEGLIGENCE OR A MATERIAL BREACH OF EXHIBIT E, THE CUMULATIVE LIABILITY OF SERVICE PROVIDER TO UTILITY FOR ALL CLAIMS ARISING FROM OR RELATING TO THIS AGREEMENT WILL NOT EXCEED THE FEES PAID TO OPOWER BY UTILITY DURING THE 12-MONTH PERIOD PRECEDING THE EVENT GIVING RISE TO SUCH CLAIM. THIS LIMITATION OF LIABILITY IS INTENDED TO APPLY WITHOUT REGARD TO WHETHER OTHER PROVISIONS OF THIS AGREEMENT HAVE BEEN BREACHED OR HAVE PROVEN INEFFECTIVE. DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 Service Agreement – Work Order Type with Red Flags & Confidentiality Page 17 of 27 EXHIBIT E Data Protection and Data Security Service Provider (“Opower”) shall have in place information security safeguards that are designed to conform to or exceed industry best practices regarding the protection of the confidentiality, integrity and availability of utility and customer information and shall have written agreements requiring any subcontractor to meet those standards set forth below in the “Subcontractors” section. These information security safeguards (the “Information Security Program”) shall be materially consistent with, or more stringent than, the safeguards described in this Exhibit. Overview. Opower uses a defense-in-depth strategy designed to secure Personally Identifiable Information and usage and billing data received from Utility or its customers (“Customer Data”). This is achieved by reference to the National Institute of Standards and Technology (NIST) Risk Management Framework (to include the recently released NISTIR 7628 Guidelines for Smart Grid Cyber Security) as the foundation of our Information Security Program. Managerial, operational, and technical, security controls are implemented by Opower to protect the confidentiality, integrity, and availability of utility and customer data are derived from the NIST SP 800-53 and NISTIR 7628 control families. Specifically, Opower’s Information Security Program includes the following: Service Organization Control 2 (SOC 2) Type 2 Report: Opower has successfully completed a Service Organization Controls (SOC) 2 Type 2 examination related to the Security and Confidentiality principles of the American Institute of Certified Public Accountants (AICPA) Trust Services Principles (the “SOC 2 Examination”). Opower will conduct a SOC 2 Examination on an annual basis and, upon request, will provide Client with a copy of the applicable attestation letters resulting from each such examination. Data Storage. Customer data is stored at independently verified SSAE-16 / SOC I Type II certified Tier-III data centers. The data centers’ physical and environmental security includes industry-leading network hardening and active monitoring, digital security video surveillance, 24/365 on-site security staff, and biometric access control. Role-Based Logical Access Control. Opower employs role-based access controls to servers containing Customer Data. Authorized employees must use individual account and authentication credentials to gain access to Customer Data. Opower controls access to back end servers through authentication handled with key-based SSH sessions. Authorization is done on a least privilege model. Opower requires security awareness training for employees with access to Customer Data. Opower will use industry standard measures to protect access to its customer's information systems and assure that only authorized personnel login and that access is removed in timely fashion. Information Classification and Handling. Opower classifies information assets using specific sensitivity labels and handling procedures so that appropriate security controls are applied to Customer Data. This includes ensuring that customer information is securely transmitted, processed, and stored. Security measures include: • Encrypt Customer Data while “in transit”. Any variance shall be reviewed and approved by Utility. Secure Data Transfer. Opower requires that all Customer Data containing Personally Identifiable Information transmitted to or from the Opower information system use approved secure transfer processes such as Opower’s secure file transfer protocol (SFTP) and Opower’s Data Transfer Specification. Data traversing the SFTP connection is authenticated and encrypted during transmission utilizing public/private keys. Data Backups. Opower takes full database backups on a weekly basis and incremental backups are taken daily. Database backups are encrypted before being written to disk. Opower archives all critical client and application data by replicating it to disk-to-disk back-up storage, locally, and off-site. DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 Service Agreement – Work Order Type with Red Flags & Confidentiality Page 18 of 27 Data Disposal. Opower provides the option for erasing Personally Identifiable Information from the Opower systems upon request from the utility and/or at program conclusion. Customer information is destroyed such that it cannot be recovered or reproduced. Opower documents the destruction of customer information and reports to the client having done so successfully. Secure Web Communications. The Opower Application utilizes HTTPS for securing web server to web browser communications using a Secure Sockets Layer (SSL) encrypted 128-bit certificate signed by an approved Certificate Authority. This establishes the encryption of the session, designed to protect the transmitted data between the end-user and the application. Network and Security Monitoring. Opower’s infrastructure incorporates firewalls, intrusion detection systems, vulnerability management tools and other technologies designed to monitor for network security events. Application Development Security. Opower will ensure that the development of all its applications (web and mobile) shall be supervised and monitored by the organization and shall include security requirements and an independent security review of the environment by a qualified security professional. Opower will follow a documented Software Development Life Cycle process where code is reviewed for security vulnerabilities and unwanted application functionality. Software developers shall follow industry standard software development secure practices. Vulnerability Assessments. Opower performs periodic internal and external web application and network vulnerability assessments that include the use of independent third-party assessors as part of its continuous monitoring program to assess the application and operation of its security controls The scope of these audits includes assessment of compliance with Open Web Application Security Project (OWASP) Top 10 Web Vulnerabilities (www.owasp.org). Evidence of these assessment and the remediation actions taken shall be provided upon request. If unable to provide documented evidence, a warranty period of no less than one year shall be provided by Opower. Opower Application Security Controls and Procedures: User Authentication. Access to the Opower Application requires a valid unique user ID and password combination, which are encrypted via SSL while in transmission. Security Controls: The Opower Application includes the following security controls: • Unique user IDs so that activities can be attributed to the responsible individual. • User lock-out controls after consecutive failed login attempts. • Controls to terminate a User session after a period of inactivity. • Password complexity requirements include the following criteria for employees: minimum length of 8 characters, alpha numeric, password history of 3 passwords, 90 day expiration, password cannot match name or previous three passwords). Security Procedures, Policies and Logging: The Opower Application are operated in accordance with the following procedures to enhance security: • User access log entries will be logged • Logging will be kept for a minimum of 90 days. • Logging will be kept in a secure area to prevent tampering. • Passwords are reset to a random value (which must be changed on first use) and delivered automatically via email to the requesting user. DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 Service Agreement – Work Order Type with Red Flags & Confidentiality Page 19 of 27 Viruses: The Opower Thermostat Platform has been designed to avoid the introduction of viruses to Utility’s systems; however, the Service does not scan for viruses or malware included in attachments, iterative data files or other data when provided by Utility to Opower. Opower utilizes antivirus technologies for its Windows machines. Incident Response. In the event of a security breach, Opower’s System Administration Team and Security Team will perform a risk-based assessment of the situation and develop appropriate mitigating strategies in accordance with Opower incident response procedures, which include contacting the Utility and to contact Utility’s primary point of contact to brief him or her on the situation and provide resolution status updates. Additionally, Opower will notify the Utility SOC at CIRT@Utility.com. . Security Plan Changes. Opower periodically updates and implements enhancements to the Information Security Program, and may add or modify security controls, procedures, policies and features. These additions and modifications will not make the Information Security Program less protective than it was on the effective date of the Agreement in any material respect. Hosted Services. The Opower Thermostat Platform utilizes industry-leading hosted storage and application services, such as Amazon Web Services and Apigee for APIs, that employ security practices that meet or exceed the practices described in this exhibit. For more information on Amazon Web Services security practices, see http://aws.amazon.com/security/security-resources/. For more information on Apigee’s security practices, see http://www.apigee.com Personnel Security. Opower has formalized hiring policies and procedures, performance management, and termination practices. Opower conducts pre-hire background checks that includes the following • Social Security Number validation or Personal Identity Code • Criminal Records Check Opower will use commercially reasonable efforts to prevent and correct ethical violations and in maintaining compliance all applicable laws and regulations. Service Packs and Patches. Opower will use commercially reasonable efforts to promptly install applicable security patches and updates. Opower internally approves patches and patching cycles. (OPower uses MBSA to help track patching compliance and follows Patch Tuesday, etc) (Critical and High are evaluated for impact and applied as necessary. Then medium and low are addressed based on impact.) Audit. Utility reserves the right, at its own expense and during normal business hours upon reasonable notice to Opower, to audit the Opower’s application infrastructure, as it solely relates to Utility or Utility Data, to ensure compliance with the requirements herein, within 10 business days notice. Physical audits may be conducted on-site with 10 business days notice. The nature of the audit will be pre-communicated and agreement gained with Supplier as to whether Utility, or an agreed-to third party, will conduct the audit. Subcontractors. Acknowledgement by Utility that Opower may use subcontractors shall not release or absolve Opower from the obligation to satisfy all conditions of this Agreement, including the data security measures described in this Exhibit E, and to require a substantially similar level of data security, appropriate to the types of services provided and Customer Data received, for any subcontractor Opower may use. Accordingly, any release of data, confidential information, or failure to protect information under this Agreement by a subcontractor or affiliated party shall be attributed to Opower and may be considered by Utility to be a material breach of this Agreement. Notwithstanding the foregoing, Watersmart, in performing water efficiency services under this Agreement, shall comply with, in addition to any data security requirements that may be included in SOW Exhibit A-4, the WaterSmart Data and Security Overview incorporated herein as Attachment 1. DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 Service Agreement – Work Order Type with Red Flags & Confidentiality Page 20 of 27 EXHIBIT E – ATTACHMENT 1 WaterSmart Data and Security Overview A. Risk Management 1. WaterSmart’s IT Risk Governance WaterSmart strives to strike a balance between opportunity and risk for our business, while minimizing risk for our customers. We govern based on best practices extracted from various frameworks. During our regular prioritization meetings, we discuss the company’s appetite for risk and assess each potential initiative with respect to IT concerns. Example of the risks assessed might include: late-delivery risk, compliance risk, architecture/flexibility risk, data security risk, or service risk. These sessions often include risk review with the goal of understanding the business impact of a given scenario. 2. WaterSmart’s IT Risk Life Cycle As described above, we identify the value of business propositions, identify the risks, and assess the risks. If the project goes forward, the IT team is responsible for developing a response to any potential risk, implementing it, and monitoring the response/control/measure for its effectiveness. We often iterate on and improve risk responses over time to continually minimize risk as new information, ideas, or technologies become available. B. Information Security Policy 1. WaterSmart’s Information Security Policy WaterSmart’s Information Security Policy establishes a framework for managing risk in accordance with business requirements. At the core of our policy, we focus on: • Tight access control, ensuring only approved users are granted appropriate access • Encryption in transfer, to keep data secure as it flows in and out of system boundaries • Partnering with best-in-class cloud vendors for asset management and physical & environmental security • Automation for change-management accuracy • Documentation for business continuity Human resources security, to ensure all necessary controls on employees 2. Policy creation, maintenance and review Specific aspects of WaterSmart’s Information Security Policy are documented in our secure online repository. We continuously update and maintain our documentation when new business requirements or risks are surfaced. As a whole, Security Policy is reviewed with each new customer; any suggested policy improvements are documented and prioritized within our project prioritization framework. C. Information Security Organization 1. Dependent Service Providers Our company carefully reviews all cloud service provider partners for their security. We only select vendors with high standards regarding security, privacy, and disaster preparation. We select best-in-class vendors with multiple 3rd party verifications; for example, RackSpace for servers and networking, and SendGrid for email delivery. The verifications and certifications of our vendors are publicly available for inspection. D. Physical and Environmental Security DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 Service Agreement – Work Order Type with Red Flags & Confidentiality Page 21 of 27 1. Physical Controls WaterSmart’s servers are deployed in the secure Rackspace Cloud. Physical security includes state-of- the-art building access controls, video surveillance and 24x7 onsite security. Rackspace’s facilities and security procedures are regularly subject to independent 3rd party reviews and certifications including but not limited to ISO27002 and SOC1/2/3. 2. Environmental Controls Our servers are connected to multiple high-performance networks, uninterruptible power supplies, backup diesel generators and fire-safety systems. A full-time, on-site operations staff addresses any hardware problems. E. Operational Security 1. WaterSmart’s operational controls Operational controls include strict access control, precise firewall configuration, access logging, application logging, real-time server metrics collection and graphical display, multi-tenant data segregation, intrusion detection, aggressive backup policy, process automation, development and production environment separation, documentation, and change-control. Furthermore, all data transmitted between WaterSmart and a customer or cloud partner is always transferred in an encrypted fashion, using either SSL, SSH, PGP, or TLS as appropriate for the channel. 2. WaterSmart’s monitoring of system and network activity All access to servers, as well as to customer-facing products, is logged. System activity logs are collected in real time and displayed graphically in our operational dashboard. Our operational alert framework analyzes system data and is configured to send instant alerts to the IT team at various thresholds. 3. Intrusion detection methodology Our servers are only accessible via individual SSH public/private key pair, and no access is allowed via password. Only members of the IT team have access to their private keys; and keys may be revoked at any time. Our alert framework monitors all access and reports immediately if it sees an unknown user. The intrusion detection framework also geo-locates the IP address of each connection and alerts on any geographic anomalies. We also analyze for time-of-use anomalies, and alert on any access outside of the usual clock-pattern of access. 4. WaterSmart’s data backup and restoration process We backup all critical system configuration data and all multi-tenant customer data daily. The data is PGP encrypted and then transferred via SSL to our Cloud Files storage area within the secure RackSpace cloud. Our restoration procedure is carefully documented in our operations guide; it involves downloading a specific backup and installing it as needed. The restoration process is practiced routinely. We employ a cascading fade-out backup storage scheme in which we keep daily backups for 30 days, and transition older backups to weekly or monthly snapshots. We also maintain a hot-failover backup system that is primed daily to serve product via DNS swap. 5. WaterSmart’s change control process We develop software in an agile/scrum method. On a weekly or bi-weekly basis, all requested changes are documented in our issue-tracking/scrum system. All data-related or operational changes are included in this change-request process. Data and operational changes are made only by script automation. Once changes are committed with comments to our secure source code repository, the changes are pushed to our development/test environment where they are validated. All validated changes are deployed to our DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 Service Agreement – Work Order Type with Red Flags & Confidentiality Page 22 of 27 live environment on-demand via automation from our repository. F. Access Control 1. WaterSmart’s access control policy Access to servers and data by WaterSmart employees is granted only on as-needed basis, and only by individual, revocable SSH public/private key-pairs. Authorization is never granted via password or by shared key. Role-based access control (RBAC) is implemented to regulate access to computer and network resources based on the roles of individual users within the WaterSmart organization. Editorial rights to content used in our application require an individually provisioned, revocable SSL Certificate on the physical machine of the employee. Each new employee signs a Non-Disclosure Agreement and is subject to a background security check. We maintain written de-provisioning procedures to universally withdraw access from individuals who no longer require data access. 2. WaterSmart’s privilege delegation and separation of duties policy Group-level RBAC is used to handle privilege delegation. Some employees may have administrator rights, while others are read-only, or some have no access at all. 3. WaterSmart’s inactive accounts and access revocation policy Written procedures are followed to withdraw access from an inactive account or terminated employee. This includes but is not limited to SSH key removal, SSL certificate revocation, user deletion, and de- provisioning of all cloud-based services. G. Software Development and Maintenance 1. WaterSmart’s Software Development Lifecycle Our SDLC is an agile/scrum method that incorporates planning (business and technical requirements analysis), implementation (coding, software testing, and documentation), deployment, maintenance, and support. Typically, business analysts work with customers to define new features. Features are completed by engineering in a minimally viable way; tested, and deployed to production. Customer interaction creates a feedback loop for iterative improvement. Production releases occur frequently -on average, weekly or bi-weekly. 2. WaterSmart’s application vulnerability assessment methodology Application Vulnerability is handled proactively by employing best-practice authentication technology, web application frameworks designed to eliminate cross-site or injection attacks, and most importantly, code review. All code added to our secure repository triggers our code-review automation, in which code- differences are highlighted and distributed to peers in the engineering team for review. 3. WaterSmart’s application and system patching strategy. As a web application company, we have almost no barrier to application patching. Any necessary changes are committed, tested, and rolled out to our multi-tenant infrastructure as required via an automated process that cleanly shuts-down, deploys and restarts the necessary applications. Customer- facing products enter maintenance mode during the procedure. An application deploy, on average, takes less than 30 seconds. DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 Service Agreement – Work Order Type with Red Flags & Confidentiality Page 23 of 27 System level patching, including OS upgrades, occurs on an as-needed basis for critical issues and approximately quarterly for enhancements. All patching occurs first in our development and test environment. After the development patch, we complete a system-wide smoke test of our applications and infrastructure. Subsequently, we begin our production patching procedure with a full image clone of each virtual server to be upgraded, followed by the patch and test cycle. We run only Long Term Support (LTS) versions of Linux Ubuntu on our servers, in an effort to minimize vulnerability threats. As a cloud services company with over 15 utility customers, we do security reviews many times a year during the contracting phase. Internally, the IT team formally reviews our system security on a quarterly basis; informally we do code-reviews and read technical and vulnerability blogs on a daily basis. H. Incident management 1. WaterSmart’s incident management program We have a 5-step incident management program. After an incident identification, (1) incidents are assigned an incident manager responsible for responding to the incident in a timely manner and pro- actively communicating incident status to all relevant internal and external parties. (2) Incidents are documented via incident management form and permanently filed in our incident repository. (3) We identify and execute corrective actions. (4) We perform a root cause analysis. (5) We feed back lessons learned to the planning function team. Throughout the incident process, we maintain open lines of communication with our customers. I. Business Continuity 1. WaterSmart’s Business Continuity program WaterSmart takes several approaches to business continuity beginning with our decision to deploy image-based virtual servers in a cloud data center featuring multiple high-performance networks, uninterruptible power supplies, backup diesel generators, fire-safety systems, and a full time operations staff. New instances of our servers can be quickly deployed from bare metal via automation in case recovery is needed. We also maintain documentation and test our failover procedure in which application hosting is switched from one cluster to another with minimal customer interruption. From a business perspective, our organization is designed to operate in a distributed fashion making use of cloud technologies such as our secure cloud document silo, an online documentation repository, and a web-managed hosting environment. Employees have unlimited access to multiple communication channels including web-based chat and video presentment tools. Most importantly, we rigorously maintain ‘how-to’ documentation for running our business smoothly in a repeatable fashion whether or not an emergency is at hand. Documentation is maintained in an editable, electronic format so it can be easily updated during trial or execution. 2. Business Impact Analysis Our business recently completed a brief business impact analysis using the assets available and recommended by ready.gov. 3. Continuity Plan testing Our continuity plan is continuously tested, on different frequencies. For example, server deployment procedures are used on a monthly basis, failover to secondary servers is tested annually, and ‘work anywhere’ business operations and communications are tested on a daily basis. Documentation is tested DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 Service Agreement – Work Order Type with Red Flags & Confidentiality Page 24 of 27 using a trade-off technique where the author passes the documentation to a second employee for validation. J. Regulatory Compliance 1. WaterSmart’s compliance with internal policies and standards We regularly review our operating procedures against our organizational policies, including documentation execution ‘practice sessions’, maintaining a prioritization queue of desired improvements, and auditing our internal alerting and monitoring systems to make sure they are operating as expected. We review legal requirements in the context of each Customer’s contractual agreement with the help of internal counsel and the counsel of our customer-partners. K. Privacy 1. WaterSmart’s Privacy program WaterSmart has a serious commitment to the privacy of our customer data. Our privacy policy is permanently available at www.watersmartsoftware.com/site/privacy.html. We do not share any personally identifiable data with anyone without the express consent of our customer. We do not store any billing data, financial data, or payment information. The extent of what might be considered private data is customer name, address, account number, email address, and water usage. Our information security practices address the privacy of data during its entire lifecycle: storage (SSH server access only), usage (end-user access via HTTPS and encrypted password), sharing (never), transferring (SSH encryption), securing (SSH), retention (backups PGP + HTTPS), and destruction (delete or return-to-customer). DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 Service Agreement – Work Order Type with Red Flags & Confidentiality Page 25 of 27 EXHIBIT F SERVICE LEVEL AGREEMENT SECTION 1. SERVICE LEVELS 1.1 Service Levels The purpose of this SLA is to define certain measurable performance levels (the “Service Levels”) for the provision of the Services. Opower shall maintain the Service Levels set forth herein during the Access Term. If Opower fails to meet any of the Service Levels set forth in this SLA, Opower shall do the following: ⇒ Promptly investigate and report on the causes of the problem; ⇒ Use reasonable efforts to correct the problem and meet the applicable Service Levels as soon as practicable; and ⇒ Provide Utility reasonable evidence that the causes of such problem have been cured or shall be cured within a reasonable time period, to the extent requested by Utility. 1.2 Reporting Opower will monitor compliance with these Service Levels on an ongoing basis. In the event that (i) Opower has identified a breach of a Service Level as a result of its monitoring or (ii) Utility believes, in good faith, that Opower has breached a Service Level and communicates such suspected breach to Opower within 30 days thereof, then Opower will provide a report to Utility on Opower’s performance of such Service Level for the applicable calendar month. Opower will provide this report prior to the later of (A) thirty (30) days following the end of the calendar month during which the suspected breach occurred and (B) 30 days following receipt of the applicable notice of suspected breach from Utility. SECTION 2: SERVICE LEVEL CATEGORIES 2.1 Service Availability - Opower Website Portal Availability The Opower Website Portal will be available to Utility and its Designated Customers not less than 99% of each calendar month. The Opower Website Portal will be considered unavailable if the end user is unable to log in or gain access to the portal, and shall not include unavailability caused by Scheduled Downtime or issues beyond Opower's reasonable control. Opower reserves the right to conduct scheduled maintenance, which will (i) be announced to Utility at least 72 hours in advance and (ii) will occur outside of the hours of 7AM to 10PM Monday through Friday, Eastern Time (“Scheduled Downtime”). In the event that the Services include single-sign-on or seamless/tab-level integration for the Opower Website Portal, Utility shall provide Opower with ongoing login data into Utility’s web-based portal and additional assistance reasonably required for Opower to monitor and verify compliance with this Service Level in accordance with its verification protocols. DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 Service Agreement – Work Order Type with Red Flags & Confidentiality Page 26 of 27 2.2 Technical Support Opower’s Client Support Group is available to provide technical assistance during the following “Business Hours”: Monday to Friday from 9 a.m. to 8 p.m. Eastern Time, with the exception of Opower holidays1. Outside of these times, technical support is on call to address system and infrastructure related issues. Method of Contact: Utility may contact Opower using any of the following methods, however all support requests must be entered via the Opower Client Support Portal at http://support.opower.com. Utility Support Contact Options Client Support Portal http://support.opower.com Email Support support@opower.com Phone Support 1-877-870-8416 Utility shall provide the name of the Project Manager and/or Primary Technical Contact, with a total of up to 5 designated Primary Technical Contacts who are eligible to submit and obtain updates on a support request with Opower Client Support. Primary Technical Contacts have completed product training and are internal experts with the Opower product. Utility Technical Support Service Levels: Priority Priority Description Response Times* Critical The Opower Website Portal is unavailable to all users and no workaround is available. During Business Hours - 90 minutes; Outside of Business Hours - 240 minutes; Efforts to correct problem will begin immediately High The Opower Website Portal is available to users, but one or more major functions (e.g. ability to view customer data) are inoperable, and no workaround is available. 240 minutes during Business Hours Medium One or more product features or functions of the Opower Website Portal are not performing properly, but a workaround is reasonably available. 2 business days Low The material portions of the Opower Website Portal are operable but the system is experiencing minor operational problems. 5 business days * The response times above represent the amount of time that Opower commits to respond to Utility’s 1 Opower holidays are New Year’s Day, Memorial Day, Independence Day, Labor Day, Thanksgiving Day, the day after Thanksgiving, Christmas Day and the period between Christmas day and New Year’s Day. DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 Service Agreement – Work Order Type with Red Flags & Confidentiality Page 27 of 27 support request and commence remediation work. Response times are calculated from the time that the support inquiry is entered into the Opower Client Support Portal. Ongoing Technical Support Response and Support Parameters: Opower maintains internal escalation and notification procedures to ensure that timely responses and feedback is provided for all open support requests. In the event of Critical or High priority issues that are not responded within the timeframe specified by the service levels, these support requests will be escalated to Opower’s Sr. Manager of Client Support Operations and Sr. Director of Technology and SaaS Operations. DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48 CERTIFICATE HOLDER © 1988-2010 ACORD CORPORATION. All rights reserved. ACORD 25 (2010/05) AUTHORIZED REPRESENTATIVE CANCELLATION CERTIFICATE OF LIABILITY INSURANCE DATE (MM/DD/YYYY) JECT LOC POLICY PRO- GEN'L AGGREGATE LIMIT APPLIES PER: CLAIMS-MADE OCCUR COMMERCIAL GENERAL LIABILITY GENERAL LIABILITY PREMISES (Ea occurrence) $ DAMAGE TO RENTED EACH OCCURRENCE $ MED EXP (Any one person) $ PERSONAL & ADV INJURY $ GENERAL AGGREGATE $ PRODUCTS - COMP/OP AGG $ DED RETENTION $ CLAIMS-MADE OCCUR $ AGGREGATE $ UMBRELLA LIAB EACH OCCURRENCE $ EXCESS LIAB DESCRIPTION OF OPERATIONS / LOCATIONS / VEHICLES (Attach ACORD 101, Additional Remarks Schedule, if more space is required) INSR LTR TYPE OF INSURANCE POLICY NUMBER POLICY EFF (MM/DD/YYYY) POLICY EXP (MM/DD/YYYY) LIMITS WC STATU- TORY LIMITS OTH- ER E.L. EACH ACCIDENT E.L. DISEASE - EA EMPLOYEE E.L. DISEASE - POLICY LIMIT $ $ $ ANY PROPRIETOR/PARTNER/EXECUTIVE If yes, describe under DESCRIPTION OF OPERATIONS below (Mandatory in NH) OFFICER/MEMBER EXCLUDED? WORKERS COMPENSATION AND EMPLOYERS' LIABILITY Y / N AUTOMOBILE LIABILITY ANY AUTO ALL OWNED SCHEDULED HIRED AUTOS NON-OWNED AUTOS AUTOS AUTOS COMBINED SINGLE LIMIT BODILY INJURY (Per person) BODILY INJURY (Per accident) PROPERTY DAMAGE $ $ $ $ THIS IS TO CERTIFY THAT THE POLICIES OF INSURANCE LISTED BELOW HAVE BEEN ISSUED TO THE INSURED NAMED ABOVE FOR THE POLICY PERIOD INDICATED. NOTWITHSTANDING ANY REQUIREMENT, TERM OR CONDITION OF ANY CONTRACT OR OTHER DOCUMENT WITH RESPECT TO WHICH THIS CERTIFICATE MAY BE ISSUED OR MAY PERTAIN, THE INSURANCE AFFORDED BY THE POLICIES DESCRIBED HEREIN IS SUBJECT TO ALL THE TERMS, EXCLUSIONS AND CONDITIONS OF SUCH POLICIES. LIMITS SHOWN MAY HAVE BEEN REDUCED BY PAID CLAIMS. INSR ADDL WVD SUBR N / A $ $ (Ea accident) (Per accident) THIS CERTIFICATE IS ISSUED AS A MATTER OF INFORMATION ONLY AND CONFERS NO RIGHTS UPON THE CERTIFICATE HOLDER. THIS CERTIFICATE DOES NOT AFFIRMATIVELY OR NEGATIVELY AMEND, EXTEND OR ALTER THE COVERAGE AFFORDED BY THE POLICIES BELOW. THIS CERTIFICATE OF INSURANCE DOES NOT CONSTITUTE A CONTRACT BETWEEN THE ISSUING INSURER(S), AUTHORIZED REPRESENTATIVE OR PRODUCER, AND THE CERTIFICATE HOLDER. IMPORTANT: If the certificate holder is an ADDITIONAL INSURED, the policy(ies) must be endorsed. If SUBROGATION IS WAIVED, subject to the terms and conditions of the policy, certain policies may require an endorsement. A statement on this certificate does not confer rights to the certificate holder in lieu of such endorsement(s). The ACORD name and logo are registered marks of ACORD COVERAGES CERTIFICATE NUMBER: REVISION NUMBER: INSURED PHONE (A/C, No, Ext): PRODUCER ADDRESS: E-MAIL FAX (A/C, No): CONTACT NAME: NAIC # INSURER A : INSURER B : INSURER C : INSURER D : INSURER E : INSURER F : INSURER(S) AFFORDING COVERAGE SHOULD ANY OF THE ABOVE DESCRIBED POLICIES BE CANCELLED BEFORE THE EXPIRATION DATE THEREOF, NOTICE WILL BE DELIVERED IN ACCORDANCE WITH THE POLICY PROVISIONS. C 1,000,000 10/01/2014 5095855698 Manashi Mukherjee X CLE-003986113-03 1,000,000 2,000,000 5095855703 (CA) 20427 2,000,000 'SIR: $100,000' Aggregate of Marsh USA Inc. WASHINGTON, DC 20037 N X 2,000,000 10/01/2013 National Union Fire Ins Co Pittsburgh PA 1 10/01/2014 10/01/2013 20508 10/01/2014 5095855670 PROFESSIONAL LIABILITY A 2,000,000 1,000,000 X 20443 American Casualty Company Of Reading, Pa 1,000,000 E X 09/30/2013 $10,000,000 10/01/2013 $10,000,000 The City of Fort Collins, its officers, and its employees are included as additional insureds with respect to General Liability as required by written contract. 10/01/2013 City of Fort Collins, Utilities� Valley Forge Insurance Co X D Continental Casualty Co. 977262--Prof-13-14 Each Wrongful Act 10,000 10/01/2014 1,000,000 5095855684 B 20443 1,000,000 1,000,000 10/01/2014 5095855667 (AOS) SUITE 400� MARSH USA INC.� X 1255 23RD STREET, N.W.� X 1515 N. Courthouse Rd� OPOWER, Inc.� Arlington, VA 22201 Suite 610� X 01-425-49-26 10/01/2013 Fort Collins, CO 80522 P.O. Box 580� 10/01/2013 C 10/01/2014 19445 Continental Insurance Co DocuSign Envelope ID: 39864FE7-0D8E-4D21-B952-DB99DF3C5129 DocuSign Envelope ID: 9EFB5C9C-39864FE7-0D8E-C04C-4D21-474A-B952-ACF6-DB99DF3C5129 22B223A48A48