The URL can be used to link to this page

Home My WebLink AboutCORRESPONDENCE - RFP - 9091 ELECTRONIC CITATION AND CRASH REPORTING SYSTEMOfficial Purchasing Document Last updated 10/2017 RFP 9091 Electronic Citation and Crash Reporting System Services Agreement Page 1 of 45 SERVICES AGREEMENT THIS AGREEMENT made and entered into the day and year set forth below by and between THE CITY OF FORT COLLINS, COLORADO, a Municipal Corporation, hereinafter referred to as the "City" and QUICKET SOLUTIONS, INC., hereinafter referred to as "Service Provider". WITNESSETH: In consideration of the mutual covenants and obligations herein expressed, it is agreed by and between the parties hereto as follows: 1. Scope of Services. The Service Provider agrees to provide services for Electronic Citation and Crash Reporting System in accordance with the scope of services attached hereto as Exhibit A, consisting of nineteen (19) pages and incorporated herein by this reference. Irrespective of references in Exhibit A to certain named third parties, Service Provider shall be solely responsible for performance of all duties hereunder. 2. Contract Period. This Agreement shall commence upon date of execution, and shall continue in full force and effect until August 31, 2021, unless sooner terminated as herein provided. In addition, at the option of the City, the Agreement may be extended for additional one year periods not to exceed four (4) additional one year periods. Renewals and pricing changes shall be negotiated by and agreed to by both parties. Written notice of renewal shall be provided to the Service Provider and mailed no later than thirty (30) days prior to contract end. 3. Delay. If either party is prevented in whole or in part from performing its obligations by unforeseeable causes beyond its reasonable control and without its fault or negligence, then the party so prevented shall be excused from whatever performance is prevented by such cause. To the extent that the performance is actually prevented, the Service Provider must provide written notice to the City of such condition within fifteen (15) days from the onset of such condition. 4. Early Termination by City/Notice. Notwithstanding the time periods contained herein, the City may terminate this Agreement at any time without cause by providing written notice of termination to the Service Provider. Such notice shall be delivered at least fifteen (15) days prior to the termination date contained in said notice unless otherwise agreed in writing by the parties. All notices provided under this Agreement shall be effective when mailed, postage prepaid and sent to the following addresses: Service Provider: City: Copy to: Quicket Solutions, Inc. Attn: Joseph Bustamante 1 North Wacker Drive, Ste. 2410 Chicago, IL 60606 JBustamante@quicketsolutions.com City of Fort Collins Attn: Jeff Willard PO Box 580 Fort Collins, CO 80522 City of Fort Collins Attn: Purchasing Dept. PO Box 580 Fort Collins, CO 80522 DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 Official Purchasing Document Last updated 10/2017 RFP 9091 Electronic Citation and Crash Reporting System Services Agreement Page 2 of 45 In the event of early termination by the City, the Service Provider shall be paid for services rendered to the date of termination, subject only to the satisfactory performance of the Service Provider's obligations under this Agreement. Such payment shall be the Service Provider's sole right and remedy for such termination. 5. Contract Sum. The City shall pay the Service Provider for the performance of this Contract, subject to additions and deletions provided herein, Ninety-Eight Thousand Dollars ($98,000.00) for the license, subscription and service fees in accordance with the milestone payment schedule stated in Exhibit "B", consisting of one (1) page, and incorporated herein by this reference. In the event the City renews the Agreement, the annual subscription cost shall be Twenty Thousand Dollars ($20,000). The Service Provider shall submit invoices for all amounts due. The City shall pay invoice Net 30 days from the date of the invoice. 6. City Representative. The City will designate, prior to commencement of the work, its representative who shall make, within the scope of his or her authority, all necessary and proper decisions with reference to the services provided under this agreement. All requests concerning this agreement shall be directed to the City Representative. 7. Independent Service provider. The services to be performed by Service Provider are those of an independent service provider and not of an employee of the City of Fort Collins. The City shall not be responsible for withholding any portion of Service Provider's compensation hereunder for the payment of FICA, Workmen's Compensation or other taxes or benefits or for any other purpose. 8. Subcontractors. Service Provider may not subcontract any of the Work set forth in the Exhibit A, Statement of Work without the prior written consent of the city, which shall not be unreasonably withheld. If any of the Work is subcontracted hereunder (with the consent of the City), then the following provisions shall apply: (a) the subcontractor must be a reputable, qualified firm with an established record of successful performance in its respective trade performing identical or substantially similar work, (b) the subcontractor will be required to comply with all applicable terms of this Agreement, (c) the subcontract will not create any contractual relationship between any such subcontractor and the City, nor will it obligate the City to pay or see to the payment of any subcontractor, and (d) the work of the subcontractor will be subject to inspection by the City to the same extent as the work of the Service Provider. 9. Personal Services. It is understood that the City enters into the Agreement based on the special abilities of the Service Provider and that this Agreement shall be considered as an agreement for personal services. Accordingly, the Service Provider shall neither assign any responsibilities nor delegate any duties arising under the Agreement without the prior written consent of the City. 10. Acceptance Not Waiver. The City's approval or acceptance of, or payment for any of the services shall not be construed to operate as a waiver of any rights or benefits provided to DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 Official Purchasing Document Last updated 10/2017 RFP 9091 Electronic Citation and Crash Reporting System Services Agreement Page 3 of 45 the City under this Agreement or cause of action arising out of performance of this Agreement. 11. Warranty. a. Service Provider warrants that all work performed hereunder shall be performed with the highest degree of competence and care in accordance with accepted standards for work of a similar nature. b. Unless otherwise provided in the Agreement, all materials and equipment incorporated into any work shall be new and, where not specified, of the most suitable grade of their respective kinds for their intended use, and all workmanship shall be acceptable to City. c. Service Provider warrants all equipment, materials, labor and other work, provided under this Agreement, except City-furnished materials, equipment and labor, against defects and nonconformances in design, materials and workmanship/workwomanship for the longer of; 1) the period beginning with the start of the work and ending twelve (12) months from and after final acceptance under the Agreement; or 2) as stated in Exhibit E Master Software and Service Agreement (MSSA), regardless whether the same were furnished or performed by Service Provider or by any of its subcontractors of any tier. Upon receipt of written notice from City of any such defect or nonconformances, the affected item or part thereof shall be redesigned, repaired or replaced by Service Provider in a manner and at a time acceptable to City. 12. Default. Each and every term and condition hereof shall be deemed to be a material element of this Agreement. In the event either party should fail or refuse to perform according to the terms of this agreement, such party may be declared in default thereof. 13. Remedies. In the event a party has been declared in default, such defaulting party shall be allowed a period of ten (10) days within which to cure said default. In the event the default remains uncorrected, the party declaring default may elect to (a) terminate the Agreement and seek damages; (b) treat the Agreement as continuing and require specific performance; or (c) avail himself of any other remedy at law or equity. If the non-defaulting party commences legal or equitable actions against the defaulting party, the defaulting party shall be liable to the non-defaulting party for the non-defaulting party's reasonable attorney fees and costs incurred because of the default. 14. Binding Effect. This writing, together with the exhibits hereto, constitutes the entire agreement between the parties and shall be binding upon said parties, their officers, employees, agents and assigns and shall inure to the benefit of the respective survivors, heirs, personal representatives, successors and assigns of said parties. 15. Indemnity/Insurance. a. The Service Provider agrees to indemnify and save harmless the City, its officers, agents and employees against and from any and all actions, suits, claims, demands or liability of any character whatsoever brought or asserted for injuries to or death of any person DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 Official Purchasing Document Last updated 10/2017 RFP 9091 Electronic Citation and Crash Reporting System Services Agreement Page 4 of 45 or persons, or damages to property arising out of, result from or occurring in connection with the performance of any service hereunder. b. The Service Provider shall take all necessary precautions in performing the work hereunder to prevent injury to persons and property. c. Without limiting any of the Service Provider's obligations hereunder, the Service Provider shall provide and maintain insurance coverage naming the City as an additional insured under this Agreement of the type and with the limits specified within Exhibit C, consisting of one (1) page, attached hereto and incorporated herein by this reference. The Service Provider before commencing services hereunder, shall deliver to the City's Purchasing Director, P. O. Box 580, Fort Collins, Colorado 80522, one copy of a certificate evidencing the insurance coverage required from an insurance company acceptable to the City. 16. Entire Agreement. This Agreement, along with all Exhibits and other documents incorporated herein, shall constitute the entire Agreement of the parties. Covenants or representations not contained in this Agreement shall not be binding on the parties. 17. Law/Severability. The laws of the State of Colorado shall govern the construction interpretation, execution and enforcement of this Agreement. In the event any provision of this Agreement shall be held invalid or unenforceable by any court of competent jurisdiction, such holding shall not invalidate or render unenforceable any other provision of this Agreement. 18. Prohibition Against Employing Illegal Aliens. Pursuant to Section 8-17.5-101, C.R.S., et. seq., Service Provider represents and agrees that: a. As of the date of this Agreement: 1. Service Provider does not knowingly employ or contract with an illegal alien who will perform work under this Agreement; and 2. Service Provider will participate in either the e-Verify program created in Public Law 208, 104th Congress, as amended, and expanded in Public Law 156, 108th Congress, as amended, administered by the United States Department of Homeland Security (the “e-Verify Program”) or the Department Program (the “Department Program”), an employment verification program established pursuant to Section 8- 17.5-102(5)(c) C.R.S. in order to confirm the employment eligibility of all newly hired employees to perform work under this Agreement. b. Service Provider shall not knowingly employ or contract with an illegal alien to perform work under this Agreement or knowingly enter into a contract with a subcontractor that knowingly employs or contracts with an illegal alien to perform work under this Agreement. c. Service Provider is prohibited from using the e-Verify Program or Department Program procedures to undertake pre-employment screening of job applicants while this Agreement is being performed. DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 Official Purchasing Document Last updated 10/2017 RFP 9091 Electronic Citation and Crash Reporting System Services Agreement Page 5 of 45 d. If Service Provider obtains actual knowledge that a subcontractor performing work under this Agreement knowingly employs or contracts with an illegal alien, Service Provider shall: 1. Notify such subcontractor and the City within three days that Service Provider has actual knowledge that the subcontractor is employing or contracting with an illegal alien; and 2. Terminate the subcontract with the subcontractor if within three days of receiving the notice required pursuant to this section the subcontractor does not cease employing or contracting with the illegal alien; except that Service Provider shall not terminate the contract with the subcontractor if during such three days the subcontractor provides information to establish that the subcontractor has not knowingly employed or contracted with an illegal alien. e. Service Provider shall comply with any reasonable request by the Colorado Department of Labor and Employment (the “Department”) made in the course of an investigation that the Department undertakes or is undertaking pursuant to the authority established in Subsection 8-17.5-102 (5), C.R.S. f. If Service Provider violates any provision of this Agreement pertaining to the duties imposed by Subsection 8-17.5-102, C.R.S. the City may terminate this Agreement. If this Agreement is so terminated, Service Provider shall be liable for actual and consequential damages to the City arising out of Service Provider’s violation of Subsection 8-17.5-102, C.R.S. g. The City will notify the Office of the Secretary of State if Service Provider violates this provision of this Agreement and the City terminates the Agreement for such breach. 19. Order of Precedence. Contract Documents and Order of Precedence: a. Contract Documents: 1. Services Agreement 2. Exhibit A Scope of Services 3. Exhibit B Bid Schedule/Compensation 4. Exhibit C Insurance Requirements 5. Exhibit D Confidentiality 6. Exhibit E Master Software and Service Agreement (MSSA) b. Order of Precedence among Contract Documents: As above. The order of precedence applies only where there is a conflict or ambiguity between the Contract Documents. NOTE: The terms of Exhibit A shall control in the event of conflict with terms in the body DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 Official Purchasing Document Last updated 10/2017 RFP 9091 Electronic Citation and Crash Reporting System Services Agreement Page 6 of 45 of the Services Agreement. 20. Special Provisions. Special provisions or conditions relating to the services to be performed pursuant to this Agreement are set forth in Exhibit D - Confidentiality, consisting of one (1) page, and Exhibit E – Master Software and Service Agreement (MSSA), consisting of sixteen (16) pages, attached hereto and incorporated herein by this reference. DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 Official Purchasing Document Last updated 10/2017 RFP 9091 Electronic Citation and Crash Reporting System Services Agreement Page 7 of 45 THE CITY OF FORT COLLINS, COLORADO By: Gerry Paul Purchasing Director DATE: ATTEST: APPROVED AS TO FORM: QUICKET SOLUTIONS, INC. By: Printed: Title: CHIEF EXECUTIVE OFFICER Date: DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 Chief Executive Officer 9/24/2020 Christiaan Burner Assistant City Attorney ll 9/24/2020 City Clerk Official Purchasing Document Last updated 10/2017 RFP 9091 Electronic Citation and Crash Reporting System Services Agreement Page 8 of 45 EXHIBIT A SCOPE OF SERVICES I. SERVICE PROVIDER’S RESPONSE: A. SUMMARY Service Provider is a leader in providing secure, configurable, and rapidly provisioned cloud- based solutions for sensitive government workloads. This project will realize a significant return on investment through the usage of cloud computing coupled with intuitive mobile and web- based applications that enable real-time seamless data sharing across all authorized users in the City of Fort Collins. Amazon Web Services (AWS), the cloud environment used by Service Provider, is the world’s largest Infrastructure-as-a-Service (IaaS) provider. The AWS Cloud provides secure, scalable, and cost-efficient solutions to support the unique requirements and missions of all levels of the United States government. The cloud services provided by AWS can be employed to meet mandates, reduce costs, drive efficiencies, and increase innovation across federal, state, and municipal government organizations. The key benefits of cloud, compared to an on-site server installation is that the infrastructure provided by a leading cloud provider is more affordable, secure, and powerful. A core precept of cloud computing is to avoid the cost impact of over-provisioning or under-provisioning of computing resources. With projects that require massive amounts of computation and storage, oftentimes it can be difficult, if not impossible, to accurately forecast internally the exact needs for a server. Oftentimes, an organization may invest not enough and thus the servers do not have the computational or storage capacity to meet the needs of the project. On the other hand, an agency may over-budget, and thus far too many computational resources were purchased and consequently go unused. With the Quicket Cloud Platform, organizations eliminate the need to guess on infrastructure needs. Financially speaking, there are generally significant upfront capital requirements for an on-site solution. With the cloud, rather than large upfront capital expenses, the City will be able to enjoy a predictable and consistent low subscription model. The second, and widely accepted, reason why cloud can provide immense cost savings is due to the ability to take advantage of economies of scale. Building your own server infrastructure is not just expensive initially, but also expensive and complicated to maintain as it becomes necessary to replace outdated or failing technology. With AWS, all United States public-sector organizations can join a consolidated data center. With an enormous volume of servers and other inherent efficiencies of aggregating computational environments under one roof, clients can enjoy economies of scale or, in other words, cheaper per unit pricing than the City would be able to receive in an independent project to build or refresh on-site infrastructure. AWS is trusted by many organizations for handling highly sensitive data. A combination of logical and physical security, especially for public-sector workloads, makes the Service Provider’s platform vastly more secure than onsite offerings. Logical security, including end-to-end device, network, database encryption, multi-factor authentication, and automatic backups combined with DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 Official Purchasing Document Last updated 10/2017 RFP 9091 Electronic Citation and Crash Reporting System Services Agreement Page 9 of 45 state-of-the-art physical security, including geographically isolated, guarded data centers results in a much more secure solution. Finally, when implementing a cloud-based solution, users will be able to enjoy a more powerful and reliable solution for computational and storage needs. Service Provider will deploy state-of- the-art server configurations utilizing high end CPUs, RAM, and other critical components to deliver a fast and efficient computational environment for Fort Collins that is designed to automatically scale based on the current workload. B. SCOPE OF PROPOSAL 1. Provide a detailed narrative of the services proposed if awarded the contract per the scope above. The narrative should include any options that may be beneficial for the City to consider. Service Provider has reviewed the requirements as detailed in RFP 9091. Service Provider’s Platform can serve an entire city, county, and/or state and has experience working with large agencies with hundreds of sworn officers. Service Provider’s cloud-based eCitation and eCrash are core products that were developed to address the need for agencies to be more efficient, in not just taking something from paper to application, but to be able to share the data seamlessly internally and externally (e.g. courts, state). Service Provider’s platform can be deployed on any device or laptop/MDT (in-vehicle) which allows agencies to leverage potentially existing infrastructure and mobile devices. Service Provider’s patented Configuration Engine provides the only Platform that can be deployed on any smartphone or tablet environments in Android, iOS, and Windows with both dedicated and web-based applications. Service Provider continues to develop features and applications that make our platform the most flexible and innovative solution in the marketplace. Rather than acquiring companies to obtain additional features like our legacy competitors, Service Provider has built a single integrated Platform from the ground-up, resulting in unprecedented simplicity of the user interface and ease of deployment. 2. Describe how the project would be managed and who would have primary responsibility for its timely and professional completion. Service Provider will assign a project manager that will ultimately be responsible for the City’s implementation post-contract signature. In addition, other senior team members will be assigned to manage different aspects of the project including technical leads, training, and support. Service Provider will work with the City to set up a weekly or bi-weekly meeting cadence for all parties to meet. The initial meetings post contract signature will be structured around the key contacts lead from both sides and identifying senior leadership team for guidance and final approval of milestones. The project lead, Don Drzal, that will be assigned to Fort Collins is one of our most experienced and tenured employees that will ensure a successful deployment. 3. Describe the methods and timeline of communication your firm will use with the City’s Project Manager and other parties. DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 Official Purchasing Document Last updated 10/2017 RFP 9091 Electronic Citation and Crash Reporting System Services Agreement Page 10 of 45 Typically Service Provider’s project lead will schedule weekly or bi-weekly update meetings with both parties. These meetings are status update meetings based on a list of items per milestone that are agreed to by all parties and management to help drive the project to closure. In addition to the regularly scheduled meetings, there will be regularly scheduled phone calls and emails to relevant stakeholders to ensure that the update meetings illustrate clear progress. In order to centralize project progress, Service Provider also utilizes Atlassian’s “JIRA” software, which provides a detailed task board and related analytics to ensure transparency and on-time deliverables. 4. Complete Exhibit A Functional Requirements with your replies (Yes, No, or Future and your comments, if any) and include it with your Proposal. Yes, Appendix A is completed and attached to the Scope of Services as requested. 5. Complete Exhibit B SaaS Cyber Vendor/Questionnaire with your response to the questions; and include it with your Proposal. Yes, Appendix B is completed and attached to the Scope of Services as requested. 1. Include a description of the software and other analysis tools to be used. Service Provider's platform is 100% Cloud Based and hosted on AWS GovCloud. Service Provider has developed a platform from the ground up that is essentially a data lake with various means to capture and share data internally and externally securely. Service Provider’s application can be deployed on iOS, Android, and Windows operating systems with the same functionality that ultimately reduces training and deployment with all of our clients. Since Service Provider’s platform is deployable on any device that most agencies use throughout the United States, Service Provider is able to significantly save on the implementation cost from a hardware perspective with utilizing exiting equipment. Specifically, for the City, Service Provider can deploy our application on the agencies sworn officers issued iOS phones and also utilize the current MDTs and Zebra RW420 and ZQ520 Bluetooth printers. Service Provider can save the City a large amount of capital expenditures with utilizing current equipment and just adding subsequent devices and printers where appliable to totally outfit the agency. Service Provider’s platform offers other features that the City may be interested in the future. Service Provider continues to develop modules and features that are 100% integrated and not acquisitions of systems like our competitors. This ensures that our platform and experience is seamless and there is no additional cost or headache of integrating within our own “umbrella”. Service Provider has no server software dependencies. Service Provider provides a completely off-the-shelf solution that will be fully compatible with any existing systems by the means of integrations or other secure bi-directional data sharing. Service Provider utilizes several internal analysis tools that are used alongside AWS GovCloud’s suite of proprietary tools as listed below for reference. AWS Shield is a managed DDoS protection service that safeguards web applications running on AWS. Amazon GuardDuty is a managed threat detection service that provides Service Provider with a more accurate and easy way to continuously monitor and protect clients and their workloads from malicious or unauthorized behavior, such as unusual API calls or potentially unauthorized DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 Official Purchasing Document Last updated 10/2017 RFP 9091 Electronic Citation and Crash Reporting System Services Agreement Page 11 of 45 deployments. AWS WAF is a web application firewall that helps protect Service Provider's web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. 2. Identify what portion of work, if any, may be subcontracted. Service Provider will not subcontract any work based on the RFP information provided. 3. Estimated Implementation Plan and Milestone Estimates DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 Official Purchasing Document Last updated 10/2017 RFP 9091 Electronic Citation and Crash Reporting System Services Agreement Page 12 of 45 DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 Official Purchasing Document Last updated 10/2017 RFP 9091 Electronic Citation and Crash Reporting System Services Agreement Page 13 of 45 Milestone Payment Schedule: 25% Upon date of contract execution 25% #15: Finalized Development/Data migration signoff 25% #29: Training signoff 25% #33: Go Live acceptance signoff 100% Appendix A Functional Requirements Functional Requirements: The following section details the functional requirements for the system solution. The City is looking for a comprehensive and best practice solution for an Electronic Citation and Crash Reporting system. Respond with “Yes”, “No” or “Future Release” in the column titled “Included” to indicate if the feature is present in the current proposed release. REQUIRED FUNCTIONALITY Description Included: “Yes” “No” Alternate Proposal, Comments 1. Electronic Citation 1. Ability to store a minimum of 10 drivers licenses or vehicle registrations so users can select the most recent queries to auto-populate in the citation. Yes Service Provider fully meets this requirement. Multiple types of information can easily be auto- populated to a citation and the user can refer back to this data at any time while logged-in. 2. The ability to use a magnetic reader or scanner that will auto-populate information into the citation when users are not connected to CAD or have an internet connection. Yes Service Provider has several different ways to auto-populate information. Some options are magnetic reader, scanner, and OCR. All three options are available offline, along with the ability to continue/complete with citation in offline mode. 3. The ability to modify notes in the citation including after the driver is provided their copy and the officer is no longer in contact with the driver. Yes Service Provider has a fully editable notes section that can be completed via typing or speech-to-text functionality. Service Provider also can have both internal and external notes. With internal notes only viewable by the officer and internal staff members and the external notes viewable by the court and other approved external entities. 4. Bluetooth connection to printers including our existing Zebra ZQ520 Official Purchasing Document Last updated 10/2017 RFP 9091 Electronic Citation and Crash Reporting System Services Agreement Page 14 of 45 is the ZQ520, but has also worked extensively with the RW420, which is the predecessor model. Service Provider is very experienced with these models and is the printer we typically recommend to agencies for 4” printing. 5. Ability to upload citations directly into our Records Management System (a CentralSquare Technologies product) Yes Service Provider has experience with interfacing with many different RMS vendors. Service Provider is very familiar with RMS systems and has worked with CentralSquare products significantly in the past. Service Provider can share our citation data via API, web services, or FTPS, along with other data sharing methods. 6. Ability to upload directly to our Municipal Court system Yes Similar to RMS, Service Provider also has built interfaces with other court case management systems. Service Provider has its own court case management platform and we are very familiar with courts management, along with building interfaces with 3 rd party providers. 7. Ability to update fines, court schedules, add or modify charges in the system with ease. Changes must be able to be pushed to users, so each device doesn’t have to be physically touched. Yes Service Provider has a fully configurable platform with the ability to update fines, codes, court schedules, etc. Service Provider’s backend utilizes reference tables that can be updated by our clients within the web portal that Service Provider provides. Based on permissions, is where either the user has access or not to updated information within a reference table and such updates are pushed in real-time to each device without any manual updates required. 2. Electronic Crash 1. Ability to store a minimum of 10 drivers licenses or vehicle registrations so users can select the most recent queries to auto-populate in the report. Yes As stated in the citation porting of this requirements document, Service Provider fully meets this requirement. Multiple types of information are automatically stored and Official Purchasing Document Last updated 10/2017 RFP 9091 Electronic Citation and Crash Reporting System Services Agreement Page 15 of 45 offline, along with the ability to continue/complete with citation in offline mode. RFP 9091 Electronic Citation and Crash Reporting System Page 13 of 28 Official Purchasing Document Last updated 10/2017 3. Ability to submit the report directly to the State of Colorado. Yes Service Provider has experience submitting data/information digitally to state systems and will be able to fully meet this requirement for the State of Colorado. Service Provider can accommodate all workflow and validation requirements to ensure a seamless integration into the state system. 4. Ability to send the report directly into our Records Management System Yes Service Provider can send any report type in any format that is needed to Fort Collins’ RMS and has experience specifically working with Central Square. Service Provider has experience with 3 rd party RMS’ vendors and it has tremendously helped that Service Provider is very familiar with records management systems from a platform perspective, as Service Provider has its own complete RMS. This essentially ensures that we understand both sides of the interfacing more clearly than most vendors that only have one piece of the technology (RMS or citation/crash). 5. Must be compatible (or moving towards compatibility) with new DR3447 form. Yes Service Provider has experience with auto- populating countless state and local forms in both citation and crash. As part of the Service Provider subscription, Service Provider does not charge for any change orders associated with any updates to forms, integrations, or new reporting requirements. Service Provider has reviewed the DR3447 requirements and is confident it will be able to fully comply with the new format and data requirements, including appropriate auto-population and submission to the state system. 6. Must have the ability to supervisor approve reports before they are sent. Yes Service Provider is able to provide complete configuration of workflow approval structure for Fort Collins, including multiple layers of approval for all or certain subsets of reports. Official Purchasing Document Last updated 10/2017 RFP 9091 Electronic Citation and Crash Reporting System Services Agreement Page 16 of 45 Service Provider’s workflow is configurable specifically when it comes down to the approval routings. We understand that this may be different for every department. Service Provider can meet any approval workflow per Fort Collins’ requirements. 3. Hardware Requirements 1. Must work on any device (tablet, laptop, iPhone, etc.) and utilize multiple operating systems. Yes Service Provider's platform can be installed on any device running iOS, Android, or Windows. Service Provider is the only solution in the market that has a single Platform that supports all operating systems across all major devices. Other vendors have separate solutions for different operating systems or devices or simply do not support all options, resulting in less flexibility or inconsistent user experiences. It is also important to note that Service Provider provides both dedicated and web-based applications. Service Provider is familiar with solutions that are only web-based and this creates severe limitations in offline conditions. Service Provider is pleased to have robust offline support as it provides dedicated applications for iOS, Android, and Windows for users. 2. Any on-premise solution must be compatible with a virtual server environment. Yes Service Provider does not offer any on- premise options/solutions. Service Provider is confident that our cloud environment will offer the easiest to implement/maintain solution plus also the greatest level of cost control/predictability as there is no need to purchase/upgrade server infrastructure. 3. Any solution must meet CJIS requirements for encryption of CJI data in transit and at rest. Yes Service Provider’s application is CJIS compliant according to the latest policy and meets all requirements for encryption for data in transit and at rest. All endpoints across Service Provider infrastructure only accept and allow bidirectional traffic through FIPS-140-2 compliant devices. All traffic if further encrypted via AES 256 both in transit and at rest and is only shared over SSL/TLS connection. DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 Official Purchasing Document Last updated 10/2017 RFP 9091 Electronic Citation and Crash Reporting System Services Agreement Page 17 of 45 All data at rest and in transit is encrypted using AES 256-bit encryption. The cloud infrastructure is rendered behind FIPS 140-2 enabled firewall load balancers. Additional Wants: 4-For both systems 1. Ability to take a digital picture of a driver’s license and attach it to a citation or crash report Yes Service Provider utilizes the devices’ built- in camera to capture any photos/digital evidence or information, and specifically in this case a driver’s license. Service Provider can capture photos, audio notes, and even brief video clips and provides robust logging features to date/time stamp everything captured. In addition, Service Provider provides several efficient ways to auto- populate DL information into any citation or crash report via OCR recognition of the DL photo, along with CAD/NCIC look up. 2. Ability to start a report or citation and come back to it later Yes Service Provider’s application has the ability to “save” and come back at any point of time. This functionality is core to our product suite to ensure that the users time entering information is never lost and it can continue at a later point on through the web UI or device application (or vice versa). In other words, a user can start a report or citation on one device and come back to it later from any device, as Service Provider provides real-time synchronization via its cloud infrastructure. 3. Ability to start the citation or crash report on one device and complete it on another device, regardless of OS. Yes Please see above. Service Provider is unique in being able to truly support auto-saving capabilities and have the ability to pickup the report immediately or at a later point in time from another device, regardless of the operating system. DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 Official Purchasing Document Last updated 10/2017 RFP 9091 Electronic Citation and Crash Reporting System Services Agreement Page 18 of 45 Appendix B SaaS Cyber Vendor Questionnaire 1. Data Ownership: The City of Fort Collins will own all right, title and interest in its data that is related to the services provided. All data obtained by the vendor in the performance of this services shall become and remain the property of the City. The vendor will not share or distribute any City data to any other entity without the express written consent of the City. Can you comply with this? Answer: Service Provider acknowledges and fully complies with this requirement. While Service Provider is a cloud-based solution, all data is fully owned and accessible at any time by the client, even after termination, when the data would be provided at no cost in a non-proprietary format. Service Provider also unlike many crash report or other vendors does NOT sell our utilize client’s information for any purpose outside of the Scope of Work or for any other purpose unless expressly granted by the City. 2. Data Protection: Describe how you safeguard the confidentiality, integrity and availability of City information, including encryption of personal data in transit and at rest, and access control. Do you have a privacy and security policy, and does the policy apply to customers’ private data including personal identifiable information? Answer: Service Provider strictly conforms to CJIS requirements, PII, HIPAA, and other security best-practices and has substantial experience safeguarding public safety/law enforcement and US federal/state/local government data. Service Provider is fully compliant with NIST SP 800-131A Revision 1. All endpoints across Service Provider infrastructure only accept and allow bidirectional traffic through FIPS-140-2 compliant devices. The entire traffic if further encrypted via AES 256 both in transit and at rest and is only shared over SSL/TLS connection. Service Provider maintains a detailed privacy and security policy that conforms to the specific data that Service Provider is handling for the City (e.g. CJIS for law enforcement customers). This security policy is regularly validated/audited by state and federal entities along with 3rd party firms to ensure strict compliance. These policies include customer’s private data and PII. Service Provider also adheres to best development practice to secure infrastructure using DDoS Mitigation, Data Encryption, Inventory and Configuration, Monitoring and Logging, Identity and Access Control and strict Penetration Testing. Service Provider has mandated test driven development and is compliant with the following:  OWASP  NIST  CJIS Policy 5.9 (6/1/20)  DFARS  FIAMA, DIACAP, and FedRAMP  PCI DSS Level 1  ISO 9001 – ISO 27018  FIPS 140-1 & FIPS 140-2  HIPAA DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 Official Purchasing Document Last updated 10/2017 RFP 9091 Electronic Citation and Crash Reporting System Services Agreement Page 19 of 45 3. Data destruction: What procedures and safeguards does the vendor have in place for sanitizing and disposing of City data according to prescribed retention schedules or following the conclusion of a project or termination of a contract to render it unrecoverable and prevent accidental and/or unauthorized access to City data? Answer: The data disposal is completed automated and is controlled by the permissions and approval process. The entire process is thoroughly logged and is available for audit on demand. Service Provider will not delete any data and keeps it available through the duration of the contract. The process to delete the data is only initiated if requested by the department through formal procedures. Service Provider will keep the audit log for the entire process. 4. Data Location: Are the data centers where City data may be stored or processed located exclusively in the United States? Do you allow your personnel or contractors to store City data on portable devices? Do your personnel and contractors access City data remotely? Answer: Service Provider utilizes Amazon GovCloud for hosting services, the isolated CJIS-conforming region of the cloud reserved only for sensitive government workloads. Data never traverses the public internet and never leaves the United States. Amazon has two locations that Service Provider’s database is hosted with. The locations are strategically located at two different locations on the west and east coast of the US. Service Provider’s personnel or contractors do not have access to City data based on our permission-based protocols. Data is never stored on portable devices. Based on permissions, only certain Service Provider employees that are assigned to City data will have access remotely. These select employees would follow strict security protocols that Service Provider maintains per CJIS compliance. 5. Security Incidents or Data Breaches: Describe your data breach and incident response communication plans. Has the company experienced any security breaches? If yes, explain. Answer: Service Provider has never had a security data breach since its founding. Service Provider shall promptly inform the City whenever it knows or reasonably believes a security breach has compromised or is likely to be compromised. Service Provider will work with the City in investigating such breach, including making available all relevant records, logs, and files as reasonably requested by the City. In the event of any actual breach of data security and unauthorized access to the City’s data, Service Provider shall: (i) immediately notify the City within twenty-four (24) hours of the identification of the breach of data security and (ii) provide a Service Provider point of contact, available to the City by telephone, text or email, with a response time of not more than two (2) hours after delivery of the notice, until such time as the root cause of the data security breach is identified, and the vulnerability fixed. DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 Official Purchasing Document Last updated 10/2017 RFP 9091 Electronic Citation and Crash Reporting System Services Agreement Page 20 of 45 6. Breach Responsibilities: In addition to data breach communication, what additional responsibilities do you have to your customers in the event of a data breach involving private data that is in your control, or in the control of your contractors/subsidiaries, at the time of breach? Do you have cybersecurity insurance? If yes, provide an overview of the coverage. Answer: Service Provider does not employ any contractors/subsidiaries. Service Provider has specified above its communication policy in regards to data breaches. Service Provider maintains a $1M per occurrence cybersecurity insurance policy and will be able to add the City as additionally insured under the policy for no additional cost. Service Provider is willing to review its policies with the City to ensure that it fully meets requirements. Service Provider's entire infrastructure is completely automated and the system is equipped with several core algorithms and health checks in place to allow for automated system maintenance concurrently while the system is being used. Service Provider also performs several internal concurrent patches to address minor bugs, the latest security standards, and regular health analyses. This maintenance is done concurrently with the live system in the backend with no downtime. 7. Background Checks: Do you conduct criminal background checks on all staff, including subcontractors? Do you employ people convicted of any crime of dishonesty? Answer: Per CJIS and Service Provider’s internal processes and procedures. We perform background checks on every employee. Service Provider does not have any subcontractors. Service Provider does not employ anyone convicted of a crime of dishonesty. Further details as to our specific hiring processes can be shared with the City if needed to fulfill this question further. 8. Access to Security Logs and Reports: The vendor shall provide reports to the City in a format as specified in the SLA agreed to by both the vendor and the City. Reports shall include latency statistics, user access, user access IP address, user access history and security logs for all City files related to this contract. Can you comply with this? Answer: Service Provider can fully comply with this requirement. Service Provider and the City will work together to understand what reports are needed and potentially what other reports based on Service Provider’s experience could also be beneficial as well. Service Provider can set up the reports to autogenerate and send automatically to a user group (daily, weekly, etc.). 9. Risk Assessments and Audits: Do you conduct periodic risk assessments to identify cybersecurity threats, vulnerabilities, and potential business consequences? Do you have regular independent assessments of your cybersecurity processes? Do you perform independent audits of your data center? How often? What level of audit is performed (e.g., SOC2)? Would you be willing to share redacted versions of your most recent risk assessment and audit report with the City? DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 Official Purchasing Document Last updated 10/2017 RFP 9091 Electronic Citation and Crash Reporting System Services Agreement Page 21 of 45 Answer: Service Provider periodically conducts risk assessments based on both CJIS compliance standards and Service Provider’s internal security team protocols. Service Provider has independent, along with the FBI that perform cybersecurity checks onsite at our facility. Typically these assessments are done every quarter. Service Provider can provide SOC 1,2, and/or 3 reports in coordination with Amazon for more information on the infrastructure as required by the City. These independent SOC reports are conducted at least once per year. AWS GovCloud uses many tools to ensure that vulnerabilities are addressed/detected prior to any incidents ever occurring. Below is a list of Protection/Detection tools that AWS GovCloud employs currently to mitigate these uncertainties: - AWS Shield is a managed DDoS protection service that safeguards web applications running on AWS. - Amazon GuardDuty is a managed threat detection service that provides Service Provider with a more accurate and easy way to continuously monitor and protect the City and workloads from malicious or unauthorized behavior, such as unusual API calls or potentially unauthorized deployments. - Web Application Firewall (WAF) is a web application firewall that helps protect Service Provider's web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. 10. Change Control and Advance Notice: How do you communicate upgrades (e.g., major upgrades, minor upgrades, system changes) that may impact service availability and performance to your customers? Answer: Service Provider manages all upgrades types through open communication with the direct account support manager that would be assigned to the City. Depending on the upgrade level that is being performed/addressed, Service Provider will ensure that our clients are well informed of any changes that might impact them and also ensure that if any additional training is needed, it is provided prior to any release. Adequate documentation will be provided when applicable. It is important to note that there is never any downtime associated with upgrades/changes. 11. Upgrades: Are technology systems (e.g., servers, network devices, operating systems, applications, malware definitions) regularly updated/patched? Do you have any systems in production that are past end of life or that can no longer be patched? Answer: All technology systems are updated multiple times per year when needed. As a multi-tenant cloud solution, Service Provider has one system platform that every client Is utilizing. Service Provider does not have multiple deployments of the same platform in production. This ensures that every client has the same core system and there is no overlap in development/support resources or end of life issues. This also ensures that no client is at risk of having an outdated system that may create security vulnerabilities. DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 Official Purchasing Document Last updated 10/2017 RFP 9091 Electronic Citation and Crash Reporting System Services Agreement Page 22 of 45 12. Non-disclosure and Separation of Duties: Describe how you enforce separation of job duties and limit staff knowledge of City data to that which is necessary to perform job duties. Answer: Service Provider has experience with separation of job duties and functions so no one employee has full access to our client’s data based on their permissions in the system. Various software release protocols based on CJIS compliance processes and procedures, coupled with Service Provider’s own internal protocols allow for our client’s platform and data to be secure at all times. 13. Import and Export of Data: Describe the data import and export processes from the customer’s perspective. Answer: Initial import/export of data is fully handled by Service Provider during implementation. Data can be imported after implementation as needed for any applicable data into Service Provider’s platform for the City. In regard to importing data for backend fields (for example updated fines/ordinances), Service Provider provides a web portal UI that the City can access to update data/fields based on permissions. For example, parking violations for 2h parking change from $25 to $30. An admin user with permissions would access the City’s web portal and click on the setting menu and find the appliable parking violation table to update. This is a very simple process for updating any backend tables used for static or dynamic calculations. Service Provider provides complete support at no additional cost for assistance in updating this information. In terms of exporting data. Service Provider provides in the web portal UI (same as the import data portal discussed above) an ad hoc reporting option that makes exporting data local to desktop computer, BI, or Access database for example very straightforward. The City has a multitude of ways to upload or extract data from Service Provider’s platform prior or post implementation. Service Provider also provides at no cost support in regards to exporting data. 14. Subcontractor Disclosure: Identify all your strategic business partners related to services provided under this arrangement, including but not limited to all subcontractors or other entities or individuals who may be a party to a joint venture or similar agreement with the you, and who shall be involved in any application development and/or operations. Answer: Service Provider does not utilize any subcontractors. Service Provider does however have strategic relationships with hardware manufacturers in order provide a total solution (software, devices, printers, etc.) to our clients. In addition, Service Provider leverages Amazon Web Services GovCloud for its cloud infrastructure (compute and storage) requirements. Amazon does not have access to Service Provider or client data. 15. Right to Remove Individuals: The City shall have the right at any time to require that the vendor remove from interaction with City any vendor representative who the City DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 Official Purchasing Document Last updated 10/2017 RFP 9091 Electronic Citation and Crash Reporting System Services Agreement Page 23 of 45 believes is detrimental to its working relationship with the vendor. Can you comply with this? Answer: Service Provider understands and can comply with this requirement. Service Provider believes in a strong cultural work environment, both internally and externally. In order to ensure that all parties continue to work effectively throughout the relationship. Service Provider hosts quarterly business reviews and there is continued weekly interaction between the support/account manager and the City’s representatives so if any issues arise, they can be addressed immediately. 16. Encryption of Data at Rest: Can you ensure hard drive encryption consistent with validated cryptography standards as referenced in FIPS 140-2, Security Requirements for Cryptographic Modules for all personal data? Answer: As stated in requirement #2, all endpoints across Service Provider infrastructure only accept and allow bidirectional traffic through FIPS-140-2 compliant devices. The entire traffic if further encrypted via AES 256 both in transit and at rest and is only shared over SSL/TLS connection. If further information is needed, Service Provider can provide additional security practices and procedure where applicable to fulfill this requirement. 17. Internet-Facing Security: We may use BitSight (like a credit report for cyber security) to assess your internet-facing security. Do you subscribe to BitSight or a similar service, and if so are you willing to provide a sanitized report? Answer: Service Provider utilizes RSA Archer. Service Provider servers are in the AWS environment and inherit several state of the art monitoring capabilities from AWS itself. 18. Service Interruption: In the event of an interruption of your service, what is your process for notifying customer operations of the circumstances of the interruption or outage and the expected recovery time? Answer: Services/support from Service Provider is 24/7/365 per year. We understand that our solution is enabling the City to perform their duties day and night. Service Provider does not typically have any planned outages for upgrades/updates. In fact, Service Provider had 0% measurable downtime in 2019. After successful release of the system, Service Provider initiates the support cycle which is comprised of following: - Regular software updates based on new algorithms and industry-approved update suggestions - Web-application software upgrades due to additional configuration requests - Automatic server security updates and upgrades Service Provider program managers will provide at least 72-hour notice to the City before making software patches, upgrades, and updates (i.e. planned outages). DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 Official Purchasing Document Last updated 10/2017 RFP 9091 Electronic Citation and Crash Reporting System Services Agreement Page 24 of 45 19. Backup and Recovery: What is your backup & recovery SLA? What are the actual results/metrics vs. the SLA for the last 12 months? Is your backup data encrypted and, if so, to what standard? Answer: Secure cloud-based backups are included as part of the annual subscription per the SLA’s document in the enclosed MSSA contract template attached to this proposal. In short, Service Provider guarantees a system uptime of 99.99% with infrastructure uptime of 99.999999%. In 2019, Service Provider had 100% uptime of both its system and infrastructure and had no claims against its SLA policy for unexpected downtime. Data stored within the Service Provider system is backed-up automatically. Service Provider performs daily backups of stored data on a rolling 366-day basis and user logs are generated and kept for the duration of the contract. These backups do not interrupt or otherwise degrade System performance and availability. Service Provider does have a formal recovery testing process in place as part of its internal security policy that has been vetted against best practices and standards for handling law enforcement sensitive data. Service Provider can work with the City to provide notification when recovery testing has been completed. Much of the testing is automated and occurs regularly but additional tests may be run. It is expected that there will not be any data loss, as Service Provider maintains multiple redundancies across its infrastructure while utilizing AWS GovCloud tools and best practices as well. Service Provider leverages AWS GovCloud to provide rapid disaster recovery. Service Provider with AWS provides “hot standby” environments in multiple geographically isolated data centers that enable rapid failover at scale. The System is in the “High Availability” category for availability, characteristics, and Recovery Time Objective. Data is synchronously replicated to hot-sites. In the event of a server or component failure, the switch to fail-over will take approximately three minutes. Service Provider maintains a detailed disaster recovery and business continuity plan that can be reviewed further with the City if desired. 20. Authentication: Do you have an internal password policy? Do you have complexity or length requirements for passwords? Do employees/contractors have ability to remotely connect to your production systems? (i.e. VPN. Is multi-factor authentication available? Do you require MFA for administration of your service (local or remote)? Do you support SSO/SAML ADFS for customer access? Answer: Service Provider encrypts and stores all the password in RDS database with AES 256-bit encryption. All passwords are generated using PBKDF2 hashing algorithm. Entire communication between Service Provider web application, mobile application and Service Provider server is only allowed over secure SSL with 256-bit encrypted tunnel. Certain employees have the ability to remotely connect to productions systems via strict policy and procedures, including required MFA. Service Provider utilizes both a VPN and multi-factor authentication per CJIS compliance and Service Provider’s own security protocols. Service Provider does support SSO/SAML ADFS and has integrated with DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 Official Purchasing Document Last updated 10/2017 RFP 9091 Electronic Citation and Crash Reporting System Services Agreement Page 25 of 45 Active Directory and other similar services for clients. 21. Cyber Insurance: Does your firm carry cyber insurance? If so, what are your insurance levels? Answer: Yes, Service Provider maintains a $1M per occurrence/aggregate policy. Service Provider will be able to add the City to its policy as an additionally insured entity for no additional cost. Service Provider is also willing to examine increasing its insurance levels if required by the City. DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 Official Purchasing Document Last updated 10/2017 RFP 9091 Electronic Citation and Crash Reporting System Services Agreement Page 26 of 45 EXHIBIT B (BID SCHEDULE/COMPENSATION) Total Cost of Ownership Spreadsheet Total Cost of Ownership Yr1 Yr2 Yr3 Yr4 Yr5 Cost ITEM Summary 2020 2021 2022 2023 2024 One time Costs $98,000 Ongoing costs $20,000 $20,000 $20,000 $20,000 Total One Time Costs $98,000.00 $0.00 $0.00 $0.00 $0.00 Total On Going Costs $0.00 $20,000.00 $20,000.00 $20,000.00 $20,000.00 TOTAL 5 YEARS: $178,000.00 $98,000.00 $20,000.00 $20,000.00 $20,000.00 $20,000.00 Year 1 - Milestone Payment Schedule: 25% $24,500 Upon date of contract execution 25% $24,500 #15: Finalized Development/Data migration signoff 25% $24,500 #29: Training signoff 25% $24,500 #33: Go Live acceptance signoff 100% $98,000 Service Provider will submit invoices for Years 2 through 5 annual subscription on the anniversary date of the Agreement. Comments: -eCitation 50 users -eCrash 20 users DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 Official Purchasing Document Last updated 10/2017 Page 27 of 45 EXHIBIT C INSURANCE REQUIREMENTS 1. The Service Provider will provide, from insurance companies acceptable to the City, the insurance coverage designated hereinafter and pay all costs. Before commencing work under this bid, the Service Provider shall furnish the City with certificates of insurance showing the type, amount, class of operations covered, effective dates and date of expiration of policies, and containing substantially the following statement: “The insurance evidenced by this Certificate will not reduce coverage or limits and will not be cancelled, except after thirty (30) days written notice has been received by the City of Fort Collins.” In case of the breach of any provision of the Insurance Requirements, the City, at its option, may take out and maintain, at the expense of the Service Provider, such insurance as the City may deem proper and may deduct the cost of such insurance from any monies which may be due or become due the Service Provider under this Agreement. The City, its officers, agents and employees shall be named as additional insureds on the Service Provider 's general liability and automobile liability insurance policies for any claims arising out of work performed under this Agreement. 2. Insurance coverages shall be as follows: A. Workers' Compensation & Employer's Liability. The Service Provider shall maintain during the life of this Agreement for all of the Service Provider's employees engaged in work performed under this agreement: 1. Workers' Compensation insurance with statutory limits as required by Colorado law. 2. Employer's Liability insurance with limits of $100,000 per accident, $500,000 disease aggregate, and $100,000 disease each employee. B. Commercial General & Vehicle Liability. The Service Provider shall maintain during the life of this Agreement such commercial general liability and automobile liability insurance as will provide coverage for damage claims of personal injury, including accidental death, as well as for claims for property damage, which may arise directly or indirectly from the performance of work under this Agreement. Coverage for property damage shall be on a "broad form" basis. The amount of insurance for each coverage, Commercial General and Vehicle, shall not be less than $1,000,000 combined single limits for bodily injury and property damage. In the event any work is performed by a subcontractor, the Service Provider shall be responsible for any liability directly or indirectly arising out of the work performed under this Agreement by a subcontractor, which liability is not covered by the subcontractor's insurance. DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 Official Purchasing Document Last updated 10/2017 Page 28 of 45 EXHIBIT D CONFIDENTIALITY IN CONNECTION WITH SERVICES provided to the City of Fort Collins (the “City”) pursuant to this Agreement (the “Agreement”), the Service Provider hereby acknowledges that it has been informed that the City has established policies and procedures with regard to the handling of confidential information and other sensitive materials. In consideration of access to certain information, data and material (hereinafter individually and collectively, regardless of nature, referred to as “information”) that are the property of and/or relate to the City or its employees, customers or suppliers, which access is related to the performance of services that the Service Provider has agreed to perform, the Service Provider hereby acknowledges and agrees as follows: That information that has or will come into its possession or knowledge in connection with the performance of services for the City may be confidential and/or proprietary. The Service Provider agrees to treat as confidential (a) all information that is owned by the City, or that relates to the business of the City, or that is used by the City in carrying on business, and (b) all information that is proprietary to a third party (including but not limited to customers and suppliers of the City). The Service Provider shall not disclose any such information to any person not having a legitimate need-to-know for purposes authorized by the City. Further, the Service Provider shall not use such information to obtain any economic or other benefit for itself, or any third party, except as specifically authorized by the City. The foregoing to the contrary notwithstanding, the Service Provider understands that it shall have no obligation under this Agreement with respect to information and material that (a) becomes generally known to the public by publication or some means other than a breach of duty of this Agreement, or (b) is required by law, regulation or court order to be disclosed, provided that the request for such disclosure is proper and the disclosure does not exceed that which is required. In the event of any disclosure under (b) above, the Service Provider shall furnish a copy of this Agreement to anyone to whom it is required to make such disclosure and shall promptly advise the City in writing of each such disclosure. In the event that the Service Provider ceases to perform services for the City, or the City so requests for any reason, the Service Provider shall promptly return to the City any and all information described hereinabove, including all copies, notes and/or summaries (handwritten or mechanically produced) thereof, in its possession or control or as to which it otherwise has access. The Service Provider understands and agrees that the City’s remedies at law for a breach of the Service Provider’s obligations under this Confidentiality Agreement may be inadequate and that the City shall, in the event of any such breach, be entitled to seek equitable relief (including without limitation preliminary and permanent injunctive relief and specific performance) in addition to all other remedies provided hereunder or available at law. EXHIBIT E DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 Official Purchasing Document Last updated 10/2017 Page 29 of 45 MASTER SOFTWARE AND SERVICE AGREEMENT (MSSA) Quicket Solutions, Inc., a Delaware corporation having its principal business offices at One North Wacker Drive, Suite 2410, Chicago, IL 60606 (hereinafter referred to as "Quicket"), and the City of Fort Collins, Colorado, located at 215 North Mason Street, Fort Collins, Colorado 80524 (hereinafter referred to as "Customer"), in consideration of the mutual obligations set forth hereinafter and intending to be legally bound, hereby agree as follows: 1. DEFINITIONS. Unless otherwise specifically defined in the body of this Agreement, capitalized terms used but not otherwise defined herein shall have the meanings set forth in Appendix 1, Definitions, attached hereto. 2. LICENSES. Subject to the terms and conditions of this Agreement, Quicket hereby grants to Customer, and any and all authorized Users, and Customer and its authorized Users subscribe to and accept, a limited, non-exclusive, revocable (for breach) and non-transferable license to access and use the Quicket Solutions Software and Services during the Term (the “License”). 2.1 Access and Use Limitation. The Quicket Solutions Software and Services may be accessed and used for the benefit of Customer and its authorized Users only. Without limitation, Customer shall not permit third parties to access or use, the Software, Documentation or other materials related to the Quicket Solutions Software and Services, except as may be required by law or a court order. 2.2 User Details. (a) Customer shall permit only its authorized employees to register as Users and to use the Quicket Solutions Software and Services. Customer also shall ensure that all such Users comply with the limitations and restrictions in this Agreement. (b) Only the User who is registered on a given User account may use that account to access and use the Quicket Solutions Software and Services. Customer, in its sole discretion, shall require Users to take appropriate steps, which shall be no less protective than Customer’s standard operating procedures governing access to Customer’s other information technology systems, to secure their passwords and any other access credentials provided to the User and required for access to the Quicket Solutions Software and Services. (c) Customer shall be responsible for all activities that occur on any User account. Customer shall notify Quicket promptly of any known or suspected unauthorized use of any User account, User name, or password, and of any other known or expected significant breach of security or confidentiality with respect to the Quicket Solutions Software and Services or Documentation (which shall include the loss of control of any Equipment provided to Customer under this Agreement). For purposes of this provision, “significant breach” shall mean unauthorized access to and unauthorized change or download of any data in the Quicket Solutions Software and Services. A. 3. DELIVERY OF SOFTWARE. Quicket shall deliver Software within ninety (90) days after the execution of this Agreement or on such other date as may be agreed to by the parties. Delivery shall occur (a) by making the Software accessible for download via an FTP site or similar mechanism, or (b) Quicket may deliver the Software as a pre-loaded application on any Official Purchasing Document Last updated 10/2017 Page 30 of 45 responsible for all performance of the Professional Services under this Agreement and shall be solely and exclusively responsible for all acts and omissions of such subcontractors. Quicket will ensure that all Quicket employees and all subcontractors providing Professional Services will comply with all applicable federal, state and local laws. 6. EQUIPMENT LEASE. Quicket may supply equipment, including but not limited to tablet computers, communication devices, printers, supplies and other accessories (the “Equipment”, as defined on Appendix 1) to Customer for use with the Quicket Solution Software and Services. Unless otherwise agreed by the parties, the Equipment shall be leased to Customer under the terms and conditions set forth in the Leased Equipment Addendum attached hereto at Appendix 4. 7. FEES, BILLING AND PAYMENT. (a) Customer shall pay Quicket the license, subscription and service fees specified in a purchase order. Subscription fees for the Quicket Solutions Software and Services and Equipment Lease fees will be invoiced in accordance with the Services Agreement executed by the parties. Customer will pay such fees no later than thirty (30) days of invoice date. (b) During the Term, Customer may increase or reduce the quantity of the Quicket Software and Services or Equipment. Customer shall provide written notice of the quantities of Quicket Software and Services or Equipment to be added or removed from the Agreement. Quicket will deliver the additional Quicket Software and Services or Equipment within a commercially reasonable time after receipt of the notice, if immediate delivery is requested, or on a specific delivery date agreed to by the parties. Reductions in quantities shall be permitted four times per year at the end of each calendar quarter. Changes to fees and billing required under this Section 7(b) shall occur on the next regular billing cycle after the additional Quicket Software and Services or Equipment are provided or after the reduction occurs. 8. OWNERSHIP AND CONFIDENTIALITY. 8.1 Quicket Ownership. Ownership of the Equipment, the Quicket Solutions Software and Services (excluding Customer Data), any Quicket-developed Documentation (in whole or in part), and all related Intellectual Property Rights, are the exclusive property of Quicket and its licensors. Quicket reserves all rights not expressly granted to Customer in this Agreement. There are no implied rights. Except as contemplated under this Agreement, Customer shall not (i) use, disclose or provide any Software or related Quicket Documentation (or any modifications or derivatives thereof) or any other confidential or non-public information related to Quicket’s products or business, to any other party, except as permitted under this Agreement or any supporting documentation, (ii) attempt to or knowingly permit or encourage others to attempt to alter, reverse engineer, disassemble, decompile, decipher or otherwise decrypt or discover the source code to the Software except permissible by applicable law despite such prohibition, or (iii) use the Quicket Solutions Software and Services for the benefit of any third party without the express prior written consent of Quicket. Customer shall take all reasonable precautions to prevent unauthorized or improper use or disclosure of the Official Purchasing Document Last updated 10/2017 Page 31 of 45 Information in connection with the applicable party’s performance or observance of, or exercise of its rights under, this Agreement, (B) in the case of Quicket as the receiving party, on a need to know basis to permitted subcontractors who are bound by confidentiality obligations substantially similar to those set forth in this Agreement, (C) in the case of Customer, on a need to know basis to its third party contractors who are bound by confidentiality obligations substantially similar to those set forth in this Agreement, and (D) on a need to know basis to attorneys, accountants or other professional advisors who are bound by an ethical duty of confidentiality; (E) or as otherwise required by applicable law or a court order.. (c) Each party agrees that in the event the other party’s Confidential Information is inadvertently disclosed or is compromised, the disclosing party will immediately report the same to the non-disclosing party and work with the non- disclosing party to take any reasonably required steps to mitigate any damage caused by the same. (d) Notwithstanding any provision of this Agreement to the contrary, any portion of this Agreement required to be made public or available to the public under any applicable law shall be excepted from the definition of Confidential Information. (e) If a receiving party is required by applicable law, statute, or regulation, subpoena, or court order, to disclose any Confidential Information belonging to the disclosing party, the receiving party shall give to the disclosing party prompt written notice of the request and a reasonable opportunity to object to such disclosure and seek a protective order or appropriate remedy in accordance with the time periods stated in the CORA. If, in the absence of a protective order, the receiving party is required to disclose such Confidential Information, it may disclose only that portion of the Confidential Information the receiving party is so compelled. (f) Receiving party acknowledges that the disclosing party’s Confidential Information constitutes valuable proprietary information and/or trade secrets and that release of such Confidential Information in violation of this Agreement may cause irreparable harm for which the disclosing party may not be fully or adequately compensated by recovery of monetary damages. Accordingly, in the event of any violation or threatened violation by the receiving party, the disclosing party shall be entitled to injunctive relief from a court of competent jurisdiction in addition to any other remedy that may be available at law or in equity, without the necessity of posting bond or proving actual damages. 8.4 Data Sharing. In the event that any customers of Quicket determine that sharing of the customers’ respective Confidential Information or data is likely to be of mutual benefit to the customers and the sharing of information and data can be effected or facilitated through the Quicket Solutions Software and Services without a violation of applicable law, such customers and Quicket may enter into a form of mutually acceptable Data Sharing and Non-Disclosure Agreement providing for the transfer of such information and data between or among such customers and authorizing Quicket to (i) facilitate such transfer, (ii) grant appropriate access to representatives of Official Purchasing Document Last updated 10/2017 Page 32 of 45 Quicket will defend Customer from, and indemnify and hold harmless Customer against, such claim and any resulting costs, damages and attorneys’ fees arising out of or incurred as a result of such claim, together with all amounts finally awarded or agreed to in settlement, provided that (i) Customer promptly notifies Quicket in writing of the claim, and (ii) Quicket has sole control of the defense and all related settlement negotiations, and further provided that no settlement of a claim binding Customer will be entered into without the consent of Customer; and (iii) Customer reasonably cooperates in any investigation, defense or settlement of such claim or action. The Customer may participate (at its own expense, except as described above) in any investigation, defense or settlement of such claim or action. Quicket's obligations under this Section are conditioned on Customer's agreement that if the Software, or the use or operation thereof or of the Quicket Solutions Software and Services, becomes, or in Quicket's opinion is likely to become, the subject of such a claim, Quicket may at its expense, , either procure the right for Customer to continue using the Software, Professional Services Deliverables or the Quicket Solutions Service (as the case may be) or, at Quicket’s option, replace or modify the same so that it becomes non-infringing (provided such replacement or modification does not materially adversely affect Customer’s intended use of the Professional Services Deliverables, Software or the Quicket Solutions Service as contemplated hereunder). If Quicket determines that neither of the foregoing alternatives are commercially feasible, Quicket may terminate the Quicket Solutions Service and the License as applicable and, in such case, Customer will return any Software and Equipment in its possession or control upon written request by Quicket and Quicket will credit or (at Customer's option) refund the Customer any unearned, prepaid fees for the Quicket Solutions Software and Services. Quicket’s obligation to indemnify and hold harmless Customer under this provision shall expire on the fifth anniversary of the termination or expiration of this Agreement. Quicket shall have no liability for any claim based upon (a) use of the Software or service other than as expressly authorized by this Agreement or any subsequent agreement or as contemplated by the Documentation, (b) the combination, operation or use of any Software with materials not supplied by Quicket or authorized for use by Quicket, or not otherwise contemplated by this Agreement or the Documentation, if such claim would have been avoided by use of the Software alone. THE FOREGOING STATES THE SOLE REMEDY OF CUSTOMER AND THE ENTIRE OBLIGATION OF QUICKET WITH RESPECT TO ANY CLAIM OF INFRINGEMENT OF ANY THIRD PARTY INTELLECTUAL PROPERTY RIGHTS. 9.5 Intentionally Omitted. 9.6 Intentionally Omitted. 9.7 Data Security and Privacy. (a) Unless it receives Customer’s express written consent, Quicket will not give any third party access to Customer Data other than as required to accomplish the terms of this Agreement, as required by law, or as instructed by Customer in writing. Quicket shall (i) institute and comply with industry- standard practices for systems security which are reasonably sufficient to protect Customer Data from improper access, loss, Official Purchasing Document Last updated 10/2017 Page 33 of 45 ISO270001 and is certified at least to SAS70 and/or SSAE16 standards, or a substantially similar successor standard, and will have industry standard physical, technical and administrative data security infrastructures in place, and be CJIS approved and compliant. Quicket currently uses Amazon Government Cloud for its third party hosting subcontractor and will not make any changes to a third party hosting subcontractor arrangement that decreases security infrastructure from that in place as of the date of this Agreement. Quicket Solutions Software and Services are intended only for use in the United States, and Quicket does not warrant or represent that the Quicket Solutions Software and Services are or will become EU Safe Harbor Certified. In the event Quicket is unable to meet the standards or procure the certifications set forth in this Section 9.7(b), then such event shall be deemed a material breach, and Customer may terminate this Agreement in accordance with its terms. (c) Transmission of Customer Data through the Quicket Solutions Software and Services shall utilize industry standard and the Federal Bureau of Investigation Criminal Justice Information Services Division certified encryption techniques. In the event Quicket processes or accepts third party payments made to or for the benefit of Customer, Quicket shall meet or exceed all applicable Payment Card Industry (“PCI”) standards and maintain PCI certification of its payment application, platform or portal. (d) If a third party claim or action is brought against Customer as a result of any security breach that results in misuse or improper access to any Customer Data due to Quicket’s or its applicable vendor(s) acts or omissions, Quicket will defend, indemnify and hold harmless Customer and against such third party claim and any resulting costs, damages and attorneys’ fees arising out of or reasonably incurred as a result of such claim, together with all amounts finally awarded or agreed to in settlement as a result of such claim, provided that (i) Customer promptly notifies Quicket in writing of the claim, and (ii) Quicket has sole control of the defense and all related settlement negotiations, provided that no settlement of a claim binding Customer will be entered into without the consent of Customer as applicable and provided that Customer may participate in the defense and settlement of any such claim at its own cost; (iii) Customer reasonably cooperates in any investigation, defense or settlement of such claim or action. Quicket shall procure insurance coverage for any claims made by third parties as described in the Section 9.7(c), and Quicket shall provide an endorsement to such insurance policy which names Customer as an additional insured. Such insurance coverage shall be primary and non-contributory as to all other Customer’s insurance. 9.8 Viruses and Disabling Code. Quicket shall use commercially reasonable efforts to ensure that Software is scanned prior to delivery to Customer, using industry standard commercially available scanning software, in order to ensure that there are no known computer viruses, malware, or similar malicious code or items in the Software on delivery to Customer. The Quicket Solutions Software and Services, upon delivery, (i) will not contain any back doors, trap doors, worms, or any other disabling devices designed to interfere with Customer's normal and permitted operation of the Quicket Solutions Software and Official Purchasing Document Last updated 10/2017 Page 34 of 45 purposes. Termination or expiration shall not affect any rights accrued prior thereto. (b) Upon any termination or expiration of this Agreement, Quicket shall make the Quicket Solutions Software and Services available to Customer during the Customer Data Access Period for Customer to complete a final export of the Customer Data. In the alternative, Quicket may determine to provide the export of Customer Data in a form and format reasonably available to or usable by Customer. 12. MISCELLANEOUS. 12.1 Insurance. Quicket has provided Customer with a memorandum of insurance evidencing the policies, coverages and applicable limits of insurance procured by Quicket and in force at the time this Agreement is executed. Quicket warrants to Customer that it will not reduce coverages or limits during the Term. 12.2 Export; Government Restricted Rights. Customer acknowledges that the export of any Software is or may be subject to export or import control and Customer agrees that any Software or the direct or indirect product thereof will not be exported (or re-exported from a country of installation) directly or indirectly, unless Customer obtains all necessary licenses from the U.S. Department of Commerce or other agency as required by law. Customer may request, from time to time, that Quicket provide Customer with reasonably available information applicable to the Quicket Solutions Software and Services to facilitate compliance with this Section 11.2, including applicable export classifications and designations. If Customer or any of its end users are a U.S. federal government end user, the Quicket Solutions Software and Services are a “Commercial Item” as that term is defined at 48 C.F.R. §2.101, consisting of “Commercial Computer Software” and “Commercial Computer Software Documentation”, as those terms are used in 48 C.F.R. §12.212 or 48 C.F.R. §227.7202. Consistent with 48 C.F.R. §12.212 or 48 C.F.R. §227.7202-1 through 227.7202-4, as applicable, the Quicket Solutions Software and Services are licensed to such Customer and end users only with those rights as expressly provided under the terms and conditions of this Agreement. 12.3 Non-Assignment. Neither party may sell, assign, or otherwise transfer to any third party this Agreement or any of its rights or obligations hereunder without the prior written consent of the other party. Notwithstanding the foregoing, Quicket may with prior written notice assign this Agreement, in whole and not in part, without such consent to an Affiliate or to a successor in interest by merger or acquisition of substantially all assets of Quicket’s business. Any purported assignment in violation of this Section will be void. 12.4 Intentionally Omitted. 12.5 Relationship of Parties. Quicket and Customer are independent contractors, and nothing in this Agreement shall be construed as making them partners or as creating the relationships of employer and employee, master and servant, or principal and agent between them, for any purpose whatsoever. Neither party shall make any contracts, warranties or representations or assume or create any other obligations, express or implied, in the other party's name or on its behalf. Official Purchasing Document Last updated 10/2017 Page 35 of 45 Solutions Software and Services environments, and all Customer Data under Quicket’s possession or control, shall be provisioned in Quicket’s data center in the United States. 12.11 Miscellaneous. In no event shall either party be liable for any delay or failure to perform under this Agreement, which is due to causes beyond the reasonable control of such party and without such party’s fault or negligence; provided that the affected party notifies the unaffected party as soon as reasonably possible, and resumes performance hereunder as soon as reasonably possible following cessation of such force majeure event. To the extent that any provision of this Agreement is found to be void or unenforceable, such provision shall be without effect and the remainder of the Agreement shall be enforced to the full extent of the law. This Agreement shall be governed by, and interpreted and enforced in accordance with, the substantive laws of the State of Colorado without regard to its conflict of laws principles. The parties agree that the United Nations Convention on Contracts for the International Sale of Goods shall not apply to any transaction between the parties. All notices given under this Agreement shall be in writing. Any notice under this Agreement if delivered by hand, sent by facsimile, or mailed via overnight courier, shall be deemed given on the business day following the sending of such notice, and any notice sent via mail shall be deemed given on the third business day following the mailing of any such notice, postage paid, to the address set forth above. DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 Official Purchasing Document Last updated 10/2017 Page 36 of 45 II. APPENDIX 1 Definition Appendix “Agreement” means this Master Software and Service Agreement, together with the following documents and any Schedules: (a) Definitions, Appendix 1 (b) Technical Support Policy, Appendix 2 (c) Professional Services Terms, Appendix 3 (d) Leased Equipment Addendum, Appendix 4 (e) Service Level Agreement, Appendix 5 (f) Statement of Work, dated ______________, 2020 “Customer Data” means all data submitted to the Quicket Solutions Software and Services by Customer or its authorized Users (“Customer Data”) in the course of using the Quicket Solutions Software and Services, including any related documentation, copies, modifications and derivatives of the foregoing and all related copyright, patent, trade secret and other proprietary rights therein. “Customer Data Access Period” means a period of no less than thirty (30) days immediately following the termination or expiration of this Agreement during which Customer is allowed to complete a final export of Customer Data. “Documentation” means Quicket materials describing the Quicket Solutions Software and Services, including, but not limited to, product technical manuals and online information (including online versions of the technical manuals) and help facility descriptions. “Equipment” means any tablet computers, communication devices, printers, supplies and other accessories provided to Customer by Quicket for use with the Quicket Solutions Software and Services. “Error” means a defect which causes the Software not to perform substantially in accordance with the specifications set forth in the Documentation and which can be reproduced or replicated in regular usage by Customer and Quicket. “Error Correction” means the use of reasonable commercial efforts to remedy an Error. “Intellectual Property” means technology, ideas, processes, methodologies, innovations, inventions, discoveries, works of authorship, data, know-how, trade secrets, and software and firmware, including source code and object code. “Intellectual Property Rights” means (i) patents and patent applications, worldwide, including all divisions, continuations, continuing prosecution applications, continuations in part, reissues, renewals, reexaminations, and extensions thereof and any counterparts worldwide claiming priority therefrom; utility models, design patents, patents of importation/continuation, and certificates of invention and like statutory rights; (ii) copyrights, trademarks (including service marks), trade names, logos, domain names, industrial designs; (iii) rights relating to innovations, know-how, trade secrets, know-how of confidential, technical, and non-technical information; (iv) moral rights, mask work rights, author's rights, and rights of publicity; and (v) other industrial, proprietary and Intellectual Property related rights anywhere in the world, that exist as of the date of the Agreement or thereafter come into existence, and all renewals and extensions of the foregoing, Official Purchasing Document Last updated 10/2017 Page 37 of 45 to be supplied by Quicket and which may contain certain other terms related to the provision of such Professional Services, the Quicket Solutions Software and Services and/or Equipment that are agreed between the parties. “Suggestions” shall mean a royalty-free, worldwide, transferable, sublicenseable, irrevocable, perpetual license for Quicket to use or incorporate into the Quicket Solutions Software and Services any suggestions, enhancement requests, recommendations or other feedback provided by Customer, including its Users, relating to the operation of or use of the Quicket Solutions Software and Services. “Support Policy” has the meaning set forth in Section 4. “Telephone Support” means technical, telephone assistance provided by Quicket to Users. Standard Telephone Support is provided during the hours of 9:00 am and 5:00 pm Central Standard Time, excluding Quicket recognized holidays. Quicket will provide additional non-standard 24/7 telephone support. Any response to requests for support outside of the standard support hours will be on a six (6) hour response time, measured from the time the call is placed to Quicket. “Term” means the period commencing on the delivery of the Software and Equipment to Customer and ending to 12:01 am local time on the first anniversary hereof (the “Initial Term”);. Notwithstanding any automatic renewal of the Agreement, either party may terminate the Agreement in accordance with its terms. “Updates” mean error corrections, fixes, workarounds or other maintenance releases of the Quicket Solutions Software and Services. “Upgrades” mean new releases or versions of the Quicket Solutions Software and Services that provide enhancements, modifications or improvements to the features or functionality; for purposes of this Agreement, “Upgrades” shall also include new features which are made generally available to all customers purchasing the Quicket Solutions Software and Services and for which Quicket does not charge any customer additional incremental fees. “User” means an individual who is an employee of Customer with authorized access by Customer to and use of the Quicket Solutions Software and Services the shorter of: (i) during the course of such User’s employment with Customer or (ii) the Term. “Workaround” means a change in the procedures followed or data supplied by Quicket to avoid an Error without substantially impairing use of Quicket Solutions Software and Service. DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 Official Purchasing Document Last updated 10/2017 Page 38 of 45 Appendix 2 Technical Support Policy The following details Quicket's current Technical Support Policy regarding the Quicket Solutions Software and Services. Updates to Quicket's Technical Support policies will be accessible at Quicket's website, under “support”. Third Party Software is specifically excluded from the terms set forth in this Appendix (but this exclusion does not pertain to the software interfaces and port-sets developed by Quicket that enable the link between the Software and the Third Party Software). Unless otherwise defined herein, capitalized terms used in this Appendix shall have the same meaning as set forth in the MSSA to which this Appendix 2 is attached. 1. SUPPORT SERVICES 1.1 Coverage. For so long as Customer is current in the payment of the Service Fees under the Agreement between Quicket and Customer, Quicket agrees that it shall use its diligent commercial efforts to provide support services to Customer as follows: 1.1.1 Error Correction and Telephone Support provided to Users concerning use of the Quicket Solutions Software and Service. 1.2.2 Releases, Versions and Updates which consist of one copy of published revisions to the Documentation relating to the Services. . 1.2 Error Priority Levels. Quicket shall exercise commercially reasonable efforts to correct any Error reported by Customer’s Qualified Individuals in the current, unmodified release of Software in accordance with the following priority level reasonably assigned to such Error by Quicket: 1.2.1 Priority A Error: means an Error which renders the Quicket Solutions Software and Service inoperative or causes the Quicket Solutions Software and Service to fail catastrophically. Quicket shall promptly: (i) assign Quicket engineers to correct the Error; (ii) within twenty four (24) hours of receipt of the Error report, attempt to identify the nature of the Error and notify Customer’s Qualified Individuals of a commitment date by which Workaround or Error Correction shall be provided, which date shall be as soon as reasonably possible with Quicket’s best efforts; (iii) notify Quicket management that such Errors have been reported and of steps being taken to correct such Error(s); (iv) provide Customer’s Qualified Individuals with periodic reports on the status of the corrections; and (v) provide Customer’s Qualified Individuals with a Workaround or Error Correction. 1.2.2 Priority B Error: means an Error which substantially degrades the performance of Quicket Solutions Software and Service or materially restricts Customer’s use of the Quicket Solutions Software and Service. Quicket shall, promptly: (i) assign Quicket engineers to correct the Error; (ii) within twenty four (24) hours of receipt of the Error report, notify Customer’s Qualified Individuals of the engineers assigned to the Error report; (iii) within one (1) week of receipt of the Error report, attempt to identify the nature of the Error and notify Customer’s Qualified Individuals of a commitment date by which an Error Official Purchasing Document Last updated 10/2017 Page 39 of 45 reported by Customer may not be due to an Error in the Software or provision of Services, Quicket will so notify Customer. 4. WARRANTY 4.1 Limited Warranty. Quicket warrants that Support Services will be performed with the same degree of skill and professionalism as is demonstrated by like professionals performing services of a similar nature. 5. SUPPORT POLICY CHANGES 5.1 This Schedule sets forth Quicket's policy with respect to the provision of support in force as of the Effective Date. Customer acknowledges that these terms are subject to change in accordance with Section 4(a) of the MSSA. DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 Official Purchasing Document Last updated 10/2017 Page 40 of 45 Appendix 3 Professional Services Terms 1. SERVICES. Quicket will provide Professional Services pursuant to Schedule(s) and/or SOW(s) executed by the parties and referencing this Agreement. Unless the parties expressly agree in writing to the contrary, the Professional Services do not include maintenance and/or support services for any Professional Services Deliverables. Customer may separately purchase from Quicket maintenance and/or support services for such deliverables or work product on a time and materials basis as set forth in an applicable Schedule or SOW as agreed to by the parties. 2. CHANGE REQUESTS. Either party may request a change to an SOW or Schedule of Professional Services, and for such purpose shall submit to the other party a written notice (“Change Request”) setting forth the requested change and the reason for such request. Within five (5) business days (or such other period of time as agreed by the parties) after the receipt of such Change Request, the parties shall discuss the necessity, desirability and/or acceptability of the Change Request. When and if both parties have agreed in writing upon the changes, and any resulting change in the estimated fees for the project, the parties shall complete and execute a new SOW or Schedule. 3. CHARGES FOR SERVICES. Customer shall pay to Quicket the fees set forth in the SOW(s) or Schedule(s) for the Professional Services. Unless explicitly stated otherwise in writing in an SOW or Schedule or any other document, all such listed Professional Services fees are estimates only, and are billed on a time and materials basis at rates agreed upon in writing by the parties for the Professional Services. Quicket will give prior notice to Customer if Quicket reasonably believes the Professional Services will not be completed within the estimate provided and the parties will enter into an appropriate Change Request as necessary and as agreed by the parties. Professional Services will be invoiced in accordance with Section 7 of the MSSA. 4. SUSPENSION OR TERMINATION OF PROFESSIONAL SERVICES. Customer may terminate a particular Professional Services engagement on one hundred eighty (180) days prior written notice, which notice shall specify the exact date of termination. Either party may terminate a particular Professional Services engagement on ten (10) days prior written notice in the event of a material breach by the other party that is not cured within such ten (10) day period, except for term based Professional Services such as hosting services purchased for a specific term which may be terminated only as provided in the applicable SOW or Schedule. In the event of such a suspension or termination, Customer shall continue to be obligated to pay all Professional Services fees due for Professional Services rendered prior to such suspension or termination, provided such services were provided in accordance with this Agreement and the applicable SOW or Schedule. 5. ACCESS TO CUSTOMER'S PROPERTY AND COMPUTERS. Upon Quicket’s request, Customer agrees to provide Quicket access to any Equipment and, if necessary, Official Purchasing Document Last updated 10/2017 Page 41 of 45 (b) Quicket hereby grants to Customer and its Affiliates a non-exclusive, non-transferrable, worldwide license to use and implement any ideas, modifications, or suggestions it proposes, creates, or authors relating to the Customer Independent IP. Customer will have sole discretion as to whether and how to implement any such ideas, modifications, or suggestions into the Customer Independent IP. 7. STAFFING. Quicket shall have sole discretion regarding staffing for the Professional Services, including the assignment or reassignment of its Professional Services personnel. In addition, Quicket may, at Quicket's sole responsibility, retain one or more sub-contractors to provide all or a portion of the Professional Services subject to prior written notice to Customer and provided Quicket remains solely responsible for the same as contemplated by Section 5 of the Agreement to which this Appendix 3 is attached. Customer shall have the sole discretion to deny the use of a particular subcontractor. Customer shall provide at least one mutually acceptable contact person to communicate all product development-related activities, and matters concerning the Professional Services, to Quicket. Notwithstanding any provision of this Appendix or any Addenda, SOW or Schedule to which this Appendix is attached or relates, Quicket represents and warrants that all Quicket employees and all subcontractors providing Professional Services (or other services) pursuant to this Agreement will meet all requirements established by applicable law pertaining to citizenship, U.S. residency or other applicable criteria, including requisite background checks and meet any and all personnel requirements agreed to between the Parties. DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 Official Purchasing Document Last updated 10/2017 Page 42 of 45 Appendix 4 Leased Equipment Addendum 1. Lease: Quicket Solutions, Inc. (“Quicket”) is providing Customer certain Equipment, as defined in the Agreement, and as set forth in a purchase order, SOW or other ordering document entered into by the parties in connection with the Agreement. This Leased Equipment Addendum applies to the delivery, possession and maintenance of the Equipment. Customer agrees that all such Equipment is leased from Quicket and that Quicket is the owner of the Equipment. This Equipment Lease Addendum commences on the date the Equipment is delivered to Customer, and a l l l e ase p ayments are included in the total fees set forth on the purchase order or other ordering document. 2. Equipment Use, Maintenance and Warranties: (a) Quicket leases the Equipment to Customer "AS IS" AND, EXCEPT AS OTHERWISE STATED HEREIN, MAKES NO WARRANTIES, EXPRESS OR IMPLIED WITH REGARD TO THE EQUIPMENT, INCLUDING ANY WARRANTIES OF MERCHANTABILITY OR FITNESSFOR A PARTICULAR PURPOSE. Notwithstanding the disclaimers set forth in the immediately preceding sentence, Quicket specifically warrants that the Equipment is fit for use with the Quicket Solutions Software and Services, as defined in the Agreement. Quicket will hold for the benefit of, or transfer to, Customer, at Customer’s option, any manufacturer warranties included with any such Equipment. Unless otherwise specified in the Agreement, the SOW or other ordering document, Customer is required to keep the Equipment repaired and maintained in good working order and as required by the manufacturer’s warranty. (b) During the Term, Quicket will be responsible for maintenance and/or service of the Equipment in accordance with the following: (i) In the event Quicket holds the manufacturer’s warranty on any Equipment, then in the event of a claim under the applicable manufacturer’s warranty, Customer shall return the Equipment to Quicket, in the manner as Quicket may reasonably direct, with a written description of the damage, malfunction or other problem experienced with the Equipment; (ii) For any Equipment which is no longer covered by the manufacturer’s warranty, then Quicket agrees that Quicket will be responsible for maintenance and service of such Equipment until Quicket and Customer determine to remove such Equipment from Service or the Agreement expires or is otherwise terminated, subject to the exceptions set forth in subparagraph (iv) below; (iii) In the event that any Equipment malfunctions, is (A) damaged or destroyed, whether or not covered by the manufacturer’s warranty at the time of such malfunction, Official Purchasing Document Last updated 10/2017 Page 43 of 45 business days of Customer’s notice of the loss or theft, a similar make and model of Equipment (or suitable substitute with comparable functionality) for use by Customer until the lost or stolen Equipment is recovered or determined to be unrecoverable. If the Equipment is recovered, Customer shall return the loaned Equipment to Quicket. In the event the Equipment is not recoverable, Customer shall reimburse Quicket its actual cost to replace the Equipment (i.e., at Quicket’s purchase price from the distributor). In the event Customer elects to eliminate the lost or stolen Equipment from the Agreement, then Customer shall pay to Quicket the value of the lost or stolen Equipment determined by applying straight-line depreciation of a four (4) year economic life of the Equipment to Quicket’s cost of purchase plus a twenty- five percent (25%) mark-up (i.e., Quicket’s cost from its distributor plus overhead and profit). 3. Assignment: Customer agrees not to transfer, s e l l , sublease, assign, pledge, relocate, move or encumber either the Equipment or any rights under this Leased Equipment Addendum without Quicket’s prior written consent. DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 Official Purchasing Document Last updated 10/2017 Page 44 of 45 Appendix 5 Service Level Agreement Availability: Quicket warrants the Quicket Solutions Software and Services will generally be available 99% of the time, except as provided below. General availability will be calculated per calendar quarter, using the following formula: [(total – nonexcluded – excluded) *100] > 99% total - excluded Where:  “total” means the total number of minutes for the quarter  “nonexcluded” means downtime that is not “excluded”, as defined in the next bullet  “excluded” means the following: o Any planned downtime of which Quicket gives 8 hours or more notice. Quicket will use commercially reasonable efforts to schedule all planned downtime during the weekend hours from 6:00 P.M. Friday, Central Time, through 6:00 A.M. Monday, Central Time. o Any period of unavailability lasting less than 15 minutes. o Any unavailability caused by circumstances beyond Quicket’s reasonable control, without limitation, acts of God, acts of government, flood, fire, earthquakes, civil unrest, acts of terror, strikes or other labor problems (other than those involving Quicket employees), computer, telecommunications, Internet service provider or hosting facility failures or delays involving hardware, software or power systems not within Quicket’s possession or reasonable control, and network intrusions or denial of service attacks. For any partial calendar quarter during which Customer subscribes to the Quicket Solutions Software and Services, general availability will be calculated based on the entire calendar quarter, not just the portion for which Customer subscribed. In addition, unavailability for some specific features or functions within the Quicket Solutions Software and Services, while others remain available, will not constitute unavailability of the Quicket Solutions Software and Services, so long as the unavailable features or functions are not, in the aggregate, material to the Quicket Solutions Software and Services as a whole. Penalties: Should the Quicket Solutions Software and Services availability fall below the 99% general availability level for any calendar quarter, and this downtime significantly affected customers ability to use the system, Customer may continue to use the Quicket Solutions Software and Services but will receive credit for one half day of its Quicket subscription, in that quarter, for each two hours of general Quicket Solutions Software and Services unavailability below 99%. Any such credit shall be applied to Customer’s next invoice (or refunded if Customer’s subscription to the Quicket Official Purchasing Document Last updated 10/2017 Page 45 of 45 DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 Solutions Software and Services expires or terminates prior to receipt of such credit and Customer owes no further charges to Quicket). The penalties specified in this “Penalties” section shall be the sole remedies available to Customer for breach of this SLA Addendum. Reporting and Claims: To file a claim under this SLA Addendum, Customer must send an email to support@quicketsolutions.com with the following details:  Billing information, including client name, billing address, billing contact and billing contact phone number  Downtime information with dates and time periods for each instance of downtime during the relevant period  An explanation of the claim made under this SLA Addendum, including any relevant calculations Claims may only be made on a calendar quarter basis and must be submitted within 10 business days after the end of the affected quarter, except for periods at the end of a subscription agreement not coincident with the end of a calendar quarter, in which case Customer must make any claim within 10 business days after the end of its subscription agreement. All claims will be verified against Quicket’s system records. Should any periods of downtime submitted by Customer be disputed, Quicket will provide to Customer a record of Quicket Solutions Software and Services availability for the period in question. Quicket will only provide records of system availability in response to good faith Customer claims. General: Any obligations of Quicket under this SLA Addendum shall become null and void upon any breach by Customer of its Quicket subscription agreement, including any failure by Customer to meet payment obligations to Quicket. DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 damage or destruction (i.e., such malfunction, damage or destruction is caused by other than routine wear and tear) and (B) the repair or replacement of such Equipment is not or would not be covered under the applicable manufacturer’s warranty, then Customer shall be responsible for the cost of repair or replacement of such Equipment; (iv) In the event Customer holds the warranty on any Equipment, then Customer shall be responsible for contacting the manufacturer for any warranty matters. (c) In the event any Equipment malfunctions, is damaged, lost or destroyed during the Term, then Customer shall promptly notify Quicket in writing of such malfunction, damage, loss or destruction. In the event Quicket directs Customer to deliver or make available to Quicket, such malfunctioning, damaged or destroyed Equipment, then upon receipt of the Equipment, Quicket shall (i) determine if Quicket is able to remedy the malfunction or repair the Equipment; or (ii) send the Equipment to the manufacturer pursuant to the applicable warranty and (iii) within two (2) business days of receipt of Customer’s notice provide a similar make and model of Equipment (or suitable substitute with comparable functionality) for use by Customer until the Equipment is repaired and returned to Customer or a determination is made that the malfunction, damage or other problem is either not covered by (I) the applicable manufacturer’s warranty (for example, the damage is caused by abuse or neglect) or (II) Quicket’s maintenance and repair obligation under Section 2(b) (ii) above. If the malfunction, damage or other problem is not covered by either the applicable manufacturer’s warranty or Quicket’s maintenance and repair obligation, and the manufacturer provides an estimate of the cost of repair, Quicket shall refer such estimate to Customer, and Customer shall determine whether to repair or replace the Equipment, at Customer’s option and sole expense. Upon repair or replacement, Quicket and Customer shall exchange the original (or replacement) Equipment and the Quicket loaned item. (d) Customer agrees that any warranty claims or other requests for maintenance or service under this Section 2 will not impact its obligation to pay all amounts under the Agreement when due, provided that Quicket provides the replacement Equipment in accordance with Section 2(c) above. (e) Customer acknowledges that Quicket is not the agent of or for the Equipment manufacturer for any purposes under the Agreement. (f) Customer acknowledges and agrees that it is responsible for all Equipment in its possession, and it has or will adopt (and enforce) reasonable security policies to protect Customer’s property generally, which for purposes of the Agreement shall also include the Equipment. Notwithstanding any provision of this Schedule or the Agreement to the contrary, Quicket shall use commercially reasonable and technologically feasible means to locate or track any lost or stolen Equipment (such as by use of embedded GPS devices or applications). In the event of lost or stolen Equipment, Quicket shall provide, within two (2) DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 Customer’s computer(s) via remote data communication and, upon Quicket’s written request, by visits to Customer's site as reasonably required to perform the Professional Services pursuant to any Schedule or SOW and Quicket will abide by Customer’s security and safety regulations and policies, provided in advance to Quicket, and which are applicable to such access. Any access under this provision shall not disrupt the operations of the Customer and will have minimal to no impact upon the Customer’s information technology systems. 6. LICENSE; OWNERSHIP. 6.1 Quicket hereby grants to Customer a non-exclusive, non-transferable license to use the “Quicket-owned Professional Services Deliverables” (as defined in Section 6.3 below) delivered to Customer, solely in conjunction with, and consistent in scope with, Customer’s permitted use of the Quicket Solutions Software and Services under this Agreement. 6.2 To the extent that any Quicket-owned Professional Services Deliverables are delivered to Customer by Quicket in source code format then Quicket hereby grants to Customer a limited license to copy and to modify such source code, and to compile such source code into object code, but solely in connection with, and only to the extent necessary for, Customer’s maintenance and support of the Quicket-owned Professional Services Deliverables hereunder and for no other purpose. The license grant in this Section 6.2 is subject to any limitations set forth in Section 6.1 above. 6.3 Quicket retains ownership of all information, Software and other Intellectual Property owned by it prior to this Agreement or which Quicket develops independently of this Agreement (“Quicket Preexisting Property”). Unless otherwise agreed by the parties in an applicable SOW, and subject to the license grant provided in Section 6.1 above, Quicket shall retain ownership of all Quicket Preexisting Property and any deliverables delivered by Customer pursuant to an applicable SOW or separate agreement. (“Quicket-owned Professional Services Deliverables”). All such information shall be treated as Quicket’s Confidential Information in accordance with Section 8.3 of the Agreement. Quicket may utilize any and all methods, computer software, know-how or techniques related to programming and processing of data, developed by it while providing the Professional Services and may incorporate the work product in future releases of any of its software, provided the same does not incorporate or include any Customer Data, or Customer’s Confidential Information. Quicket will have sole discretion as to whether and how to implement any Suggestions into the Software. 6.4 Customer Ownership. (a) Customer retains ownership of all information, systems, software and other property owned by it prior to this Agreement or which it develops independently of this Agreement, including without limitation all Customer Intellectual Property and Customer Confidential Information (“Customer Independent IP”). The parties acknowledge and agree that Quicket shall not modify, adapt or create derivative works of the Customer Independent IP under this Agreement, and if any such work product is anticipated, the parties shall enter into a mutually agreed upon amendment to this Agreement to contemplate such work, which will reflect that Customer shall own such work product. DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 Correction shall be provided, which date shall be as soon as reasonably possible with Quicket’s best efforts. Quicket shall exercise commercially reasonable efforts to include an Error Correction in the next regular Software maintenance Update. 1.2.3 Priority C Error: means an Error which causes only a minor impact or restricts Customer’s use of Quicket Solutions Software and Service. Quicket shall (i) assign Quicket engineers to correct the Error; (ii) within twenty four (24) hours of receipt of the Error report, notify Customer’s Qualified Individuals of the engineers assigned to the Error report; and (iii) within two (2) weeks of receipt of the Error report, attempt to identify the nature of the Error and notify Customer’s Qualified Individuals of a commitment date by which an Error Correction shall be provided, which date shall be as soon as reasonably possible with Quicket’s best efforts. Quicket may include an Error Correction in the next Version of the Product. 1.3 Other Errors. If Quicket believes that a problem reported by Customer may not be due to an Error in the Quicket Solutions Software and Service, Quicket will so notify Customer’s Qualified Individuals. At that time, Customer may: (i) instruct Quicket to proceed with problem determination as set forth below or (ii) instruct Quicket that Customer does not wish the problem pursued at its expense. 1.4 General Telephone Support. For general questions pertaining to the operation of the Quicket Solutions Software and Services or the Equipment, Quicket will provide a telephone help desk number and will respond to calls made by Customers in accordance with the applicable level of support. For all Customers, Quicket’s standard level of Telephone Support is provided during the hours of 9:00 am and 5:00 pm Central Standard Time, excluding Quicket recognized holidays. Customers subscribing to the standard Telephone Support shall receive a return call the same day; calls made after 6:00 pm Central Standard Time shall receive a return call the following day. Customers purchasing non-standard Telephone Support will receive a return call within four (4) hours from the time the call is placed to Quicket. 1.5 Limitations of Support. Quicket shall have no obligation to support: (i) Quicket Solutions Software and Service that is not the then current release or the Previous Sequential Release; or (ii) Quicket Solutions Software and Service problems caused by Customer's modification, abuse or misapplication, use of the Software other than as specified in the Documentation or other causes beyond the reasonable control of Quicket. 3. CUSTOMER’S RESPONSIBILITIES 3.1 Procedures. Customer shall take reasonable measures to ensure that its Users shall read, comprehend and follow operating instructions and procedures as specified in, but not limited to the Documentation and other correspondence related to the Quicket Solutions Software and Service, and follow procedures and recommendations provided by Quicket support personnel in an effort to correct Errors. 3.3 Notification of Errors. Customer shall notify Quicket of Errors in accordance with the then-current Quicket Error and problem reporting procedures. If Quicket believes that a problem DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 regardless of whether or not such rights have been registered with the appropriate authorities in such jurisdictions in accordance with the relevant legislation. “License” means a license to use the Software and/or Quicket Solutions Software and Services, as defined in Section 2 of the Agreement. “MSSA” means the Master Software and Service Agreement. “Previous Sequential Release” means a release of Software which has been replaced by a subsequent Release of the same Software. A Previous Sequential Release will be supported by Quicket for a period of only one (1) year after release of the subsequent Release. “Professional Services” means those services to be provided by Quicket to Customer and which (i) are not specifically included under the Master Software and Service Agreement, and (ii) are set forth in a separate SOW or agreement between Quicket and Customer. Professional Services may include, but are not limited to, set-up services, configuration and/or implementation services and/or other consulting services. “Professional Services Deliverables” means any software, modifications to software, configurations, documentation, reports or other work product developed and delivered by Quicket to Customer under a Professional Services project. “Quicket Solutions Software and Services” means the Software and the Quicket Solutions cloud-based hosted service for access to the Quicket web-based and mobile applications as specified in the applicable Schedule, purchase order or other ordering document. “Schedule” means an addendum, appendix, amendment or other writing titled as a schedule and attached to or included in this Agreement, when signed by both parties from time to time that, when completed, sets forth the features, term, quantities, scope and fees associated with the purchase of a License or Licenses to Software, a Quicket Solutions Software and Services subscription, leasing of Equipment, or the description and fees associated with the purchase of Professional Services under Appendix 3 hereof. "Software" means the standard version of the software program or programs marketed and licensed by Quicket. Software includes machine readable (object) code, except for certain Software which Quicket may elect to supply in source code format. Software includes any Updates or Upgrades of the Software, as defined in this Appendix, applied by Quicket to the Quicket Solutions Software and Services during the Term. “SOW” or “Statement of Work” means a Schedule or other separate document referencing this Agreement and signed by both parties from time to time that sets forth Professional Services DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 12.6 Non-solicitation. Neither party may, without the prior written consent of the other party, beginning on the signing of this Agreement and ending six (6) months after the termination of this Agreement (“Covered Period”), directly or indirectly, alone or with others, hire, solicit or assist anyone else in the solicitation of, any employee of the other party or encourage any such employee to terminate his or her employment with the other party. Notwithstanding anything in this Section to the contrary, this Section shall not apply to: (i) either party contracting with an employee of the other party to provide consulting services on a part-time basis; or (ii) employees of either party responding to advertisements made at job fairs, or in media circulated to the general public at large; or former employees of the other party, who are not employed or retained by such party during the Covered Period. 12.7 Third Party Products. Third party software products and programs supplied or made accessible under this Agreement, including by way of example software that is part of the Service infrastructure such as database, back-up, storage, and firewall software, are licensed under this Agreement for use solely with the Quicket Solutions Software and Services as authorized under this Agreement, and are subject to the confidentiality and non-assignment provisions of this Agreement Certain portions of the Software may include open source or third party program(s) that are subject to the license terms and notifications found in the “About” box documentation included within the Software, as updated from time to time and posted on the Quicket website. Such program(s) are not subject to the warranty and indemnity provisions of this Agreement. 12.8 Intentionally omitted. 12.9 Audit Rights; Usage Verification. (a) No more than once in any twelve (12) month period, upon thirty (30) days prior written notice to Customer, Quicket shall have the right, for purposes of verification of Customer’s compliance with this Agreement, to access the User data within the Quicket Solutions Software and Services. Customer acknowledges that the Quicket Solutions Software and Services may at the date of this Agreement or in subsequent releases include password protection, anticopying subroutines or other security measures designed to monitor the usage of the Software for license management purposes. Under no circumstances may Quicket employ any such measure to interfere with Customer's normal and permitted operation of the Quicket Solutions Software and Services. Any audit performed shall not disrupt the operations and functions of the Customer. Audits will have minimal to no impact upon the system. Any audit shall not last more than one regular business day of eight (8) hours. (b) Upon request by Customer, Quicket agrees to complete, within sixty (60) days of receipt, a security audit questionnaire provided by Customer. 12.10 Service Locations. All Professional Services shall be performed within the United States. Customer’s Quicket DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 Services, and (ii) will not permit the access or control of any Customer hardware, network, software or device by any party other than Customer, except as contemplated in the Documentation. 10. LIMITATION OF LIABILITY. 10.1 Damages Cap. Except with respect to Quicket’s indemnification obligations under Sections 9.4 and 9.7(d): each party’s confidentiality obligations under Section 8.3; or each party’s gross negligence or willful misconduct, and except as set forth in Sections 9.2 and 9.3, and regardless of the form of action (whether in contract, tort, breach of warranty or otherwise) and notwithstanding any other provisions of this Agreement: IN NO EVENT SHALL QUICKET’S (OR ITS LICENSORS’ OR SUPPLIERS’) OR CUSTOMER’S MAXIMUM, CUMULATIVE LIABILITY FOR ALL DAMAGES HEREUNDER EXCEED THE TOTAL AMOUNT OF FEES PAID (AND IN CUSTOMER’S CASE PAID OR PAYABLE) HEREUNDER IN THE TWELVE MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO DAMAGES FOR THE PRODUCT OR SERVICE THAT CAUSED THE DAMAGE. 10.2 Consequential Damages. IN NO EVENT SHALL QUICKET (OR ANY OF ITS LICENSORS OR SUPPLIERS) OR CUSTOMER BE LIABLE FOR INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, SPECIAL OR INDIRECT DAMAGES (INCLUDING BUT NOT LIMITED TO LOST PROFITS AND LOSS, DAMAGE OR DESTRUCTION OF DATA) EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF THE SAME AND EVEN IF A PARTY ASSERTS OR ESTABLISHES A FAILURE OF THE ESSENTIAL PURPOSE OF ANY LIMITED REMEDY PROVIDED IN THIS AGREEMENT. Some states do not allow the exclusion or limitation of incidental or consequential damages under certain circumstances and the above exclusion or limitation may not apply 11. TERM AND TERMINATION. 11.1. General. This Agreement shall become effective upon execution by authorized representatives of both Quicket and Customer (the “Effective Date”) and shall continue in effect until the earlier of expiration or termination of this Agreement. 11.2 Termination for Cause. Either party may terminate this Agreement (including any License granted therein), in the event of a material breach of this Agreement by the other party that is not cured within thirty (30) days after receipt of written notice from the non-breaching party to the breaching party; provided, however, that either party may terminate this Agreement immediately, and without any opportunity to cure, in the event of a breach of Section 8 of this Agreement. 11.3 Termination for Convenience. Either party may terminate this Agreement for such party’s convenience and without cause upon written notice to the other party at least one hundred eighty (180) days prior to the end of the then current Term. In such event, Quicket shall promptly refund to the Customer any amounts paid in advance for the then current term on a pro-rated basis. 11.4 Effect of Termination. (a) Upon termination or expiration of this Agreement or termination or expiration of a specific Schedule, Customer shall make no further use of the affected Quicket Solutions Software and Services or Equipment and shall within ten (10) days deliver to Quicket or destroy the original and all copies of such Software and return the affected Equipment to Quicket or make such Equipment available for pick-up by Quicket. Customer may retain a copy of any terminated or expired Software solely for archival DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 alteration or destruction, and (ii) access Customer's computer systems, if access is provided, only for the limited purpose of, and only for that period of time necessary for, fulfilling its obligations hereunder. Quicket shall maintain (a) a current detailed disaster recovery and business continuity plan and (b) written information security plan, which shall be provided to the Customer prior to the execution of this Agreement; and Quicket shall review and update or otherwise modify as industry- standard practices require such plans not less than once a calendar year during the Term. All updates or modifications to the aforementioned plans shall be provided to the Customer within seven (7) days of Quicket’s adoption of a final revision, amendment or restatement of such plan. In compliance with applicable law, but in no less than a commercially reasonable time in accordance with the circumstances, Quicket shall promptly inform Customer whenever it knows or reasonably believes a security breach has compromised, or is likely to compromise, Customer Data and will cooperate with Customer in investigating such breach, including making available all relevant records, logs, and files as reasonably requested by Customer. In the event of any actual breach of data security and unauthorized access to Customer Data, Quicket shall: (i) immediately notify Customer within twenty-four (24) hours of the identification of the breach of data security and (ii) provide a Quicket point of contact, available to Customer by telephone, text or email, with a response time of not more than two (2) hours after delivery of the notice, until such time as the root cause of the data security breach is identified and the vulnerability fixed. All reasonable costs of providing notice to potentially affected persons pertaining to the breach shall be paid for by the party responsible for the vulnerability leading to the breach or otherwise at fault for the breach. The parties shall consult and mutually agree to the list of affected persons and content of any such notices to be delivered to such affected persons; provided, that, if the parties are unable to agree to the content of any notice within a reasonable time after the notice of breach, Customer may determine, in its sole discretion, the list of persons to whom notice is to be sent and the content of such notices. The costs of any remediation and repair to the data security systems and procedures of either Quicket or Customer shall be paid by the party at fault for the root cause of the data security breach. Customers of the Quicket Solutions Software and Services, including Customer, are responsible for ensuring that the nature of the data collected, transmitted through and/or stored in the Quicket Solutions Software and Services and Customer’s use thereof shall comply with applicable laws. The parties acknowledge that Customer is solely responsible for populating and entering all Customer Data in the Quicket Solutions Software and Services and Quicket has no control over the integrity of the data collected and input through Customer’s use of the Quicket Solutions Software and Services. Customer shall have access to the Quicket Solutions Software and Services in order to store, retrieve or export Customer Data; and upon any termination or expiration of this Agreement, Customer shall be entitled to the Customer Data Access Period for the purpose of allowing Customer to complete a final export of the Customer Data, and thereafter Quicket shall destroy all electronic copies of Customer Data remaining in Quicket’s possession, custody or control and purge any media that previously housed the Customer Data. During the Term of this Agreement and the Customer Data Access Period, Customer will have access to Customer Data within the Quicket Solutions Software and Services and will have the ability to download its Customer Data at any time as part of the Quicket Solutions Software and Services functionality. Quicket represents and warrants that its collection, access, use, storage, disposal and disclosure of Confidential Information does and will comply with all applicable federal, state and local privacy and data protection laws, as well as all other applicable regulations and directives. (b) Quicket shall host the Quicket Solutions Software and Services at a facility that meets the standards of DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 each customer to the Confidential Information and data of the other pursuant to the terms of the Data Sharing and Non- Disclosure Agreement, and (iii) such other acts as may be reasonably required on the part of Quicket to implement and manage such arrangement, including any fees and expenses associated with such Data Sharing and Non-Disclosure Agreement. 9. WARRANTY; INDEMNITY; DISCLAIMERS. 9.1 Software and Services Performance Warranty. Quicket warrants that for a period of one year following the delivery of the Quicket Solutions Software (the “Warranty Period”), the Software and the Quicket Solutions Software and Services will perform in material conformity with all applicable end user Documentation supplied by Quicket; provided, that the Software and the Quicket Solutions Software and Services are operated in accordance with the Documentation and that Quicket receives a written claim from Customer under this limited warranty within the Warranty Period (“Warranty”). In the event of a breach of this Warranty, at Quicket’s election, it shall, at no additional cost to the Customer: (a) replace or repair the affected Quicket Solutions Software and Services so it performs as warranted or, (b) if Quicket is not able to, or determines it is not commercially feasible to repair or replace the same within a reasonable period of time, terminate the License and Quicket Solutions Software and Services and credit or (at Customer's option) refund to Customer the unused, prepaid Quicket Solutions Software and Services subscription fees paid hereunder on a pro- rated basis based on the remaining period in the Term. This Warranty does not apply if Customer or any third party changes or modifies the Software without the written authorization of Quicket or if the defect is caused by use of the Software with third party software or hardware not supplied, supported, recommended or approved by Quicket for use with the Software. Customer will have access to all Documentation related to the Quicket Solutions Software and Services as set forth in the purchase order. The Documentation will describe the functionality and capabilities of the Quicket Solutions Software and Services including without limitation material information required for installation, implementation and support of the same. 9.2 Service Level Agreement. During the Term, the Quicket Solutions Software and Services shall be available for use in accordance with the Service Level Agreement (“SLA”), at Appendix 5 attached hereto. 9.3 Professional Services Performance Warranty. Quicket further warrants that Professional Services supplied hereunder, or under any future SOW or Schedule, shall be supplied in a professional and workman-like manner consistent with general industry standards reasonably applicable to the Professional Services to be provided. All personnel performing Professional Services under this Agreement or any subsequent agreement will be sufficiently trained and knowledgeable to perform the services required, and shall meet any and all requirements necessary to perform Professional Services that are to be provided by Quicket to the Customer. 9.4 Title Warranty and Indemnity from Quicket. Quicket represents and warrants that it has full legal power and authority to grant the License, provide the Quicket Solutions Software and Services, and (if applicable) the Professional Services Deliverables under this Agreement and any subsequent agreement to the Customer. If a claim is made or an action brought that the Professional Services Deliverables, Software or the Quicket Solutions Software and Services (or any component thereof) infringes a third party Intellectual Property Right, then DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 Software by Customer, authorized Users to whom it makes the Software available, and shall not reproduce on any copies of Software, and not cause or direct the removal of any titles, trademarks, copyright and other proprietary or restrictive legends or notices. 8.2 Customer Ownership. As between Quicket and Customer, all devices (other than Equipment), Customer and other data submitted to the Quicket Solutions Software and Services by Customer (“Customer Data”) in the course of using the Quicket Solutions Software and Services, is owned by Customer and shall be considered by Quicket as Customer’s Confidential Information, together with any related documentation, copies, modifications and derivatives of the foregoing and all related Intellectual Property rights in the foregoing. Unless it receives Customer's prior written consent, Quicket will not access or use any Customer Data other than as necessary to accomplish the services to be provided by Quicket. There are no implied rights. Quicket shall not (i) use, disclose or provide to any other person any Customer Data or other related Customer documentation (or any modifications or derivatives thereof) or any other confidential or non-public information related to Customer or Customer’s activities, (ii) attempt to or knowingly permit others to attempt to alter, reverse engineer, disassemble, decompile, decipher or otherwise decrypt or discover Customer Data or any Customer Confidential Information, or (iii) modify any Customer Data without prior express written consent from Customer. Quicket shall take all commercially reasonable precautions to prevent unauthorized or improper use or disclosure of the Customer Data by Quicket or its employees. 8.3 Confidentiality. (a) "Confidential Information" means non- public information marked "confidential" or "proprietary", or that otherwise should be understood by a reasonable person to be confidential in nature, provided by a party or on its behalf to the other party to this Agreement. All terms of this Agreement, including but not limited to fees and expenses, are subject to public disclosure pursuant to the Colorado Open Records Act CRS §§ 24-72-200.1 (CORA). Customer Confidential Information includes, but is not limited to, all Customer Data and other related Customer documentation (or any modifications or derivatives thereof) and any other confidential or non-public information related to Customer’s activities. Quicket Confidential Information includes, but is not limited to, the Software, Quicket- owned Professional Services Deliverables, financial information, product features, product roadmap and other non-public information regarding Quicket’s business and products. Confidential Information does not include any information which is or becomes publicly available through no fault of the receiving party; is independently developed by the receiving party without use of the disclosing party’s confidential and/or non-public information; or is rightfully obtained without restriction on disclosure through a chain of parties not originating in the breach of any obligation to the disclosing party. (b) Each party agrees to: (i) use Confidential Information of the other party only as permitted under this Agreement or as requested or directed by a party to this Agreement and (ii) protect the Confidential Information using reasonable measures commensurate with those that the receiving party employs for the protection of corresponding sensitive information of its own, but in any event no less than reasonable care. Without the other party's prior written consent, each party may disclose Confidential Information to (A) its employees who reasonably require access to such Confidential DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 Equipment provided to Customer under the terms of this Agreement. 4. MAINTENANCE AND SUPPORT SERVICES; UPDATES AND UPGRADES. (a) Maintenance and support services are included in the Quicket Solutions Software and Services subscription fees and are provided in accordance with Quicket’s then current Technical Support Policy which shall be made available on the Quicket Customer Support portal. The current version of the Quicket Solutions Technical Support Policy is attached as Appendix 2 (the “Support Policy”). Such Support Policy may be amended from time to time by prior written notice (via e-mail, support portal notifications or other available mass communication method, as reasonably determined by Quicket) provided that the Support Policy will not be amended or revised in any manner that results in any material diminution of any maintenance or support during the Term. (b) Quicket will provide Updates and Upgrades to the Quicket Solutions Software and Services, if and when they are developed, tested and ready for delivery. Updates and Upgrades will be provided without additional charge to the Customer. (c) Maintenance, repair and warranty service obligations and procedures pertaining to Equipment are set forth on Appendix 4. (d) Notwithstanding anything to the contrary set forth in this Agreement, Updates and Upgrades do not, and shall not be deemed to include the provision of additional services, programs, modules or other expansion of services beyond those to which the Customer has subscribed. Any additional services, programs, modules or other expansion of services shall be included under this Agreement upon execution by the parties of an amendment in accordance with Section 12.4 below. 5. PROFESSIONAL SERVICES. Quicket shall supply Professional Services, as specified in a Schedule and/or a statement of work (“SOW”). The terms for the provision of Professional Services (if applicable) are outlined in Appendix 3. Quicket may subcontract Professional Services to third parties, with prior written notice to and the written consent of Customer, provided that Quicket shall remain solely and exclusively DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 can easily be auto- populated to a citation or crash report. 2. The ability to use a magnetic reader or scanner that will auto-populate information into the report when users are not connected to CAD or have an internet connection. Yes As stated above in the citation portion of this document. Service Provider has several different ways to auto populate information. Some options are magnetic reader, scanner, and OCR. All three options are available DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350 and RW420 models among others. Yes Service Provider utilizes Zebra Technologies with most of our deployments throughout the US. Our most popular model DocuSign Envelope ID: AE6D80A8-8AAB-4E26-826E-548E291E7350