The URL can be used to link to this page

Home My WebLink AboutAgreement A-24-049 with SHI International Corp..pdf I DocuSign Envelope ID:A3D8E8EE-E392-4461-B8C0-7F943467534D Agreement No. 24-049 1 SERVICE AGREEMENT 2 This Service Agreement ("Agreement") is dated January 23, 2024 and is between 3 SHI International Corp, a New Jersey corporation ("Contractor"), and the County of Fresno, a 4 political subdivision of the State of California ("County") (hereinafter collectively referred to as "the Parties," or individually as a "Party"). 5 Recitals 6 A. The County has a need for continued subscription to the CrowdStrike cybersecurity 7 software products and services from a third-party reseller. 8 B. On September 27, 2023, the County issued a Request for Quotation (RFQ) No. 24-017 9 for CrowdStrike software, which closed on October 10, 2023. 10 C. Two (2) Contractors submitted a responsive bid to the RFQ ("Response"). The County 11 evaluated each Contractor's response to the RFQ and Contractor SHI was selected due to 12 being the lowest bidder and meeting the needs set forth in the RFQ. 13 D. The County desires to enter into an agreement with the Contractor, in order to provide 14 the County's needs for CrowdStrike's cybersecurity software products and services, pursuant to 15 the terms and conditions of this Agreement. 16 The parties therefore agree as follows: 17 Article 1 18 Contractor's Services 19 1.1 Scope of Services. The Contractor shall perform all of the services provided in 20 Exhibit A to this Agreement, titled "Scope of Services." 21 1.2 Representation. The Contractor represents that it is qualified, ready, willing, and 22 able to perform all of the services provided in this Agreement. 23 1.3 Compliance with Laws. The Contractor shall, at its own cost, comply with all 24 applicable federal, state, and local laws and regulations in the performance of its obligations 25 under this Agreement, including but not limited to workers compensation, labor, and 26 confidentiality laws and regulations. 27 1.4 License Term. The term of the Software license (as defined in Exhibit A) is 28 perpetual. However, the County shall be entitled to Software updates, upgrades, 1 I DocuSign Envelope ID:A3D8E8EE-E392-4461-B8C0-7F943467534D 1 enhancements, new versions, bug fixes, other improvements to the Software, as and when 2 released by the Contractor to the Contractor's customers, and access to the Software, and to 3 technical assistance relating to the Software, for the Term described in this Agreement. The 4 Contractor hereby grants to the County, at no additional cost, a royalty-free, perpetual non- 5 transferable license to use the Contractor's Products and Services (as identified in Exhibit A). 6 Article 2 7 County's Responsibilities 8 2.1 The County appoints the Director of Internal Services/Chief Information Officer 9 ("Director"), or his or her designee, as the County's Contract Administrator with full authority to 10 deal with the Contractor in all matters concerning this Agreement. 11 Article 3 12 Compensation, Invoices, and Payments 13 3.1 The County agrees to pay, and the Contractor agrees to receive, compensation for 14 the performance of its services under this Agreement as described in Exhibit A. The maximum 15 compensation payable to the Contractor under this Agreement is $2,121,000.00 for the five-year 16 term for the CrowdStrike products and services as listed in Exhibit A, with the compensation per 17 year being approximately $401,111.44. 18 3.2 The Contractor acknowledges that the County is a local government entity, and does 19 so with notice that the County's powers are limited by the California Constitution and by State 20 law, and with notice that the Contractor may receive compensation under this Agreement only 21 22 for services performed according to the terms of this Agreement and while this Agreement is in effect, and subject to the maximum amount payable under this section. The Contractor further 23 acknowledges that County employees have no authority to pay the Contractor except as 24 expressly provided in this Agreement. 25 3.3 Invoices. The Contractor shall submit monthly invoices referencing the provided 26 agreement number to the County of Fresno, Internal Services Department, Attention: Business 27 Office, 333 W. Pontiac Way, Clovis, CA 93612, 3da -ar fresnocountya.-gov. The Contractor 28 shall submit each invoice within 60 days after the month in which the Contractor performs 2 I DocuSign Envelope ID:A3D8E8EE-E392-4461-B8C0-7F943467534D 1 services and in any case within 60 days after the end of the term or termination of this 2 Agreement. 3 3.4 Payment. The County shall pay each correctly completed and timely submitted 4 invoice within 45 days after receipt. The County shall remit any payment to the Contractor's 5 address specified in the invoice. 6 3.5 Incidental Expenses. The Contractor is solely responsible for all of its costs and 7 expenses that are not specified as payable by the County under this Agreement. 8 Article 4 9 Term of Agreement 10 4.1 Term. This Agreement is effective as of the date listed above and terminates five 11 years after that date, except as provided in Article 6, "Termination and Suspension," below. 12 Article 5 13 Notices 14 5.1 Contact Information. The persons and their addresses having authority to give and 15 receive notices provided for or permitted under this Agreement include the following: 16 For the County: 17 Director of Internal Services/Chief Information Officer County of Fresno 18 333 W. Pontiac Way Clovis, CA 93612 19 isdcontrartcnfresnocountyca.gov 20 For the Contractor: Contracts Department 21 SHI International Corp 290 Davidson Ave 22 Somerset, NJ 08873 Contracts@SHI.com 23 5.2 Change of Contact Information. Either party may change the information in section 24 5.1 by giving notice as provided in section 5.3. 25 5.3 Method of Delivery. Each notice between the County and the Contractor provided 26 for or permitted under this Agreement must be in writing, state that it is a notice provided under 27 this Agreement, and be delivered either by personal service, by first-class United States mail, by 28 3 I DocuSign Envelope ID:A3D8E8EE-E392-4461-B8C0-7F943467534D 1 an overnight commercial courier service, or by Portable Document Format (PDF) document 2 attached to an email. 3 (A) A notice delivered by personal service is effective upon service to the recipient. 4 (B) A notice delivered by first-class United States mail is effective three County 5 business days after deposit in the United States mail, postage prepaid, addressed to the 6 recipient. 7 (C)A notice delivered by an overnight commercial courier service is effective one 8 County business day after deposit with the overnight commercial courier service, 9 delivery fees prepaid, with delivery instructions given for next day delivery, addressed to 10 the recipient. 11 (D)A notice delivered by PDF document attached to an email is effective when 12 transmission to the recipient is completed (but, if such transmission is completed outside 13 of County business hours, then such delivery is deemed to be effective at the next 14 beginning of a County business day), provided that the sender maintains a machine 15 record of the completed transmission. 16 5.4 Claims Presentation. For all claims arising from or related to this Agreement, 17 nothing in this Agreement establishes, waives, or modifies any claims presentation 18 requirements or procedures provided by law, including the Government Claims Act (Division 3.6 19 of Title 1 of the Government Code, beginning with section 810). 20 Article 6 21 Termination and Suspension 22 6.1 Termination for Non-Allocation of Funds. The terms of this Agreement are 23 contingent on the approval of funds by the appropriating government agency. If sufficient funds 24 are not allocated, then the County, upon at least 30 days' advance written notice to the 25 Contractor, may: 26 (A) Modify the services provided by the Contractor under this Agreement; or 27 (B) Terminate this Agreement. 28 6.2 Termination for Breach. 4 I DocuSign Envelope ID:A3D8E8EE-E392-4461-B8C0-7F943467534D 1 (A) Upon determining that a breach (as defined in paragraph (C) below) has 2 occurred, the County may give written notice of the breach to the Contractor. The written 3 notice may suspend performance under this Agreement, and must provide at least 30 4 days for the Contractor to cure the breach. 5 (B) If the Contractor fails to cure the breach to the County's satisfaction within the 6 time stated in the written notice, the County may terminate this Agreement immediately. 7 (C) For purposes of this section, a breach occurs when, in the determination of the 8 County, the Contractor has: 9 (1) Obtained or used funds illegally or improperly; 10 (2) Failed to comply with any part of this Agreement; 11 (3) Submitted a substantially incorrect or incomplete report to the County; or 12 (4) Improperly performed any of its obligations under this Agreement. 13 6.3 Termination without Cause. In circumstances other than those set forth above, 14 either Party may terminate this Agreement by giving at least 30 days advance written notice to 15 the Contractor. 16 6.4 No Penalty or Further Obligation. Any termination of this Agreement by the County 17 under this Article 6 is without penalty to or further obligation of the County. 18 6.5 County's Rights upon Termination. Upon termination for breach under this Article 19 6, the County may demand repayment by the Contractor of any monies disbursed to the 20 Contractor under this Agreement that, in the County's sole judgment, were not expended in 21 compliance with this Agreement. The Contractor shall promptly refund all such monies upon 22 demand. This section survives the termination of this Agreement. 23 Article 7 24 Independent Contractor 25 7.1 Status. In performing under this Agreement, the Contractor, including its officers, 26 agents, employees, and volunteers, is at all times acting and performing as an independent 27 contractor, in an independent capacity, and not as an officer, agent, servant, employee, joint 28 venturer, partner, or associate of the County. 5 I DocuSign Envelope ID:A3D8E8EE-E392-4461-B8C0-7F943467534D 1 7.2 Verifying Performance. The County has no right to control, supervise, or direct the 2 manner or method of the Contractor's performance under this Agreement, but the County may 3 verify that the Contractor is performing according to the terms of this Agreement. 4 7.3 Benefits. Because of its status as an independent contractor, the Contractor has no 5 right to employment rights or benefits available to County employees. The Contractor is solely 6 responsible for providing to its own employees all employee benefits required by law. The 7 Contractor shall save the County harmless from all matters relating to the payment of the 8 Contractor's employees, including compliance with Social Security withholding and all related 9 regulations. 10 7.4 Services to Others. The parties acknowledge that, during the term of this 11 Agreement, the Contractor may provide services to others unrelated to the County. 12 Article 8 13 Indemnity and Defense 14 8.1 Indemnity. Both Parties shall indemnify and hold harmless and defend the other 15 Party (including its officers, agents, employees, and volunteers) against all third-party claims, 16 demands, injuries, damages, costs, expenses (including attorney fees and costs), fines, 17 penalties, and liabilities of any kind to the County, the Contractor, or any third party that arise 18 from any actual or alleged negligent or wrongful acts or omissions of the County (including its 19 officers, agents, employees, and volunteers) or Contractor (or any of its officers, agents, or 20 employees) in performing or failing to perform under this Agreement. Either Party may conduct 21 or participate in its own defense without affecting the other Party's obligation to indemnify and 22 hold harmless or defend the indemnified Party. 23 8.2 Survival. This Article 8 survives the termination of this Agreement. 24 Article 9 25 Insurance 26 9.1 The Contractor shall comply with all the insurance requirements in Exhibit D to this 27 Agreement. 28 6 I DocuSign Envelope ID:A3D8E8EE-E392-4461-B8C0-7F943467534D 1 Article 10 2 Inspections, Audits, and Public Records 3 10.1 Inspection of Documents. The Contractor shall make available to the County, and 4 the County may examine at any time during business hours and as often as the County deems 5 necessary, all of the Contractor's records and data with respect to the matters covered by this 6 Agreement, excluding attorney-client privileged communications. The Contractor shall, upon 7 request by the County, permit the County to audit and inspect all of such records and data to 8 ensure the Contractor's compliance with the terms of this Agreement. 9 10.2 State Audit Requirements. If the compensation to be paid by the County under this 10 Agreement exceeds $10,000, the Contractor is subject to the examination and audit of the 11 California State Auditor, as provided in Government Code section 8546.7, for a period of three 12 years after final payment under this Agreement. This section survives the termination of this 13 Agreement. 14 10.3 Public Records. The County is not limited in any manner with respect to its public 15 disclosure of this Agreement or any record or data that the Contractor may provide to the 16 County. The County's public disclosure of this Agreement or any record or data that the 17 Contractor may provide to the County may include but is not limited to the following: 18 (A) The County may voluntarily, or upon request by any member of the public or 19 governmental agency, disclose this Agreement to the public or such governmental 20 agency. 21 (B) The County may voluntarily, or upon request by any member of the public or 22 governmental agency, disclose to the public or such governmental agency any record or 23 data that the Contractor may provide to the County, unless such disclosure is prohibited 24 by court order. 25 (C)This Agreement, and any record or data that the Contractor may provide to the 26 County, is subject to public disclosure under the Ralph M. Brown Act (California 27 Government Code, Title 5, Division 2, Part 1, Chapter 9, beginning with section 54950). 28 7 I DocuSign Envelope ID:A3D8E8EE-E392-4461-B8C0-7F943467534D 1 (D) This Agreement, and any record or data that the Contractor may provide to the 2 County, is subject to public disclosure as a public record under the California Public 3 Records Act (California Government Code, Title 1, Division 10, Chapter 3, beginning 4 with section 7920.200) ("CPRA"). 5 (E) This Agreement, and any record or data that the Contractor may provide to the 6 County, is subject to public disclosure as information concerning the conduct of the 7 people's business of the State of California under California Constitution, Article 1, 8 section 3, subdivision (b). 9 (F) Any marking of confidentiality or restricted access upon or otherwise made with 10 respect to any record or data that the Contractor may provide to the County shall be 11 disregarded and have no effect on the County's right or duty to disclose to the public or 12 governmental agency any such record or data. 13 10.4 Public Records Act Requests. If the County receives a written or oral request 14 under the CPRA to publicly disclose any record that is in the Contractor's possession or control, 15 and which the County has a right, under any provision of this Agreement or applicable law, to 16 possess or control, then the County may demand, in writing, that the Contractor deliver to the 17 County, for purposes of public disclosure, the requested records that may be in the possession 18 or control of the Contractor. Within five business days after the County's demand, the 19 Contractor shall (a) deliver to the County all of the requested records that are in the Contractor's 20 possession or control, together with a written statement that the Contractor, after conducting a 21 diligent search, has produced all requested records that are in the Contractor's possession or 22 control, or (b) provide to the County a written statement that the Contractor, after conducting a 23 diligent search, does not possess or control any of the requested records. The Contractor shall 24 cooperate with the County with respect to any County demand for such records. If the 25 Contractor wishes to assert that any specific record or data is exempt from disclosure under the 26 CPRA or other applicable law, it must deliver the record or data to the County and assert the 27 exemption by citation to specific legal authority within the written statement that it provides to 28 the County under this section. The Contractor's assertion of any exemption from disclosure is 8 I DocuSign Envelope ID:A3D8E8EE-E392-4461-B8C0-7F943467534D 1 not binding on the County, but the County will give at least 10 days' advance written notice to 2 the Contractor before disclosing any record subject to the Contractor's assertion of exemption 3 from disclosure. The Contractor shall indemnify the County for any court-ordered award of costs 4 or attorney's fees under the CPRA that results from the Contractor's delay, claim of exemption, 5 failure to produce any such records, or failure to cooperate with the County with respect to any 6 County demand for any such records. 7 Article 11 8 Disclosure of Self-Dealing Transactions 9 11.1 Applicability. This Article 11 applies if the Contractor is operating as a corporation, 10 or changes its status to operate as a corporation. 11 11.2 Duty to Disclose. If any member of the Contractor's board of directors is party to a 12 self-dealing transaction, he or she shall disclose the transaction by completing and signing a 13 "Self-Dealing Transaction Disclosure Form" (Exhibit C to this Agreement) and submitting it to 14 the County before commencing the transaction or immediately after. 15 11.3 Definition. "Self-dealing transaction" means a transaction to which the Contractor is 16 a party and in which one or more of its directors, as an individual, has a material financial 17 interest. 18 Article 12 19 General Terms 20 12.1 Modification. Except as provided in Article 6, "Termination and Suspension," this 21 Agreement may not be modified, and no waiver is effective, except by written agreement signed 22 by both parties. The Contractor acknowledges that County employees have no authority to 23 modify this Agreement except as expressly provided in this Agreement. 24 12.2 Non-Assignment. Neither party may assign its rights or delegate its obligations 25 under this Agreement without the prior written consent of the other party. 26 12.3 Governing Law. The laws of the State of California govern all matters arising from 27 or related to this Agreement. 28 9 I DocuSign Envelope ID:A3D8E8EE-E392-4461-B8C0-7F943467534D 1 12.4 Jurisdiction and Venue. This Agreement is signed and performed in Fresno 2 County, California. The Contractor consents to California jurisdiction for actions arising from or 3 related to this Agreement, and, subject to the Government Claims Act, all such actions must be 4 brought and maintained in Fresno County. 5 12.5 Construction. The final form of this Agreement is the result of the parties' combined 6 efforts. If anything in this Agreement is found by a court of competent jurisdiction to be 7 ambiguous, that ambiguity shall not be resolved by construing the terms of this Agreement 8 against either party. 9 12.6 Days. Unless otherwise specified, "days" means calendar days. 10 12.7 Headings. The headings and section titles in this Agreement are for convenience 11 only and are not part of this Agreement. 12 12.8 Severability. If anything in this Agreement is found by a court of competent 13 jurisdiction to be unlawful or otherwise unenforceable, the balance of this Agreement remains in 14 effect, and the parties shall make best efforts to replace the unlawful or unenforceable part of 15 this Agreement with lawful and enforceable terms intended to accomplish the parties' original 16 intent. 17 12.9 Nondiscrimination. During the performance of this Agreement, the Contractor shall 18 not unlawfully discriminate against any employee or applicant for employment, or recipient of 19 services, because of race, religious creed, color, national origin, ancestry, physical disability, 20 mental disability, medical condition, genetic information, marital status, sex, gender, gender 21 identity, gender expression, age, sexual orientation, military status or veteran status pursuant to 22 all applicable State of California and federal statutes and regulation. 23 12.10 No Waiver. Payment, waiver, or discharge by the County of any liability or obligation 24 of the Contractor under this Agreement on any one or more occasions is not a waiver of 25 performance of any continuing or other obligation of the Contractor and does not prohibit 26 enforcement by the County of any obligation on any other occasion. 27 12.11 Entire Agreement. This Agreement, including its exhibits, is the entire agreement 28 between the Contractor and the County with respect to the subject matter of this Agreement, 10 I DocuSign Envelope ID:A3D8E8EE-E392-4461-B8C0-7F943467534D 1 and it supersedes all previous negotiations, proposals, commitments, writings, advertisements, 2 publications, and understandings of any nature unless those things are expressly included in 3 this Agreement. If there is any inconsistency between the terms of this Agreement without its 4 exhibits and the terms of the exhibits, then the inconsistency will be resolved by giving 5 precedence first to the terms of this Agreement without its exhibits, and then to the terms of the 6 exhibits. 7 12.12 No Third-Party Beneficiaries. This Agreement does not and is not intended to 8 create any rights or obligations for any person or entity except for the parties. 9 12.13 Authorized Signature. The Contractor represents and warrants to the County that: 10 (A) The Contractor is duly authorized and empowered to sign and perform its 11 obligations under this Agreement. 12 (B) The individual signing this Agreement on behalf of the Contractor is duly 13 authorized to do so and his or her signature on this Agreement legally binds the 14 Contractor to the terms of this Agreement. 15 12.14 Electronic Signatures. The parties agree that this Agreement may be executed by 16 electronic signature as provided in this section. 17 (A) An "electronic signature" means any symbol or process intended by an individual 18 signing this Agreement to represent their signature, including but not limited to (1) a 19 digital signature; (2) a faxed version of an original handwritten signature; or (3) an 20 electronically scanned and transmitted (for example by PDF document) version of an 21 original handwritten signature. 22 (B) Each electronic signature affixed or attached to this Agreement (1) is deemed 23 equivalent to a valid original handwritten signature of the person signing this Agreement 24 for all purposes, including but not limited to evidentiary proof in any administrative or 25 judicial proceeding, and (2) has the same force and effect as the valid original 26 handwritten signature of that person. 27 28 11 I DocuSign Envelope ID:A3D8E8EE-E392-4461-B8C0-7F943467534D 1 (C) The provisions of this section satisfy the requirements of Civil Code section 2 1633.5, subdivision (b), in the Uniform Electronic Transaction Act (Civil Code, Division 3, 3 Part 2, Title 2.5, beginning with section 1633.1). 4 (D) Each party using a digital signature represents that it has undertaken and 5 satisfied the requirements of Government Code section 16.5, subdivision (a), 6 paragraphs (1) through (5), and agrees that each other party may rely upon that 7 representation. 8 (E) This Agreement is not conditioned upon the parties conducting the transactions 9 under it by electronic means and either party may sign this Agreement with an original 10 handwritten signature. 11 12.15 Counterparts. This Agreement may be signed in counterparts, each of which is an 12 original, and all of which together constitute this Agreement. 13 Agent for Service of Process. The Contractor represents to the County that the 14 Contractor's agent for service of process in California, and that such agent's address for 15 receiving such service of process in California, which information the Contractor shall maintain 16 with the office of the California Secretary of State, is as follows: CSC - LAWYERS 17 INCORPORATING SERVICE 18 1505 Corporation 19 CT Corporation System 20 330 N. Brand Blvd 21 Glendale, CA 91203 22 The Contractor further represents to the County that if the Contractor changes its agent for 23 service of process in California, or the Contractor's agent for service of process in California 24 changes its address for receiving such service of process in California, which changed 25 information the Contractor shall maintain with the office of the California Secretary of State, the 26 Contractor shall give the County written notice thereof within five (5) calendar days thereof 27 pursuant to Article 5. 28 12 I DocuSign Envelope ID:A3D8E8EE-E392-4461-B8C0-7F943467534D 1 [SIGNATURE PAGE FOLLOWS] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 13 ii DocuSign Envelope ID:A3D8E8EE-E392-4461-B8C0-7F943467534D 1 The parties are signing this Agreement on the date stated in the introductory clause. 2 SHI International Corp COUNTY OF FRESNO 3 DocuSigned by: 4 �a QWaS 5 Darek Awas, Manager-Contracts Nathan Magsig, Chairman of the Board of 6 290 Davidson Ave Supervisors of the County of Fresno Somerset, NJ 08873 Attest: 7 Bernice E. Seidel Clerk of the Board of Supervisors 8 County of Fresno, State of California 9 By: 10 Deputy 11 For accounting use only: 12 Org No.: 8905 Account No.: 7309 13 Fund No.: 1020 Subclass No.: 10000 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 14 I DocuSign Envelope ID:A3D8E8EE-E392-4461-B8C0-7F943467534D Exhibit A 1 Scope of Services 2 The Contractor shall be compensated for the CrowdStrike cybersecurity products and 3 services under this Agreement as identified below, in this Exhibit A. The Contractor is not 4 entitled to any compensation except as expressly provided in this Exhibit A. 5 6 Product Name Quantity Year 1-Year 5 Total Cost 7 Falcon Endpoint Protection Premium Flexible Bundle 8 Tier 10 8300 $140,104.00 $700,520.00 9 Prevent, Discover, and Insight Software 8300 $0.00 $0.00 10 Threat Graph Standard 7700 $54,747.00 $273,735.00 11 Essential Support 1 $43,038.44 $215,192.20 CrowdStrike Falcon 12 Intelligence Bundle Promo 13 Tier 10 8300 $48,970.00 $244,850.00 Server Threat Graph 14 Standard 600 $13,416.00 $67,080.00 15 University LMS Subscription 16 Customer Access Pass 20 $0.00 $0.00 17 Falcon Identity Threat 7500 $66,225.00 $331,125.00 Falcon Device Control Tier 18 10 8300 $34,611.00 $173,055.00 19 Total $401,111.44 $2,005,557.20 20 21 22 23 24 25 26 27 28 A-1 ii DocuSign Envelope ID:A3D8E8EE-E392-4461-B8C0-7F943467534D Exhibit B 1 Data Security 2 A. Definitions. 3 Capitalized terms used in this Exhibit B have the meanings set forth in this section A. 4 "Authorized Employees" means the Contractor's employees who have access to 5 Personal Information. 6 "Authorized Persons" means: (i) any and all Authorized Employees; and (ii) any and all of 7 the Contractor's subcontractors, representatives, agents, outsourcers, and consultants, and 8 providers of professional services to the Contractor, who have access to Personal Information and 9 are bound by law or in writing by confidentiality obligations sufficient to protect Personal Information 10 in accordance with the terms of this Exhibit B. 11 "Director" means the County's Director of Internal Services/Chief Information Officer or his 12 or her designee. 13 "Disclose" or any derivative of that word means to disclose, release, transfer, disseminate, 14 or otherwise provide access to or communicate all or any part of any Personal Information orally, in 15 writing, or by electronic or any other means to any person. 16 "Person" means any natural person, corporation, partnership, limited liability company, 17 firm, or association. 18 "Personal Information" means any and all information, including any data provided, or to 19 which access is provided, to the Contractor by or upon the authorization of the County, including 20 but not limited to vital records, that: (i) identifies, describes, or relates to, or is associated with, or is 21 capable of being used to identify, describe, or relate to, or associate with, a person (including, 22 without limitation, names, physical descriptions, signatures, addresses, telephone numbers, e-mail 23 addresses, education, financial matters, employment history, and other unique identifiers, as well 24 as statements made by or attributable to the person); (ii) is used or is capable of being used to 25 authenticate a person (including, without limitation, employee identification numbers, government- 26 issued identification numbers, passwords or personal identification numbers (PINs), financial 27 account numbers, credit report information, answers to security questions, and other personal 28 identifiers); or is personal information within the meaning of California Civil Code section 1798.3, B-1 I DocuSign Envelope ID:A3D8E8EE-E392-4461-B8C0-7F943467534D Exhibit B 1 subdivision (a), or 1798.80, subdivision (e). Personal Information does not include publicly 2 available information that is lawfully made available to the general public from federal, state, or 3 local government records. 4 "Privacy Practices Complaint" means a complaint received by the County relating to the 5 Contractor's (or any Authorized Person's) privacy practices, or alleging a Security Breach. Such 6 complaint shall have sufficient detail to enable the Contractor to promptly investigate and take 7 remedial action under this Exhibit B. 8 "Security Safeguards" means physical, technical, administrative or organizational security 9 procedures and practices put in place by the Contractor(or any Authorized Persons)that relate to 10 the protection of the security, confidentiality, value, or integrity of Personal Information. Security 11 Safeguards shall satisfy the minimal requirements set forth in subsection C.(5) of this Exhibit B. 12 "Security Breach" means (i) any act or omission that compromises either the security, 13 confidentiality, value, or integrity of any Personal Information or the Security Safeguards, or(ii) any 14 unauthorized Use, Disclosure, or modification of, or any loss or destruction of, or any corruption of 15 or damage to, any Personal Information. 16 "Use" or any derivative thereof means to receive, acquire, collect, apply, manipulate, 17 employ, process, transmit, disseminate, access, store, disclose, or dispose of Personal 18 Information. 19 B. Standard of Care. 20 (1)The Contractor acknowledges that, in the course of its engagement by the County 21 under this Agreement, the Contractor, or any Authorized Persons, may Use Personal Information 22 only as permitted in this Agreement. 23 (2)The Contractor acknowledges that Personal Information is deemed to be confidential 24 information of, or owned by, the County (or persons from whom the County receives or has 25 received Personal Information) and is not confidential information of, or owned or by, the 26 Contractor, or any Authorized Persons. The Contractor further acknowledges that all right, title, and 27 interest in or to the Personal Information remains in the County (or persons from whom the County 28 receives or has received Personal Information) regardless of the Contractor's, or any Authorized B-2 I DocuSign Envelope ID:A3D8E8EE-E392-4461-B8C0-7F943467534D Exhibit B 1 Person's, Use of that Personal Information. 2 (3) The Contractor agrees and covenants in favor of the County that the Contractor shall: (i) 3 keep and maintain all Personal Information in strict confidence, using such degree of care under 4 this Subsection B as is reasonable and appropriate to avoid a Security Breach; (ii) Use Personal 5 Information exclusively for the purposes for which the Personal Information is made accessible to 6 the Contractor pursuant to the terms of this Exhibit B; (iii) not Use, Disclose, sell, rent, license, or 7 otherwise make available Personal Information for the Contractor's own purposes or for the benefit 8 of anyone other than the County, without the County's express prior written consent, which the 9 County may give or withhold in its sole and absolute discretion; and (iv) not, directly or indirectly, 10 Disclose Personal Information to any person (an "Unauthorized Third Party") other than Authorized 11 Persons pursuant to this Agreement, without the Director's express prior written consent. 12 Notwithstanding the foregoing paragraph, in any case in which the Contractor believes it, or 13 any Authorized Person, is required to disclose Personal Information to government regulatory 14 authorities, or pursuant to a legal proceeding, or otherwise as may be required by applicable law, 15 the Contractor shall (a) immediately notify the County of the specific demand for, and legal 16 authority for the disclosure, including providing the County with a copy of any notice, discovery 17 demand, subpoena, or order, as applicable, received by the Contractor, or any Authorized Person, 18 from any government regulatory authorities, or in relation to any legal proceeding, and (b) promptly 19 notify the County before such Personal Information is offered by the Contractor for such disclosure 20 so that the County may have sufficient time to obtain a court order or take any other action the 21 County may deem necessary to protect the Personal Information from such disclosure, and the 22 Contractor shall cooperate with the County to minimize the scope of such disclosure of such 23 Personal Information. 24 The Contractor shall remain liable to the County for the actions and omissions of any 25 Unauthorized Third Party concerning its Use of such Personal Information as if they were the 26 Contractor's own actions and omissions. 27 C. Information Security. 28 (1) The Contractor covenants, represents and warrants to the County that the Contractor's B-3 I DocuSign Envelope ID:A3D8E8EE-E392-4461-B8C0-7F943467534D Exhibit B 1 Use of Personal Information under this Agreement does and shall at all times comply with all 2 federal, state, and local, privacy and data protection laws, as well as all other applicable regulations 3 and directives, including but not limited to California Civil Code, Division 3, Part 4, Title 1.81 4 (beginning with section 1798.80), and the Song-Beverly Credit Card Act of 1971 (California Civil 5 Code, Division 3, Part 4, Title 1.3, beginning with section 1747). If the Contractor Uses credit, debit, 6 or other payment cardholder information, the Contractor shall at all times remain in compliance with 7 the Payment Card Industry Data Security Standard ("PCI DSS") requirements, including remaining 8 aware at all times of changes to the PCI DSS and promptly implementing and maintaining all 9 procedures and practices as may be necessary to remain in compliance with the PCI DSS, in each 10 case, at the Contractor's sole cost and expense. 11 (2)The Contractor covenants, represents and warrants to the County that, as of the 12 Effective Date, the Contractor has not received notice of any violation of any privacy or data 13 protection laws, as well as any other applicable regulations or directives, and is not the subject of 14 any pending legal action or investigation by, any government regulatory authority regarding same. 15 (3) Without limiting the Contractor's obligations under subsection C.(1) of this Exhibit B, the 16 Contractor's (or Authorized Person's) Security Safeguards shall be no less rigorous than accepted 17 industry practices and, at a minimum, include the following: (i) limiting Use of Personal Information 18 strictly to the Contractor's and Authorized Persons' technical and administrative personnel who are 19 necessary for the Contractor's, or Authorized Persons', Use of the Personal Information pursuant 20 to this Agreement; (ii) ensuring that all of the Contractor's connectivity to the County computing 21 systems will only be through the County's security gateways and firewalls, and only through 22 security procedures approved upon the express prior written consent of the Director; (iii) to the 23 extent that they contain or provide access to Personal Information, (a) securing the Contractor's 24 business facilities, data centers, paper files, servers, back-up systems and computing equipment, 25 operating systems, and software applications, including, but not limited to, all mobile devices and 26 other equipment, operating systems, and software applications with information storage capability; 27 (b) employing adequate controls and data security measures with respect to the Contractor 28 Facilities and Equipment), both internally and externally, to protect (1) the Personal Information B-4 I DocuSign Envelope ID:A3D8E8EE-E392-4461-B8C0-7F943467534D Exhibit B 1 from potential loss or misappropriation, or unauthorized Use, and (2)the County's operations from 2 disruption and abuse; (c) having and maintaining network, device application, database and 3 platform security; (d) maintaining authentication and access controls within media, computing 4 equipment, operating systems, and software applications; and (e) installing and maintaining in all 5 mobile, wireless, or handheld devices a secure internet connection, having continuously updated 6 anti-virus software protection and a remote wipe feature always enabled, all of which is subject to 7 express prior written consent of the Director; (iv) encrypting all Personal Information at advance 8 encryption standards of Advanced Encryption Standards (AES) of 128 bit or higher (a) stored on 9 any mobile devices, including but not limited to hard disks, portable storage devices, or remote 10 installation, or(b) transmitted over public or wireless networks (the encrypted Personal Information 11 must be subject to password or pass phrase, and be stored on a secure server and transferred by 12 means of a Virtual Private Network (VPN) connection, or another type of secure connection, all of 13 which is subject to express prior written consent of the Director); (v) strictly segregating Personal 14 Information from all other information of the Contractor, including any Authorized Person, or 15 anyone with whom the Contractor or any Authorized Person deals so that Personal Information is 16 not commingled with any other types of information; (vi) having a patch management process 17 including installation of all operating system/software vendor security patches; (vii) maintaining 18 appropriate personnel security and integrity procedures and practices, including, but not limited to, 19 conducting background checks of Authorized Employees consistent with applicable law; and (viii) 20 providing appropriate privacy and information security training to Authorized Employees. 21 (4) During the term of each Authorized Employee's employment by the Contractor, the 22 Contractor shall cause such Authorized Employees to abide strictly by the Contractor's obligations 23 under this Exhibit B. The Contractor further agrees that it shall maintain a disciplinary process to 24 address any unauthorized Use of Personal Information by any Authorized Employees. 25 (5) The Contractor shall, in a secure manner, backup daily, or more frequently if it is the 26 Contractor's practice to do so more frequently, Personal Information received from the County, and 27 the County shall have immediate, real time access, at all times, to such backups via a secure, 28 remote access connection provided by the Contractor, through the Internet. B-5 I DocuSign Envelope ID:A3D8E8EE-E392-4461-B8C0-7F943467534D Exhibit B 1 (6) The Contractor shall provide the County with the name and contact information for each 2 Authorized Employee (including such Authorized Employee's work shift, and at least one alternate 3 Authorized Employee for each Authorized Employee during such work shift)who shall serve as the 4 County's primary security contact with the Contractor and shall be available to assist the County 24 5 hours per day, seven days per week as a contact in resolving the Contractor's and any Authorized 6 Persons' obligations associated with a Security Breach or a Privacy Practices Complaint. 7 D. Security Breach Procedures. 8 (1) Promptly, and without undue delay, upon the Contractor's confirmation of a Security 9 Breach, the Contractor shall (a) notify the Director of the Security Breach, such notice to be given 10 first by telephone at the following telephone number, followed promptly by email at the following 11 email address: (559) 600-5900/incidents@fresnocountyca.gov (which telephone number and 12 email address the County may update by providing notice to the Contractor), and (b) preserve all 13 relevant evidence (and cause any affected Authorized Person to preserve all relevant evidence) 14 relating to the Security Breach. The notification shall include, to the extent reasonably possible, the 15 identification of each type and the extent of Personal Information that has been, or is reasonably 16 believed to have been, breached, including but not limited to, compromised, or subjected to 17 unauthorized Use, Disclosure, or modification, or any loss or destruction, corruption, or damage. 18 (2) Immediately following the Contractor's notification to the County of a Security Breach, 19 as provided pursuant to subsection D.(1) of this Exhibit B, the Parties shall coordinate with each 20 other to investigate the Security Breach. The Contractor agrees to fully cooperate with the County, 21 including, without limitation: (i) assisting the County in conducting any investigation; (ii) providing 22 the County with physical access to the facilities and operations affected; (iii)facilitating interviews 23 with Authorized Persons and any of the Contractor's other employees knowledgeable of the 24 matter; and (iv) making available all relevant records, logs, files, data reporting and other materials 25 required to comply with applicable law, regulation, industry standards, or as otherwise reasonably 26 required by the County. To that end, the Contractor shall, with respect to a Security Breach, be 27 solely responsible, at its cost, for all notifications required by law and regulation, and the Contractor 28 shall provide a written report of the investigation and reporting required to the Director within 30 B-6 I DocuSign Envelope ID:A3D8E8EE-E392-4461-B8C0-7F943467534D Exhibit B 1 days after the Contractor's discovery of the Security Breach. 2 (3) The County shall promptly notify the Contractor of the Director's knowledge, or 3 reasonable belief, of any Privacy Practices Complaint, and upon the Contractor's receipt of 4 notification thereof, the Contractor shall promptly address such Privacy Practices Complaint, 5 including taking any corrective action under this Exhibit B, all at the Contractor's sole expense, in 6 accordance with applicable privacy rights, laws, regulations and standards. In the event the 7 Contractor discovers a Security Breach, the Contractor shall treat the Privacy Practices Complaint 8 as a Security Breach. Within 24 hours of the Contractor's receipt of notification of such Privacy 9 Practices Complaint, the Contractor shall notify the County whether the matter is a Security 10 Breach, or otherwise has been corrected and the manner of correction, or determined not to 11 require corrective action and the reason therefor. 12 (4) The Contractor shall take prompt corrective action to respond to and remedy any 13 Security Breach and take reasonable mitigating actions, including but not limiting to, preventing any 14 reoccurrence of the Security Breach and correcting any deficiency in Security Safeguards as a 15 result of such incident, all at the Contractor's sole expense, in accordance with applicable privacy 16 rights, laws, regulations and standards. The Contractor shall reimburse the County for all 17 reasonable costs incurred by the County in responding to, and mitigating damages caused by, any 18 Security Breach, including all costs of the County incurred in relation to any litigation or other action 19 described in subsection D.(5) of this Exhibit B. to the extent applicable: (1)the cost of providing 20 affected individuals with credit monitoring services for a specific period not to exceed 12 months, to 21 the extent the incident could lead to a compromise of the data subject's credit or credit standing; (2) 22 call center support for such affected individuals for a specific period not to exceed 30 days; and (3) 23 the cost of any measures required under applicable laws. 24 E. Oversight of Security Compliance. 25 (1) The Contractor shall have and maintain a written information security policy that 26 specifies Security Safeguards appropriate to the size and complexity of the Contractor's operations 27 and the nature and scope of its activities. 28 (2) Upon the County's written request, to confirm the Contractor's compliance with this B-7 I DocuSign Envelope ID:A3D8E8EE-E392-4461-B8C0-7F943467534D Exhibit B 1 Exhibit B, as well as any applicable laws, regulations and industry standards, the Contractor grants 2 the County or, upon the County's election, a third party on the County's behalf, permission to 3 perform an assessment, audit, examination or review of all controls in the Contractor's physical and 4 technical environment in relation to all Personal Information that is Used by the Contractor pursuant 5 to this Agreement. The Contractor shall fully cooperate with such assessment, audit or 6 examination, as applicable, by providing the County or the third party on the County's behalf, 7 access to all Authorized Employees and other knowledgeable personnel, physical premises, 8 documentation, infrastructure and application software that is Used by the Contractor for Personal 9 Information pursuant to this Agreement. In addition, the Contractor shall provide the County with 10 the results of any audit by or on behalf of the Contractor that assesses the effectiveness of the 11 Contractor's information security program as relevant to the security and confidentiality of Personal 12 Information Used by the Contractor or Authorized Persons during the course of this Agreement 13 under this Exhibit B. 14 (3) The Contractor shall ensure that all Authorized Persons who Use Personal Information 15 agree to the same restrictions and conditions in this Exhibit B. that apply to the Contractor with 16 respect to such Personal Information by incorporating the relevant provisions of these provisions 17 into a valid and binding written agreement between the Contractor and such Authorized Persons, 18 or amending any written agreements to provide same. 19 F. Return or Destruction of Personal Information. 20 Upon the termination of this Agreement, the Contractor shall, and shall instruct all 21 Authorized Persons to, promptly return to the County all Personal Information, whether in written, 22 electronic or other form or media, in its possession or the possession of such Authorized Persons, 23 in a machine readable form used by the County at the time of such return, or upon the express 24 prior written consent of the Director, securely destroy all such Personal Information, and certify in 25 writing to the County that such Personal Information have been returned to the County or disposed 26 of securely, as applicable. If the Contractor is authorized to dispose of any such Personal 27 Information, as provided in this Exhibit B, such certification shall state the date, time, and manner 28 (including standard) of disposal and by whom, specifying the title of the individual. The Contractor B-8 I DocuSign Envelope ID:A3D8E8EE-E392-4461-B8C0-7F943467534D Exhibit B 1 shall comply with all reasonable directions provided by the Director with respect to the return or 2 disposal of Personal Information and copies thereof. If return or disposal of such Personal 3 Information or copies of Personal Information is not feasible, the Contractor shall notify the County 4 accordingly, specifying the reason, and continue to extend the protections of this Exhibit B to all 5 such Personal Information and copies of Personal Information. The Contractor shall not retain any 6 copy of any Personal Information after returning or disposing of Personal Information as required 7 by this section F. The Contractor's obligations under this section F survive the termination of this 8 Agreement and apply to all Personal Information that the Contractor retains if return or disposal is 9 not feasible and to all Personal Information that the Contractor may later discover. 10 G. Equitable Relief. 11 The Contractor acknowledges that any breach of its covenants or obligations set forth in 12 this Exhibit B may cause the County irreparable harm for which monetary damages would not be 13 adequate compensation and agrees that, in the event of such breach or threatened breach, the 14 County is entitled to seek equitable relief, including a restraining order, injunctive relief, specific 15 performance and any other relief that may be available from any court, in addition to any other 16 remedy to which the County may be entitled at law or in equity. Such remedies shall not be 17 deemed to be exclusive but shall be in addition to all other remedies available to the County at law 18 or in equity or under this Agreement. 19 H. Indemnification. 20 Either Party shall defend, indemnify and hold harmless the County, its officers, employees, and 21 agents, (each, a "County Indemnitee")from and against any and all, invasion of privacy, 22 information theft, and extortion, unauthorized Use, Disclosure, or modification of, or any loss or 23 destruction of, or any corruption of or damage to, applicable Personal Information, Security Breach 24 response and remedy costs, credit monitoring expenses, forfeitures, losses, damages, liabilities, 25 deficiencies, actions,judgments, interest, awards, fines, and penalties (including regulatory fines 26 and penalties), , arising out of or resulting from any third party claim or action against any County 27 Indemnitee in relation to the Contractor's, its officers, employees, or agents, or any Authorized 28 Employee's or Authorized Person's, performance or failure to perform under the Agreement or B-9 I DocuSign Envelope ID:A3D8E8EE-E392-4461-B8C0-7F943467534D Exhibit B 1 arising out of or resulting from the Contractor's failure to comply with any of its obligations under 2 this section H. The provisions of this section H do not apply to the acts or omissions of the County. 3 The provisions of this section H are cumulative to any other obligation of either Party, defend, 4 indemnify, or hold harmless any other Party Indemnity under this Agreement. The provisions of this 5 section H shall survive the termination of this Agreement. 6 I. Survival. 7 The respective rights and obligations of the Contractor and the County as stated in this 8 Exhibit B shall survive the termination of this Agreement. 9 J. No Third Party Beneficiary. 10 Nothing express or implied in the provisions of in this Exhibit B is intended to confer, nor 11 shall anything herein confer, upon any person other than the County or the Contractor and their 12 respective successors or assignees, any rights, remedies, obligations or liabilities whatsoever. 13 L. No County Warranty. 14 The County does not make any warranty or representation whether any Personal 15 Information in the Contractor's (or any Authorized Person's) possession or control, or Use by the 16 Contractor (or any Authorized Person), pursuant to the terms of this Agreement is or will be secure 17 from unauthorized Use, or a Security Breach or Privacy Practices Complaint. 18 19 20 21 22 23 24 25 26 27 28 B-10 DocuSign Envelope ID:A3D8E8EE-E392-4461-B8C0-7F943467534D Exhibit C Self-Dealing Transaction Disclosure Form In order to conduct business with the County of Fresno ("County"), members of a contractor's board of directors ("County Contractor"), must disclose any self-dealing transactions that they are a party to while providing goods, performing services, or both for the County. A self-dealing transaction is defined below: "A self-dealing transaction means a transaction to which the corporation is a party and in which one or more of its directors has a material financial interest." The definition above will be used for purposes of completing this disclosure form. Instructions (1) Enter board member's name, job title (if applicable), and date this disclosure is being made. (2) Enter the board member's company/agency name and address. (3) Describe in detail the nature of the self-dealing transaction that is being disclosed to the County. At a minimum, include a description of the following: a. The name of the agency/company with which the corporation has the transaction; and b. The nature of the material financial interest in the Corporation's transaction that the board member has. (4) Describe in detail why the self-dealing transaction is appropriate based on applicable provisions of the Corporations Code. The form must be signed by the board member that is involved in the self-dealing transaction described in Sections (3) and (4). C-1 DocuSign Envelope ID:A3D8E8EE-E392-4461-B8C0-7F943467534D Exhibit C (1) Company Board Member Information: Name: Date: Job Title: (2) Company/Agency Name and Address: (3) Disclosure (Please describe the nature of the self-dealing transaction you are a party to) (4) Explain why this self-dealing transaction is consistent with the requirements of Corporations Code § 5233 (a) (5) Authorized Signature Signature: Date: C-2 DocuSign Envelope ID:A3D8E8EE-E392-4461-B8C0-7F943467534D Exhibit D Insurance Requirements 1. Required Policies Without limiting the County's right to obtain indemnification from the Contractor or any third parties, the Contractor, at its sole expense, shall maintain in full force and effect the following insurance policies throughout the term of this Agreement. (A) Commercial General Liability. Commercial general liability insurance with limits of not less than One Million Dollars ($1,000,000) per occurrence and an annual aggregate of Two Million Dollars ($2,000,000). This policy must be issued on a per occurrence basis. Coverage must include products, completed operations, property damage, bodily injury, personal injury, and advertising injury. The Contractor shall obtain an endorsement to this policy naming the County of Fresno, its officers, agents, employees, and volunteers, individually and collectively, as additional insureds, but only insofar as the operations under this Agreement are concerned. Such coverage for additional insureds will apply as primary insurance and any other insurance, or self-insurance, maintained by the County is excess only and not contributing with insurance provided under the Contractor's policy. (B) Automobile Liability. Automobile liability insurance with limits of not less than One Million Dollars ($1,000,000) per occurrence for bodily injury and for property damages. Coverage must include any auto used in connection with this Agreement. (C)Workers Compensation. Workers compensation insurance as required by the laws of the State of California with statutory limits. (D) Employer's Liability. Employer's liability insurance with limits of not less than One Million Dollars ($1,000,000) per occurrence for bodily injury and for disease. (E) Technology Professional Liability (Errors and Omissions). Technology professional liability (errors and omissions) insurance with limits of not less than Two Million Dollars ($2,000,000) per occurrence and in the aggregate. Coverage must encompass all of the Contractor's obligations under this Agreement, including but not limited to claims involving Cyber Risks. (F) Cyber Liability. Cyber liability insurance with limits of not less than Two Million Dollars ($2,000,000) per occurrence. Coverage must include claims involving Cyber Risks. The cyber liability policy must be endorsed to cover the full replacement value of damage to, alteration of, loss of, or destruction of intangible property (including but not limited to information or data) that is in the care, custody, or control of the Contractor. Definition of Cyber Risks. "Cyber Risks" include but are not limited to (i) Security Breach, which may include Disclosure of Personal Information to an Unauthorized Third Party; (ii) data breach; (iii) breach of any of the Contractor's obligations under Exhibit B of this Agreement; (iv) system failure; (v) data recovery; (vi) failure to timely disclose data breach or Security Breach; (vii) failure to comply with privacy policy; (viii) payment card liabilities and costs; (ix) infringement of intellectual property, including but not limited to infringement of copyright, trademark, and trade dress; (x) invasion of privacy, including release of private information; (xi) information theft; (xii) damage to or destruction or alteration of electronic information; (xiii) cyber extortion; (xiv) extortion D-1 DocuSign Envelope ID:A3D8E8EE-E392-4461-B8C0-7F943467534D Exhibit D related to the Contractor's obligations under this Agreement regarding electronic information, including Personal Information; (xv)fraudulent instruction; (xvi) funds transfer fraud; (xvii) telephone fraud; (xviii) network security; (xix) data breach response costs, including Security Breach response costs; (xx) regulatory fines and penalties related to the Contractor's obligations under this Agreement regarding electronic information, including Personal Information; and (xxi) credit monitoring expenses. 2. Additional Requirements (A) Verification of Coverage. Within 30 days after the Contractor signs this Agreement, and at any time during the term of this Agreement as requested by the County's Risk Manager or the County Administrative Office, the Contractor shall deliver, or cause its broker or producer to deliver, to the County Risk Manager, at 2220 Tulare Street, 16th Floor, Fresno, California 93721, or HRRiskManagement(ab_fresnocountyca.gov, and by mail or email to the person identified to receive notices under this Agreement, certificates of insurance and endorsements for all of the coverages required under this Agreement. (i) Each insurance certificate must state that: (1) the insurance coverage has been obtained and is in full force; (2) the County, its officers, agents, employees, and volunteers are not responsible for any premiums on the policy; and (3) the Contractor has waived its right to recover from the County, its officers, agents, employees, and volunteers any amounts paid under any insurance policy required by this Agreement and that waiver does not invalidate the insurance policy. (ii) The commercial general liability insurance certificate must also state, and include an endorsement, that the County of Fresno, its officers, agents, employees, and volunteers, individually and collectively, are additional insureds insofar as the operations under this Agreement are concerned. The commercial general liability insurance certificate must also state that the coverage shall apply as primary insurance and any other insurance, or self-insurance, maintained by the County shall be excess only and not contributing with insurance provided under the Contractor's policy. (iii) The automobile liability insurance certificate must state that the policy covers any auto used in connection with this Agreement. (iv) The technology professional liability insurance certificate must also state that coverage encompasses all of the Contractor's obligations under this Agreement, including but not limited to claims involving Cyber Risks, as that term is defined in this Agreement. (v) The cyber liability insurance certificate must also state that it is endorsed, and include an endorsement, to cover the full replacement value of damage to, alteration of, loss of, or destruction of intangible property (including but not limited to information or data) that is in the care, custody, or control of the Contractor. (B) Acceptability of Insurers. All insurance policies required under this Agreement must be issued by admitted insurers licensed to do business in the State of California and D-2 DocuSign Envelope ID:A3D8E8EE-E392-4461-B8C0-7F943467534D Exhibit D possessing at all times during the term of this Agreement an A.M. Best, Inc. rating of no less than A: VI I. (C) Notice of Cancellation or Change. For each insurance policy required under this Agreement, the Contractor shall provide to the County, or ensure that the policy requires the insurer to provide to the County, written notice of any cancellation or change in the policy as required in this paragraph. For cancellation of the policy for nonpayment of premium, the Contractor shall, or shall cause the insurer to, provide written notice to the County not less than 10 days in advance of cancellation. For cancellation of the policy for any other reason, and for any other change to the policy, the Contractor shall, or shall cause the insurer to, provide written notice to the County not less than 30 days in advance of cancellation or change. The County in its sole discretion may determine that the failure of the Contractor or its insurer to timely provide a written notice required by this paragraph is a breach of this Agreement. (D) County's Entitlement to Greater Coverage. If the Contractor has or obtains insurance with broader coverage, higher limits, or both, than what is required under this Agreement, then the County requires and is entitled to the broader coverage, higher limits, or both. To that end, the Contractor shall deliver, or cause its broker or producer to deliver, to the County's Risk Manager certificates of insurance and endorsements for all of the coverages that have such broader coverage, higher limits, or both, as required under this Agreement. (E) Waiver of Subrogation. The Contractor waives any right to recover from the County, its officers, agents, employees, and volunteers any amounts paid under the policy of worker's compensation insurance required by this Agreement. The Contractor is solely responsible to obtain any policy endorsement that may be necessary to accomplish that waiver for the Commercial General Liability, Automobile Liability and Workers' Compensation policies, but the Contractor's waiver of subrogation under this paragraph is effective whether or not the Contractor obtains such an endorsement. (F) County's Remedy for Contractor's Failure to Maintain. If the Contractor fails to keep in effect at all times any insurance coverage required under this Agreement, the County may, in addition to any other remedies it may have, suspend or terminate this Agreement upon the occurrence of that failure, or purchase such insurance coverage, and charge the cost of that coverage to the Contractor. The County may offset such charges against any amounts owed by the County to the Contractor under this Agreement. (G)Subcontractors. The Contractor shall require and verify that all subcontractors used by the Contractor to provide services under this Agreement maintain insurance meeting all insurance requirements provided in this Agreement. This paragraph does not authorize the Contractor to provide services under this Agreement using subcontractors. D-3