The URL can be used to link to this page

Home My WebLink AboutAgreement A-24-513 with Carahsoft Technology Corp..pdf Agreement No. 24-513 1 SERVICE AGREEMENT 2 This Service Agreement ("Agreement") is dated September 24, 2024 and is between 3 Carahsoft Technology Corp., a Maryland corporation ("Contractor"), and the County of Fresno, a 4 political subdivision of the State of California ("County"). 5 Recitals 6 A. The County has a need for continued subscription licensing to ServiceNow's service 7 management system. 8 B. The Contractor is a third-party reseller of the licensing for ServiceNow's service 9 management system and related products and services, including maintenance and support 10 services. 11 C. On August 26, 2022, OMNIA Partners issued Request for Proposal No. 23-6692 for 12 technology product solutions and related services. The Contractor was awarded a contract, 13 cooperative agreement number 23-6692-01, which is a cooperative agreement available and 14 open to public agencies nationally. 15 D. The County wishes to use Omnia's cooperative agreement number 23-6692-01 for the 16 Contractor's technology product solutions and related services, specifically ServiceNow's 17 service management system and related products and services. 18 The parties therefore agree as follows: 19 Article 1 20 Contractor's Services 21 1.1 Scope of Services. The Contractor shall provide to the County a four-year 22 subscription for ServiceNow's service management system, as listed in Exhibit A of this 23 Agreement, and related products and services, including maintenance and support services. 24 1.2 Representation. The Contractor represents that it is qualified, ready, willing, and 25 able to perform all of the services provided in this Agreement. 26 1.3 Compliance with Laws. The Contractor shall, at its own cost, comply with all 27 applicable federal, state, and local laws and regulations in the performance of its obligations 28 1 1 under this Agreement, including but not limited to workers compensation, labor, and 2 confidentiality laws and regulations. 3 Article 2 4 County's Responsibilities 5 2.1 The County appoints the Director of Internal Services/Chief Information Officer 6 ("Director"), or his or her designee, as the County's Contract Administrator with full authority to 7 deal with the Contractor in all matters concerning this Agreement. 8 Article 3 9 Compensation, Invoices, and Payments 10 3.1 The County agrees to pay, and the Contractor agrees to receive, compensation for 11 the performance of its services under this Agreement as described in Exhibit A to this 12 Agreement, titled "Compensation." 13 3.2 Maximum Compensation. The maximum compensation payable to the Contractor 14 under this Agreement is $1,446,000.00 for the initial two-year term of this Agreement. In the 15 event this Agreement is extended for its first optional one-year extension ("Year 3"), the total 16 compensation payable to the Contractor under this Agreement is $2,169,000.00. In the event 17 this Agreement is extended for its final one-year extension ("Year 4"), the total compensation 18 payable to the Contractor under this Agreement is $2,892,000.00. In the event the total 19 maximum compensation amount in the Initial Term, Year 3, and/or Year 4 is not fully expended, 20 the remaining unspent funding amounts shall roll over to each subsequent term's established 21 maximum compensation. 22 The Contractor acknowledges that the County is a local government entity, and does so with 23 notice that the County's powers are limited by the California Constitution and by State law, and 24 with notice that the Contractor may receive compensation under this Agreement only for 25 services performed according to the terms of this Agreement and while this Agreement is in 26 effect, and subject to the maximum amount payable under this section. The Contractor further 27 acknowledges that County employees have no authority to pay the Contractor except as 28 expressly provided in this Agreement. 2 1 3.3 Invoices. The Contractor shall submit annual invoices referencing the provided 2 agreement number to the County of Fresno, Internal Services Department, Attention: Business 3 Office, 333 W. Pontiac Way, Clovis, CA 93612, isdbusinessoffice@fresnocountyca.gov. The 4 Contractor shall submit each invoice within 60 days after the month in which the Contractor 5 performs services and in any case within 60 days after the end of the term or termination of this 6 Agreement. 7 3.4 Payment. The County shall pay each correctly completed and timely submitted 8 invoice within 45 days after receipt. The County shall remit any payment to the Contractor's 9 address specified in the invoice. 10 3.5 Incidental Expenses. The Contractor is solely responsible for all of its costs and 11 expenses that are not specified as payable by the County under this Agreement. 12 Article 4 13 Term of Agreement 14 4.1 Term. This Agreement is effective on October 1, 2024 and terminates on September 15 30, 2026 ("Initial Term"), except as provided in section 4.2, "Extension," or Article 6, 16 "Termination and Suspension," below. 17 4.2 Extension. The term of this Agreement may be extended for no more than two, one- 18 year periods only upon written approval of both parties at least 30 days before the first day of 19 the next one-year extension period. The Director or his or her designee is authorized to sign the 20 written approval on behalf of the County based on the Contractor's satisfactory performance. 21 The extension of this Agreement by the County is not a waiver or compromise of any default or 22 breach of this Agreement by the Contractor existing at the time of the extension whether or not 23 known to the County. 24 Article 5 25 Notices 26 5.1 Contact Information. The persons and their addresses having authority to give and 27 receive notices provided for or permitted under this Agreement include the following: 28 For the County: 3 1 Director of Internal Services/Chief Information Officer County of Fresno 2 333 W. Pontiac Way Clovis, CA 93612 3 isacontract�kwiresnocountyca.gov 4 For the Contractor: Director 5 Carahsoft Technology Corporation 11493 Sunset Hills Road, Suite 100 6 Reston, VA 20190 Jessica.robertson@carahsoft.com 7 5.2 Change of Contact Information. Either party may change the information in section 8 5.1 by giving notice as provided in section 5.3. 9 5.3 Method of Delivery. Each notice between the County and the Contractor provided 10 for or permitted under this Agreement must be in writing, state that it is a notice provided under 11 this Agreement, and be delivered either by personal service, by first-class United States mail, by 12 an overnight commercial courier service, or by Portable Document Format (PDF) document 13 attached to an email. 14 (A) A notice delivered by personal service is effective upon service to the recipient. 15 (B) A notice delivered by first-class United States mail is effective three County 16 business days after deposit in the United States mail, postage prepaid, addressed to the 17 recipient. 18 (C)A notice delivered by an overnight commercial courier service is effective one 19 County business day after deposit with the overnight commercial courier service, 20 delivery fees prepaid, with delivery instructions given for next day delivery, addressed to 21 the recipient. 22 (D)A notice delivered by PDF document attached to an email is effective when 23 transmission to the recipient is completed (but, if such transmission is completed outside 24 of County business hours, then such delivery is deemed to be effective at the next 25 beginning of a County business day), provided that the sender maintains a machine 26 record of the completed transmission. 27 5.4 Claims Presentation. For all claims arising from or related to this Agreement, 28 nothing in this Agreement establishes, waives, or modifies any claims presentation 4 1 requirements or procedures provided by law, including the Government Claims Act (Division 3.6 2 of Title 1 of the Government Code, beginning with section 810). 3 Article 6 4 Termination and Suspension 5 6.1 Termination for Non-Allocation of Funds. The terms of this Agreement are 6 contingent on the approval of funds by the appropriating government agency. If sufficient funds 7 are not allocated, then the County, upon at least 30 days' advance written notice to the 8 Contractor, may: 9 (A) Modify the services provided by the Contractor under this Agreement; or 10 (B) Terminate this Agreement. 11 6.2 Termination for Breach. 12 (A) Upon determining that a breach (as defined in paragraph (C) below) has 13 occurred, the County may give written notice of the breach to the Contractor. The written 14 notice may suspend performance under this Agreement, and must provide at least 30 15 days for the Contractor to cure the breach. 16 (B) If the Contractor fails to cure the breach to the County's satisfaction within the 17 time stated in the written notice, the County may terminate this Agreement immediately. 18 (C) For purposes of this section, a breach occurs when, in the determination of the 19 County, the Contractor has: 20 (1) Obtained or used funds illegally or improperly; 21 (2) Failed to comply with any part of this Agreement; 22 (3) Submitted a substantially incorrect or incomplete report to the County; or 23 (4) Improperly performed any of its obligations under this Agreement. 24 6.3 Termination without Cause. In circumstances other than those set forth above, the 25 County may terminate this Agreement by giving at least 30 days advance written notice to the 26 Contractor. 27 6.4 No Penalty or Further Obligation. Any termination of this Agreement by the County 28 under this Article 6 is without penalty to or further obligation of the County. 5 1 6.5 County's Rights upon Termination. Upon termination for breach under this Article 2 6, the Contractor shall promptly refund all monies paid beyond the termination date,. This 3 section survives the termination of this Agreement. 4 Article 7 5 Independent Contractor 6 7.1 Status. In performing under this Agreement, the Contractor, including its officers, 7 agents, employees, and volunteers, is at all times acting and performing as an independent 8 contractor, in an independent capacity, and not as an officer, agent, servant, employee, joint 9 venturer, partner, or associate of the County. 10 7.2 Verifying Performance. The County has no right to control, supervise, or direct the 11 manner or method of the Contractor's performance under this Agreement, but the County may 12 verify that the Contractor is performing according to the terms of this Agreement. 13 7.3 Benefits. Because of its status as an independent contractor, the Contractor has no 14 right to employment rights or benefits available to County employees. The Contractor is solely 15 responsible for providing to its own employees all employee benefits required by law. The 16 Contractor shall save the County harmless from all matters relating to the payment of the 17 Contractor's employees, including compliance with Social Security withholding and all related 18 regulations. 19 7.4 Services to Others. The parties acknowledge that, during the term of this 20 Agreement, the Contractor may provide services to others unrelated to the County. 21 Article 8 22 Indemnity and Defense 23 8.1 Indemnity. The Contractor shall indemnify and hold harmless and defend the 24 County (including its officers, agents, employees, and volunteers) against all claims, demands, 25 injuries, damages, costs, expenses (including attorney fees and costs), fines, penalties, and 26 liabilities of any kind to the County, the Contractor, or any third party that arise from or relate to 27 the performance or failure to perform by the Contractor (or any of its officers, agents, 28 subcontractors, or employees) under this Agreement. The County may conduct or participate in 6 1 its own defense without affecting the Contractor's obligation to indemnify and hold harmless or 2 defend the County. 3 8.2 Survival. This Article 8 survives the termination of this Agreement. 4 Article 9 5 Insurance 6 9.1 The Contractor shall comply with all the insurance requirements in Exhibit D to this 7 Agreement. 8 Article 10 9 Inspections, Audits, and Public Records 10 10.1 Inspection of Documents. The Contractor shall make available to the County, and 11 the County may examine at any time during business hours and as often as the County deems 12 necessary, all of the Contractor's records and data with respect to the matters covered by this 13 Agreement, excluding attorney-client privileged communications. The Contractor shall, upon 14 request by the County, permit the County to audit and inspect all of such records and data to 15 ensure the Contractor's compliance with the terms of this Agreement. 16 10.2 State Audit Requirements. If the compensation to be paid by the County under this 17 Agreement exceeds $10,000, the Contractor is subject to the examination and audit of the 18 California State Auditor, as provided in Government Code section 8546.7, for a period of three 19 years after final payment under this Agreement. This section survives the termination of this 20 Agreement. 21 10.3 Public Records. The County is not limited in any manner with respect to its public 22 disclosure of this Agreement or any record or data that the Contractor may provide to the 23 County. The County's public disclosure of this Agreement or any record or data that the 24 Contractor may provide to the County may include but is not limited to the following: 25 (A) The County may voluntarily, or upon request by any member of the public or 26 governmental agency, disclose this Agreement to the public or such governmental 27 agency. 28 7 1 (B) The County may voluntarily, or upon request by any member of the public or 2 governmental agency, disclose to the public or such governmental agency any record or 3 data that the Contractor may provide to the County, unless such disclosure is prohibited 4 by court order. 5 (C)This Agreement, and any record or data that the Contractor may provide to the 6 County, is subject to public disclosure under the Ralph M. Brown Act (California 7 Government Code, Title 5, Division 2, Part 1, Chapter 9, beginning with section 54950). 8 (D)This Agreement, and any record or data that the Contractor may provide to the 9 County, is subject to public disclosure as a public record under the California Public 10 Records Act (California Government Code, Title 1, Division 10, Chapter 3, beginning 11 with section 7920.200) ("CPRA"). 12 (E) This Agreement, and any record or data that the Contractor may provide to the 13 County, is subject to public disclosure as information concerning the conduct of the 14 people's business of the State of California under California Constitution, Article 1, 15 section 3, subdivision (b). 16 (F) Any marking of confidentiality or restricted access upon or otherwise made with 17 respect to any record or data that the Contractor may provide to the County shall be 18 disregarded and have no effect on the County's right or duty to disclose to the public or 19 governmental agency any such record or data. 20 10.4 Public Records Act Requests. If the County receives a written or oral request 21 under the CPRA to publicly disclose any record that is in the Contractor's possession or control, 22 and which the County has a right, under any provision of this Agreement or applicable law, to 23 possess or control, then the County may demand, in writing, that the Contractor deliver to the 24 County, for purposes of public disclosure, the requested records that may be in the possession 25 or control of the Contractor. Within five business days after the County's demand, the 26 Contractor shall (a) deliver to the County all of the requested records that are in the Contractor's 27 possession or control, together with a written statement that the Contractor, after conducting a 28 diligent search, has produced all requested records that are in the Contractor's possession or 8 1 control, or (b) provide to the County a written statement that the Contractor, after conducting a 2 diligent search, does not possess or control any of the requested records. The Contractor shall 3 cooperate with the County with respect to any County demand for such records. If the 4 Contractor wishes to assert that any specific record or data is exempt from disclosure under the 5 CPRA or other applicable law, it must deliver the record or data to the County and assert the 6 exemption by citation to specific legal authority within the written statement that it provides to 7 the County under this section. The Contractor's assertion of any exemption from disclosure is 8 not binding on the County, but the County will give at least 10 days' advance written notice to 9 the Contractor before disclosing any record subject to the Contractor's assertion of exemption 10 from disclosure. The Contractor shall indemnify the County for any court-ordered award of costs 11 or attorney's fees under the CPRA that results from the Contractor's delay, claim of exemption, 12 failure to produce any such records, or failure to cooperate with the County with respect to any 13 County demand for any such records. 14 Article 11 15 Disclosure of Self-Dealing Transactions 16 11.1 Applicability. This Article 11 applies if the Contractor is operating as a corporation, 17 or changes its status to operate as a corporation. 18 11.2 Duty to Disclose. If any member of the Contractor's board of directors is party to a 19 self-dealing transaction, he or she shall disclose the transaction by completing and signing a 20 "Self-Dealing Transaction Disclosure Form" (Exhibit C to this Agreement) and submitting it to 21 the County before commencing the transaction or immediately after. 22 11.3 Definition. "Self-dealing transaction" means a transaction to which the Contractor is 23 a party and in which one or more of its directors, as an individual, has a material financial 24 interest. 25 Article 12 26 General Terms 27 12.1 Modification. Except as provided in Article 6, "Termination and Suspension," this 28 Agreement may not be modified, and no waiver is effective, except by written agreement signed 9 1 by both parties. The Contractor acknowledges that County employees have no authority to 2 modify this Agreement except as expressly provided in this Agreement. 3 12.2 Non-Assignment. Neither party may assign its rights or delegate its obligations 4 under this Agreement without the prior written consent of the other party. 5 12.3 Governing Law. The laws of the State of California govern all matters arising from 6 or related to this Agreement. 7 12.4 Jurisdiction and Venue. This Agreement is signed and performed in Fresno 8 County, California. The Contractor consents to California jurisdiction for actions arising from or 9 related to this Agreement, and, subject to the Government Claims Act, all such actions must be 10 brought and maintained in Fresno County. 11 12.5 Construction. The final form of this Agreement is the result of the parties' combined 12 efforts. If anything in this Agreement is found by a court of competent jurisdiction to be 13 ambiguous, that ambiguity shall not be resolved by construing the terms of this Agreement 14 against either party. 15 12.6 Days. Unless otherwise specified, "days" means calendar days. 16 12.7 Headings. The headings and section titles in this Agreement are for convenience 17 only and are not part of this Agreement. 18 12.8 Severability. If anything in this Agreement is found by a court of competent 19 jurisdiction to be unlawful or otherwise unenforceable, the balance of this Agreement remains in 20 effect, and the parties shall make best efforts to replace the unlawful or unenforceable part of 21 this Agreement with lawful and enforceable terms intended to accomplish the parties' original 22 intent. 23 12.9 Nondiscrimination. During the performance of this Agreement, the Contractor shall 24 not unlawfully discriminate against any employee or applicant for employment, or recipient of 25 services, because of race, religious creed, color, national origin, ancestry, physical disability, 26 mental disability, medical condition, genetic information, marital status, sex, gender, gender 27 identity, gender expression, age, sexual orientation, military status or veteran status pursuant to 28 all applicable State of California and federal statutes and regulation. 10 1 12.10 No Waiver. Payment, waiver, or discharge by the County of any liability or obligation 2 of the Contractor under this Agreement on any one or more occasions is not a waiver of 3 performance of any continuing or other obligation of the Contractor and does not prohibit 4 enforcement by the County of any obligation on any other occasion. 5 12.11 Entire Agreement. This Agreement, including its exhibits, is the entire agreement 6 between the Contractor and the County with respect to the subject matter of this Agreement, 7 and it supersedes all previous negotiations, proposals, commitments, writings, advertisements, 8 publications, and understandings of any nature unless those things are expressly included in 9 this Agreement. If there is any inconsistency between the terms of this Agreement without its 10 exhibits and the terms of the exhibits, then the inconsistency will be resolved by giving 11 precedence first to the terms of this Agreement without its exhibits, and then to the terms of the 12 exhibits. 13 12.12 No Third-Party Beneficiaries. This Agreement does not and is not intended to 14 create any rights or obligations for any person or entity except for the parties. 15 12.13 Agent for Service of Process. The Contractor represents to the County that the 16 Contractor's agent for service of process in California, and that such agent's address for 17 receiving such service of process in California, which information the Contractor shall maintain 18 with the office of the California Secretary of State, is as follows: 19 Corporation Service Company dba CSC-Lawyers Incorporating Service 20 2710 Gateway Oaks Drive, Suite 150N 21 Sacramento, CA 95833-3505 22 Sacramento County 23 The Contractor further represents to the County that if the Contractor changes its agent for 24 service of process in California, or the Contractor's agent for service of process in California 25 changes its address for receiving such service of process in California, which changed 26 information the Contractor shall maintain with the office of the California Secretary of State, the 27 Contractor shall give the County written notice thereof within five calendar days thereof pursuant 28 to Article 5 of this Agreement. 11 1 12.14 Authorized Signature. The Contractor represents and warrants to the County that: 2 (A) The Contractor is duly authorized and empowered to sign and perform its 3 obligations under this Agreement. 4 (B) The individual signing this Agreement on behalf of the Contractor is duly 5 authorized to do so and his or her signature on this Agreement legally binds the 6 Contractor to the terms of this Agreement. 7 12.15 Electronic Signatures. The parties agree that this Agreement may be executed by 8 electronic signature as provided in this section. 9 (A) An "electronic signature" means any symbol or process intended by an individual 10 signing this Agreement to represent their signature, including but not limited to (1) a 11 digital signature; (2) a faxed version of an original handwritten signature; or (3) an 12 electronically scanned and transmitted (for example by PDF document) version of an 13 original handwritten signature. 14 (B) Each electronic signature affixed or attached to this Agreement (1) is deemed 15 equivalent to a valid original handwritten signature of the person signing this Agreement 16 for all purposes, including but not limited to evidentiary proof in any administrative or 17 judicial proceeding, and (2) has the same force and effect as the valid original 18 handwritten signature of that person. 19 (C)The provisions of this section satisfy the requirements of Civil Code section 20 1633.5, subdivision (b), in the Uniform Electronic Transaction Act (Civil Code, Division 3, 21 Part 2, Title 2.5, beginning with section 1633.1). 22 (D) Each party using a digital signature represents that it has undertaken and 23 satisfied the requirements of Government Code section 16.5, subdivision (a), 24 paragraphs (1) through (5), and agrees that each other party may rely upon that 25 representation. 26 (E) This Agreement is not conditioned upon the parties conducting the transactions 27 under it by electronic means and either party may sign this Agreement with an original 28 handwritten signature. 12 1 12.16 Counterparts. This Agreement may be signed in counterparts, each of which is an 2 original, and all of which together constitute this Agreement. 3 [SIGNATURE PAGE FOLLOWS] 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 13 1 The parties are signing this Agreement on the date stated in the introductory clause. 2 CARAHSOFT TECHNOLOGY, CORP. COUNTY OF FRESNO 3 4 Na�aGr2 .--- Nataiie LeMa,(Sep 13,2024 08, 1 EC?) 5 Natalie LeMay, State & Local Contracts Nathan Magsig, Chairman of the Board of Manager Supervisors of the County of Fresno 6 11493 Sunset Hills Road, Suite 100 Attest: 7 Reston, Virginia 20190 Bernice E. Seidel Clerk of the Board of Supervisors 8 County of Fresno, State of California By: 10 Dep6ty 11 For accounting use only: 12 Org No.: 8905 Account No.: 7309 13 Fund No.: 1020 Subclass No.: 10000 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 14 Exhibit A 1 Compensation 2 The Contractor will be compensated for performance of its services under this Agreement as provided in this Exhibit A. The 3 Contractor is not entitled to any compensation except as expressly provided in this Exhibit A. 4 The following products and/or services have a monthly rate of$0.00 for the term of this Agreement: 5 • ServiceNow Al Search Starter (PROD15338-2) 6 • ServiceNow Integ ration Hub Starter—Transactions (PROD11415-756) 7 • ServiceNow Agile Team — Module (PROD12492-756) 8 • ServiceNow Document Intelligence Starter— 5K Document Intelligence Pages (PROD18383-2) 9 The Contractor shall hold pricing for the products and/or services listed in the below table of this Exhibit A for the entire 10 potential term of this Agreement. 11 Total 12 Part No. Line-Item Description Monthly Rate Quantity (12 Months) 13 ServiceNow Strategic Portfolio Management Professional 14 PROD16953-2 $94.56 25 $28,368.00 — SPM User 15 PROD17243-756 IT Service Management Standard — Fulfiller User $69.21 178 $147,832.56 16 PROD14997-2 ServiceNow IT Operations Management Visibility $6.86 2,250 $185,220.00 17 PROD13080-756 ServiceNow Business Stakeholder User $10.05 260 $31,356.00 18 PROD12074-2 ServiceNow Software Asset Management Professional $1.50 10,000 $180,000.00 19 PROD13074-756 ServiceNow Now Platform App Engine — Fulfiller $97.67 20 $23,440.80 20 PROD22418-2 IntegrationHub Professional —Transactions $5,026.46 1 $60,317.52 21 22 A-1 23 24 Exhibit A • servicen w PUBLIC SECTOR SUBSCRIPTION SERVICE TERMS PUBLIC SECTOR SUBSCRIPTION TERMS OF SERVICE THESE PUBLIC SECTOR SUBSCRIPTION TERMS OF SERVICE ("TERMS OF SERVICE") APPLY ONLY IF THE CUSTOMER IS AN EXECUTIVE AGENCY OR DEPARTMENT OF THE U.S. FEDERAL, STATE, OR LOCAL GOVERNMENT ("GOVERNMENT ENTITY"). THESE TERMS OF SERVICE SHALL BE INCORPORATED IN ANY ORDER ISSUED BY SUCH CUSTOMER. IF THE CUSTOMER IS NOT A GOVERNMENT ENTITY, THEN SERVICENOW'S SUBSCRIPTION SERVICE AGREEMENT (LOCATED AT HTTPS://WWW.SERVICENOW.COM/UPGRADE-SCHEDULES.HTML)APPLIES. These Terms of Service include the General Terms and Conditions, Customer Support Addendum ("CSA"), Data Security Addendum ("DSA"), Data Processing Addendum ("DPA"), and the ServiceNow Store Terms of Use (collectively, "Operational Terms"), and any other terms expressly referenced herein, all of which are expressly incorporated in these Terms of Service and attached by this reference. References to the "Agreement" in the Operational Terms shall generally mean these Terms of Service, and references to an agreement between ServiceNow and Customer shall mean the Ordering Document or Reseller Order (as defined below) executed between the Customer and Reseller, or ServiceNow and Reseller, respectively, and as appropriate based on context. References to a "Use Authorization" or"Order Form" in the Operational Terms shall mean the Ordering Document. Pursuant to a separate transaction between the customer entity ("Customer") and ServiceNow's authorized reseller ("Reseller"), Customer has purchased from Reseller certain services to be delivered by ServiceNow.These Terms of Service specify the terms and conditions under which those services will be provided by ServiceNow,apart from price, payment and other terms specified in the separate agreement between Customer and Reseller. GENERAL TERMS AND CONDITIONS 1. DEFINITIONS 1.1 "Ancillary Software" means software licensed by ServiceNow to Customer that is typically deployed on Customer's machines to enable access to and use of the Subscription Service.Ancillary Software may include or be provided with code licensed under third-party license agreements, including open sourcesoftware. 1.2 "Claim" means any third-party suit, claim,action, or demand. 1.3 "Confidential Information" means: 1)ServiceNow Core Technology (which is ServiceNow's Confidential Information);(2)Customer Data and Customer Technology(which is Customer's Confidential Information);(3)any of a party's information that, due to the nature of the information or circumstances of disclosure,the receiving party should reasonably understand it to be confidential and(4)to the extent permitted by Law,the specific terms of these Terms of Service,and any amendment or attachment (which will be deemed Confidential Information of both parties). Confidential Information excludes any information that:(a) is or becomes generally publicly known without fault or breach by receiving party;(b)that receiving party obtains (rightfully and without restriction on use or disclosure)from a third party entitled to make the disclosure; or (c)that is independently developed by receiving party without using disclosing party's Confidential Information.; 1.4 "Customer Data" means electronic data that is uploaded by or for Customer or its agents, employees, or contractors,and processed in the Subscription Service,excluding ServiceNow Core Technology. 1.5 "Customer Technology" means software, methodologies, templates, business processes, documentation, or other material originally authored, invented, or otherwise created by or for Customer(but not by ServiceNow)for use with the Subscription Service, excluding ServiceNow Core Technology. 1.6 "Deliverable" means anything created for Customer in performance of Professional Services other than Newly Created IP. 1.7 "Documentation"means the then-current ServiceNow documentation for the Subscription Service or Ancillary Software at https://docs.servicenow.com. Documentation includes solely technical program or interface documentation, user manuals, operating instructions, and release notes. A-2 Page 1 of 8(version 20200707) Exhibit A • servicen w PUBLIC SECTOR SUBSCRIPTION SERVICE TERMS 1.8 "IPR" means all intellectual property or other proprietary rights worldwide, including patents, copyrights, trademarks,moral rights,trade secrets,and any other intellectual or industrial property,including registrations,applications, renewals, and extensions of such rights. 1.9 "Law" means any applicable law, rule, statute, decree, decision, order, regulation, and judgmentof any government authority(federal,state, local, or international)having jurisdiction. 1.10 "Newly Created IP" means IPR in the inventions or works of authorship that are made by ServiceNow specifically for Customer in the course of performing Professional Services for Customer that are expressly identified as "Newly Created IP" in an SOW,excluding ServiceNow Core Technology. 1.11 "Ordering Document" means a written agreement entered into solely between Reseller and Customer specifying the ServiceNow services that Customer has purchased, along with the term and scope of the authorized use thereof,subject to these Terms of Service.An Ordering Document is not binding on ServiceNow. 1.12 "Product Overview" means ServiceNow's published description of its products and the functionality of such products,solely to the extent attached to or expressly referenced in the Ordering Document. 1.13 "Professional Services" means any consulting, development, or educational services provided by or for ServiceNow pursuant to an agreed SOW or Service Description. 1.14 "Reseller Order"means the supporting order executed by ServiceNow and Reseller or ServiceNow's authorized distributor,as applicable. 1.15 "Service Description" means the written description for a packaged Professional Service, attached to or referenced in an Ordering Document. 1.16 "ServiceNow Core Technology" means: (1)the Subscription Service, Ancillary Software, Documentation, and technology and methodologies (including products, software tools, hardware designs, algorithms, templates, software (in source and object forms), architecture, class libraries, objects, and documentation) created by or for, or licensed to, ServiceNow;and(2)updates,upgrades,improvements,configurations,extensions,and derivative works of the foregoing and related documentation. 1.17 "SOW" means a statement of work or work order that describes scoped Professional Services by and between ServiceNow and Reseller or ServiceNow's authorized distributor,as applicable. 1.18 "Subscription Service" means the ServiceNow software-as-a-service offering ordered by Customer under an Ordering Document. 1.19 "Subscription Term"means the period of authorized access to and use of the Subscription Service,as set forth in an Ordering Document. 2. SERVICENOW RESPONSIBILITIES 2.1 PROVISION OF THE SUBSCRIPTION SERVICE; COMPLIANCE WITH LAWS. During the Subscription Term, ServiceNow will:(1) make the Subscription Service available to Customer pursuant to these Terms of Service,and (2) provide Customer Support,an Availability SLA, Upgrades and Updates,and ServiceNow's Insurance Coverage disclosure as described in the Customer Support Addendum ("CSA") at https://www.servicenow.com/upgrade-schedules.html; and (3) provide the Subscription Service in accordance with all Laws applicable to ServiceNow's provision of the products and services to its general customer base(i.e.,without regard to Customer's particular use of the Subscription Service or Laws not applicable to ServiceNow as a lower-tier supplier). 2.2 PROTECTION AND RETURN OF CUSTOMER DATA. During the Subscription Term, ServiceNow will maintain a written Security Program that includes policies, procedures and controls aligned to ISO27001, or a substantially equivalent standard, that includes industry-standard practices designed to protect Customer Data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access as described in the data security addendum ("DSA") at https://www.servicenow.com/upgrade-schedules.html. The terms of the data processing addendum at https://www.servicenow.com/upgrade-schedules.html ("DPA") shall apply to ServiceNow's Processing of Personal Data (as defined in the DPA). Upon written request by Customer within 45 days after termination or expiration of the Subscription Service, ServiceNow will provide any Customer Data in the Subscription Service to Customer in ServiceNow's standard Page 2 of 8(version 20200707) A-3 Exhibit A • servicen w PUBLIC SECTOR SUBSCRIPTION SERVICE TERMS database export format at no additional charge to the Reseller under the applicable Reseller Order.After such 45 day period, ServiceNow shall have no obligation to maintain or provide any Customer Data and will, unless legally prohibited, delete all Customer Data in its systems or otherwise in its possession or under its control, delete Customer's instances of the Subscription Service, and upon written request, provide confirmation of such deletion. 2.3 UPDATES. The CSA, DSA and DPA in effect as of the date of the Ordering Document will apply to the Subscription Services specified on such Ordering Document.ServiceNow may update the CSA,the DSA and the DPA,however, in no event will any update be effective until the end of the applicable Subscription Term. 3. ACCESS AND USE RIGHTS;RESTRICTIONS; PROFESSIONAL SERVICES 3.1 ACCESS AND USE RIGHTS. For each Subscription Term, ServiceNow grants the access and use rights set forth in this Section 3 to the ServiceNow Core Technology described in the applicable Ordering Document. 3.1.1. SUBSCRIPTION SERVICE. ServiceNow authorizes Customer to access and use the Subscription Service during the Subscription Termin the applicable Ordering Document, solely for its internal business purposes in accordance with the Documentation. 3.1.2. ANCILLARY SOFTWARE. ServiceNow grants Customer a limited, personal, worldwide, non- sublicensable, non-transferable (except as set forth in Section 11.1), non-exclusive, royalty-free license during the Subscription Term to install and execute Ancillary Software on Customer's machines,solely to facilitate Customer's authorized access to and use of the Subscription Service. 3.2 RESTRICTIONS. With respect to the ServiceNow Core Technology,Customer will not(and will not permit others to): (1) use it in excess of contractual usage limits (including as set forth in the Ordering Document), or in a manner that circumvents use limits or technological access control measures; (2) license, sub-license, sell, re-sell, rent, lease, transfer, distribute,time share,or otherwise make any of it available for access by third-parties,except as may otherwise be expressly stated herein or in a Ordering Document;(3)access it for purposes of developing or operating products or services for third- parties in competition with the ServiceNow Core Technology; (4)disassemble, reverse engineer, or decompile it; (5)copy, create derivative works based on, or otherwise modify it, except as may be otherwise expressly stated in these herein; (6) remove or modify a copyright or other proprietary rights notice in it; (7) use it in violation of Law (including those applicable to collection and processing of Customer Data through the Subscription Service);(8)use it to reproduce,distribute, display,transmit,or use material protected by copyright or other I P R(including the rights of publicity)without first obtaining the owner's permission; (9) use it to create, use, send, store, or run viruses or other harmful computer code, files, scripts, agents,or other programs,or otherwise engage in a malicious act or disrupt its security,integrity,or operation;or(10)access or disable any ServiceNow or third-party data, software, or network (other than Customer's instance of the Subscription Service).Customer will notify ServiceNow at Iegalnotices(@servicenow.com 30 days before it engages in any of the foregoing acts that it believes it may be entitled to and provide reasonably requested information to allow ServiceNow to assess Customer's claim. ServiceNow may, in its discretion, provide alternatives that reduce adverse impacts on ServiceNow's I P R or other rights. 3.3 PROVISION OF PROFESSIONAL SERVICES. Customer and Reseller may enter into one or more SOWS in an Ordering Document which may incorporate one or more Service Descriptions for the provision of Professional Services by ServiceNow. ServiceNow will perform the Professional Services, subject to the fulfillment of any Customer responsibilities and payments due,as stated in the Ordering Document. 4. ORDERING 4.1 RESELLER ORDERS. Customer shall order and purchase the Subscription Service and Professional Services directly from Reseller pursuant to an agreement specifying price, payment, and other commercial terms reflected in an Ordering Document. ServiceNow is not a party to the Ordering Document, but will provide the purchased services pursuant to a Reseller Order and these Terms of Service. Reseller is not authorized to make any changes to these Terms of Service or bind ServiceNow to any additional or different terms or conditions,except as ServiceNow may expressly agree in writing in a Page 3 of 8(version 20200707) A-4 Exhibit A • servicen w PUBLIC SECTOR SUBSCRIPTION SERVICE TERMS Reseller Order or any agreed SOW attached thereto. Subsequent or additional orders for ServiceNow products or services may be placed by Customer through Reseller. 4.2 USE VERIFICATION. ServiceNow or Reseller may remotely review the scope of Customer's use of the Subscription Service, and on ServiceNow or Reseller's written request,Customer will provide reasonable assistance to verify Customer's compliance with these Terms of Service with respect to access to and use of the Subscription Service. If ServiceNow or Reseller determines that Customer has exceeded its permitted access and use rights to the Subscription Service, ServiceNow or Reseller will notify Customer, and Customer will within 30 days, either: (1) disable any unpermitted use,or(2)purchase additional subscriptions commensurate with Customer's actual use.lf Customer fails to regain compliance within such thirty (30) day period, Customer will stop accessing, and ServiceNow and Reseller will stop providing access to, the Subscription Service, in addition to any other available rights or remedies. S. INTELLECTUAL PROPERTY 5.1 SERVICENOW OWNERSHIP. As between the parties,ServiceNow and its licensors exclusively own all right,title, and interest in and to all I P R in the ServiceNow Core Technology, notwithstanding anything in an Ordering Document or other documents purportedly to the contrary. Except for the access and use rights,and licenses expressly granted in Section 3, ServiceNow, on behalf of itself and its licensors, reserves all rights in the ServiceNow Core Technology and does not grant Customer any rights except those expressly set forth herein. Any ServiceNow Core Technology delivered to Customer, or to which Customer is given access has been licensed,not sold,even if,for convenience,ServiceNow or Reseller makes reference to words such as"sale"or"purchase' in the applicable Ordering Document or other documents. 5.2 CUSTOMER OWNERSHIP. As between the parties, Customer and its licensors will retain all right, title, and interest in and to all I P R in Customer Data and Customer Technology. Customer grants to ServiceNow a royalty-free, fully- paid, non-exclusive, non-transferrable (except underSection 11.1 , worldwide, right to use Customer Data and Customer Technology solely to provide and support the ServiceNow Subscription Service. 5.3 FEEDBACK. If Customer provides suggestions,proposals,ideas,recommendations,or other feedback regarding improvements to the Subscription Service(collectively,"Feedback")Customer grants to ServiceNow a royalty-free,fully paid, sub-licensable, transferable (notwithstanding Section 11.1), non-exclusive, irrevocable, perpetual, worldwide right and license to use, license, and commercialize Feedback (including by incorporation of such Feedback into ServiceNow Core Technology)without restriction. 5.4 PROFESSIONAL SERVICES. Subject to this Section 5.4,ServiceNow assigns(and in the future is deemed to have assigned)to Customer any Newly Created IP upon receipt of payment in full to ServiceNow under the SOW that specifies the creation of Newly Created IP. If any ServiceNow Core Technology is incorporated into a Deliverable, ServiceNow grants to Customer a non-exclusive, royalty-free, non-transferable (except under Section 11.1), non-sublicensable worldwide license to use such ServiceNow Core Technology in connection with the use of Subscription Service under these Terms of Service during the applicable Subscription Term. Nothing in these Terms of Service may be construed to limit ServiceNow's right to perform (and to assign employees or contractors to perform)similar Professional Services for any other party or to use any information incidentally retained in the unaided memories of its employees providing Professional Services. 6. WARRANTIES;DISCLAIMER OF WARRANTIES 6.1 SERVICENOW WARRANTIES. ServiceNow warrants that: (1) during the Subscription Term, Customer's production instance of the Subscription Service will materially conform to the Product Overview;and(2)Professional Services will be performed in a competent and workmanlike manner in accordance with accepted industry standards and practices and all material requirements in the applicable SOW or Service Description. 6.2 REMEDIES. 6.2.1. SUBSCRIPTION SERVICE. If any non-conformity to the Product Overview(excluding any non-conformity caused by a modification to the Subscription Service made by Customer or a third-party acting at Customer's direction), persists without relief more than 30 days after Customer's notice to the Reseller of the non-conformity, then upon ServiceNow's timely receipt of such notice from Reseller, as Customer's exclusive remedy(and ServiceNow's sole liability in connection with this warranty), ServiceNow may terminate the affected Subscription Service immediately, and ServiceNow will refund to Reseller any prepaid subscription fees covering the remainder of the applicable Subscription Term for the non- conforming Subscription Service after the date of termination, whereupon Customer may submit to Reseller a claim for Page 4 of 8(version 20200707) A-5 Exhibit A • servicen w PUBLIC SECTOR SUBSCRIPTION SERVICE TERMS refund of any amounts paid for the same. This Section 6.2.1 sets forth Customers exclusive rights and remedies (and ServiceNow's sole liability) in connection with this warranty. 6.2.2. PROFESSIONAL SERVICES. If within 30 days after performance of any non-conforming Professional Services Customer notifies Reseller of a breach then, upon ServiceNow's timely receipt of notice from Reseller, ServiceNow at its option will,as Customer's exclusive remedy(and ServiceNow's sole liability in connection with this warranty)either use commercially reasonable efforts to re-perform the Professional Services in conformance with the material requirements of the applicable SOW or Service Description or terminate the affected Professional Services and refund to Reseller any amounts paid for the nonconforming Professional Services, whereupon Customer may submit to Reseller a claim for refund of any amounts paid for the same. This Section 6.2.2 sets forth Customers exclusive rights and remedies (and ServiceNow's sole liability) in connection with this warranty. 6.3 DISCLAIMER. Except for the warranties expressly stated in this Section 6,to the maximum extent allowed by Law,ServiceNow disclaims all warranties of any kind (express,implied,statutory,or otherwise, oral or written,including warranties of merchantability, accuracy, title, non-infringement, or fitness for a particular purpose, and any warranties arising from usage of trade, course of dealing, or course of performance). Without limiting the above, ServiceNow does not warrant that the Subscription Service: (1)will meet the requirements of Customer or others;or(2)will be accurate or operate without interruption or error;or(3)is designed for any purpose requiring fail-safe performance for which failure could result in death,personal injury or severe physical,property,or environmental damage. 7. CONFIDENTIAL INFORMATION 7.1 RIGHTS AND OBLIGATIONS. To the extent permitted by law, the recipient of Confidential Information will: (1)at all times protect it from unauthorized disclosure with the same degree of care that it uses to protect its own confidential information, and in no event less than reasonable care; and (2) not use it except to the extent necessary to exercise rights and obligations under the Ordering Document or these Terms of Service. Each party will limit the disclosure of the other's Confidential Information to those of its employees and contractors with a need to know such Confidential Information to exercise its rights and obligations under the Ordering Document and these Termsof Use, and then only to employees and contractors subject to binding disclosure and use restrictions at least as protective as those in these Terms of Service. Each party's obligations under this Section 7 will remain in effect during,and for 3 years after termination of the Subscription Term. Receiving party will, at disclosing party's request, return all originals, copies, reproductions, and summaries of Confidential Information and other tangible materials and devices provided to receiving party as Confidential Information,or at disclosing party's option,certify destruction of the same. Provisions for return of Customer Data are set forth in Section 11.2(Return of Customer Data). 7.2 THIRD PARTY REQUESTS. These Terms of Service will not prevent receiving party from disclosing the other party's Confidential Information to a court, or governmental body pursuant to a valid court order, Law, subpoena, or regulation, but only if receiving party: (1)gives prompt notice(or the maximum notice permitted under Law) before making the disclosure, unless prohibited by Law; (2)to the extent permitted by law, reasonably assists disclosing party,at disclosing party's cost, in its lawful efforts to resist or limit such disclosure; and (3) discloses only that portion of disclosing party's Confidential Information that is legally required to be disclosed. 8. INDEMNIFICATION 8.1 BY SERVICENOW. 8.1.1. OBLIGATION. Subject to this Section 8,ServiceNow will:(1)defend Customer,and its and their officers, directors, and employees against any Claim to the extent alleging any: (a)ServiceNow Core Technology used in accordance with these Terms of Service infringes any IPR of any unaffiliated third-party("IPR Claim");or(b) ServiceNow personnel when onsite at Customer's premises caused death, bodily harm, or damage to tangible personal property due to their negligence or willful misconduct;and(2) pay any settlement amount or court-ordered damages award,under the forgoing clauses(1)(a) or(1)(b)to the extent arising from such Claim. 8.1.2. MITIGATION. In connection with any IPR Claim, ServiceNow may: (1)contest the Claim; (2)obtain claimant's permission for Customer's continued use of the applicable Subscription Service or ServiceNow Core Technology; (3) replace Customer's access to or use of the applicable Subscription Service or ServiceNow Core Technology with substantially similar functionality that avoids the Claim; or, (4) if ServiceNow determines the foregoing clauses (1), (2), and Page 5 of 8(version 20200707) A-6 Exhibit A • servicen w PUBLIC SECTOR SUBSCRIPTION SERVICE TERMS (3)are commercially impracticable, terminate Customer's access to and use of the affected Subscription Service on 60-days' prior notice,whereupon Customer may submit to Reseller a claim for a refund of any prepaid subscription fees covering that part of the applicable Subscription Term for such Subscription Service remaining after the effective date of termination. 8.1.3. LIMITATIONS. Notwithstanding the above,ServiceNow has no obligation or liability for any Claim under Section 8.1.1(1)(a) to the extent arising from: (1) use of any ServiceNow Core Technology not expressly authorized under these Terms of Service,to the extent the Claim would have been avoided without such access or use; (2)Customer Data or Customer Technology; or (3)use of ServiceNow Core Technology: (a) in violation of Law; (b)after termination under Section 8.1.2(4); or (4) modification to the ServiceNow Core Technology to Customer's specifications or by anyone other than ServiceNow or its contractors,or if combined with anything not provided by ServiceNow, if the Claim would have been avoided but for such modifications or combinations. 8.2 CUSTOMER WARRANTY. Customer warrants that: (1) Customer Data, (2) Customer Technology, and (3) a modification to any ServiceNow Core Technology made to Customer's specifications or otherwise made by or on behalf of Customer by any person other than ServiceNow or a person acting at ServiceNow's direction (but only if the Claim would have been avoided by use of the unmodified ServiceNow Core Technology), does not infringe any IPR, or violates any third- party privacy rights. 8.3 PROCESS. ServiceNow's duty to indemnify under Section 8.1 is subject to Customer(1) notifying ServiceNow promptly of any actual or threatened Claim,(2)except where prohibited by Law,giving ServiceNow sole control of the defense of such Claim and of any related settlement negotiations, and (3) cooperating and, at ServiceNow's reasonable request and expense, allowing ServiceNow to assist in such defense. Neither party will stipulate, acknowledge, or admit fault or liability on the other's part without the other's prior, written consent. ServiceNow will not publicize any settlement without the Customer's prior,written consent.. To the extent the parties perform as required,this Section 8 states ServiceNow's entire liability and the Customer's exclusive remedy for third-party claims and third-party actions. 9. LIMITATION OF LIABILITY 9.1 LIMITED LIABILITY.ServiceNow shall have no liability for any refund that,in accordance with these Terms of Service,is to be paid by Reseller.To the extent permitted by Law,ServiceNow's total,cumulative liability arising out of or related to these Terms of Service and the products and services provided under it and the Ordering Document,whether based on contract, tort (including negligence), or any other legal or equitable theory, will be limited to the amounts received for the Subscription Service or the provision of Professional Services giving rise to the claim during the 12-month period preceding the first event giving rise to liability. Multiple claims will not enlarge this limit. 9.2 EXCLUDED DAMAGES. To the extent permitted by Law, neither ServiceNow nor Customer will be liable to the other or any third party for lost profits(direct or indirect),for loss of use or data,or for any incidental,consequential, punitive, special, or exemplary damages (including damage to business, reputation,or goodwill), or indirect damages of any type however caused,whether by breach of warranty,breach of contract,in tort(including negligence),or any other legal or equitable cause of action,even if such party has been advised of such damages in advance or if such damages were foreseeable. 9.3 APPLICABILITY.The limits in Section 9.1 and exclusions in Section 9.2 do not apply:(1)obligations to pay for products, services, or taxes; (2) obligations to pay third parties under Section 8; (3) IPR infringement, or (4) an action in tort, separate or distinct from a cause of action for breach of these Terms of Service,for the party's gross negligence or willful misconduct. 10. TERM AND TERMINATION 10.1 GENERALLY. The Subscription Term for the Subscription Service shall begin on the Term Start Date and continue until the Term End Date indicated in the Reseller Order. Professional Services are separately ordered from the Subscription Service and are not required for use of the Subscription Service. A party's breach of its Professional Services obligations will not by itself constitute a breach by that party of its Subscription Service obligations, even if the services are enumerated in the same Ordering Document. 10.2 SUBSCRIPTION SERVICE. On termination of an Ordering Document, Reseller Order, or expiration of a Subscription Term,Customer will stop accessing and using,and ServiceNow will stop providing,the Subscription Service and Page 6 of 8(version 20200707) A-7 Exhibit A • servicen w PUBLIC SECTOR SUBSCRIPTION SERVICE TERMS all related rights granted to Customer in these Terms of Service terminate immediately, automatically, and without notice. Customer will,within 30 days after the effective date of termination by Customer for ServiceNow's breach,submit to Reseller a claim for refund for any prepaid fees paid to Reseller covering that part of the Subscription Term for the affected Subscription Service, if any, remaining after the effective date of termination. 10.3 SURVIVAL. Sections 3.3 (Restrictions), 5(Intellectual Property),6(Warranties; Disclaimer of Warranties) (solely in accordance with its terms),7(Confidential Information)through 9(Limitation of Liability, 10(Term and Termination)(solely in accordance with its terms), and 11 (General Provisions),together with any other terms required for their construction or enforcement,will survive termination or expiration of the Subscription Service. 11. GENERAL PROVISIONS 11.1 ASSIGNMENT. Neither party may assign or novate its rights or obligations under these Terms of Service, by operation of law or otherwise (collectively, "Assign"), without the other party's prior written consent. Notwithstanding the foregoing, on notice and without consent: (1)either party may in connection with a merger, reorganization, or sale of all or substantially all of such party's assets or equity, Assign these Terms of Service in its entirety to such party's successor; and (2)ServiceNow may Assign these Terms of Service in its entirety to any ServiceNow affiliate. Any attempted or purported Assignment in violation of this Section 11.1 isnull and void.Subject to the foregoing,these Terms of Service bind and inure to the benefit of the parties,their respective successors, and permitted assigns. 11.2 EXPORT. The Subscription Service is subject to U.S.and international laws, restrictions, and regulations that may govern the import,export, and use of the Subscription Service("Export Laws"). Customer agrees to comply with Export Laws that apply to Customer's use of the Subscription Service. Without limiting the foregoing, Customer agrees it will not: (1) export, re-export, transfer, or otherwise use the Subscription Service in any country subject to an embargo or other sanctions by the U.S. (currently including Cuba, Iran, North Korea, Sudan, Syria, and Crimea Region of Ukraine); (2)export, re-export, or transfer, either directly or indirectly, to a person or entity barred by the applicable Export Laws from participating in export activities; and (3) use the Subscription Service for any purpose prohibited by Export Laws, including the design,development,or production of nuclear,chemical,or biological weapons,or rocket systems,space launch vehicles, sounding rockets, or unmanned air vehicle systems. 11.3 US GOVERNMENT RIGHTS. The Subscription Service and Professional Services are commercial items, and any software therein is commercial computer software (per Federal Acquisition Regulation ("FAR" 12.211 and 12.212 and Department of Defense FAR Supplement ("DFARS") 227.7202, as applicable). Government Customers shall only have those rights in technical data, computer software, and computer software documentation (collectively, "data") set forth in these Terms of Service except that Department of Defense Customers may acquire additional rights in technical data pursuant to DFARS 252.227-7015(b).This provision applies in lieu of any FAR, DFARS, or other data rights clause or provision. 11.4 FORCE MAJEURE. ServiceNow is not,and may not be construed to be,in breach of these Terms if performance is prohibited or delayed by acts outside of ServiceNow's reasonable control, including strikes, lock-outs, or other industrial disputes, or government action; failure of Internet connectivity or backbone or other telecommunications failures, in each case outside of ServiceNow's local network;fire,flood,natural disaster,extreme adverse weather,or other acts of God (each a "Force Majeure Event").ServiceNow will use reasonable efforts to mitigate the effects of such Force Majeure Event. 11.5 WAIVER; AMENDMENT. Failure by ServiceNow to enforce any part of these Terms of Service will not be deemed a waiver of future enforcement of that or any other provision. Only written waivers signed by an authorized representative of the waiving party are effective. 11.6 SEVERABILITY. If any term of these Terms of Service is held invalid, unenforceable, or void by a court of competent jurisdiction, it will be enforced to the maximum extent permissible, and it will be deemed amended or replaced by a valid and enforceable term matching the intent of the original language as closely as possible.. 11.7 LAW;JURISDICTION AND VENUE. If Customer is the U.S. Government,these Terms of Service shall be subject to the laws of the United States, and in the event of any dispute arising from or in relation to these Terms of Service, the parties consent to the exclusive jurisdiction of,and venue in,a court of competent jurisdiction under the laws of the United States. If Customer is a state or local government entity, these Terms of Service shall be subject to the laws of the state in which Customer is located, and in the event of a dispute arising from or in relation to these Terms of Service, the parties consent to the exclusive jurisdiction of, and venue in,a court of competent jurisdiction within such state. Otherwise,to the Page 7 of 8(version 20200707) A-8 Exhibit A • servicen w PUBLIC SECTOR SUBSCRIPTION SERVICE TERMS extent permitted by law, these Terms of Service shall be governed by, and construed in accordance with the Laws of New York,without regard to its conflict of laws principles.The parties irrevocably consent to exclusive jurisdiction of, and venue in,any federal or state court of competent jurisdiction in New York City, New York to adjudicate any dispute arising out of or related to these Terms of Service.To the extent permitted by applicable Law, the United Nations Convention on Contracts for the International Sale of Goods shall not apply. Notwithstanding the foregoing,either party,may at any time,and without waiving any other rights under these Terms of Service,seek appropriate legal or equitable relief, including but not limited to, emergency interim and/or injunctive relief, in any court of competent jurisdiction to protect its I P R. 11.8 CONSTRUCTION. ServiceNow may provide Subscription Service only in the English language, unless otherwise agreed in writing.The parties have expressly requested that these Terms of Service and all related documents be drafted in English.Section headings are for convenience only and are not to be used in interpreting these Terms of Service.These Terms of Servicewill be interpreted fairly and in accordance with its terms and without any strict construction in favor of or against any party. URLs are understood to also refer to successor URLs, URLs for localized content, and information or resources linked from within the websites at such URLs. 11.9 ENTIRETY; EXECUTION. These Terms of Service (1) are the parties' entire agreement regarding its subject and supersedes all prior or contemporaneous oral or written agreements, representations, understandings, undertakings, negotiations,letters of intent,and proposals,with respect to that subject;excludes any other terms Customer seeks to impose or incorporate or that may be implied by trade, custom, practice, or course of dealing. Customer has not relied on any statement, promise, or representation not expressly included in these Terms of Service, including related to any possible future functionality that ServiceNow may provide or offer. Remainder of page intentionally left blank A_9 Page 8 of 8(version 20200707) Exhibit A servicen w. Effective Date August 7, 2023 CUSTOMER SUPPORT ADDENDUM All capitalized terms not defined in this Customer Support Addendum will have the meaning given to them in other parts of the Agreement. 1. CUSTOMER SUPPORT 1.0 SUPPORT SCOPE. Customer support is provided to resolve defects causing a nonconformity in the Subscription Service as compared to the then-current Documentation ("Customer Support").A resolution to a defect may consist of a fix, workaround,or other relief,as ServiceNow deems reasonable.Customer Support does not include performing the following: • implementation, configuration, integration or customization services; • training or assistance with administrative functions; • resolving immaterial defects; • resolving defects due to modifications of the Subscription Service made by any person other than ServiceNow or a person acting at ServiceNow's direction; or • resolving defects on any instance of the Subscription Service not in conformance with Section 3 (Upgrades and Updates). 1.1 ADDITIONAL SUPPORT SERVICES. ServiceNow may,in its sole discretion,offer supplemental Customer Support service options for an additional fee. If Customer chooses to purchase such supplemental services,the applicable additional terms and conditions will be reflected in the applicable package description referenced in Customer's associated ordering document. 1.2 CUSTOMER SUPPORT ACCESS. Customers can access ServiceNow's support portal https://hi.service-now.com/ ("Support Portal")to access self-help resources and open cases 24 hours a day,7 days a week.Customer Support personnel will address cases per the target level of effort for the given Case Priority stated in the table below. Local Time, for the purposes of the Target Level of Effort in the table below means the regional time window of Monday through Friday,7:OOAM to 7:OOPM, when Customer Support personnel are addressing Customer's cases. ServiceNow will provide visibility to Customer's regional Local Time window within the Support Portal. 1.3 CASE PRIORITY;TARGET RESPONSE TIME;TARGET LEVEL OF EFFORT ResponsePriority Definition Target P1 Any defect that causes an 60 minutes Continuously, 24 hours per day, 7 days instance not to be accessible by authorized users. per week P2 Any defect that causes a critical 4 hours As appropriate, Monday through function to fail. Friday,7AM to 7PM Local Time P3 Any defect that significantly 3 business days As appropriate, Monday through impedes work or progress. _L Friday,7AM to 7PM Local Time P4 Any defect that does not 4 business days significantly impede work or As appropriate, Monday through Friday,7AM to 7PM Local Time progress. A-10 Customer Support Addendum 1 ©2023 ServiceNow,Inc.All rights reserved.ServiceNow,the ServiceNow logo,Now,Now Platform,and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow,Inc.in the United States and/or other countries.Other company and product names may be trademarks of the respective companies with which they are associated. Exhibit A servicen w. Effective Date August 7, 2023 1.4 CUSTOMER RESPONSIBILITIES 1.4.1. Customer will receive from ServiceNow communications via email,phone,or through the Support Portal regarding the Subscription Service and acknowledges that access to the Support Portal may require multi-factor authentication by Customer. 1.4.2. Customer will appoint a reasonable number of contacts ("Customer Authorized Contacts") to engage Customer Support for questions and technical issues and Customer must maintain current contact information for the following authorized contacts in the Support Portal who have been trained to administer the Subscription Service: • Primary Business Contact; • Secondary Business Contact; • Technical Contact; • Support Contact; • Primary Customer Administrator;and • Security Contact. 1.5 EXCLUSIONS 1.5.0. Notwithstanding anything herein, the Target Response Times and Priority levels set forth above shall not modify security or privacy breach notification as set forth in the data security, data privacy and processing,or other applicable terms in Customer's underlying Agreement. 1.5.1. Customer shall be responsible for making appropriate personnel, including Customer's Security Contact, available continuously as needed in the event of a breach as set forth in the data security, data privacy and processing,or other applicable terms in Customer's underlying Agreement. 2. AVAILABILITY SLA If Customer's production instance of the Subscription Service is Available less than 99.8% during a calendar month, Customer's exclusive remedy is to request ServiceNow issue a service credit ("Service Credit") to Customer for the dollar value of the number of minutes the Subscription Service was not Available in the month. Service Credits are determined at the deemed per-minute rate ServiceNow charges to Customer for Customer's use of the affected Subscription Service. Customer may request ServiceNow apply a Service Credit to the next invoice for subscription fees.Customer must request all Service Credits in writing to ServiceNow within 30 days of the end of the month in which the Availability SLA was not met. ServiceNow may delay issuing service credits until such amounts reach $1,000 USD or equivalent currency specified in the applicable Order Form. "Available" means the production instance of the Subscription Service can be accessed by authorized users during a calendar month,excluding Excused Downtime. "Excused Downtime" means: (a) Maintenance Time of up to two hours per month;and(b)any time the Subscription Service is not Available due to circumstances beyond ServiceNow's control,including modifications of the Subscription Service by any person other than ServiceNow or a person acting at ServiceNow's direction, a Force Majeure Event, general Internet outages,failure of Customer's infrastructure or connectivity(including direct connectivity and virtual private network ("VPN") connectivity to the Subscription Service), computer and telecommunications failures and delays,and network intrusions or denial-of-service or other criminal attacks. "Infrastructure Modification"means repairs,maintenance,improvements,or changes to the cloud infrastructure used by ServiceNow to operate and deliver the Subscription Service.ServiceNow will give Customer 10 days' prior notice of an Infrastructure Modification if ServiceNow, in its reasonable judgment, believes that the Infrastructure Modification will impact Customer's use of its production instances of the Subscription Service, unless, in the reasonable judgment of ServiceNow, the Infrastructure Modification is necessary to: (a) maintain the availability, security, or performance of the Subscription Service;(b)comply with Law;or(c)avoid infringement or misappropriation of third-party IPR. A-1 1 Customer Support Addendum 2 ©2023 ServiceNow,Inc.All rights reserved.ServiceNow,the ServiceNow logo,Now,Now Platform,and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow,Inc.in the United States and/or other countries.Other company and product names may be trademarks of the respective companies with which they are associated. Exhibit A servicen w. Effective Date August 7, 2023 "Maintenance Time" means the time the Subscription Service is not Available due to an Infrastructure Modification, Upgrade, or Update. 3. UPGRADES AND UPDATES "Upgrades" are new Release Families applied by ServiceNow to Customer's instances of the Subscription Service at no additional fee during the Subscription Term. A"Release Family" is a complete solution with new features or enhancements to the Subscription Service, including previously released Updates, if applicable. "Updates" are ServiceNow's releases (including patches and hotfixes)of the Subscription Service applied by ServiceNow to Customer's instances of the Subscription Service at no additional fee during the Subscription Term that provide problem fixes or other changes, but do not generally include new functionality. ServiceNow may provide new functionality either: (a) as an Upgrade, or(b)as different software or service for a separate fee. ServiceNow determines whether and when to develop, release, and apply any Upgrade or Update to Customer's instances of the Subscription Service, pursuant to ServiceNow's current Upgrade Policy, which can be found at(www.servicenow.com/upgrade-schedules.html) (or such successor site). ServiceNow shall use reasonable efforts to give Customer 30 days' prior notice of any Upgrade to the Subscription Service. ServiceNow shall use reasonable efforts to give Customer 10 days'prior notice of any Update. Notwithstanding the foregoing, ServiceNow may provide Customer with a shorter or no notice period of an Upgrade or Update if,in the reasonable judgment of ServiceNow it is necessary to:(i) maintain the availability,security,or performance of the Subscription Service;(ii)comply with Law;or(iii)avoid infringement or misappropriation of any third-party IPR.ServiceNow is not responsible for defects on any instance of the Subscription Service not in conformance with this Section 3. A-1 2 Customer Support Addendum 3 ©2023 ServiceNow,Inc.All rights reserved.ServiceNow,the ServiceNow logo,Now,Now Platform,and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow,Inc.in the United States and/or other countries.Other company and product names may be trademarks of the respective companies with which they are associated. Exhibit B servicen w DATA SECURITY ADDENDUM 1. SECURITY PROGRAM While providing the Subscription Service,ServiceNow will ensure there is a written information security program of policies,procedures and controls aligned to the IS027001 Series,or substantially equivalent standard,governing the processing,storage,transmission and security of Customer Data(the"Security Program").The Security Program will include industry-standard practices designed to protect Customer Data from accidental or unlawful destruction,loss, alteration, unauthorized disclosure, or access. ServiceNow updates the Security Program to address new and evolving security technologies,changes to industry standard practices,and changing security threats, provided that no such update will materially reduce the overall level of commitments or protections provided to Customer as described herein. 1.1 SECURITY ORGANIZATION. There will be a Chief Information Security Officer, or equivalent executive, that is designated as responsible for coordinating, managing, and monitoring the information security function, policies,and procedures. 1.2 POLICIES.The information security policies will be: (i)documented;(ii) reviewed and approved by management,including after material changes;and(iii)published,and communicated to personnel,and contractors, including appropriate ramifications for non-compliance. 1.3 RISK MANAGEMENT. There will be information security risk assessments performed as part of a risk governance program that is established with the objective to regularly test,assess and evaluate the effectiveness of the Security Program. Such assessments will be designed to recognize and assess the impact of risks and implement identified risk reduction or mitigation strategies to address new and evolving security technologies, changes to industry standard practices, and changing security threats. 2. CERTIFICATIONS AND AUDITS 2.1 CERTIFICATIONS AND ATTESTATIONS.ServiceNow will establish and maintain sufficient controls to meet certification and attestation for the objectives stated in ISO27001, ISO27018,SSAE 18/SOC 1 and SOC 2 Type 2 (or equivalent standards)for the Security Program. At least once per calendar year, an assessment against such standards and audit methodologies by an independent third-party auditor will be obtained for environments where Customer Data is stored. 2.2 AUDIT. ServiceNow will allow for and contribute to audits that include inspections by granting Customer access to reasonable and industry recognized documentation evidencing the policies and procedures governing the security and privacy of Customer Data and the Security Program through a self-access documentation portal("ServiceNow CORE")and at no additional costs("Audit").The information available in ServiceNow CORE will include documentation evidencing the Security Program, inclusive of the privacy policies and procedures regarding Personal Data Processed,as well as copies of certifications and attestation reports(including audits)listed above.To the extent that Customer has not reasonably been able to satisfy its audit requirements by following the procedure outlined in this Clause,ServiceNow will provide Customer with such further assistance as may reasonably be required (in accordance with the assistance obligations described herein)to substantially satisfy such requirements. 2.3 OUTPUT. Upon Customer's request, ServiceNow and Customer may schedule a mutually convenient time to discuss the Audit. In the event the Audit has any findings of material noncompliance with the Data Processing Addendum or this Data Security Addendum ("DSA"), then ServiceNow will promptly address such findings of noncompliance. ServiceNow may, in its sole discretion and consistent with industry and ServiceNow's standards and practices, make commercially reasonable efforts to implement Customer's suggested improvements noted in the Audit to improve ServiceNow's Security Program. The Audit and the results derived therefrom are Confidential Information of ServiceNow. 3. PHYSICAL,TECHNICAL,AND ORGANIZATIONAL SECURITY MEASURES 3.1 PHYSICAL SECURITY MEASURES. g_1 Page 1 of 4 (Version:2December2022) ©2022 ServiceNow,Inc.All rights reserved.ServiceNow,the ServiceNow logo,Now,Now Platform,and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow,Inc.in the United States and/or other countries.Other company and product names may be trademarks of the respective companies with which they are associated. Exhibit B servicen w 3.1.1. DATA CENTER FACILITIES. The data center facilities will include: (1) physical access restrictions and monitoring that will include a combination of any of the following: multi-zone security, man-traps, appropriate perimeter deterrents(e.g.fencing,berms,guarded gates),on-site guards,biometric controls,CCTV,and secure cages;and(2)fire detection and fire suppression systems both localized and throughout the data center floor. 3.1.2. MEDIA. For deletion of data, an industry standard such as NIST 800-88 (or substantially equivalent)will be used for the deletion of sensitive materials, including Customer Data, before final disposition of such media. 3.2 TECH N I CAL SECU RITY M EASU RES. 3.2.1. ACCESS ADMINISTRATION. Access by personnel to Customer Data will be conducted in a mannerthat:(i)is protected by authentication and authorization mechanisms;(ii)requires personnel to be assigned a unique user account; (iii) restricts the sharing of individual user accounts; (iv) requires strong authentication with complex passwords;(v)ensures accounts are lock-out enabled; (vi) requires access over a VPN; (vii) requires access privileges be based on job requirements limited to that necessary for the applicable personnel to undertake their duties;(viii)ensures access is revoked upon termination of employment or consulting relationships;and(ix)requires access entitlements be reviewed by management quarterly. 3.2.2. LOGGING AND MONITORING. The production infrastructure log activities will be centrally collected, secured in an effort to prevent tampering,and monitored for anomalies by a trained security team. 3.2.3. FIREWALL SYSTEM. Firewall technology will be installed and managed to protect systems and inspect ingress connections. Managed firewall rules will be reviewed in accordance with then-current operating procedures,which will be reviewed no less frequently than quarterly. 3.2.4. VULNERABILITY MANAGEMENT. Vulnerability scans will be performed within the environment to determine potential vulnerabilities in accordance with then-current security operating procedures, which will be at least quarterly. When software vulnerabilities are revealed and addressed by a vendor patch, the patch will be obtained from the applicable vendor and applied within an appropriate risk-based timeframe in accordance with the then-current vulnerability management and security patch management standard operating procedure and only after such patch is tested and determined to be safe for installation in production systems. 3.2.5. ANTIVIRUS. Antivirus, anti-malware, and anti-spyware software will be updated on regular intervals and centrally logged. 3.2.6. CHANGE CONTROL. Changes to the environment will be reviewed to minimize risk. Such changes will be implemented in accordance with then-current standard operating procedure. 3.2.7. CONFIGURATION MANAGEMENT. Standard hardened configurations for the system components within the environment will be maintained using industry standard hardening guides, such as guides from the Center for Internet Security. 3.2.8. DATA ENCRYPTION IN TRANSIT. Industry standard encryption will be used to encrypt Customer Data in transit over public networks. 3.2.9. DATA ENCRYPTION AT REST.The encryption of Customer Data at rest will be determined by Customer and,if encrypted,will be encrypted as determined by Customer according to the applicable offerings. 3.2.10. ILLICIT CODE AND SECURE SOFTWARE DEVELOPMENT.ServiceNow will follow the secure software development and code review practices described in this section to prevent harm from malware,such as from viruses, worms, date bombs, time bombs, or shut down devices. Software will be developed using secure application development policies and procedures aligned with industry standard practices such as the OWASP Top Ten (or a substantially equivalent standard). Personnel responsible for secure application design and development will receive appropriate training regarding secure application development practices. B-2 Page 2 of 4 (Version:2December2022) ©2022 ServiceNow,Inc.All rights reserved.ServiceNow,the ServiceNow logo,Now,Now Platform,and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow,Inc.in the United States and/or other countries.Other company and product names may be trademarks of the respective companies with which they are associated. Exhibit B servicen w 3.2.11. SECURE CODE REVIEW. A combination of static and dynamic testing of code will be performed prior to the release of such code to Customers. Vulnerabilities will be addressed in accordance with the then-current software vulnerability management program. To address vulnerabilities where code has been made available to Customers,software patches will be regularly made available to Customers. 3.3 ORGANIZATIONAL SECURITY MEASURES. 3.3.1. PERSONNEL SECURITY. Background screening will be performed on all employees and all contractors who have access to Customer Data in accordance with applicable standard operating procedure and subject to applicable Law. 3.3.2. SECURITY AWARENESS AND TRAINING. Security and Privacy awareness training and education will be provided to employees and contractors who have access to Customer Data. Such training will be conducted at time of hire and at least annually throughout employment. 3.3.3. VENDOR RISK MANAGEMENT. Any vendor that accesses, stores, processes or transmits Customer Data will be assessed to ensure it has appropriate security and privacy controls. 3.3.4. SOFTWARE AND ASSET INVENTORY. An inventory of the software components(including, but not limited to, open-source software) used in the environment will be maintained. 3.3.5. WORKSTATION SECURITY. Security mechanisms on personnel workstations, including firewalls, anti-virus, and full disk encryption with a minimum of AES 128-bit encryption will be implemented and maintained. Personnel will be restricted from disabling security mechanisms. 4. SERVICE CONTINUITY 4.1 DATA LOCATION. ServiceNow will host the purchased instances in data centers located in the geographic region specified on the Order Form which have attained SSAE 18 Type 2 attestations or have ISO 27001 certifications(or equivalent or successor attestations or certifications). 4.2 DATA BACKUP. Back-ups will be performed of all Customer Data in accordance with the then- current operating procedure available in the CORE Portal. 4.3 DISASTER RECOVERY.An Information Security Contingency Plan(ISCP)to address disaster recovery will be maintained that is consistent with industry standards for the environment and will: (i)test the ISCP at least once every year; (ii) make available summary test results that will include the actual recovery point and recovery times; and (iii) document any action plans within the summary test results to promptly address and resolve any deficiencies, concerns, or issues that prevented or may prevent the environment from being recovered in accordance with the ISCP. 4.4 BUSINESS CONTINUITY. A business continuity plan ("BCP") will be maintained to minimize the impact from an event to ServiceNow's provision and support of the Subscription Services. The BCP will: (i) include processes for protecting personnel and assets and restoring functionality in accordance with the time frames outlined therein;and (ii) be tested annually and updated based on any deficiencies identified during such tests. S. MONITORING AND INCIDENT MANAGEMENT 5.1 INCIDENT MONITORING AND MANAGEMENT. System events are monitored and analyzed in a timely manner in accordance with ServiceNow's current standard operating procedures. Response teams will be escalated to and engaged as necessary to address a security incident. 5.2 BREACH NOTIFICATION. 5.2.1. NOTIFICATION. ServiceNow will report to Customer any accidental or unlawful destruction,loss,alteration,unauthorized disclosure,of or access to Customer Data("Breach")without undue delay following determination by ServiceNow that a Breach has occurred. B-3 Page 3 of 4 (Version:2December2022) ©2022 ServiceNow,Inc.All rights reserved.ServiceNow,the ServiceNow logo,Now,Now Platform,and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow,Inc.in the United States and/or other countries.Other company and product names may be trademarks of the respective companies with which they are associated. Exhibit B servicen w 5.2.2. REPORT. The initial report will be made to Customer's security or privacy contact(s) designated in ServiceNow's customer support portal(or if no such contact(s)are designated,to the primary technical contact designated by Customer).As relevant information in relation to the Breach is collected or otherwise becomes available to ServiceNow, it will provide such information without undue delay to Customer, to assist Customer to comply with its notification obligations under Data Protection Laws. In particular,to the extent reasonably possible and applicable,ServiceNow will provide Customer with the information described in Article 33 of GDPR. 5.2.3. DATA CONTROLLER OBLIGATIONS. Customer will cooperate with ServiceNow in maintaining accurate contact information in the customer support portal and by providing any information that is reasonably requested to resolve any security incident,including any Breaches, identify its root cause(s)and prevent a recurrence.Customer is solely responsible for determining whether to notify the relevant supervisory or regulatory authorities and impacted Data Subjects in relation to any Breach and for providing such notice. 6. PENETRATION TESTS 6.1 BY A THIRD-PARTY. For each family release, skilled third-party vendors will perform penetration testing on the applications on the ServiceNow platform to identify vulnerabilities. Executive reports from the penetration testing are made available to Customer in ServiceNow CORE. 6.2 BY CUSTOMER.Customer may request to perform,at its own expense,an application penetration test for applications in which Customer Data is stored;provided that Customer will:(i)notify ServiceNow and submit a request to schedule such a test using the Support Portal per ServiceNow's then-current penetration testing policy, and (ii) agree to ServiceNow's penetration test agreement prior to conducting such test. In the event Customer's authorized penetration testing identifies vulnerabilities that ServiceNow is able to reproduce, ServiceNow will, consistent with industry-standard practices, use commercially reasonable efforts to promptly make any necessary changes to improve the security of the Subscription Service. 7. SHARED SECURITY RESPONSIBILITY 7.1 PRODUCT CAPABILITIES.ServiceNow provides a variety of security settings that allow Customer to configure security of the Subscription Services for their own use such as, but not limited to: (i) authenticate users before accessing the Customer's instance; (ii) encrypt passwords; (iii) allow users to manage passwords; and (iv) access instance application logs.Customer will manage each user's access to and use of the Subscription Services by assigning to each user a credential and user type that controls the level of access to the applicable Subscription Services. Customer bears sole responsibility for reviewing the Security Program and making an independent determination as to whether it meets Customer's requirements, taking into account the type and sensitivity of Customer Data that Customer provides to ServiceNow. Customer bears sole responsibility for implementing encryption and access control functionalities within the instance to protect Customer Data and assumes all liability for damages directly resulting from any decision not to encrypt Customer Data. Customer bears sole responsibility for protecting the confidentiality of each user's login and password and managing each user's access to the Subscription Services. Customer will be solely responsible for implementing the documented best practices and hardening guidelines for securing its ServiceNow instances. 7.2 SECURITY CONTACT. In accordance with the Customer Support Policy (www.servicenow.com/upgrade-scheduIes.htm1), Customer agrees to identify and maintain appropriate security contact(s)for all information security incident and information security-related communication within the Support Portal. 7.3 LIMITATIONS. Notwithstanding anything to the contrary in this DSA or other parts of the Agreement,ServiceNow's obligations herein are only applicable to the Subscription Services.This DSA does not apply to: (i) information shared with ServiceNow that is not Customer Data; (ii) data in Customer's VPN or a third-party network;and (iii)any data processed by Customer or its users in violation of the Agreement or this DSA. B-4 Page 4 of 4 (Version:2December2022) ©2022 ServiceNow,Inc.All rights reserved.ServiceNow,the ServiceNow logo,Now,Now Platform,and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow,Inc.in the United States and/or other countries.Other company and product names may be trademarks of the respective companies with which they are associated. Exhibit B servicen w DATA PROCESSING ADDENDUM All capitalized terms not defined in this Data Processing Addendum ("DPA") have the meaning given to them in other parts of the Agreement. The Data Security Addendum ("DSA")is incorporated by reference in this DPA. DEFINITIONS "Data Controller" means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of Processing of Personal Data. "Data Processor" means the natural or legal person, public authority, agency, or other body which Processes Personal Data on behalf of the Data Controller. "Data Protection Laws" means all applicable laws and regulations regarding the Processing of Personal Data. "Data Subject" means an identified or identifiable natural person. "Personal Data" means any information relating to a Data Subject uploaded by or for Customer or Customer's agents, employees, or contractors to the Subscription Service as Customer Data. "Process," "Processed" or "Processing" means any operation or set of operations which is performed upon Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure or destruction. "Sub-Processor" means any legal person or entity engaged in the Processing of Personal Data by Data Processor. 1. SCOPE OF THE PROCESSING 1.1 COMMISSIONED PROCESSOR. ServiceNow will act as Data Processor to Customer in the performance of the Subscription Service. Customer will act as Data Controller (unless Customer is a Data Processor, in which case ServiceNow will act as a sub-processor to Customer). Each party will comply with Data Protection Laws to which it is subject in the performance of this DPA. 1.2 INSTRUCTIONS. The Agreement constitute Customer's written instructions to ServiceNow. Customer may issue additional or alternate provided that such instructions are agreed in writing between Customer and ServiceNow. 1.3 NATURE, SCOPE AND PURPOSE OF THE PROCESSING. (a) ServiceNow will only Process Personal Data in accordance with Customer's instructions and to the extent necessary for providing the Subscription Service and the Professional Services. Details of the Processing of Customer Data conducted under this DPA are set forth in Appendix 1. (b) ServiceNow will: (i) not sell or share Personal Data; (ii) use Personal Data for the business purpose(s) set forth in the Agreement, and not retain, use,or disclose Personal Data, except where permitted by applicable Data Protection Laws, for any purpose other than the business purpose(s)or outside of the direct business relationship between ServiceNow and Customer; (iii) notify Customer if it determines it can no longer meet its obligations under applicable Data Protection Laws; (iv) not combine Personal Data, except to the extent permitted by applicable Data Protection Laws, with personal information that ServiceNow receives from, or on behalf of, other persons or with personal information ServiceNow collects from its own interactions with consumers; (v) by complying with the obligations set out in Section 5 of this DPA, permit Customer to take reasonable and appropriate steps to ensure ServiceNow Processes Personal Data in a manner consistent with Customer's obligations under applicable Data Protection Laws; and (vi)work together with Customer in good faith to remediate any allegedly unauthorized use of Personal Data, if Customer reasonably believes that ServiceNow is Processing Personal Data in an unauthorized manner and provides ServiceNow with reasonable notice of such belief. As used in this Section 1.3, "business," "business purpose," "consumer," B-5 Page 1 of 5 (Version:03MAY 2024) ©2024 ServiceNow,Inc.All rights reserved.ServiceNow,the ServiceNow logo,Now,Now Platform,and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow,Inc.in the United States and/or other countries.Other company and product names may be trademarks of the respective companies with which they are associated. Exhibit B "personal information,""sell," and "share,"shall have the meanings ascribed to them under applicable Data Protection Laws. 2. DATA PROCESSOR 2.1 DATA CONTROLLER'S INSTRUCTIONS. Where ServiceNow believes compliance with Customer's instructions would result in a violation of Data Protection Laws or is not in the ordinary course of ServiceNow's obligations in operating the Subscription Service or delivering Professional Services, ServiceNow will promptly notify Customer thereof. 2.2 DATA PROCESSOR PERSONNEL. Persons authorized by ServiceNow to Process Personal Data will be bound by appropriate confidentiality obligations. 2.3 DATA SECURITY MEASURES. ServiceNow will maintain appropriate technical and organizational safeguards to protect the security, confidentiality, and integrity of Customer Data, including any Personal Data contained therein, as set forth in the DSA. ServiceNow makes available many security features and controls that Customer can elect to use. Customer is responsible for implementing any optional technical and organizational measures to protect Customer Data, as described in the DSA. 2.4 DATA PROCESSOR ASSISTANCE. ServiceNow will assist Customer as reasonably requested by Customer to facilitate Customer's compliance with obligations under Data Protection Laws in connection with ServiceNow's Processing of Personal Data, taking into account the nature of Processing and information available to ServiceNow. 3. REQUESTS MADE FROM DATA SUBJECTS AND AUTHORITIES 3.1 REQUESTS FROM DATA SUBJECTS. During the Subscription Term, ServiceNow will provide Customer with the ability to access, correct, rectify, erase, or block Personal Data, or to transfer or port such Personal Data, within the Subscription Service, as may be required under Data Protection Laws (collectively, "Data Subject Requests"). 3.2 RESPONSES. Customer will be solely responsible for responding to Data Subjects in respect of any Data Subject Requests, provided that ServiceNow will reasonably cooperate with Customer in relation to Data Subject Requests to the extent Customer is unable to fulfill such Data Subject Requests using the functionality in the Subscription Service. ServiceNow will instruct the Data Subject to contact the Customer in the event it receives a Data Subject Request directly. 3.3 REQUESTS FROM AUTHORITIES. In the case of a notice, audit, inquiry, or investigation by a government body, data protection authority, or law enforcement agency regarding the Processing of Personal Data, ServiceNow will promptly notify Customer unless prohibited by applicable law. Each party will cooperate with the other party by providing all reasonable information requested in the event the other party is required to produce such information to a data protection authority. 4. BREACH NOTIFICATION 4.1 NOTIFICATION. Service now will provide breach notifications as provided in Section 5.2.1 of DSA. 4.2 REPORT. Service now will provide reports as provided in Section 5.2.2 of the DSA. 4.3 DATA CONTROLLER OBLIGATIONS.Customer will cooperate with ServiceNow to resolve any security incident as provided in Section 5.2.3 of the DSA. 5. CUSTOMER MONITORING RIGHTS. 5.1 CERTIFICATIONS AND ATTESTATIONS. ServiceNow will maintain the certifications and attestations specified in Section 2.1 of the DSA. 5.2 AUDIT.ServiceNow will allow for and contribute to audits as specified in Section 2.2 of the DSA. 5.3 OUTPUT. ServiceNow will discuss the output of the Audit as specified in Section 2.3 of the DSA. B-6 Page 2 of 5 (Version:03MAY2024) ©2024 ServiceNow,Inc.All rights reserved.ServiceNow,the ServiceNow logo,Now,Now Platform,and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow,Inc.in the United States and/or other countries.Other company and product names may be trademarks of the respective companies with which they are associated. Exhibit B 6. SUB-PROCESSORS 6.1 USE OF SUB-PROCESSORS. Customer authorizes ServiceNow to engage Sub-Processors appointed in accordance with this Clause 6. ServiceNow engages, as applicable, the Sub-Processers listed in https://www.servicenow.com/content/dam/servicenow-assets/pu bl is/en-us/doc-type/legal/servicenow-su b- processors.pdf in respect of the Subscription Services. ServiceNow (or the relevant ServiceNow Affiliate) will require all of its Sub-Processors to agree to no less protective terms as those agreed by ServiceNow under this DPA. 6.2 NEW SUB-PROCESSORS. Prior to ServiceNow engaging a new Sub-Processor for the Subscription Service, ServiceNow will notify Customer by email to Customer's designated contact in the ServiceNow Support Portal,or by notification within the ServiceNow Support Portal (or other mechanism used to notify its customer base).With respect to providing the notice described in the preceding sentence, ServiceNow will provide at least 30 days' prior written notice before engaging a Sub-Processor with respect to existing Subscription Services which Customer has purchased. If a new Sub-Processor is engaged to support a new Subscription Service or a new feature of an existing Subscription Service,then the notice described in this Clause will be provided at or before the time such feature or Subscription Service is made generally available. Upon written request by Customer, ServiceNow will make a summary of the data processing terms with the Sub- Processor available to Customer.Customer may request in writing reasonable additional information with respect to Sub-Processor's ability to perform the relevant Processing activities in accordance with this DPA. 6.3 RIGHT TO OBJECT. Customer may object to ServiceNow's proposed use of a new Sub- Processor by notifying ServiceNow if Customer reasonably determines such Sub-Processor is unable to Process Personal Data in accordance with the terms of this DPA. In the event Customer objects, ServiceNow will reasonably consider such objection and will notify Customer if it intends to use the Sub-Processor at issue ("Processor Notice"). If such Sub-Processor is going to be used, Customer may terminate the applicable Order Form(s) or Use Authorization(s)with respect to the Subscription Service requiring use of the Sub-Processor at issue upon written notice to ServiceNow within 30 days of the date of Processor Notice. ServiceNow will, as Customer's sole and exclusive remedy, refund to Customer any unused prepaid fees following the effective date of termination for the terminated services. 6.4 LIABILITY. Use of a Sub-Processor will not relieve, waive, or diminish any obligation of ServiceNow under this DPA, and ServiceNow is liable for the acts and omissions of any Sub-Processor to the same extent as if the acts or omissions were performed by ServiceNow. 7. INTERNATIONAL DATA TRANSFERS 7.1 TRANSFER MECHANISM. The transfer of Personal Data from the European Economic Area ("EEA"), the United Kingdom or Switzerland to a country located outside of the EEA which is not subject to an adequacy decision (a "Data Transfer") will be subject to the standard contractual clauses for the transfer of Personal Data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, as annexed to Commission Implementing Decision 2021/914("SCCs"),which are incorporated into this DPA by this reference. 7.2 APPLICATION OF SCCs. 7.2.1 Modules. Module Two (Data Controller to Data Processor) will apply to a Data Transfer when Customer is a Data Controller. Module Three (Data Processor to Data Processor)will apply to a Data Transfer when Customer is a Data Processor. 7.2.2 Optional provisions. Where the SCCs identify optional provisions: (a) in Clause 7 (Docking Clause)—the optional provision applies; (b) in Clause 9(a)(Use of sub-processors)—Option 2 applies(and the parties will follow the process and timings agreed in the DPA to appoint sub-processors); (0 in Clause 11(a) (Redress)—the optional provision does not apply; (d) in Clause 17 (Governing law)—option 1 applies, and where the Agreement is governed by the laws of an EU Member State, the laws of that EU Member State apply; otherwise, Irish law applies; and B-7 Page 3 of 5 (Version:03MAY2024) ©2024 ServiceNow,Inc.All rights reserved.ServiceNow,the ServiceNow logo,Now,Now Platform,and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow,Inc.in the United States and/or other countries.Other company and product names may be trademarks of the respective companies with which they are associated. Exhibit B (e) in Clause 18(b) (Choice of forum and jurisdiction) — where the Agreement is subject to the jurisdiction of the courts of an EU Member State, the courts of that EU Member State have jurisdiction; otherwise,the courts of Dublin, Ireland have jurisdiction. 7.2.3 Annexes of SCCs. (a) In Annex 1A: the data exporter(s) is the Customer and its Affiliates making the Data Transfer (the "Data Exporter") and the data importers are ServiceNow entities receiving the Data Transfer(the "Data Importer").The full name,address and contact details for the Data Exporter and the Data Importer are set out in the Agreement, or can be requested by either party. (b) In Annex 1 B: The: relevant details are those set out in the Agreement, including Appendix 1 "Details of Processing"of this DPA. (0 In Annex 1 C:The competent supervisory authority is the supervisory authority applicable to the Customer(or, where relevant, applicable to the Customer's representative). (d) In Annex 2: the security provisions contained in the DSA or other security related provisions in the Agreement apply. 7.3 INTERACTION WITH THE AGREEMENT. All notices, requests, monitoring/audit rights, conduct of claims, liability, and erasure or return of data relating to the SCCs will be provided/managed/interpreted, as applicable, in accordance with the relevant provisions in the Agreement,to the extent that such provisions do not conflict with the SCCs. 7.4 TRANSFERS SUBJECT TO SWISS DATA PROTECTION LAW. If there is a Data Transfer subject to Data Protection Laws of Switzerland, then the SCCs will apply with the following modifications: the competent supervisory authority in Annex 1.0 under Clause 13 will be the Federal Data Protection and Information Commissioner; references to a "Member State" and "EU Member State"will not be read to prevent data subjects in Switzerland from the possibility of suing for their rights in their place of habitual residence (Switzerland); and references to"GDPR" in the SCCs will be understood as references to Data Protection Laws of Switzerland. 7.5 TRANSFERS SUBJECT TO UK DATA PROTECTION LAW. If there is a Data Transfer subject to Data Protection Laws of the United Kingdom, then the International Data Transfer Addendum to the SCCs ("UK IDTA"),as issued by the Information Commissioner in the United Kingdom will apply and is incorporated by reference into this DPA. The information needed to complete the Tables to the UK IDTA is set out in the Agreement, including Appendix 1 "Details of Processing"of this DPA. 7.6 EXECUTION. Notwithstanding the fact that the SCCs and/or UK IDTA are incorporated herein by reference without the signature pages of the SCCs actually being signed by the Data Exporter or Data Importer, the parties agree that its respective execution of the Agreement is deemed to constitute its execution of the SCCs and/or the UK IDTA on behalf of the Data Exporter/Data Importer(as applicable). 7.7 ALTERNATIVE MECHANISMS. If an alternative transfer mechanism, such as Binding Corporate Rules, is adopted by ServiceNow, or the Trans-Atlantic Data Privacy Framework (an "Alternative Mechanism")becomes available during the term of the Agreement,and ServiceNow notifies Customer that some or all Data Transfers can be conducted in compliance with Data Protection Laws pursuant to the Alternative Mechanism, the parties will rely on the Alternative Mechanism instead of the provisions above for the Data Transfers to which the Alternative Mechanism applies. B-8 Page 4 of 5 (Version:03MAY2024) ©2024 ServiceNow,Inc.All rights reserved.ServiceNow,the ServiceNow logo,Now,Now Platform,and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow,Inc.in the United States and/or other countries.Other company and product names may be trademarks of the respective companies with which they are associated. Exhibit B APPENDIX 1 DETAILS OF PROCESSING 1. Subject matter. The subject matter of the data Processing under this DPA is the Personal Data included in Customer Data. 2. Duration.As between ServiceNow and Customer, the duration of the data Processing under this DPA is the Subscription Term. 3. Purpose and nature. The purpose and nature of the data Processing under this DPA is the provision of the Subscription Service. 4. Type of Personal Data. Personal Data included in Customer Data which is uploaded to the Subscription Service. 5. Categories of data subjects.The Data Subjects could include Customer's customers, employees, suppliers, agents, partners and/or end users. B-9 Page 5 of 5 (Version:03MAY2024) ©2024 ServiceNow,Inc.All rights reserved.ServiceNow,the ServiceNow logo,Now,Now Platform,and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow,Inc.in the United States and/or other countries.Other company and product names may be trademarks of the respective companies with which they are associated. Exhibit C Self-Dealing Transaction Disclosure Form In order to conduct business with the County of Fresno ("County"), members of a contractor's board of directors ("County Contractor"), must disclose any self-dealing transactions that they are a party to while providing goods, performing services, or both for the County. A self-dealing transaction is defined below: "A self-dealing transaction means a transaction to which the corporation is a party and in which one or more of its directors has a material financial interest." The definition above will be used for purposes of completing this disclosure form. Instructions (1) Enter board member's name, job title (if applicable), and date this disclosure is being made. (2) Enter the board member's company/agency name and address. (3) Describe in detail the nature of the self-dealing transaction that is being disclosed to the County. At a minimum, include a description of the following: a. The name of the agency/company with which the corporation has the transaction; and b. The nature of the material financial interest in the Corporation's transaction that the board member has. (4) Describe in detail why the self-dealing transaction is appropriate based on applicable provisions of the Corporations Code. The form must be signed by the board member that is involved in the self-dealing transaction described in Sections (3) and (4). C-1 Exhibit C (1) Company Board Member Information: Name: Date: Job Title: (2) Company/Agency Name and Address: (3) Disclosure (Please describe the nature of the self-dealing transaction you are a party to) (4) Explain why this self-dealing transaction is consistent with the requirements of Corporations Code § 5233 (a) (5) Authorized Signature Signature: Date: C-2 Exhibit D Insurance Requirements 1. Required Policies Without limiting the County's right to obtain indemnification from the Contractor or any third parties, Contractor, at its sole expense, shall maintain in full force and effect the following insurance policies throughout the term of this Agreement. (A) Commercial General Liability. Commercial general liability insurance with limits of not less than Two Million Dollars ($2,000,000) per occurrence and an annual aggregate of Four Million Dollars ($4,000,000). This policy must be issued on a per occurrence basis. Coverage must include products, completed operations, property damage, bodily injury, personal injury, and advertising injury. The Contractor shall obtain an endorsement to this policy naming the County of Fresno, its officers, agents, employees, and volunteers, individually and collectively, as additional insureds, but only insofar as the operations under this Agreement are concerned. Such coverage for additional insureds will apply as primary insurance and any other insurance, or self-insurance, maintained by the County is excess only and not contributing with insurance provided under the Contractor's policy. (B) Automobile Liability. Automobile liability insurance with limits of not less than One Million Dollars ($1,000,000) per occurrence for bodily injury and for property damages. Coverage must include any auto used in connection with this Agreement. (C)Workers Compensation. Workers compensation insurance as required by the laws of the State of California with statutory limits. (D) Employer's Liability. Employer's liability insurance with limits of not less than One Million Dollars ($1,000,000) per occurrence for bodily injury and for disease. (E) Technology Professional Liability (Errors and Omissions). Technology professional liability (errors and omissions) insurance with limits of not less than Two Million Dollars ($2,000,000) per occurrence and in the aggregate. Coverage must encompass all of the Contractor's obligations under this Agreement, including but not limited to claims involving Cyber Risks. (F) Cyber Liability. Cyber liability insurance with limits of not less than Two Million Dollars ($2,000,000) per occurrence. Coverage must include claims involving Cyber Risks. The cyber liability policy must be endorsed to cover the full replacement value of damage to, alteration of, loss of, or destruction of intangible property (including but not limited to information or data) that is in the care, custody, or control of the Contractor. Definition of Cyber Risks. "Cyber Risks" include but are not limited to (i) Security Breach, which may include Disclosure of Personal Information to an Unauthorized Third Party; (ii) data breach; (iii) breach of any of the Contractor's obligations under Exhibit B of this Agreement; (iv) system failure; (v) data recovery; (vi) failure to timely disclose data breach or Security Breach; (vii) failure to comply with privacy policy; (viii) payment card liabilities and costs; (ix) infringement of intellectual property, including but not limited to infringement of copyright, trademark, and trade dress; (x) invasion of privacy, including release of private information; (xi) information theft; (xii) damage to or destruction or alteration of electronic information; (xiii) cyber extortion; (xiv) extortion D-1 Exhibit D related to the Contractor's obligations under this Agreement regarding electronic information, including Personal Information; (xv)fraudulent instruction; (xvi) funds transfer fraud; (xvii) telephone fraud; (xviii) network security; (xix) data breach response costs, including Security Breach response costs; (xx) regulatory fines and penalties related to the Contractor's obligations under this Agreement regarding electronic information, including Personal Information; and (xxi) credit monitoring expenses. 2. Additional Requirements (A) Verification of Coverage. Within 30 days after the Contractor signs this Agreement, and at any time during the term of this Agreement as requested by the County's Risk Manager or the County Administrative Office, the Contractor shall deliver, or cause its broker or producer to deliver, to the County Risk Manager, at 2220 Tulare Street, 16th Floor, Fresno, California 93721, or HRRiskManagement@fresnocountyca.gov, and by mail or email to the person identified to receive notices under this Agreement, certificates of insurance and endorsements for all of the coverages required under this Agreement. (i) Each insurance certificate must state that: (1) the insurance coverage has been obtained and is in full force; (2) the County, its officers, agents, employees, and volunteers are not responsible for any premiums on the policy; and (3) the Contractor has waived its right to recover from the County, its officers, agents, employees, and volunteers any amounts paid under any insurance policy required by this Agreement and that waiver does not invalidate the insurance policy. (ii) The commercial general liability insurance certificate must also state, and include an endorsement, that the County of Fresno, its officers, agents, employees, and volunteers, individually and collectively, are additional insureds insofar as the operations under this Agreement are concerned. The commercial general liability insurance certificate must also state that the coverage shall apply as primary insurance and any other insurance, or self-insurance, maintained by the County shall be excess only and not contributing with insurance provided under the Contractor's policy. (iii) The automobile liability insurance certificate must state that the policy covers any auto used in connection with this Agreement. (iv) The technology professional liability insurance certificate must also state that coverage encompasses all of the Contractor's obligations under this Agreement, including but not limited to claims involving Cyber Risks, as that term is defined in this Agreement. (v) The cyber liability insurance certificate must also state that it is endorsed, and include an endorsement, to cover the full replacement value of damage to, alteration of, loss of, or destruction of intangible property (including but not limited to information or data) that is in the care, custody, or control of the Contractor. (B) Acceptability of Insurers. All insurance policies required under this Agreement must be issued by admitted insurers licensed to do business in the State of California and D-2 Exhibit D possessing at all times during the term of this Agreement an A.M. Best, Inc. rating of no less than A: VI I. (C) Notice of Cancellation or Change. For each insurance policy required under this Agreement, the Contractor shall provide to the County, or ensure that the policy requires the insurer to provide to the County, written notice of any cancellation or change in the policy as required in this paragraph. For cancellation of the policy for nonpayment of premium, the Contractor shall, or shall cause the insurer to, provide written notice to the County not less than 10 days in advance of cancellation. For cancellation of the policy for any other reason, and for any other change to the policy, the Contractor shall, or shall cause the insurer to, provide written notice to the County not less than 30 days in advance of cancellation or change. The County in its sole discretion may determine that the failure of the Contractor or its insurer to timely provide a written notice required by this paragraph is a breach of this Agreement. (D) County's Entitlement to Greater Coverage. If the Contractor has or obtains insurance with broader coverage, higher limits, or both, than what is required under this Agreement, then the County requires and is entitled to the broader coverage, higher limits, or both. To that end, the Contractor shall deliver, or cause its broker or producer to deliver, to the County's Risk Manager certificates of insurance and endorsements for all of the coverages that have such broader coverage, higher limits, or both, as required under this Agreement. (E) Waiver of Subrogation. The Contractor waives any right to recover from the County, its officers, agents, employees, and volunteers any amounts paid under the policy of worker's compensation insurance required by this Agreement. The Contractor is solely responsible to obtain any policy endorsement that may be necessary to accomplish that waiver, but the Contractor's waiver of subrogation under this paragraph is effective whether or not the Contractor obtains such an endorsement. (F) County's Remedy for Contractor's Failure to Maintain. If the Contractor fails to keep in effect at all times any insurance coverage required under this Agreement, the County may, in addition to any other remedies it may have, suspend or terminate this Agreement upon the occurrence of that failure, or purchase such insurance coverage, and charge the cost of that coverage to the Contractor. The County may offset such charges against any amounts owed by the County to the Contractor under this Agreement. (G)Subcontractors. The Contractor shall require and verify that all subcontractors used by the Contractor to provide services under this Agreement maintain insurance meeting all insurance requirements provided in this Agreement. This paragraph does not authorize the Contractor to provide services under this Agreement using subcontractors. D-3