The URL can be used to link to this page

Home My WebLink AboutAgreement A-25-021 with Workiva.pdf Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 Internal Workiva ID:00338656 Agreement No. 25-021 Jorkr' MAIN TERMS AND CONDITIONS THESE MAIN TERMS AND CONDITIONS("Main Terms")with any active Orders for Services and any other duly executed documents referencing these Main Terms (collectively, the "Agreement") shall govern Workiva's provision of Services to Customer. The Main Terms are effective on the date signed by the last party("Effective Date")between Workiva Inc. ("Workiva")a Delaware corporation with its place of business at 2900 University Boulevard,Ames,Iowa 50010,and,County of Fresno("Customer")a political subdivision of the State of California with a business address of 2281 Tulare St. Fresno,California 93721. 1.0 Services.The Services are available for Customer as set forth in these Main Terms and the applicable Order entered into by Workiva and Customer. 1.1 Subscription Services. (a) Workiva will provide Customer(and Customer's Affiliates as provided herein)with the Subscription Services pursuant to the terms of the Agreement. During the Subscription Term, subject to the terms of the Agreement,Workiva grants to Customer and its Users,a non-exclusive, non-transferable,worldwide right(and license only to the extent applicable to any downloadable software)to access,use,and display the Subscription Services.Customer and its Users may access and use the Subscription Services pursuant to an applicable Subscription Order. (b) Customer may not allow Users to access the Subscription Services on a shared user basis, however, Customer may reassign different individuals on a reasonable basis. Customer is responsible for each of its Users'acts and omissions and remains liable to Workiva for any User's(including an authorized third party acting as a User on Customer's behalf)breach of the Agreement. (c) Customer may use and deploy RPAs when accessing the Subscription Services,subject to the terms of this Section 1.1(c). Workiva may immediately suspend such RPAs or the Services as a whole, if the RPAs(i)disrupt the integrity or performance of the Services or any data of Workiva's other customers,or(ii)infringe, or allegedly infringe,the intellectual property rights of a third party. Workiva will provide Customer with subsequent notice regarding any such suspension.If Workiva is unable to suspend such RPAs in accordance with the foregoing, Customer agrees to immediately, upon Workiva's request, discontinue use of, and/or suspend such RPAs.Customer is solely responsible for RPAs.Customer acknowledges and agrees that its use of RPAs does not preclude Workiva from independently developing similar technology. (d) Workiva may, in its sole discretion, update features,functionality,software,or user types that Customer accesses pursuant to an active Order; provided that such updates will be at no cost to Customer and will not materially degrade existing features and functionality. Customer is solely responsible for providing, at its own expense, all network access to the Subscription Services, including, without limitation, acquiring, installing and maintaining all telecommunications equipment, hardware, software and other equipment as may be necessary to connect to, access and use the Subscription Services. Minimum system requirements for the Subscription Services are set forth in the Documentation. 1.2 Professional Services. If applicable,Workiva will provide Professional Services as set forth in the Statement of Work. 1.3 Customer Affiliates. Named Affiliates may access Services pursuant to an Order.All obligations of Customer shall apply equally to each such Named Affiliate.Customer Affiliates may also purchase Services pursuant to an Order that(i)has been executed by such Customer Affiliate and (ii)incorporates the Agreement by reference. In such instances: (i)these Main Terms combined with any Customer Affiliate Orders will constitute the Agreement,between Workiva and Customer Affiliate,(ii)such Customer Affiliate shall be considered Customer, and(iii)such Customer Affiliate will be solely responsible for its obligations under the Agreement. 1.4 Usage Restrictions. Customer shall not directly or through a third party: (a) grant rights of access to the Subscription Services to anyone other than Users without Workiva's prior written consent; (b) sell, resell, assign (except as set forth in Section 10.6),lease,rent,sublicense, or otherwise transfer or make available the rights granted to Customer under the Agreement for use by third parties, in whole or in part, without Workiva's prior written consent; (c) reverse engineer, decompile, or disassemble any Page 1 Main Terms and Conditions USVN 4.0 CONFIDENTIAL INFORMATION Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 Internal Workiva ID:00338656 Subscription Services or otherwise attempt to discover the source code thereof; (d) attempt to disable or circumvent any security measures in place; (e)reproduce or copy the Subscription Services, in whole or in part; (f)modify, adapt, or create derivative works of the Subscription Services,in whole or in part,or permit any third party to do so;(g)delete,remove,modify,obscure,fail to reproduce, or in any way interfere with any proprietary,trade secret,or copyright notice appearing on or incorporated in the Subscription Services; (h)use the Subscription Services to store or transmit libelous or otherwise unlawful or tortious material or any material in violation of third party privacy rights; (i) interfere with or disrupt the integrity or performance of the Subscription Services or third party data contained therein; or 0) gain or attempt to gain unauthorized access to any portion of the Subscription Services (including any application programming interfaces in the Subscription Services), or its related systems or networks,for use in a manner that would exceed the scope granted under the Agreement, or facilitate any such unauthorized access for any third party. If any unauthorized access occurs,Customer shall promptly notify Workiva of the incident and shall reasonably cooperate in resolving the issue. 2.0 Security;Customer Data. 2.1 Security and Data Privacy.Workiva shall maintain appropriate administrative, physical,and technical safeguards to protect the security,confidentiality and integrity of Customer Data,as described in Workiva's security standards set forth in Exhibit A("Security Standards").To the extent Customer Data includes Customer Personal Data,Workiva represents and warrants to only process such data pursuant to Customer's requests or as otherwise set forth in Exhibit B("Data Processing Agreement"or"DPA"). 2.2 Customer Data:Responsibilities.Except as otherwise provided in the Agreement(or instructed by Customer),Workiva shall only process Customer Data to provide the Services.Workiva will neither have the responsibility to review, nor any liability as to the accuracy or integrity of, any information or content posted by Customer or its Users. Customer is responsible for any consents or government authorizations necessary for the collection,use and disclosure of all Customer Data in its use of the Subscription Services. 2.3 Usage Data.Notwithstanding anything contrary in this Agreement, Workiva may collect, store and use the Usage Data. Workiva may use Usage Data for diagnostic and corrective purposes, to improve and develop the Services and Workiva's other offerings, and to operate Workiva's business.Subject to Section 5(Confidentiality),Workiva may share Usage Data with third parties to the extent it is aggregated and anonymized such that Customer and its Users cannot be identified.Workiva will be the owner of any intellectual property generated through Workiva's use of such Usage Data. Workiva may utilize the services of third party service providers to collect, store and use such Usage Data, and Workiva shall be responsible for such third party service providers' compliance with this Agreement as they relate to the collection,storage and use of Usage Data on behalf of Workiva. 3.0 Fees; Payment. 3.1 Invoicing and Renewals. Fees are payable in advance or in accordance with any billing frequency or terms stated in the Order. Unless otherwise specified in the applicable Order, Customer shall pay all Fees no later than forty-five(45)days from date of invoice("Payment Period").If Fees are not paid in full fifteen(15)days after the invoice due date("Grace Period"),Workiva has the right to suspend all Services provided under the Agreement until Customer pays in full.Workiva will provide a ten (10)day notice of pending suspension after the Grace Period has ended. If Customer requires the use of a third party for invoice processing,Customer shall be the sole bearer of any cost and expense associated with such third party.Any written notice of an Order renewal shall include the applicable Fees for such renewal period and provided to Customer at least forty-five(45)days prior to the expiration thereof. 3.2 Disputes. If Customer disputes an invoice in good faith, Customer will notify Workiva within the Payment Period and the parties will seek to resolve the dispute. Customer is not required to pay disputed Fees prior to resolution, but will timely pay all undisputed Fees. Upon resolution, if applicable Customer will pay such Fees found to be due and owing as soon as reasonably practicable. 3.3 Order Compliance.Workiva reserves the right to verify Customer compliance with the scope and terms of a Subscription Order. If Workiva determines that Customer is out of compliance with a Subscription Order, Workiva will provide written notice to Customer regarding such non-compliance. Customer shall then have thirty(30)days to cure such non-compliance. If Customer fails to cure its non-compliance within the thirty(30)day period,Workiva may, at its sole discretion: (a)suspend Customer's Services, or (b)terminate the applicable Order(s). 3.4 Taxes. Fees stated in the Orders do not include applicable taxes. Except for taxes based on Workiva's net income or property, Customer shall be responsible for payment of all applicable taxes, impositions, fees, or other charges that arise in any jurisdiction as a result of the Services provided under the Agreement, including without limitation all sales, use, value added, consumption, gross receipts(other than in lieu of net income tax), excise, stamp or transfer taxes, however designated. Customer Page 2 Main Terms and Conditions USVN 4.0 CONFIDENTIAL INFORMATION Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 Internal Workiva ID:00338656 shall pay any such tax when due or reimburse Workiva as Workiva may request. If Customer is exempt from such taxes, Customer shall provide Workiva with a certificate or permit documenting this exemption.If Customer is required to withhold or deduct any portion of the Fees,then Workiva shall be entitled to receive from Customer such amounts as will ensure that the net receipt, after tax and duties, to Workiva in respect of the Fees is the same as it would have been were the payment not subject to the tax or duties. If Workiva is required to pay any taxes on behalf of Customer due to a change in facts,circumstances,or tax legislation,the full amount of such tax will be billed to Customer separately,whether or not during the Agreement Term and promptly paid by Customer as further limited by any applicable statute of limitations.Workiva and Customer agree to cooperate to reduce any tax liability related to this Agreement. 3.5 Purchase Orders. Customer acknowledges that providing a purchase order is solely for Customer's administrative convenience and does not discharge Customer's obligations under an applicable executed Order.For the avoidance of doubt,invoices and/or the Fees therein may not be disputed for Customer's failure to provide administrative information, including purchase order numbers,contract numbers or IDs, or any other administrative information of a similar nature. 4.0 Term; Termination. 4.1 Agreement Term.The Agreement begins on the Effective Date,and continues until all Orders associated with the Agreement have expired or been terminated(the"Agreement Term"). 4.2 Subscription Term.The Subscription Services will begin on the Start Date(as defined in the Subscription Order)and remain in effect for the period specified therein(the"Subscription Term").The parties may agree to renew the Subscription Services as set forth in the applicable Subscription Order which will control in cases of conflict with this Section. 4.3 Statements of Work Term.The period of performance for Professional Services will be as agreed in the applicable SOW. 4.4 Termination for Convenience. Customer may terminate the Agreement or an Order without cause upon thirty (30) days written notice.If Customer terminates without cause,Customer will remain responsible for all Subscription Services Fees,but Workiva will refund any prepaid and unearned Professional Services Fees outstanding as of the effective date of termination. Regardless of Customer's exercise of its rights under this Section, any unpaid Fees for the then current Subscription Term shall be payable by Customer on or prior to the effective date of such termination even if such Fees are related to unused access to the Subscription Services. 4.5 Termination for Material Breach. Either party may terminate the Agreement, or any individual Order, for a material breach by the other party that is not cured within thirty(30)days after written notice of such material breach.The non-breaching party may elect to terminate the applicable Order only or the Agreement as a whole(and thus,all Orders).If the Agreement is terminated due to Workiva's uncured material breach,within thirty(30)days of the termination effective date Workiva will refund a pro-rated portion of Fees for the remainder of the Agreement Term. 4.6 Termination for Bankruptcv. Customer may terminate the Agreement and/or any Order if Workiva becomes insolvent, bankrupt,or ceases to do business. 5.0 Confidentiality. 5.1 Confidential Information. Each of the parties may, subject to this Section 5, disclose Confidential Information during the course of the Agreement. Except as otherwise agreed in writing,each party agrees that: (a)all information communicated to it by the other in connection with the Agreement and identified as confidential,(b)any information exchanged between the parties in connection with Customer's purchase of any additional Services (including information related to future business relationships or Services not currently addressed under the Agreement,such as requests for proposals,bids,correspondence, negotiations,and discussions), (c) the terms of the Agreement,and(d)all information communicated to receiving party that a reasonable person would have understood to be confidential to the disclosing party,will be Confidential Information.Workiva Confidential Information includes the Services,Fees, development plans,and any security specifications, reports or assessments related to the Services,Workiva or its licensors and third parties.Customer Confidential Information includes Customer Data. 5.2 Standard of Care: Third Parties. Each party will use at least the same degree of care to safeguard the Confidential Information of the other party as it employs for its own information (or information of its customers) of a similar nature, and in any event, no less than reasonable care. Each party may disclose the other party's Confidential Information to employees, consultants, Page 3 Main Terms and Conditions USVN 4.0 CONFIDENTIAL INFORMATION Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 Internal Workiva ID:00338656 contractors, advisors and other third parties provided that such parties are subject to written confidentiality obligations at least as restrictive as those set forth in the Agreement (or other professional or fiduciary obligations of confidentiality), and have a need to know. Each party will be responsible for any improper disclosure of Confidential Information by such party's employees, agents, or contractors. 5.3 Restrictions.Neither party will(a)use,or make any copies of,the Confidential Information of the other party except to fulfill its rights and obligations under the Agreement, (b)acquire any right in or assert any lien against the Confidential Information of the other,or(c)sell, assign, lease,or otherwise commercially exploit the Confidential Information(or any derivative works thereof)of the other party. Neither party may withhold the Confidential Information of the other party or refuse for any reason (including due to the other party's actual or alleged breach of the Agreement)to promptly return to the other party its Confidential Information (including copies thereof)if requested to do so. 5.4 Return and Destruction.Upon expiration or termination of the Agreement and completion of a party's obligations under the Agreement,each party will return or destroy,as the other party may direct,the other party's Confidential Information.Workiva will fulfill the obligation to return Customer Data by providing one(1)User with access to the Subscription Services for a period not to exceed thirty(30)days solely to allow such User to download Customer Data in the file formats set forth in the Documentation(e.g.,EDGAR, DOCX, CSV, Excel, PDF). Subject to the foregoing confidentiality obligations, either party may retain copies of the Confidential Information of the other party to the extent required to document its performance or for compliance with applicable laws or regulations. 5.5 Exclusions:Permitted Use.This Section 5 will not apply to any information that either party can demonstrate(a)was,at the time of disclosure to it,in the public domain, (b)after disclosure, is published or otherwise becomes part of the public domain through no fault of the receiving party, (c)was, at the time of disclosure, in the possession of the receiving party and was not the subject of a pre-existing confidentiality obligation, (d) was received after disclosure from a third party who had a lawful right to disclose such information(without corresponding confidentiality obligations),or(e)was independently developed by or for the receiving party without use of the Confidential Information of the disclosing party. In addition, a party will not be considered to have breached its obligations under this Section 5 for disclosing Confidential Information of the other party to the extent required to satisfy any legal requirement of a competent governmental or regulatory authority, provided that promptly upon receiving any such request,to the extent it is legally permissible, such party advises the other party prior to making such disclosure and provides a reasonable opportunity to the other party to object to such disclosure,take action to ensure confidential treatment of the Confidential Information,or(subject to applicable law)take such other action as it considers appropriate to protect the Confidential Information. 5.6 Unauthorized Access. Each party will: (a) notify the other party promptly of any material unauthorized possession, use, disclosure, or knowledge of the other party's Confidential Information that becomes known to such party, (b)promptly furnish to the other party details of the unauthorized possession, use, disclosure, or knowledge, or attempt thereof, and use reasonable efforts to assist the other party in investigating or preventing the recurrence of any unauthorized possession, use, or knowledge, or attempt thereof, of Confidential Information, (c) use reasonable efforts to cooperate with the other party in any litigation and investigation against third parties deemed necessary by the other party to protect its proprietary rights, and(d)promptly use reasonable efforts to prevent a recurrence of any such unauthorized possession, use,or knowledge of Confidential Information. 6.0 Ownership; Feedback. 6.1 Workiva Ownership.Workiva(or its licensors)retains all ownership of and title to, and all intellectual property rights in,the Services, and all software, equipment, processes, facilities, and materials utilized by or on behalf of Workiva to provide the same, including all patents,trademarks,copyrights,trade secrets,and other property or intellectual property rights.Customer acknowledges and agrees that Workiva(or its licensors)shall own all right,title and interest in and to any modifications,derivative works,expansions or improvements to the Services,without any other or subordinate right whatsoever being held by Customer. Customer shall acquire no rights therein other than those limited rights of use specifically conferred by the Agreement.All rights related to the Services that are not expressly granted to Customer under the Agreement are reserved by Workiva(or its licensors). 6.2 Customer Ownership.As between Workiva and Customer, Customer is, and will remain,the owner of all Customer Data. Workiva will only process Customer Data to provide the Services and in accordance with the Agreement or as otherwise permitted by Customer in writing, and Workiva acquires no right, title, or interest from Customer or its Users to Customer Data, including any intellectual property rights therein.Any reports or documents generated through Customer's use of the Subscription Services in accordance with this Agreement will be owned by Customer.If such reports or documents include any pre-existing intellectual property owned by Workiva,Workiva hereby grants to Customer a worldwide, perpetual, nonexclusive, royalty-free license to copy, modify, Page 4 Main Terms and Conditions USVN 4.0 CONFIDENTIAL INFORMATION Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 Internal Workiva ID:00338656 create derivative works of and distribute, license and sublicense such pre-existing intellectual property to the extent made a part of Customer's reports or documents. 6.3 Feedback. If Customer or its Users provide Workiva with Feedback, Customer hereby grants Workiva a perpetual, irrevocable, royalty-free,fully paid-up,worldwide license to use such Feedback, and Workiva has the right, but not the obligation,to use such Feedback in any way without restriction or obligation to Customer.Workiva will be the exclusive owner of any modifications, enhancements,or derivative works of the Services resulting from Workiva's use of such Feedback. 7.0 Warranties; Disclaimers. 7.1 Mutual Representations and Warranties.Each party represents and warrants that:(a)it has,and throughout the Agreement Term,will retain,the full right,power,and authority to enter into the Agreement and perform its obligations hereunder,(b)the execution of the Agreement by its representative(s)has been duly authorized by all necessary corporate or organizational action of such party, and (c)when executed and delivered by both parties, an Order incorporating these Main Terms will constitute the legal, valid, and binding obligation of such party,enforceable in accordance with its terms. 7.2 Workiva Representations and Warranties.Workiva warrants: (a)that the Subscription Services will perform materially in accordance with the Documentation and the Agreement, (b)to use commercially reasonable efforts to correct material defects that are reported by Customer or its Users, (c)the Services will be performed in a timely, professional, and workmanlike manner with a level of care, skill, practice, and judgment consistent with commercially reasonable industry standards and practices for similar services,using personnel with the requisite skill,experience,and qualifications,and will devote adequate resources to meet Workiva's obligations under the Agreement, (d)the Documentation will be reasonably updated so that it continues to describe the Subscription Services and Services in all material respects, and (e) to the best of its knowledge, the Subscription Services do not contain code whose purpose is to disrupt,damage, or interfere with Customer systems,software, or Customer Data.Customer acknowledges and agrees that in order to receive the benefit of the stated service levels in the Order, and in order to reserve rights under this Section 7.2, Customer must remain in compliance with Workiva System Requirements set forth in the Documentation. 7.3 Compliance with Laws. (a) Each party represents and warrants that it shall at all times comply with all applicable regulations and good business practices when performing its duties under the Agreement, and that it shall take no action nor make payment that may constitute a violation of the foregoing acts. (b) If either party takes an action that violates applicable anti-bribery, anti-corruption, or anti-slavery laws and all associated and/or successor legislation and regulation, the non-violating party may immediately terminate the Agreement in accordance with Section 4.5(Termination for Material Breach)without any further obligation or liability hereunder. (c) Customer acknowledges that Workiva's product is of United States origin and thus cannot be accessed in countries or by Users that are subject to the U.S.Treasury Department's list of Specially Designated Nationals or the U.S.Department of Commerce Denied Persons List or Entity List (in either case, a "Sanctions List"). The parties agree to comply with all applicable export and import laws and regulations. Customer acknowledges that the Services may not be exported or re-exported to any countries on the Sanctions List.The Sanctions Lists are subject to change from time to time without notice and limitation.Workiva reserves the right and shall not be liable for blocking Users'access if they are located in any embargoed countries.In addition,Workiva may immediately suspend a User if Workiva discovers that such a User is subject to the Sanctions' Lists. Customer represents and warrants that Customer and any Customer director,officer,agent,employee,affiliate or other person associated with or acting on Customer's behalf or any of its affiliates or subsidiaries is not located in any such country or on any such list. (d) Customer acknowledges that the Services are not designed to handle data or include services subject to International Traffic in Arms Regulations and agrees not to store, transmit, or introduce any such information into the Services. Customer agrees that Customerwill not use the Services for any purposes prohibited by U.S.law,including terrorism,the development,design,manufacture, or production of missiles, or for development of nuclear,chemical,or biological weapons. 7.4 Customer Acknowledgments.As between the parties,Customer is solely responsible for obtaining all necessary rights and consents to enter Customer Data into the Subscription Services. Customer hereby represents and warrants that(a) Customer has Page 5 Main Terms and Conditions USVN 4.0 CONFIDENTIAL INFORMATION Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 Internal Workiva ID:00338656 sufficient rights to provide Customer Data to Workiva under the Agreement,and(b)Customer Data will not violate or infringe the rights of any third party.Customer further acknowledges that neither Workiva nor the Subscription Services is a primary system of record of Customer Data, and Customer shall regularly backup any files for which it intends as such. Subject to 7.2(b), if a malfunction in the Services is due to a problem with Customer hardware or software, Workiva will so inform Customer and it will be Customer's responsibility to obtain and pay for any required repairs or modifications. 7.5 Disclaimers. (a) EXCEPTAS SPECIFICALLY SET FORTH IN THE AGREEMENT,TO THE FULLEST EXTENT PERMITTED BY LAW,THE SUBSCRIPTION SERVICES AND SERVICES ARE PROVIDED"AS IS."WORKIVA, ITS LICENSORS,AND SERVICE PROVIDERS DO NOT MAKE ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING THE WARRANTIES OF DESIGN, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE ORARISING FROM A COURSE OF DEALING OR USAGE OF TRADE,AND WORKIVA EXPRESSLY DISCLAIMS ANYAND ALL SUCH WARRANTIES TO THE FULLEST EXTENT PERMITTED BY LAW. (b) Workiva does not warrant that the Subscription Services: (i) will be uninterrupted or error free; or (ii) will operate in combination with other hardware or software unless such hardware or software is Third Party Software or hardware or software expressly approved or recommended by Workiva. (c) Customer acknowledges and agrees that Workiva and its licensors are not responsible for:(i)the performance of Customer's or its Users'equipment, hardware, RPA, software, network, and internet connection; or(ii)delays, delivery failures, or other loss or damage resulting from the transfer of data over communications networks and facilities which are not owned by Workiva or under its direct control,including Customer's or its Users'connection to the internet,and Customer acknowledges that the Subscription Services may be subject to limitations,delays, and other problems inherent in the use of such communications facilities. 8.0 Infringement Indemnification. 8.1 Workiva Indemnification.Workiva will: (a) defend Customer from and against any claim by a third party alleging that the Subscription Services,when used as authorized under the Agreement,infringes such third party's patents,copyrights,or trademarks, and(b)in relation to such claim,indemnify and hold harmless Customer from any actual and reasonable costs and expenses incurred in cooperating with Workiva's defense of the claim and from any damages and costs awarded by a court or agreed to in settlement by Workiva(including reasonable attorneys'fees). 8.2 Customer Indemnification. Customer will (a) defend Workiva from and against a claim by a third party alleging that any Customer Data infringes such third party's patents, copyrights, or trademarks, and (b) in relation to such claim, indemnify and hold harmless Workiva from any actual or reasonable costs and expenses incurred in cooperating with Customer's defense of the claim and from any damages and costs awarded by a court or agreed to in settlement by Customer(including reasonable attorneys'fees). 8.3 Procedures for Indemnification. The obligations of the party required to indemnify pursuant to Sections 8.1 or 8.2 ("Indemnitor")are expressly conditioned on the party being indemnified ("Indemnitee"), (a)promptly notifying Indemnitor in writing of any such claim of which Indemnitee has actual knowledge (provided that failure to do so will only release Indemnitor from this obligation to the extent that such failure led to material prejudice),(b)granting Indemnitor sole control of the defense of any such claim and of all negotiations for its settlement or compromise in writing, provided that no such settlement or compromise may impose any monetary or other obligations on Indemnitee,and(c)reasonably cooperating with Indemnitor to facilitate the settlement or defense of the claim. 8.4 Replacement. Should the Subscription Services become, or if in Workiva's opinion are likely to become, the subject of a claim of infringement of a patent,trade secret,trademark, or copyright,Workiva may(i)procure for Customer,at no additional cost to Customer, the right to continue to use the Subscription Services, (ii) replace or modify the Subscription Services, at no cost to Customer, to make it non-infringing, provided that the same function is performed by the replacement or modified Subscription Services,or(iii)if in Workiva's judgment the aforementioned"(i)"and"(ii)"are not commercially feasible,terminate the Agreement(or the applicable Order)and grant Customer a pro-rated refund of any advance Fees paid applicable to the remainder of the Subscription Term. Page 6 Main Terms and Conditions USVN 4.0 CONFIDENTIAL INFORMATION Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 Internal Workiva ID:00338656 8.5 Combination. Workiva shall have no obligation under the foregoing with respect to: (i) the combination or use of the Subscription Services with any technology,software,hardware or services not provided by Workiva where the infringement would not have occurred but for such combination or use, unless there is no commercially reasonable non-infringing use of the Subscription Services without such use or combination,(ii)any claim that arises from Customer's non-compliance with Section 1.4,or(iii)any claim which would not have occurred but for Customer's modification. 8.6 Limitation. This Section 8 states the entire liability of Indemnitor with respect to third party infringement arising from the Services,Software,or Customer Data,or any parts thereof,and Indemnitor shall have no additional liability with respect to any alleged or proven infringement. 9.0 Disclaimer of Certain Damages and Limitation of Liability. 9.1 DISCLAIMER OF CERTAIN DAMAGES. EXCEPT AS SET FORTH IN THIS SECTION 9, TO THE FULLEST EXTENT PERMITTED BY LAW,IN NO EVENT WILL EITHER PARTY BE LIABLE TO THE OTHER FOR SPECIAL, INDIRECT,INCIDENTAL, CONSEQUENTIAL, PUNITIVE,OR EXEMPLARY DAMAGES IN CONNECTION WITH THE SERVICES,OR THE PERFORMANCE OR NONPERFORMANCE OF SERVICES OR ANY ORDER, REGARDLESS OF THE THEORY OF LIABILITY, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 9.2 Limit on Liability. EACH PARTY'S AGGREGATE LIABILITY UNDER THE AGREEMENT SHALL BE LIMITED TO THE ACTUAL AMOUNT PAID OR PAYABLE BY CUSTOMER DURING THE TWELVE (12)MONTHS PRIOR TO SUCH CLAIM(S) FOR THE SPECIFIC SERVICE(S) GIVING RISE TO SUCH CLAIM(S), PROVIDED WORKIVA'S LIABILITY FOR ITS BREACH OF ITS OBLIGATIONS UNDER SECTION 5 (CONFIDENTIALITY), EXHIBIT A(SECURITY STANDARDS),AND EXHIBIT B (DPA) SHALL BE LIMITED TO AN AMOUNT EQUAL TO TWO TIMES(2X)THE ACTUAL AMOUNT PAID OR PAYABLE BY CUSTOMER DURING THE TWELVE(12)MONTHS PRIOR TO SUCH CLAIM(S)FOR THE SPECIFIC SERVICE(S)GIVING RISE TO SUCH CLAIM(S). 9.3 Exclusions to the Limitation on Liability.The limitations in Sections 9.1 and 9.2 shall not apply to:(a)either party's indemnity obligations set forth in Section 8,(b)either party's gross negligence,fraud,criminal acts or willful misconduct,(c)Customer's payment obligations, and(d)liability arising out of Customer's obligations under Section 1.4. 10.0 Miscellaneous. 10.1 Public Announcements. Unless otherwise agreed by the parties in an Order, Customer hereby grants Workiva the right to use Customer's name and/or logo in Workiva's marketing materials,social media and websites. 10.2 Non-Solicitation. Each party recognizes that the other party's employees constitute valuable assets.Accordingly, neither party will, during the Agreement Term and for a period of one (1) year thereafter, directly solicit any of the other's employees for positions of employment or as consultants or independent contractors.Notwithstanding the foregoing,neither party is precluded from (a)hiring an employee of a party that independently approaches it,(b)indirectly soliciting the other party's employees through the use of a staffing agency, provided that the party has not provided the staffing agency with names or other information to facilitate the solicitation of the other party's employee or contractor, or(c)conducting general recruiting activities,such as participation in job fairs or publishing advertisement in publications or on websites for general circulation. 10.3 Relationship of the Parties.The parties agree they are independent parties.Neither party shall be considered to be a partner, joint venture,employer,or employee of the other under the Agreement.The Agreement creates no agency in either party,and neither party has any authority whatsoever to bind the other party in any transaction or make any representations on behalf of the other party. 10.4 Notice.Any notice or demand which is required to be given under the Agreement will be deemed to have been sufficiently given and received for all purposes when delivered by: (a) hand, (b) confirmed electronic transmission, (c) nationally recognized overnight courier, or(d)five (5) days after being sent by certified or registered mail, postage and charges prepaid, to the mailing address or e-mail address identified in the applicable Order, and to the attention of such other person(s)or officer(s)as either party may designate by written notice. 10.5 Governing Law.Without regard to its conflicts of laws principles,the laws of California govern all matters arising under or relating to the Agreement. Page 7 Main Terms and Conditions USVN 4.0 CONFIDENTIAL INFORMATION Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 Internal Workiva ID:00338656 10.6 Assignment. Neither party may assign the Agreement, or any of its interest herein,without the prior written consent of the other party, which consent may not be unreasonably withheld or delayed; provided, however, that no such prior approval shall be required for an assignment in connection with(a)a sale of all or substantially all of a party's business related to the subject matter of the Agreement, (b)any merger,sale of a controlling interest,or other change of control of such party,or(c)a party's assignment of all or part of its obligations under this Agreement to an Affiliate. In the event of assignment as mentioned in the previous sentence,the assigning party shall provide written notice as soon as is reasonably practicable.The Agreement applies to and binds the permitted successors and assigns of the parties. 10.7 Force Maieure. Neither party will be in default or otherwise liable for any delay in or failure of its performance under the Agreement if such delay or failure arises due to a Force Majeure Event.The parties will promptly inform and consult with each other as to any of the above causes which in their judgment may or could be the cause of a delay in the performance of the Agreement. 10.8 Injunctive Relief. Each party acknowledges and agrees that a breach, including an anticipatory or threatened breach, by either party of its obligations under Sections 5 or 6 may cause immediate and irreparable harm to the non-breaching party for which monetary damages may not constitute an adequate remedy.Accordingly,the breaching party acknowledges and agrees that the non- breaching party shall be entitled to seek injunctive relief for the breaching party's obligations herein,without the non-breaching party having to prove actual damages and without the posting of bond or other security. Such remedy shall not be deemed to be the exclusive remedy for the breaching party's breach of the Agreement,but shall be in addition to all other remedies available to the non- breaching party at law or in equity. 10.9 Third Parties. Based on the particular Services being provided, certain third party pass-through terms may be required to be accepted by Customer.Such third party terms will take precedence in cases of conflict with these Main Terms. No other third party will be a beneficiary of the Agreement or be entitled to directly enforce the terms of this Agreement, unless otherwise explicitly set forth in a mutually executed Order.Workiva may subcontract provision of Services to its Affiliates and to third parties provided that it will remain responsible for breaches of the Agreement caused by such third parties. 10.10 Electronic Storage. Electronic imaging and storage of the Agreement is permitted.The admissibility into evidence of such an image in lieu of the original paper version of the Agreement is valid.The parties stipulate that any computer printout of any such image of the Agreement shall be considered to be an"original"under the applicable court or arbitral rules of evidence when maintained in the normal course of business and shall be admissible as between the parties to the same extent and under the same conditions as other business records maintained in paper or hard copy form.The parties agree not to contest, in any proceeding involving the parties in any judicial or other forum,the admissibility,validity,or enforceability of any image of the Agreement because of the fact that such image was stored or handled in electronic form. 10.11 Survival.Neither expiration nor termination of the Agreement will terminate Customer's obligation to pay Fees due as further set forth in an Order, or those obligations and rights of the parties pursuant to provisions of the Agreement which by their express terms are intended to survive and such provisions will survive the expiration or termination of the Agreement.Without limiting the foregoing, the respective rights and obligations of the parties under Sections 1 (Services), 5 (Confidentiality), 6 (Ownership; Feedback), 7 (Warranties; Disclaimers), 9 (Disclaimer of Certain Damages and Limitation of Liability), 10 (Miscellaneous), and 11 (Definitions) of these Main Terms will survive the expiration or termination of the Agreement regardless of when such termination becomes effective. 10.12 Waiver.The waiver by either party of a breach or violation of any provision of the Agreement shall be in writing,and(unless otherwise agreed in writing)will not operate as, or be construed to be, a waiver of any subsequent breach of the same or any other provision hereof. 10.13 Enforceability.If any provision of the Agreement is held to be unenforceable for any reason,the unenforceability thereof will not affect the remainder of the Agreement,which will remain in full force and effect and enforceable in accordance with its terms.With respect to any unenforceable provision,the applicable arbitrator or court shall deem the provision modified to the extent necessary,in such adjudicator's opinion,to render such term or provision enforceable,and the rights and obligations of the parties will be construed and enforced accordingly, preserving to the fullest permissible extent the intent and agreements of the parties set forth herein. Headings in these Main Terms shall not be used to interpret or construe its provisions. 10.14 Order of Precedence.The following order of precedence will be followed in resolving any inconsistencies between the terms of these Main Terms and the terms of any Orders,exhibits, or other documents:first,Sections 1 —11 of these Main Terms, including Page 8 Main Terms and Conditions USVN 4.0 CONFIDENTIAL INFORMATION Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 Internal Workiva ID:00338656 the attached exhibits (which may give priority to Orders for certain purposes); second, terms contained in an Order; and third, the terms of any other documents referenced in any of the foregoing. 10.15 General. On the Effective Date, the Agreement supersedes all previous discussions, negotiations, understandings, and agreements between the parties with respect to its subject matter, including any non-disclosure agreements and/or obligations which will be expressly superseded in their entirety by Section 5 of these Main Terms, and constitutes the entire Agreement between the parties with regard to the subject matter herein.The Agreement will not be construed against either party as the purported drafter.The parties shall reasonably cooperate with each other to provide such further assurances as may be reasonably required to better evidence and reflect, or to show the ability to carry out the intent, purposes, and obligations of the Agreement. No oral statements or material not specifically incorporated herein will be of any force and effect.With the exception of any terms or conditions that have been accepted or acknowledged (electronically or otherwise) by Customer or a User via Workiva's website or the Subscription Services,no changes in or additions to these Main Terms will be recognized unless incorporated herein by amendment,or as mutually agreed in an Order, and signed by duly authorized representatives of both parties.The application of Customer's general terms and conditions in any vendor acknowledgement or Customer's other general purchasing conditions are hereby expressly excluded and objected to by Workiva.These Main Terms shall apply and supersede the pre-printed terms and conditions of any form submitted, in electronic format or otherwise,by either party. 10.16 CPRA. If the compensation to be paid by Customer under this Agreement exceeds $10,000, Workiva is subject to the examination and audit of the California State Auditor, as provided in Government Code section 8546.7, for a period of three years after final payment under this Agreement.This section survives the termination of this Agreement. (a) Customer's Auditor-Controller/Treasurer-Tax Collector, or their designee, is authorized to sign documents and give approvals necessary to the performance of this agreement,including but not limited to the validation or acceptance under Phase 4 of the Hourly Consulting provisions of the Agreement (https://www.workiva.com/ legal/consulting_07132023), to authorize renewals under the Order, and to agree to the schedule required under the Hourly Consulting Provisions of the Agreement. (b) Customer is subject to California's Constitution,Article I, section 3, subdivision (b), California's Public Records Act (California Government Code,Title 1, Division 10, beginning with section 7920.000) ("CPRA") and California's Ralph M. Brown Act (California Government Code,Title 5,Division 2,Part 1,Chapter 9,beginning with section 54950).Under those laws,Customer is not limited in any manner with respect to its public disclosure of this Agreement or any record or data that Workiva may provide to Customer. Customer's public disclosure of this Agreement or any record or data that Workiva may provide to Customer may include but is not limited to the following:(A)Customer may voluntarily,or upon request by any member of the public or governmental agency, disclose this Agreement to the public or such governmental agency.(B)Customer may voluntarily,or upon request by any member of the public or governmental agency,disclose to the public or such governmental agency any record or data that Workiva may provide to Customer, unless such disclosure is prohibited by court order. (C)Any marking of confidentiality or restricted access upon or otherwise made with respect to any record or data that Workiva may provide to Customer shall be disregarded and have no effect on Customer's right or duty to disclose to the public or governmental agency any such record or data. (c) If Customer receives a written or oral request under the CPRA to publicly disclose any record that is in Workiva's possession or control,and which Customer has a right,under any provision of this Agreement or applicable law,to possess or control, then Customer may demand, in writing, that Workiva deliver to Customer,for purposes of public disclosure, the requested records that may be in the possession or control of Workiva.Within five business days after Customer's demand,Workiva shall(a)deliver to Customer all of the requested records that are in Workiva's possession or control,together with a written statement that Workiva,after conducting a diligent search,has produced all requested records that are in Workiva's possession or control,or(b)provide to Customer a written statement that Workiva,after conducting a diligent search,does not possess or control any of the requested records.Workiva shall cooperate with Customer with respect to any Customer demand for such records. If Workiva wishes to assert that any specific record or data is exempt from disclosure under the CPRA or other applicable law, it must deliver the record or data to Customer and assert the exemption by citation to specific legal authority within the written statement that it provides to Customer under this section. Workiva's assertion of any exemption from disclosure is not binding on Customer, but Customer will give at least 10 days' advance written notice to Workiva before disclosing any record subject to Workiva's assertion of exemption from disclosure. 11.0 Definitions.The following capitalized terms used in the Agreement have the meanings set forth below: 11.1 "Affiliate" means any corporation, partnership, joint venture,joint stock company, limited liability company, trust, estate, association, or other entity the existence of which is recognized by any governmental authority, (collectively an "Entity")that directly or indirectly through one or more intermediaries, controls or is controlled by or is under common control with either Customer or Page 9 Main Terms and Conditions USVN 4.0 CONFIDENTIAL INFORMATION Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 Internal Workiva ID:00338656 Workiva or any Entity in which Customer or Workiva has any direct or indirect ownership interest,whether controlling or not, of at least 50%, at any time during the Agreement Term. For purposes of this definition the term "controls","is controlled by"or"under common control with"means the possession,direct or indirect,of the power to direct or cause the direction of the management and policies of such entity,whether through the ownership of voting securities,by contract or otherwise. 11.2 "Confidential Information" is information that relates to the disclosing party's or disclosing party's customers' business operations,financial condition,customers,products,services,or technical knowledge. 11.3 "Customer Data"means any data or information uploaded, inputted or edited by Customer or its Users(or by Workiva at Customer's or a User's request)into the Subscription Services, including fonts,documents, RPA and other content. 11.4 "Documentation" means the manuals, specifications, and other materials describing the functionality, features, and operating characteristics of the software,available at support.workiva.com, including any updates thereto. 11.5 "Feedback" means any comments, suggestions, or other feedback provided by Customer or its Users regarding the Services. 11.6 "Fees"means fees for Services as set forth in an applicable Order. 11.7 "Force Majeure Event"means a delay or failure that arises due to any reason beyond a party's reasonable control,including pandemics,earthquakes,floods,fires, acts of civil,governmental,regulatory,or military authority,terrorism, riots,or failures or delays in transportation or communications. 11.8 "Named Affiliate"means Customer Affiliates named in an Order that has been executed by Customer. 11.9 "Order"may refer to either a Subscription Order or Statement of Work(collectively,"Orders"). 11.10 "Professional Services"means setups,trainings, and other professional services provided by Workiva as set forth in an applicable SOW. 11.11 "Robotic Process Automation"or"RPA"refers to robotic process automation,computer scripts,or any similar type of non- human Users introduced by Customer or Customer's Users into the Subscription Services. 11.12 "Services"means Subscription Services and Professional Services. 11.13 "Statement of Work"or"SOW"means an ordering document for Professional Services. 11.14 "Subscription Order"means an ordering document for Subscription Services. 11.15 "Subscription Services" means subscription based access, exercisable through Customer's Users, to Workiva's cloud based software programs which are made up of Workiva's proprietary software,incidental downloadable software created by Workiva, support, and applicable Third Party Software, as more adequately described in the applicable Subscription Order, and the Documentation. 11.16 "Third Party Software"means software and services made part of the Subscription Services but authored by a third party, including,Google and Amazon Web Services. 11.17 "Usage Data"is any data(other than Customer Data)relating to or derived from the operation or Customer's usage of the Services. 11.18 "Users" means employees of Customer, Customer Affiliates or third parties of Customer that are provided with (or that Workiva provides at Customer's request)user identifications and passwords to Customer's account. Users may include consultants, contractors,agents,and third parties with which Customer,or a Customer Affiliate,transacts business. Page 10 Main Terms and Conditions USVN 4.0 CONFIDENTIAL INFORMATION Docusign Envelope ID:B6C07DCB-AD00-486D-B57E-F00572EE35D9 Internal Workiva ID:00338656 IN WITNESS WHEREOF,by signing below the parties agree to be bound by the foregoing Main Terms. M/0rkiV, Sprndby: County of Fresno � w By: B 8102DD77C0454E3... Name: Ernest Buddy Mendes Name: 11 I<1 i ndt Chairman of the Board of Supervisors EVP and CFO Title: of the rnunty of FrPcnn Title: January 6, 2025 Date: January 28, 2025 Date: ATTEST: BERNICE E.SEIDEL Clerk of the Board of Supervisors County of Fresno,State of California By Deputy Page 11 Main Terms and Conditions USVN 4.0 CONFIDENTIAL INFORMATION Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 Internal Workiva ID: EXHIBIT A SECURITY STANDARDS 1.0 Workiva Information Security Standards. 1.1 Workiva will maintain a comprehensive information security program ("Workiva Security Program")which includes administrative, technical and physical safeguards to protect Customer Data. Workiva safeguards are maintained to protect Customer Data based on commercially reasonable and industry standard resources available to Workiva and the type of the Customer Data.The Workiva Security Program is designed to: (a) Protect the availability,integrity and confidentiality of Customer Data; (b) Protect against any anticipated threats or hazards to the confidentiality, integrity, and availability of Customer Data; (c) Protect against any unlawful unauthorized access,unlawful use,disclosure,alteration,or destruction by Workiva of Customer Data;and (d) Protect against any accidental loss,destruction,or damage to Customer Data. 1.2 Workiva will also monitor,evaluate and modify the Workiva Security Program to ensure: (a) Use of industry standard technology pertinent to the protection of Customer Data; (b) Commercially reasonable updates to the Services,Subscription Services,Workiva Security Program or Workiva's systems,based on relevant changes in internal procedures for the protection of Customer Data,or as necessary to comply with applicable law;and (c) Workiva relevant internal changes to Workiva's technical environment including third parties, outsourcing arrangements,infrastructure and information systems. 2.0 Governance.Workiva will maintain a governance program which includes: 2.1 Compliance with the baseline of security controls for a Software as a Service(SaaS)Cloud Service Provider 2.2 Policies and procedures based on the NIST Cybersecurity Framework, ISO 27001:2013, and other industry standard frameworks; 2.3 Data classification; 2.4 Geo-location options for storage of Customer Data; 2.5 Risk management;and 2.6 Third party security risk management. 3.0 Access Controls.Workiva will maintain policies,procedures and logical controls designed to: 3.1. Limit access to Workiva facilities and systems where those systems are limited to authorized persons; 3.2. Limit Workiva employees'access to Customer Data by enforcing segregation of duties; 3.3. Protect from unauthorized access to Customer Data; 3.4. Remove or restrict Workiva employees'access to Customer Data in a timely manner when access thereto is no longer required to perform Services,or upon Customer request; 3.5. Require multi-factor authentication through Federated Service for Workiva access to Customer Data for the provision of Services;and. 3.6. Maintain a password policy within NIST guidelines (i.e., 12 character, alpha, special, numeric with two factor authentication). Page 12 Main Terms and Conditions USVN 4.0 CONFIDENTIAL INFORMATION Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 Internal Workiva ID: 4.0 Human Resource Security.Workiva will maintain security and privacy policies and procedures for Human Resource including: 4.1. Performing pre-employment background screening commensurate with such employee's level of access to data, subject to applicable law; 4.1. Requiring all employees sign non-disclosure agreements; 4.2. Annual security and privacy role-based training (including requirements of the Workiva Security Program, the importance of securing Customer Data,and how to diagnose phishing attacks);and 4.3. Promoting a culture of security awareness through periodic training,phishing assessments,blogs and programs which reward security best practices. 5.0 Physical and Environmental Security.Workiva will maintain controls that are designed to protect from unauthorized access and against environmental hazards,including: 5.1. Controlled access to Workiva facilities; 5.2. Inheritance of Physical and Environmental security controls from FedRAMP Moderate compliant Infrastructure as a Service(laaS)and Platform as a Service(PaaS)CSPs. 5.3. Logging and monitoring of access and unauthorized access to Workiva facilities and systems; 5.4. Camera monitoring of Workiva facilities; 5.5. Temperature,fire protection,humidity monitoring of Workiva facilities;and 5.6. Uninterrupted power supplies to Workiva facilities to maintain normal working conditions in compliance with our Business Continuity Plan. 6.0 Secure Development Lifecycle.Workiva will maintain policies and procedures which will reasonably assure that development is done with commercially reasonable security practices including: 6.1. Secure development policies; 6.2. Secure development training; 6.3. Configuring systems and network devices in accordance with Workiva hardening guidelines; 6.4. Development with code review for releases using tools for Static Application Security Testing (SAST) and Dynamic Application Security Testing(DAST); 6.5. Vulnerability management and remediation within timelines within policy timelines; 6.6. Segregation of duties for development review and release management; 6.7. Vulnerability testing which includes OWASP Top 10,CWE and SANS Top 25;and 6.8. Workiva has and will maintain a formal change management program with segregation of duties. 7.0 Monitoring.Workiva will provide network, system and application monitoring including servers, disks and Security events for any potential problems designed to: 7.1. Review changes to systems and infrastructure; 7.2. Review changes which handle systems,authentication authorization and auditing; 7.3. Review privileged access to Workiva systems; 7.4. Review access to Workiva production environment including abnormal access;and 7.5. Engage third party vulnerability and penetration testing for Workiva systems environment on a regular basis with a report available for customers. Page 13 Main Terms and Conditions USVN 4.0 CONFIDENTIAL INFORMATION Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 Internal Workiva ID: 7.6. Participate in the FedRAMP Continuous Monitoring Program which includes monthly vulnerability scanning and remediation,annual third party assessments and penetration testing. 8.0 Encryption.Workiva will provide reasonable assurance of the protection of Customer Data through encryption algorithms within NIST guidelines,which includes: 8.1. Transmission encryption using AES 128 with TLS 1.2; 8.2. Encryption at rest using AES 256;and 8.3. Full disk encryption on all hard drives with access to production data with AES 256. 9.0 Incident Response. Workiva will maintain an incident response policy with procedures to provide Customer with reasonable assurances that Workiva can respond to any type of security event or breach,and which includes: 9.1. Roles and responsibilities with a team and a dedicated leader which is tested annually; 9.2. Methods for investigation and escalation assessing the event to determine the risk the event poses including proper escalation; 9.3. Processes regarding internal communications, reporting and notification and external reporting and notification to customers without undue delay, and in any case, where feasible, notify within forty-eight (48) hours of Workiva's discovery of any incident involving the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Customer Data(to facilitate timely notification Customer must register and maintain an up-to-date email with notice to security@workiva.com; where no such email is provided, Customer acknowledges that the means of notification shall be at Workiva's reasonable discretion); Appropriate documentation of the event, incident and investigation of what was done and by whom with authorization for later analysis and possible legal action;and 9.4. Creation of appropriate documentation of the incident and performance of an investigation and audit for root cause analysis and remediation with authorization for later analysis and possible legal action, provided, however,Workiva's obligations in this Section 9.4 do not apply to incidents resulting from an act or omission of Customer,including,without limitation,a Customer's failure to maintain the security and confidentiality of User credentials. 10.0 Contingency Planning.Workiva will maintain policies and procedures for the response and or recovery of an emergency or other occurrence either natural or pandemic that could damage or affect systems, and the environment of customer data.Such procedures include: 10.1.Data resiliency through redundancy to recover data, 10.2.Regular data backups, including annual testing of the backup and restoration procedures; 10.3.Business Continuity and Disaster Recovery plan which is communicated and made available within an event to minimize the impact and or loss of vital resources; 10A.Annual testing of the Business Continuity Plan and Disaster Recovery Plan(Executive Summary available to Customer upon request);and 10.5.Auditing of the Disaster Recovery test. 11.0 Audit and Testing. 11.1.So that Customer can verify Workiva's compliance with the DPA and these Security Standards, upon Customer's request, Workiva shall provide to Customer (at Workiva's expense) the following: (a) Cloud Security Alliance Consensus Assessments Initiative Questionnaire (CAIQ); (b) SOC 1 Type II; (c) SOC 2 Type II; (d) ISO/IEC 27001:2013:Certification; (e)Workiva Information Security Policies;and(f)Web Application Vulnerability Assessment and Penetration Testing of Workiva equivalent, non-production environment which includes: (i)network scanning; (ii) improper input handling (e.g., cross site scripting, SQL injections, XML injection, and cross site flashing); (iii)weak session management; (iv) insufficient authentication; (v)insufficient authorization; (vi) data validation flaws and data integrity;(vii)OWASP Top 10;and(viii)CWE/SANS Top 25(collectively,the"Reports"). 11.2.If the Reports provided are insufficient to demonstrate Workiva's compliance with the DPA or the Security Standards, at Customer's expense Workiva shall also provide written responses(on a confidential basis)to reasonable requests Page 14 Main Terms and Conditions USVN 4.0 CONFIDENTIAL INFORMATION Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 Internal Workiva ID: for information related to Workiva's processing or security of Customer Data, including responses to information security and audit questionnaires, no more than once in any twelve(12)month period. 11.3.If Customer reasonably demonstrates that the information provided pursuant to Sections 11.1 and 11.2 is insufficient to demonstrate compliance with the DPA or the Security Standards,subject to Section 11.4,Customer may perform at customer's expense: (a) An audit in relation to Workiva's processing and security of Customer Data (which may also be performed by Customer's third party auditor,subject to Workiva's reasonable approval)("Audit"), or (b) A penetration test of an equivalent, non-production environment("Pen Test"). 11 A.Following receipt by Workiva of a request arising out of 11.3(a)or 11.3(b),Workiva and Customer shall mutually agree in advance on details of such Audit or Pen Test, including the start date, scope and duration, as well as reasonable conditions designed to mitigate potential risks to confidentiality,security,or other potential disruption of the Service or Workiva's business. Audits, Pen Tests and any information arising therefrom are deemed Workiva's Confidential Information. If Customer discovers any actual or potential vulnerability in connection with a Pen Test, Customer must immediately disclose it to Workiva and shall not disclose it to any third-party except as expressly permitted under the Agreement. Customer shall immediately notify Workiva with information regarding any material noncompliance discovered during the course of an Audit. Customer acknowledges that Audits and Pen Tests will be performed at Customer's own expense,with thirty(30)days advance written notice to Workiva,during normal business hours(unless otherwise mutually agreed upon in advance for Pen Tests),no more than once in any twelve(12)month period,subject to Workiva's reasonable security and confidentiality requirements,and solely to the extent the exercise of rights under Section 11.3 would not infringe Applicable Data Protection Laws. 12.0 Disposal.Workiva has policies and procedures to provide reasonable assurance to the appropriate disposal of Customer Data including: 12.1.Secure shredding of printed documents and Customer Data;and 12.2.Secure destruction of Customer Data with a certificate of destruction provided by Workiva. 13.0 Endpoint Devices.Workiva has policies,procedures and technical controls to protect endpoint devices including: 13.1.Malware protection with automated updates and centralized tracking and management, and regular updates and patches; 13.2.Full Disk Encryption(mitigating control as Customer Data is not stored on endpoint devices); 13.3.Regular updates and patching of the Subscription Services,Workiva's systems and browsers;and 13.4.No write to removable media(USB). 14.0 Malware and Patching.Throughout the Agreement Term and in accordance with standard industry practice,Workiva will: 14.1.Perform regular monitoring for security patches; 14.2.Apply patches in a timely manner after testing through change control;and 14.3.Regularly update systems and networks with new releases. 15.0 Shared Security Model. Customer acknowledges the security of the Subscription Services is a shared responsibility between Workiva and Customer.Accordingly, it is Customer's responsibility to administer controls as recommended by commercially reasonable security frameworks. Technical security, as outlined in this Exhibit, is the responsibility of Workiva. It is the responsibility of Customer to(i)promptly report to Workiva any suspicious activities related to Customer's Subscription Services account(e.g., a user credential has been compromised), and (ii)appropriately configure User and role-based access controls, including scope and duration of User access,taking into account the nature of its Customer Data. Page 15 Main Terms and Conditions USVN 4.0 CONFIDENTIAL INFORMATION Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 Internal Workiva ID: EXHIBIT B DATA PROCESSING AGREEMENT 1.0 Purpose of the DPA.This DPA is intended to satisfy the requirement for an obligatory contract between Customer and Workiva with regard to Workiva's Processing of Customer Personal Data on behalf of customer in connection with Workiva's provision of Services under the Agreement and in accordance with the requirements of Applicable Data Protection Law.Each party shall comply with the obligations that apply to it under Applicable Data Protection Law. 2.0 Definitions.For the purpose of this DPA,these terms shall mean the following: 2.1 "Applicable Data Protection Law" shall mean the laws and regulations of the United States, the European Union, the European Economic Area("EEA")and/or their member states,Switzerland,the United Kingdom, and/or Canada as applicable to the Processing of Customer Personal Data as set forth in Attachment 1 of this DPA, including but not limited to, the General Data Protection Regulation (Regulation(EU)2016/679) ("GDPR"),the GDPR as saved into United Kingdom law by virtue of Section 3 of the United Kingdom's European Union(Withdrawal)Act 2018 and the United Kingdom Data Protection Act 2018(collectively the"UK GDPR"), the Swiss Federal Act on Data Protection ("FADP"), and the California Consumer Privacy Act of 2018, Cal. Civ. Code § 1798.100-.199, as amended by the California Privacy Rights Act of 2020("CCPA"). 2.2 "Authorized Personnel" means (a) Workiva employees and Workiva Affiliates' employees who have a need to know or otherwise access Customer Personal Data for the purposes of performing applicable Services;and(b)Workiva's contractors,agents, and auditors who have a need to know or otherwise access Customer Personal Data to enable Workiva to perform the Services. 2.3 "Controller"means the entity which determines the purposes and means of the Processing of Personal Data. 2.4 "Customer Personal Data"means Personal Data that is Customer Data. 2.5 "Data Privacy Framework"or"DPF"means the EU-U.S.Data Privacy Framework("EU-U.S.DPF"),the UK Extension to the EU-U.S.DPF("UK Extension"),and the Swiss-U.S.Data Privacy Framework("Swiss-U.S.DPF")as set forth by the U.S.Department of Commerce,as set out at:https://www.dataprivacyframework.gov/. 2.6 "Personal Data"means any data relating to an identified or identifiable natural person. 2.7 "Process"or"Processing'means any operation or set of operations which is performed upon Personal Data,whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission,dissemination or otherwise making available,alignment or combination,restriction,erasure or destruction. 2.8 "Processor"means the entity which Processes Personal Data on behalf of the Controller. 2.9 "Personal Data Breach" means a breach of Workiva's security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of,or access to,Customer Personal Data transmitted,stored or otherwise Processed. 2.10 "Sell","Share", and"Service Provider"shall have the same meaning as the terms are defined in the CCPA. 2.11 "Standard Contractual Clauses"or"SCCs"means the clauses for the transfer of Personal Data from the EEA to non-EEA countries that do not provide an adequate level of data protection approved by the European Commission Implementing Decision of 4 June 2021, as currently set out at: his://eur-lex.europa.eu/eli/dec impl/2021/914/oi?uri=CELEX:32021 D0914. 2.12 "Sub-processor"means a Workiva Affiliate or authorized third party service provider engaged by Workiva in the provision of Services under the Agreement and Processes Customer Personal Data. Sub-processors include Workiva Affiliates: https://www.workiva.com/legal/support-affiliates and third party service providers: https://www.workiva.com/legal/sub-processors. 2.13 "Supervisory Authority"means any data protection authority defined under Applicable Data Protection Law. 2.14 "UK Data Transfer Addendum" means the international data transfer addendum to the Standard Contractual Clauses approved by the UK Information Commissioner's Office as set forth in Attachment 2 of this DPA. 3.0 Processing of Customer Personal Data. Page 16 Main Terms and Conditions USVN 4.0 CONFIDENTIAL INFORMATION Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 Internal Workiva ID: 3.1 Roles of the Parties. The parties acknowledge and agree that with regard to the Processing of Customer Personal Data under the Agreement, Customer is a Controller or a Processor,Workiva is a Processor, and that Workiva or Workiva Affiliates will engage Sub-processors pursuant to Section 7 of this DPA. 3.2 Workiva as a Processor.As between the parties,all Customer Personal Data Processed by Workiva on behalf of Customer under the terms of the Agreement shall remain the property of Customer.During the Agreement Term,Workiva shall Process Customer Personal Data in accordance with Customer's written instructions and as permitted in the Agreement and this DPA.To the extent such Customer Personal Data is not so categorized on the applicable Order, SOW or otherwise in writing, Customer Personal Data and business purposes of processing are as set forth in Attachment 1 of this DPA.Customer Personal Data may be Processed by Workiva and its Sub-processors in the United States,the UK,the EEA or other locations around the world provided that the transfer of Customer Personal Data will comply with this DPA and Applicable Data Protection Law. If Workiva reasonably believes there is a conflict with any Applicable Data Protection Law and Customer's instructions, Workiva will immediately inform Customer and the parties shall cooperate in good faith to resolve the conflict and achieve the goals of such instruction.Where required under the relevant Applicable Data Protection Law,Workiva shall maintain a record of all Processing activities carried out on Customer Personal Data on behalf of Customer in accordance with Applicable Data Protection Law. Workiva's data privacy team can be contacted via email at privacy(a)workiva.com. 3.3 Data Subject Requests; DPIAs; Prior Consultations.Workiva shall provide reasonable and timely assistance to Customer (at Customer's expense)to enable Customer to respond to (i) any request from a data subject to exercise any of its rights under Applicable Data Protection Law(including its rights of access, correction, objection, erasure and data portability, as permitted); and (ii) any other correspondence, enquiry or complaint received from a data subject, Supervisory Authority or other third party in connection with Workiva's Processing of the Customer Personal Data under the Agreement. If any such request, correspondence, enquiry or complaint is made directly to Workiva,Workiva shall promptly inform Customer by providing full details of the same unless otherwise prohibited. Workiva shall not rectify, erase, restrict, or respond to a data subject request itself, except that Customer authorizes Workiva to redirect the data subject request as necessary to allow Customer to respond directly.Workiva shall provide Customer with reasonable assistance(at Customer's expense)in support of a data protection impact assessment or prior consultation with any Supervisory Authority,solely in relation to Customer Personal Data,the Services and where the Customer would not otherwise have access to the relevant information. 3.4 Return or Deletion. Upon expiration or termination of the Agreement, at Customer's option,Workiva shall return or delete Customer Personal Data pursuant to Section 5.4 (Return and Destruction) of the Main Terms, except where Workiva is required to retain Customer Personal Data by applicable law. Until Customer Personal Data is returned or deleted, Workiva shall continue to comply with this DPA. 3.5 Customer Obligations.Customer shall ensure that its instructions comply with Applicable Data Protection Law.Customer is solely responsible for the accuracy, quality, and legality of(i)the Customer Personal Data provided to Workiva by or on behalf of Customer; (ii) how Customer acquired any such Customer Personal Data; and (iii)the instructions it provides to Workiva regarding the Processing of such Customer Personal Data.Customer represents and warrants that it has obtained all necessary consents and authorizations required under Applicable Data Protection Law to permit the Processing of Customer Personal Data and international transfer of Customer Personal Data(where applicable)from Customer to Workiva. 4.0 Transfer of Customer Personal Data. 4.1 Cross-Border Transfer.Workiva shall only transfer Customer Personal Data subject to the GDPR, UK GDPR, or FADP if it has taken necessary measures to ensure the transfer is in compliance with the Applicable Data Protection Laws and this DPA.Transfer mechanisms may include(without limitation)transferring such Customer Personal Data to a recipient: (a)in a country deemed by the European Commission, the UK Secretary of State or the UK GDPR, or the Swiss FADP as providing adequate protection for such Customer Personal Data,including a transfer pursuant to the(i)EU-US DPF and/or(ii)the UK Extension,(b)that has achieved binding corporate rules authorization in accordance with Applicable Data Protection Law, or(c)that has executed to the extent required the applicable standard contractual clauses adopted or approved by the European Commission, the UK Information Commissioner's Office("ICO"),or the Swiss Federal Data Protection and Information Commissioner("FDPIC"). 4.2 Data Privacy Framework. Workiva Inc. (Workiva's US entity) is certified under the Data Privacy Framework and where applicable,Workiva shall transfer EEA or UK Customer Personal Data to the U.S.pursuant to the EU-U.S.DPF and the UK Extension. Page 17 Main Terms and Conditions USVN 4.0 CONFIDENTIAL INFORMATION Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 Internal Workiva ID: If the DPF is no longer a legally acceptable mechanism for the transfer of EEA or UK Customer Personal Data to the U.S.,the parties agree that Workiva may transfer such Customer Personal Data to the U.S. pursuant to Section 4.3,4.4 and/or 4.6 of this DPA. 4.3 EEA SCCs.To the extent applicable,the Standard Contractual Clauses shall apply only to Customer Personal Data subject to the GDPR that is transferred to a recipient in a country not recognized by the European Commission as providing an adequate level of protection for such Customer Personal Data.The parties agree that by executing this DPA they are also executing the Standard Contractual Clauses together with the following additional terms: (a) Applicability.To the extent applicable,Module Two(Controller to Processor)of the Standard Contractual Clauses("Module Two SCCs")shall apply where Customer and/or its Named Affiliate is a Controller and a data exporter of Customer Personal Data, and Workiva is a Processor and data importer of such Customer Personal Data.To the extent applicable, Module Three(Processor to Processer)of the Standard Contractual Clauses("Module Three SCCs")shall apply where Customer and/or its Named Affiliate is a Processor and a data exporter of Customer Personal Data,and Workiva is a Processor and data importer of such Customer Personal Data.As used in this DPA,Standard Contractual Clauses or SCCs shall refer to Module Two SCCs and/or Module Three SCCs where appropriate. (b) Instructions. This DPA and the Agreement are Customer's complete and final documented instructions at the time of signature of the Agreement or this DPA(as the case may be)for the Processing of Customer Personal Data.Any additional or alternate instructions must be agreed upon separately.For the purposes of Clause 8.1(a)of Module Two SCCs and Clause 8.1(b)Module Three SCCs,the following is deemed an instruction by the Customer to Process Customer Personal Data:(i)Processing in accordance with the Agreement and this DPA; (ii) Processing to comply with other reasonable documented instructions provided by Customer(e.g., via email)where such instructions are consistent with the terms of the Agreement and this DPA. (c) Sub-processors. Pursuant to Clause 9 of the SCCs, Customer agrees that (i) Option 2: General Written Authorisation applies, (ii)Workiva's Sub-processors set forth in Section 7 of this DPA are authorized by Customer(or the relevant Controller), and (iii)Workiva may engage new Sub-processors as described in Section 7 of this DPA.The parties agree that sub-processing obligations pursuant to Clause 9(b)of the SCCs shall be carried out in accordance with GDPR Article 28 or applicable provisions of Applicable Data Protection Law.The parties agree that the copies of the Sub-processors agreements that must be provided pursuant to Clause 9(c) of the SCCs may have all commercial and confidential information, or clauses unrelated to the SCCs or the UK Data Transfer Addendum or their equivalent, redacted by Workiva beforehand;and,that such copies will be provided by Workiva, in a manner to be determined in its discretion,only upon written request by Customer. (d) Audits.The parties agree that the audits described in Clause 8.9 of the SCCs shall be carried out in accordance with Section 10 of this DPA. (e) Certification of Deletion.The parties agree that the certification of deletion of Customer Personal Data that is described in Clause 8.5 of the SCCs shall be provided by Workiva to Customer only upon Customer's request. (f) Docking Clause.The parties agree that Clause 7 of the SCCs shall apply. (g) Redress.The parties agree that the optional language in Clause 11 of the SCCs shall be deleted. (h) Jurisdiction.For Clause 17 of the SCCs,the parties select Option 2 and the law of the Netherlands.For Clause 18(b)of the SCCs,the parties agree to the courts of the Netherlands. (i) Annex 1.Annex 1 of the SCCs is as set forth in Attachment 1 of this DPA. 0) Annex 2. For the purposes of Annex 2 of the SCCs,the description of the technical and organizational security measures are those described in Workiva's"Security Standards"(as set forth in Exhibit A to the Main Terms). (k) Additional Terms for Module Three SCCs.Where Module Three SCCs are applicable,the parties agree to the terms of this Section. For the purposes of Clause 8.1(a), Customer hereby informs Workiva that Customer acts as a Processor under the instructions of the relevant Controller with respect of Customer Personal Data. Customer warrants that its Processing instructions as set out in the Agreement and this DPA, including its authorizations to Workiva for the appointment of Sub-processors in accordance with this DPA, have been authorized by the relevant Controller. Customer shall be solely responsible for forwarding any notifications Page 18 Main Terms and Conditions USVN 4.0 CONFIDENTIAL INFORMATION Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 Internal Workiva ID: received from Workiva to the relevant Controller where appropriate. For the purposes of Clause 8.6(c) and 8.6(d), Workiva shall provide notification of a Personal Data Breach to Customer. For the purposes of Clause 8.9, all inquiries from the relevant Controller shall be provided to Workiva by Customer. If Workiva receives an inquiry directly from a Controller, it shall forward the inquiry to Customer and Customer shall be solely responsible for responding to any such inquiry from the relevant Controller where appropriate. (iv) For the purposes of Clause 10 and subject to Section 3.3 of this DPA, Workiva shall notify Customer about any request it has received directly from a data subject without obligation to handle it (unless otherwise agreed), but shall not notify the relevant Controller. Customer shall be solely responsible for cooperating with the relevant Controller in fulfilling the relevant obligations to respond to any such request. 4.4 United Kingdom SCCs.To the extent applicable,the SCCs as set forth in Section 4.3 above and amended by the UK Data Transfer Addendum shall apply only to Customer Personal Data subject to the UK GDPR that is transferred to a recipient in a country not recognized by the UK Secretary of State or UK GDPR as providing an adequate level of protection for such Customer Personal Data, and where Customer and/or any Named Affiliates is a data exporter and Workiva is a data importer of such Customer Personal Data.Where applicable,Workiva will execute the UK Data TransferAddendum with its Sub-processors before the deadlines prescribed by the UK ICO.The parties agree that by executing this DPA they are also executing the UK Data Transfer Addendum(if applicable). 4.5 Switzerland SCCs.To the extent applicable,the SCCs as set forth in Section 4.3 above and amended in this Section 4.5 shall apply only to Customer Personal Data subject to the Swiss FADP that is transferred to a recipient in a country not recognized by the Swiss FDIC as providing an adequate level of protection for such Customer Personal Data, and where Customer and/or any Named Affiliate is a data exporter and Workiva is a data importer of such Customer Personal Data.The SCCs shall be deemed to be amended to the extent necessary to operate to provide appropriate safeguards for such transfers in accordance with the FADP, including the following: (a) Clause 13(a)(Supervision)and Part C of Annex I are not used;the"competent supervisory authority"is the Swiss FDPIC; (b) The term"Member State"cannot be interpreted to exclude data subjects in Switzerland from exercising their rights under the FADP; (c) The term'Personal Data"shall be deemed to include"personal data"to the extent such personal data is protected under the FADP;and (d) Any amendments required from time to time by the FDPIC in order to comply with the FADP,as further incorporated herein by written agreement. Workiva is certified under the Swiss-US DPF. The parties agree that if Switzerland recognizes the adequacy of the Swiss-US DPF, Workiva and applicable Sub-processors may transfer Customer Personal Data subject to the FADP to the U.S.pursuant to the Swiss- U.S.DPF instead of the SCCs. 4.6 Alternative Transfer Mechanism. If Workiva adopts an alternative data transfer mechanism approved and authorized by the relevant EU,Swiss,or UK authorities(including any new version of or successor to the SCCs, UK Data Transfer Addendum, Binding Corporate Rules, or other framework adopted pursuant to Applicable Data Protection Law) for the transfer of Personal Data ("Alternative Transfer Mechanism"),the Alternative Transfer Mechanism shall apply instead of any applicable transfer mechanism described in this DPA(but only to the extent such Alternative Transfer Mechanism complies with the GDPR, UK GDPR, and/or Swiss FADP and extends to the territories to which Personal Data is transferred). 5.0 CCPA.The parties agree that Workiva is acting solely as a Service Provider with respect to Customer Personal Data subject to the CCPA.Workiva shall not,within the meaning of the CCPA, as amended,except(a) as directed or authorized by Customer, or (b)for purposes as permitted by the CCPA or by Cal.Code Reg.§7051 (including any future revisions):(i)Sell or Share such Customer Personal Data; (ii)retain, use, or disclose Customer Personal Data for any purpose other than for the specific purpose described in Attachment 1;(iii)retain,use,or disclose Customer Personal Data for a commercial purpose other than those specified in Attachment 1; (iv)retain,use,or disclose Customer Personal Data outside of the direct business relationship between Customer and Workiva;or (v)combine Customer Personal Data with Personal Data it receives from any other source, including from data subjects themselves, except for business purposes or as otherwise permitted by the CCPA, as amended and including its implementing regulations. For the sake of clarity, such restrictions do not apply to Personal Data that has been de-identified and/or aggregated and is no longer capable of identifying an individual or Customer. Page 19 Main Terms and Conditions USVN 4.0 CONFIDENTIAL INFORMATION Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 Internal Workiva ID: 6.0 Security Controls. Workiva shall maintain administrative, physical, and technical safeguards for the protection of the security, confidentiality, and integrity of Customer's data and confidential and proprietary information, including Customer Personal Data, as further set forth in Workiva's "Security Standards" (as set forth in Exhibit A to the Main Terms).Workiva declares that its Security Standards are in line with GDPR Article 32.Workiva will regularly monitor compliance with the Security Standards.Workiva will not intentionally decrease the Security Standards during the Agreement Term. 7.0 Sub-processors. 7.1 Customer acknowledges and authorizes Workiva's use of its Sub-processors existing as of the Effective Date as set forth in Section 7.4 below.Customer hereby gives general authorization to new or replacement Sub-processors, provided Workiva follows the following procedure: (a) With respect to any new or replacement Sub-processor Workiva shall(i)execute a written agreement that obligates it to(1) protect such Customer Personal Data to the same extent as is required of Workiva by the Agreement, and(2)be in compliance with Applicable Data Protection Laws, and (ii)ensures such new Sub-processor is subject to industry-standard external security auditing (collectively,the"Conditions"). (b) Workiva agrees to provide Customer with notice at least thirty(30)days in advance of engaging any new or replacement Sub-processors to Process Customer Personal Data under the Agreement ("Sub-processor Notice") giving the Customer the opportunity to object.Such Sub-processor Notice may be provided by sending an email to the Account Administrator indicated in the applicable Order.The Sub-processor Notice shall include the name of the new or replacement Sub-processor,the services such Sub- processor will provide under the Agreement, and the geographic locations where Customer Personal Data will be Processed.Where applicable and upon Customer's request,Workiva agrees to provide a transfer impact assessment pursuant to Clause 14 of the SCCs and a copy of the SCCs executed by Workiva and the Sub-processor. (c) If Customer has a reasonable belief that such new Sub-processor cannot comply with the Conditions,Customer may provide written notice to Workiva within twenty (20) days of being informed of the engagement of the new Sub-processor, and the parties agree to work in good faith to resolve such issues.If such issues cannot be resolved,Customer may object to any new Sub-processor by terminating the applicable Order(s)with respect only to those services which cannot be provided by Workiva without the use of the objected-to new Sub-processor. Such termination will be made by providing written notice to Workiva. This termination right is Customer's sole and exclusive remedy if Customer objects to any new Sub-processor. For the avoidance of doubt,Customer will be deemed to have consented to such Sub-processor absent an objection within the stated time period. (d) Customer acknowledges that Workiva provides a standardized service to all customers which does not allow using different Sub-processors for different customers and,therefore,that the inability to use a particular new or replacement Sub-processors for the Services to the Customer may result in delay in performing the Services, inability to perform the Services or increased fees.Workiva will notify Customer in writing of any change to Services or fees that would result from Workiva's inability to use a new or replacement Sub-processors to which Customer has objected. 7.2 Workiva may replace a Sub-processor without advance notice where the reason for the change is outside of Workiva's reasonable control and prompt replacement is required for security or other urgent reasons.In this case,Workiva will inform Customer of the replacement Sub-processor as soon as possible following its appointment.Section 7.1 applies accordingly. 7.3 Workiva shall be liable for the acts and omissions of its Sub-processors to the same extent Workiva would be liable if performing the Services of each Sub-processors directly under the terms of this DPA. 7.4 A current list of Workiva's Sub-processors as may be used for Processing Customer Personal Data is available to Customer without charge on Workiva's website(Workiva Affiliates: https://www.workiva.com/legal/support-affiliates;third party Sub-processors: https://www.workiva.com/legal/sub-processors). Workiva will keep the Sub-processors list current and inclusive of any new Sub- processors and will make available to Customer the updated Sub-processors list upon request by Customer. 8.0 Personal Data Breaches.After becoming aware of a Personal Data Breach Workiva will(a)notify Customer of the Personal Data Breach without undue delay; (b) investigate the Personal Data Breach; (c) provide Customer with details about the Personal Data Breach; and (d)make reasonable efforts to prevent a recurrence of the Personal Data Breach.Workiva agrees to cooperate in Customer's handling of the matter by: (i) providing reasonable assistance with Customer's investigation; and (ii) making available relevant records,logs,files,data reporting,and other materials related to the Personal Data Breach's effects on Customer,as required Page 20 Main Terms and Conditions USVN 4.0 CONFIDENTIAL INFORMATION Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 Internal Workiva ID: to comply with Applicable Data Protection Law.Personal Data Breach does not include unsuccessful attempts or activities that do not compromise the security of Customer Personal Data, including unsuccessful log-in attempts, pings, port scans, denial of service attacks, or other network attacks on firewalls or networked systems. 9.0 Authorized Personnel. Workiva employees and employees of its Authorized Personnel that have access to Customer Personal Data are subject to appropriate background check procedures as further set forth in the Security Standards. If, in the Customer's reasonable and good faith opinion,one or more of Workiva's employees,or employees of its Authorized Personnel,poses a risk to the security of such Customer Personal Data, Workiva will immediately terminate access by such individual and assign different and qualified individuals.Workiva will ensure that its Authorized Personnel who are engaged in the Processing of Customer Personal Data under the Agreement have committed themselves to confidentiality and have received adequate training and instruction to allow them to comply with the terms of this DPA. 10.0 Audits.The parties agree that any audits regarding Workiva's compliance with the obligations set forth in this DPA, shall be conducted in accordance with Section 11 of Exhibit A to the Main Terms. 11.0 Government Access Requests. To the extent that Workiva receives a request from a relevant government authority responsible for national security and intelligence gathering ("Government Authority") to access Customer Personal Data in accordance with applicable law(including the Foreign Intelligence Surveillance Act),Workiva shall:(a) inform Customer of the request to the extent permitted by applicable law so that Customer may take all protective measures or action as appropriate, and Workiva agrees to provide reasonable assistance should it be required during the course of the procedure;and(b)disclose the requested data to the Government Authority without liability if applicable laws prohibit notification of the request to third parties,provided that Workiva shall furnish only such portion of the information that is legally required to be disclosed and only to the extent required by applicable law. For the avoidance of doubt, nothing in this DPA shall require Workiva to pursue action or inaction that could result in civil or criminal penalty for Workiva such as contempt of court. 12.0 Interpretation. The parties agree that when interpreting Applicable Data Protection Law in conjunction with each party's rights and obligations in this DPA, it shall be interpreted based on the applicable party's role in its Processing of Customer Personal Data. 13.0 Miscellaneous. (a) Conflicts. In the event of any conflict or inconsistency between this DPA and the Agreement, the terms of this DPA shall prevail. In the event and to the extent of any conflict or inconsistency between the body of this DPA and the SCCs or the UK Data Transfer Addendum,the SCCs or the UK Data Transfer Addendum shall prevail. (b) Severability. In the event any provision of this DPA, in whole or in part, is invalid, unenforceable or in conflict with the applicable laws or regulations of any jurisdiction, such provision will be replaced, to the extent possible, with a provision which accomplishes the original business purposes of the provision in a valid and enforceable manner, and the remainder of this DPA will remain unaffected and in full force. (c) Liability. Each party's and such party's Affiliates'liability,taken together in the aggregate,for breaches of this DPA shall be subject to the limitations and exclusions of liability set out in the Agreement. Page 21 Main Terms and Conditions USVN 4.0 CONFIDENTIAL INFORMATION Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 Internal Workiva ID: ATTACHMENT 1 TO EXHIBIT B ANNEX I TO THE STANDARD CONTRACTUAL CLAUSES A.LIST OF PARTIES Data exporter(s): [Identity and contact details of the data exporter(s)and, where applicable, of its/their data protection officer and/or representative in the European Union] Name:Customer,as this term is defined in the Agreement Address:As set forth in the Agreement Contact person's name,position and contact details:As set forth in the applicable Order to which the processing relates Activities relevant to the data transferred under these Clauses:Customer and its Named Affiliates provide Workiva with Personal Data in accordance with the Services more fully described in the Agreement. Signature and date:The parties agree that execution of the Agreement and certification by the data exporter in relation to the Workiva Services,shall constitute execution of these Clauses by both parties. Role(controller/processor):Controller or Processor as applicable Data importer(s):[Identity and contact details of the data importer(s), including any contact person with responsibility for data protection] Name:Workiva Inc. Address:2900 University Boulevard,Ames, Iowa 50010 Contact person's name,position and contact details:Privacy Team,privacy@workiva.com Activities relevant to the data transferred under these Clauses:Workiva will process the Personal Data as necessary to provide the Services as set forth in the Agreement. Signature and date:The parties agree that execution of the Agreement and certification by the data exporter in relation to the Workiva Services,shall constitute execution of these Clauses by both parties. Role(controller/processor): Processor B.DESCRIPTION OF TRANSFER Categories of data subjects whose personal data is transferred • Employees and contractors of Customer • Customer's Users whose Personal Data is provided by Customer to Workiva for the purpose of accessing and using the Subscription Services in accordance with the Agreement Categories of personal data transferred • Customer Personal Data provided by Customer and processed by Workiva in the course of providing the Services • User identification data such as business contact information(e.g., name,email address,phone number),and IP address Sensitive data transferred(if applicable)and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved,such as for instance strict purpose limitation,access restrictions(including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures. • No sensitive data will be transferred The frequency of the transfer(e.g. whether the data is transferred on a one-off or continuous basis). • Continuous basis Nature of the processing • Customer Personal Data will processed in the context of Workiva's performance of the Services as more fully set forth in the Agreement and DPA. • Customer Personal Data processed may be subject to the following basic processing activities:collect, record, organize, store,adapt,alter,retrieve, redact,consult, use,align or combine,block,erase or destruct,disclose by transmission, Page 22 Main Terms and Conditions USVN 4.0 CONFIDENTIAL INFORMATION Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 Internal Workiva ID: disseminate or otherwise make available Customer Personal Data as described herein,as necessary for Workiva to provide the Services and otherwise in accordance with Customer's instructions Purpose(s)of the data transfer and further processing • To provide Services to Customer in accordance with the Agreement • Processing of User'e-mail addresses to provide log-in credentials • Processing of Users' log-in credentials and IP address for authentication purposes and to provide Users access to the Subscription Services in accordance with the Agreement • Processing of Users'contact information and IP address to provide support • Hosting and storage of Customer Data that contains Customer Personal Data The period for which the personal data will be retained,or,if that is not possible,the criteria used to determine that period • Workiva will delete Customer Personal Data in accordance with Applicable Data Protection Laws,the Agreement and the provisions set out in the DPA(including the SCCs) For transfers to(sub)processors,also specify subject matter,nature and duration of the processing • Details relating to Workiva's Sub-processors are set forth in Section 7 of the DPA. C.COMPETENT SUPERVISORY AUTHORITY Identify the competent supervisory authoritylies in accordance with Clause 13 • Dutch Data Protection Authority(Autoriteit Persoonsgegevens of the Netherlands) Page 23 Main Terms and Conditions USVN 4.0 CONFIDENTIAL INFORMATION Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 Internal Workiva ID: ATTACHMENT 2 TO EXHIBIT B UK DATA TRANSFER ADDENDUM TO THE STANDARD CONTRACTUAL CLAUSES This Addendum has been issued by the Information Commissioner for Parties making Restricted Transfers. The Information Commissioner considers that it provides Appropriate Safeguards for Restricted Transfers when it is entered into as a legally binding contract. Part 1:Tables Table 1: Parties Start date The Effective Date as set forth in the Main Terms The Parties Exporter(who sends the Restricted Transfer) Importer(who receives the Restricted Transfer) Parties'details Customer,as the term is defined in the Workiva Inc. Agreement Key Contact Full Name(optional):Workiva Privacy Full Name(optional): Job Title:Workiva Privacy Job Title: Contact details including email: Contact details including email: privacyaworkiva.com Table 2:Selected SCCs,Modules and Selected Clauses Addendum EU SCCs ❑The version of the Approved EU SCCs which this Addendum is appended to,detailed below, including the Appendix Information: Date: Reference(if any): Other identifier(if any): Or ❑X the Approved EU SCCs, including the Appendix Information and with only the following modules,clauses or optional provisions of the Approved EU SCCs brought into effect for the purposes of this Addendum: Page 24 Main Terms and Conditions USVN 4.0 CONFIDENTIAL INFORMATION Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 Internal Workiva ID: Module Module in Clause 7 Clause 11 Clause 9a Clause 9a Is personal data operation (Docking (Option) (Prior (Time period) received from the Clause) Authorisation Importer combined with or General personal data collected Authorisation) by the Exporter? 1 N/A 2 Yes Yes No Option 2 As set forth in Section 7.1 of the DPA 3 Yes Yes No Option 2 As set forth in Section 7.1 of the DPA 4 N/A Table 3:Appendix Information "Appendix Information"means the information which must be provided for the selected modules as set out in the Appendix of the Approved EU SCCs(other than the Parties),and which for this Addendum is set out in: Annex 1A: List of Parties:As set forth in Attachment 1 of the DPA Annex 1 B: Description of Transfer:As set forth in Attachment 1 of the DPA Annex II:Technical and organisational measures including technical and organisational measures to ensure the security of the data:As set forth in Section 4 of the DPA Annex III: List of Sub processors(Modules 2 and 3 only):As set forth in Section 7 of the DPA Table 4: Ending this Addendum when the Approved Addendum Changes Ending this Which Parties may end this Addendum as set out in Section 19: Addendum when the Approved Addendum Importer changes Exporter ❑ neither Party Part 2:Mandatory Clauses Mandatory Clauses Part 2:Mandatory Clauses of the Approved Addendum, being the template Addendum B.1.0 issued by the ICO and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under Section 18 of those Mandatory Clauses. Page 25 Main Terms and Conditions USVN 4.0 CONFIDENTIAL INFORMATION Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 vvio r k I'Va ORDER: 072424-25912 Customer Reference: Details Count of Fresno "Customer°Shipping Payment Terms: Net 45 Ship To: 2281 Tulare Street#105 Subscription Term: January 28,2025-January 27,2028 Fresno,California 93721 (559)600-1351 Offer Valid Through: February 7,2025 Bill To: rocgarcia@fresnocountyca.gov Data Hosting Location: North America PO Reference#: Workiva Info Account Administrator Workiva Entity: Workiva Inc. Rochelle Garcia rocgarcia@fresnocountyca.gov Address: 2900 University Blvd.Ames, Iowa (559)600-1351 50010, U.S.A. ("Workiva") Legal/ legal(a�workiva.com Contract: +1 (515)663-4435 Invoicing: ar(a)accounting.workiva.com +1 (515)817-6109 Sales: samantha.yingling@workiva.com F-P January 28,2025 January 27,2026 SLED Audit Management Solution-Up to 10 Audits 1 January 28,2025 January 27,2026 SLED Financial Reporting Advanced-Over$213 Total Budget 1 Subscription Fees 95,000.00 January 28,2026 January 27,2027 SLED Audit Management Solution-Up to 10 Audits 1 January 28,2026 January 27,2027 SLED Financial Reporting Advanced-Over$213 Total Budget 1 Subscription Fees 99,750.00 January 28,2027 January 27,2028 SLED Audit Management Solution-Up to 10 Audits 1 January 28,2027 January 27,2028 SLED Financial Reporting Advanced-Over$213 Total Budget 1 Subscription Fees 104,737.50 Total $299,487.50 NOTES: Support:Attached as Exhibit A Service Levels:Attached as Exhibit B Invoicing:Subscription Fees are invoiced in advance and payable according to the Payment Terms. Fee Increases:Workiva may not increase the Subscription Fees under this Order during Customer's then current Subscription Term. Account; .nistrator:To ensure secure Customer account management,Customer shall designate one(1)employee(the "Account Administrator")who will provide access to its assigned Users and facilitate communication with Workiva's support staff. Terms and Conditions:This Order is subject to the Terms and Conditions agreed upon and executed by the parties hereto on or near the execution date. n:With at least thirty(30)days written notice prior to subsequent term Start Date,Customer may terminate this Order without cause.Customer will not receive a pro-rata refund and will remain responsible for any Fees associated with the then-current term.For avoidance of doubt,Workiva may not terminate this Order for convenience. Docusign Envelope ID:B6C07DCB-AD00-486D-B57E-F00572EE35D9 Wo r ld V 0 Pric,a Guarantee: Following the conclusion of the initial Subscription Term listed in the Order Details table above,the Fees for the Option Years will be set as detailed below.Customer will provide Workiva with its intent to exercise each Option Year with at least thirty(30)days written notice prior to the start date of the applicable Option Year.Option Years must be exercised consecutively following the expiration of the initial Subscription Term.Customer may only exercise the Option Years remaining if no Products have been added or removed from the Subscription Fees table above. Option Years: 01/28/2028—01/27/2029:$109,974.38 01/28/2029—01/27/2030:$115,473.09 Notwithstanding anything contrary in the Terms and Conditions,the pricing set forth in this Order has been agreed upon based on the parties'understanding that Customer's right to terminate without cause in the Terms and Conditions(if any)WILL NOT be accompanied by the right to receive a refund,credit,or reimbursement of any pre-paid fees for Subscriptions,Subscription Services,or access to the Software.Accordingly,the parties agree that this paragraph shall control even if it is in conflict with any language in the terms of the Terms and Conditions,notwithstanding any agreed upon order of precedence where resolving conflicts between an Order and the Terms and Conditions,the Terms and Conditions would prevail. Additional Terms:If there are any additional product descriptions not mentioned above and/or any additional terms apply to Workiva's provision of Services under this Order,such terms will be set forth below following the signature section of this Order. County of Fresno Workiva Ej Slynod by: SIGNATURE: NATURE: (i�, �vk NAME: Ernest Buddy MendeS NAME: Jill Klindt 81D2DD77CD4saE3... TITLE: Chairman of the Board of Supervisors TITLE: Executive Vice President and Chief Financial Officer of the County of Fresno January 6, 2025 DATE: January 28, 2025 DATE: ATTEST: BERNICE E.SEIDEL Clerk of the Board of Supervisors County of Fresno,State of California By 27 Deputy ADDITIONAL TERMS: Data Hosting Location:Notwithstanding anything to the contrary in the Terms and Conditions,Customer Data will be hosted in the location specified in the Data Hosting Location in the Order Details section above.Workiva will not move Customer Data to a different Data Hosting Location unless mutually agreed in advance and in writing.Any changes to Data Hosting Location requested by Customer and mutually agreed in writing may incur fees.At the time of signing,data is hosted by Amazon Web Services and Google. The parties agree that this Order will not automatically renew and will expire upon the end of the Subscription Term,at which time the End Client will no longer be able to access the Subscription set forth herein. WORKIVA SLED AUDIT MANAGEMENT SOLUTION-UP TO 10 AUDITS The Government Audit Management Solution for governmental agencies, institutions of higher education, and non-profit organizations includes access to Audit Management Workspace for users involved in the audit management process and the ability to add such users on an as-needed basis for teams up to 10 Audits.Includes Access to one Audit workspace. This includes access to Wdata and one(1)system connector for the Government Audit Solution for Audit Analytics.Total storage is limited to one hundred(100)GB.Queries are limited to one hundred and twenty(120)terabytes a year. "Audit"shall include all unique internal audit engagements performed as a part of an annual internal audit plan.The types of audits include financial,operational,compliance,information technology,fraud investigations,and advisory/consulting projects. Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 vvio r k I'Va WORKIVA SLED FINANCIAL REPORTING ADVANCED-OVER$213 TOTAL BUDGET The Financial Reporting Solution for governmental agencies,institutions of higher education,and non-profit organizations includes access to the SLED Financial Reporting Advanced workspace to enable the organization to streamline the creation of the following financial reports:Annual Financial Reports,Monthly,Quarterly,Financial Closing Packages for organizations with total budget over$26. This workspace includes Wdata and one(1)system connector for users involved in the budget reporting process and the ability to add such users on an as-needed basis.Total data storage of Wdata is limited to one hundred (100)gigabytes. Queries are limited to one hundred and twenty(120)terabytes processed per year. The Workiva Platform operates as a Software as a Service(SaaS)solution and offers tools and capabilities designed for the efficient management of adjusting entries and trial balances throughSecure File Transfer Protocol (SFTP)or Excel uploads and use a solution- based licensing(SBL)model that includes unlimited users.The Customer account administrator will have the capability to manage user access independently, including setting up new users, granting temporary access, and removing access without requiring Workiva's intervention. The system will allow the export of files to preferred formats (e.g., Word, Excel, PDF)and support offline work on local desktops with or without internet connectivity.Uploaded files in preferred formats will automatically update the original file in the platform. Additionally, the system will facilitate easy linking of supporting documentation through attachments or within reports, simplifying file reviews.It will support review and approval workflows,providing tools for ad-hoc task sign-offs,structured deadline-driven processes,and workflows with formal controls for approvals,commenting,and labeling of sections and comments.Reports will be customizable,including text,graphs,tables, pictures,and other formatting elements that can be linked directly to source documents.Workiva's implementation team will manage the platform configuration from kickoff to go-live,training the Customer on platform customization to meet future needs. ADDITIONAL TERM FOR PRODUCT DESCRIPTION(S) TO THE EXTENT THE PRODUCT DESCRIPTION(S)ABOVE CONFLICTS WITH THE TERMS OF THE TERMS AND CONDITIONS, AND,NOTWITHSTANDING ANY ORDER OF PRECEDENCE THEREIN,THE PARTIES AGREE THAT THE PRODUCT DESCRIPTION(S)IN THIS ORDER SHALL CONTROL. THE PRODUCT DESCRIPTION(S)AND THE TERMS OF THIS ORDER SHALL HAVE NO EFFECT ON ANY OTHER ACTIVE ORDER. Access Rights This Subscription Order provides access to Users of the Customer in the signature table above.For the avoidance of doubt,any User of any Customer Affiliate can contribute to any given report,but reports can only be created for the benefit of the Customer.Users may include Customer's Affiliates,consultants,contractors,agents and third parties with which Customer transacts business.Customer shall, from time to time and upon Workiva's request,provide Workiva with reasonable assistance to enable Workiva to verify Customer's compliance with the terms of this Order;if the Customer is out of compliance with the terms herein,Customer will be responsible for any fees associated with remedying such noncompliance. Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 vlorkiv" Exhibit A As copied from:httos://www.workiva.com/leoal/i)remiumsupport Premium Support PREMIUM PO . Guaranteed First Response Time-Global Support Team 2 Hours Global Workiva Supportt Included Workiva Platform Chat Supporttt Included Emergency Filing Services Included Service Level Management- Included On-Line Help, Learning Hub Training,&Workiva Community Included Customer Success Manager Included t24x7 Support available through the Support Center Ticket Portal, Phone or Email. ttChat support is available Monday-Friday during EMEA and US operating hours,excluding some holidays. Data processed within the chat feature is stored in the EU. -Critical issues raised with support which exhibit unexpected behavior will be escalated to software engineers for further remediation. Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 vlorkiv" Exhibit B As copied from:https://www.workiva.com/legal/service-level-commitment Service Level Commitment 1.0 Help Desk Operations:Workiva shall maintain a customer support team staffed with personnel to receive inquiries by telephone and e-mail twenty-four(24)hours a day,year round.All Critical Issues must be reported via telephone. Non-Critical Issues can be reported through any available support channel and will be responded to in alignment with our support response times. 2.0 Support Response Times:Workiva shall use commercially reasonable efforts to correct or provide a reasonable workaround to address all material errors that are identified in the Software pursuant to the chart below. WorkivaLrro r, Criteria •• Critical Errors preventing essential work Workiva Support will respond to initial call within thirty(30)minutes. from being done in the necessary Workiva will work to correct the issue or provide a reasonable work timeframes. around, providing status updates every two(2)hours.For any critical issues that are not resolved or for which a reasonable workaround is not provided within six(6)hours,the issue shall be escalated to a member of Workiva's Executive Management who will be personally involved in overseeing resolution. Workiva will work continuously(24x7)using diligent efforts on the request until the issue is resolved,an estimated time for resolution is determined or is determined unresolvable. Urgent Errors which cause impairment Respond to initial call or receipt of email within two(2)hours.Workiva will of the Software functionality that work to correct the issue or provide a reasonable workaround,providing cause Customer to suffer status updates every twenty-four(24)hours. If an Urgent Issue is not significant inconvenience in resolved,a reasonable workaround is not identified,a resolution has no performing day-to-day business estimated delivery time,or is determined unresolvable within four(4) functions. business days,the issue will be escalated to Critical. Standard Errors where there are problems Respond to initial call or receipt of email within two(2)hours.Considered of a cosmetic nature or which for next scheduled material upgrade of the Software. have an insignificant effect on Customer's operations. 3.0 Service Availability Commitment:The Software will be available 99.5%of the time,measured on a quarterly basis. Availability shall be calculated for the measurement period by dividing(a)the Baseline Uptime less Unscheduled Downtime by(b) the Baseline Uptime for the same period. 3.1 "Baseline Uptime"is the total number of minutes during the measurement period during which the Software is available for access and use by the Customer.Baseline Uptime excludes Scheduled Downtime and Excused Downtime. 3.2 "Scheduled Downtime"is the total time during the measurement period that the Software is not available due to planned maintenance. For more details on notice of Scheduled Downtime,see below. 3.3 "Unscheduled Downtime"is the total number of minutes during the measurement period during which the Software is not available for use by the Customer other than Scheduled Downtime and Excused Downtime.Unscheduled Downtime shall be measured from the time Customer first reports the outage to Workiva. 3.4 "Excused Downtime"is the total time during which the Software is not available for use by the Customer due to events outside of Workiva's control, including:(i)Customer side hardware or network issues,(ii)telecommunications outages,or(iii)other Force Majeure Events. 4.0 Scheduled Downtime:Workiva uses commercially reasonable efforts to perform all scheduled maintenance in a manner that does not typically require downtime. If downtime is required for maintenance, updates,or other fixes,it will occur during off-peak periods(usually 2am-5am Eastern Standard Time on Saturday or Sundays).With respect to scheduled downtime required by Workiva's service providers(e.g.,Google,Amazon),Workiva will provide notice to Customer within forty-eight(48)hours of receiving notice thereof from the applicable third party. 5.0 Uptime Credits: In the event that the availability of the Software for the applicable measurement period,as measured above, is below 100%,Customer shall be eligible for the service credits described below. Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 Wo r k iva Uptime Percentage Credits 99.5%and Greater 0%of quarterly Subscription Service Fees for applicable period Between 99.5 and 97.5% 10%of quarterly Subscription Service Fees for applicable period Between 97.5 and 95.5% 25%of quarterly Subscription Service Fees for applicable period Between 95.5 and 90.5% 35%of quarterly Subscription Service Fees for applicable period Less than 90.5% 50%of quarterly Subscription Service Fees for applicable period 6.0 Service Credits or Terminate for Refund.Customer may either elect to receive service credits or terminate the Agreement or the applicable Order,for a pro-rated refund of the fees remaining for the remainder of the Term. If Customer elects to receive service credits,they will be applied and offset future incurred Subscription Service Fees. If Customer elects to terminate the Agreement Workiva will provide a pro-rated refund within a commercially reasonable amount of time after such termination. In order to receive such refund,Customer must provide Workiva with thirty(30)days'written notice of its intent to terminate the Agreement due to the unavailability of the Software.Service credits or a refund shall constitute Customer's sole and exclusive remedy for the applicable outages. 7.0 Customer Must Request Service Credit. In order to receive any of the service credits described above,Customer must request the credits from Workiva in writing within thirty(30)days of the end of the applicable measurement period.Failure to so request the service credits will forfeit Customer's right to receive service credits for the applicable measurement period. 8.0 Alternative Filing Process.In the event of material outages of the Software,Workiva will maintain a process to support Customer's ability to continue processing and filing the external filings using alternate methods and/or supporting changes to the documents using processes similar to those used by other financial printers.To support these efforts,Customer shall regularly back up their files and Customer Data(at least daily)during the week prior to the anticipated filing. Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 vvio r k iv47 STATEMENT OF WORK: 072424-25912 Customer Reference: Billing Contact Workiva Info 1 County of Fresno "Customer Workiva Entity: Workiva Inc. 2281 Tulare Street#105 2900 University Blvd.Ames,Iowa 50010, Ship To: Fresno,California 93721 Address: U.S.A. (559)600-1351 "Workiva" Bill To: rocgarcia@fresnocountyca.gov Legal/Contract: legal workiva.com +1 515 663-4435 Payment Terms Net 45 Invoicing: ar accountin .workiva.com PO Reference#: +1 515 817-6109 SOW Start Date: January 28,2025 Offer Valid Sales: samantha.yingling@workiva.com Through: February 07,2025 Scoped Services Fees List Hourly Estimated Total Fees(Good Service Effective Date Role Hourly Rate Hours Faith Estimate) Rate January 28,2025 Consulting 350.00 231.00 52 USD 12,012.00 Total Estimate: 12,012.00 Payment Term for Scoped Services.Customer will be invoiced for the Services on a monthly basis for hours completed. Payment is due according to the Payment Terms.If Customer fails to perform any payment obligations hereunder and such failure remains un- remedied for fifteen(15)days,Workiva may suspend its performance until payment is received. Any required travel time for Hourly Services shall be billed at one-half of the applicable Hourly Rate. Any expenses in addition to travel time are included in the Hourly Rate. I Fixed Fee Services Service Effective Date Product Name Quantity Fees January 28,2025 Custom Document Setup Services 45 USD 7,425.00 January 28,2025 Data Management Suite Enablement 1 USD 5,775.00 January 28,2025 Audit Management Onboarding Service-Up to 1 Report Template 1 USD 15,444.00 Total 28,644.00 Payment Term for Fixed Fees.Customer will be invoiced in advance for the Fixed Fee Services and shall submit payment in accordance with the Payment Terms. NOTES: Effective Date:This Statement of Work will be effective upon the latter of the two signatures below. Expiration:Unless otherwise listed in the service(s)description,service(s)expire upon completion or one year from the Service Effective Date.The performance of Services beyond the expiration will be at Workiva's discretion. Resource Assignment:Workiva resources will not be assigned prior to the Service Effective Date,notwithstanding anything to the contrary in this Statement of Work. Additional Scope;Changes:Customer requested changes to the Services described in this Statement of Work may require a Change Order and,if applicable,additional fees. Communication:English is the governing language between Workiva and its Customers and Partners unless otherwise agreed or specified. Terms and Conditions:This Statement of Work is subject to the Terms and Conditions agreed upon and executed by the parties hereto on or near the execution date. and the Workiva Professional Services Addendum attached as Exhibit A. Additional Terms:Any additional product descriptions not mentioned above and/or any additional terms apply to Workiva's provision of Services under this Statement of Work,such terms will be set forth following the signature section of this Statement of Work. Docusign Envelope ID:B6CO7DCB-ADOO-486D-B57E-FOO572EE35D9 m rk County of Fresno WORKIVA Signed by'. SIGNATURE: SIGNATURE: �lt� UYLS1D2DD77CD454E3_ NAME: Ernest Buddy MendeS NAME: Jill Klindt TITLE: Chairman Of the Board of Supervisors TITLE: Executive Vice President and Chief Financial Officer of the County of Fresno DATE: .January 28, 2025 DATE: January 6, 2025 ATTEST: BERNICE E.SEIDEL Clerk of the Board of Supervisors County of Fresno,State of California By Deputy ADDITIONAL TERMS: _�.. . nf Workiva will perform the following scoped Service(s)for Customer in accordance with their associated descriptions. Consulting:Attached as Exhibit B Summary of Activities 1, EVALUATE: Plan for success by understanding current process,business requirements,and technical environment 2. REVIEW: Examine current source data structure and process of transferring information to management reports, financial documents,and/or regulatory report submissions 3. DELIVER:Provide recommendations based on Customer requirements,platform optimizations,and best practices 4. IMPORT AND FORMAT MAIN DOCUMENT:Import Annual Comprehensive Financial Report(ACFR)provided by Customer and as justified by Workiva-determined Onboarding Tiers. 5. SPREADSHEETS AND SAMPLE LINKING:Create Spreadsheet Sections for dates and complete sample linking of tables. 6. DATA REVIEW AND SAMPLE MAPPING:Review existing source data extracts and ensure mapping/formula work integrity is intact for a sample main statement table. 7. PROJECT MANAGEMENT:Initial discovery and design,ongoing project maintenance,and resource coordination throughout the implementation a. Support for Customer's Subscription and/or any Services not set forth in this SOW will be provided by Workiva's Customer Success team,based on the specifications agreed upon in the applicable order. Scope and Definition 1. Evaluate.Define the scope of reporting process(es): a. Identify and meet with stakeholders involved b. Define business and technical requirements for reporting process Provide recommendations for repeatable and sustainable process changes 2. Data Review. a. Complete review of data sources and usages:including file architecture,information flow,and analysis b. Conduct review of reporting documentation:including compliance documents,board or management presentations,and supporting documents C. Review data sources technical efficiency d. Discuss current workflow process and review,technical requirements i. Note:Discovery,design,and review sessions will not require hands-on-keyboard efforts by Workiva resources(s) ii. Data Management and/or integrations is not in scope for this Tiered Onboarding Service.if the Customer requires such services,those must be scoped and identified separately 3. Recommendations. Process recommendations to include: a. Optimized data structure that achieves repeatable and sustainable reporting b. Suggestions to increase reporting efficiency based upon automation of data feeds c. Workiva resource(s)may be consultative to the Workiva Platform,but cannot provide advisory services around the Customer's overall ACFR Reporting process d. A prioritized list of the expected benefits from the identified efficiencies e. An example demonstration or proof-of-concept highlighting proposed changes and recommendations f. Workiva resource(s)are not responsible for substantiating automating mapping formulas on behalf of the Customer.If such services are requested,those must be scoped and identified separately Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 vvio r k iva 4. Import and format main document. a. Import Annual Comprehensive Financial Report(ACFR)document as a Workiva Document in accordance with the following Tiers: i. Tier 1 or"Small":ACFR final report is up to one hundred and seventy-five(175)pages ii. Tier 2 or"Medium":ACFR final report is between one hundred and seventy-five(175)and three hundred and fifty(350)pages iii. Tier 3 or"Large":ACFR final report is exceeding three hundred and fifty(350+)total pages iv. Note:Workiva resources require a native.docx file for an efficient import.If the Customer cannot provide a consolidated.docx file,Workiva resource(s)may convert the consolidated.pdf for the document setup efforts which may lead to an elongated project timeline b. Set up document outline and break document into appropriate outline sections. C. Review text and tables for formatting accuracy(font style,font size,spacing,borders,shading). d. Set up default header and footer.Import and place graphics. e. Set up Table of Contents by formatting to auto generate page numbers,editing Table of Contents to auto generate page numbers,edit text to reflect current quarter and add hyperlinks to text. f. Note:Only linked data will be rolled forward.The remainder of the document content will be as imported. g. Import of historical data. 5. Spreadsheets&Sample Linking. a. Create an initial Spreadsheet that will be used for sample linking of dates and tables identified below. Customer may leverage this Spreadsheet for remainder of the linking after Workiva's sample linking has been completed b. Build a master Spreadsheet Section for dates.Workiva resource(s)will link dates on the main financial statements as identified below C. Customer is responsible for the linking dates throughout the remainder of the document. d. Example linking includes sample table linking of the Statements of Net Position table,Revenues Expenses and Changes in Net Position table for one(1)governmental fund. Example linking also includes sample linking of the Statement of Net Position table,Statement of Revenues,Expenditures,and Changes in Net Position table,and Statement of Cash Flows table for one(1)proprietary fund. e. Customer is responsible for the remainder of the linking for tables as well as in-text values 6. Data Review&Sample Mapping a. Review the Customer's current source data extracts that facilitate the account rollup to the Customer's current final table views established in the ACFR. b. Workiva resource(s)are not responsible for advising what data may be relevant for the Customer's reporting process. C. Using the newly created Workiva Spreadsheet used for linking of sample tables,Workiva resource(s)will work with the Customer to bring in existing source data extract(s)into the Workiva Spreadsheet as a separate Spreadsheet Section. d. Source data is preferred to be in flat file format and may be provided in native.xlsx or.csv format for import e. From the source data Spreadsheet Section,and using the Customer's Chart of Accounts,Workiva resource(s)will work with the Customer to ensure the mapping integrity is built out within the Workiva Spreadsheet for account rollup to one(1)sample tables(Statement of Net Position). i. If additional hours are remaining after completion of the deliverables identified herein,Workiva and the Customer may mutually agree to continue leveraging remaining hours towards mapping activities to additional tables such as the Statement of Revenues, Expenditures,and Changes in Net Position,etc. f. Customer will be trained on how to replicate overall mapping and will be responsible for additional table mappings,as needed 7. Project Management a. Create and maintain project plan b. Schedule and coordinate necessary meetings C. Project communication and correspondence d. Management of scope and budget e. Resource coordination f. Maintain status reports g. Risk identification and mitigation FIXED FEE SERVICE(S) Workiva will perform the following fixed fee Service(s)for Customer in accordance with their associated descriptions. Custom Document Setup Hours:Attached as Exhibit C Data Management Suite Enablement:Attached as Exhibit D Audit Management Enablement Onboarding Service:Attached as Exhibit E The following file has been identified as in scope and must be provided in native.docx format for import: a) County of Fresno ACFR.pdf of up to one hundred and fifty-seven(157)pages Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 vforkiv" Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 vlorkiv" Exhibit A As copied from:https://www.workiva.com/1egal/professionalserviceaddendum_1.2 Professional Services VN20240206 IF YOU SIGN AN ORDER FOR PROFESSIONAL SERVICES BY SIGNING SUCH ORDER,YOU AGREE THAT YOU HAVE READ, UNDERSTAND AND AGREE TO BE BOUND BY THE FOLLOWING: These Professional Services Terms shall supplement the Main Terms with respect to Workiva's provision of Professional Services to Customer.All terms used and not defined in herein will have the meaning given to them in the Agreement as defined in the Main Terms. 1.0 Professional Services.Professional Services will be scheduled following Workiva's receipt of a fully executed Order containing such Services,and such schedule will be determined between the parties based on SOW requirements and resource availability.Workiva personnel are available remotely(via telephone and internet)during normal business hours,Monday through Friday,between 8:00 a.m.and 5:00 p.m. local Customer time.Workiva's designated company holidays are not included in the normal business hours.A comprehensive list of Workiva's holidays will be provided upon request. 2.0 Assumptions for Professional Services.Customer shall reasonably cooperate with Workiva until the Professional Services are completed.Customer will provide Workiva with a single point of contact who will receive all communications regarding the Professional Services;failure to provide a single point of contact may result in an increase or change to the Professional Services scope,quote,and/or time to completion.The contact must have the authority to act for Customer in all aspects of the Professional Services, including but not limited to resolution of conflicting SOW requirements.Additionally,the contact will(a)provide timely access to Customer's technical and business points of contact as necessary for performance of Professional Services, and(b) obtain and provide project requirements,information,data,decisions,and approvals within three(3)business days of Workiva's request,unless otherwise agreed upon in writing. Failure to respond within such timeframe may impact the mutually agreed upon schedule of performance.Customer will back up its files and Customer Data prior to Workiva's commencement of the Professional Services. 3.0 Onsite Services.Whether any Professional Services will be performed onsite at a Customer facility will be subject to the parties'mutual agreement.Workiva has sole discretion of Workiva personnel's travel schedule and such travel will be during normal business hours.Workiva retains the right to book reasonable and customary travel through its corporate travel platform and such booking will be subject to Workiva Corporate Travel and Expense Policies.Customer point of contact must ensure that Workiva personnel have reasonable access to the intended Services location,internet connectivity,a safe working environment,adequate office space,and appropriate conference room facilities for meetings(including access to a projector and whiteboard).Customer must inform Workiva of any required Customer security measures prior to the commencement of the Professional Services performed onsite,and provide access to all necessary facilities as applicable. 4.0 Change Orders.The parties may enter into a written document to materially modify a Statement of Work or any Professional Services therein("Change Order").The Change Order will describe any proposed changes to Professional Services'scope,pricing, resources,and tasks;the reason for the change(s); related assumptions and Customer responsibilities;and the schedule and price impacts of the change.Workiva will draft the Change Order based on discussions with Customer.Only changes included in a Change Order signed by both Customer and Workiva referencing the Main Terms and the applicable Statement of Work will be implemented. Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 vlorkiv" Exhibit B As copied from:https://www.workiva.com/legal/consulting_07132023 Hourly Consulting Phase 1:Align The Align phase will set forth the expectations of the project through initiation of the Project Plan,which includes: • The establishment of stakeholder communication,alignment,and staffing with the Workiva and Customer project teams. • Customer's delivery of files and documents to Workiva for document setup and Customer's completion of required customer training. Phase 2:Solution During the Solution phase,Workiva and the Customer will collaborate as a project team to perform discovery and confirm Customer's project requirements.This will include design recommendations and a confirmation of the solution Workiva recommends for the Customer's review("Solution").Before proceeding to the Build Phase,Customer will be expected to review and,when applicable,provide feedback on and validate: 1)the discovery and design documentation,2)the finalized Project Plan,and,3)the Workiva's proposed solution. Phase 3:Build The Build phase will replicate the design, perform a unit test,and deliver the Solution within the customer's production account and implementation workspace.. • The build will align with the project scope and the Customer's Solution confirmation. • Workiva's Project Manager will collaborate with the Customer's project team to initiate a cutover plan and prepare for testing. Phase 4:Test During the Test phase,Customer will validate the operation of the Solution for design and build. Customer will perform user acceptance testing within the customer production account and implementation workspace.Workiva will perform any final revisions within agreed scope to the Customer's environment based on testing outcomes.Upon Workiva's completion of requested revisions to the build,the Customer will validate that the Solution is ready for go-live.Workiva will not perform any build modifications post acceptance under the associated Statement of Work. Phase 5:Go-Live In the Go-Live phase,Customer will finalize training for its end users.Use of the Workiva environment,specific to this Statement of Work,will be available upon or thereafter the start of this phase.The project implementation is complete and Customer's Solution will be supported by Workiva's Customer Success and Support teams.As such, it contains all of the Project Close activities for the combined project team. Project Management The objective of Project Management is to plan,manage,monitor,control,and execute the project activities and resources in such a way that they adhere to the schedule, budget,and scope,and are delivered with a high level of quality.Workiva will provide Project Management service,tools,processes,and practices for managing the scope of work and project change control processes to ensure consistency,accuracy,and timeliness during the project. As part of the Services,Workiva will fulfill the roles, responsibilities,and obligations associated with Project Management identified in the list below: 1. Create and maintain a project plan 2. Schedule and coordinate necessary meetings to support execution of the Statement of Work 3. Provide project communication and correspondence between Workiva's project team and the Customer project manager and project team 4. Manage project scope,schedule,and budget 5. Coordinate Workiva's resources to complete the project 6. Produce and maintain recurring status reports throughout the duration of the project 7. Identify and mitigate project risk Project Change Control The Statement of Work represents the requirements of the applicable service engagement at the time of signature.Changes to the requirements not reflected in the Statement of Work must undergo a process designed to capture,classify,and process them.Some changes may be sufficiently distant from the scope of work described in the Statement of Work to require a new Statement of Work or Change Order.All change requests(addition,modification,or deletion)are to be sent from the Customer to Workiva for evaluation. 1. Hourly estimates are based on the deliverables,formats,and documents provided during scoping. 2. Lack of Customer availability after the schedule has been mutually agreed upon may result in change order of requirements or additional hours. Project Assumptions and Dependencies 1. Implementation timeline will rely on a project plan with project assumptions and dependencies. 2. Timeline of phases is subject to change depending on the complexity,completion of prerequisites,and availability of both Customer and Workiva resources. 3. Providing required documents is a prerequisite for scheduling the Project Kickoff call. 4. Completing the assigned online Workiva training is a prerequisite for scheduling the Kickoff call. 5. Project planning and go-live date will be mutually agreed upon between Workiva and Customer based on completion of required deliverables,and availability of both Customer and Workiva resources. Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 vvio r k iva 6. Customer governance structure(in collaboration with the Workiva Project Manager)will ensure the project objectives are delivered as agreed upon,with appropriate validation from Customer contact(s). 7. Each phase will be deemed accepted upon conclusion of phase review call and written confirmation has been exchanged between Workiva and the Customer. Customer Responsibilities and Data Requirements 1. Solution specific training requirements must be completed by the core Customer Implementation Team,as identified during the Welcome Call,prior to Workiva Project Team being resourced. 2. Identification of Core Project Team with Sponsor,Project Manager/Owner/Lead,and Subject Matter Experts a. Provide a Customer Project Manager to support the coordination of resources,file gathering,file uploading,risk management,escalation procedures,and change management. b. Providing Subject Matter Expert(s)to assist in each of the following areas as coordinated by the customer project manager: i. Identifying business rules and resolving process discrepancies ii. Providing access to and troubleshooting(as needed)any technical systems/endpoints for purposes of integration or otherwise iii. Development of testing activities and performance of platform tests. iv. Training of Customer end users 3. Timely provision of requested solution files and documents.Customer is responsible for all end-user testing. a. Customer will schedule and manage appropriate personnel to execute test scenarios,script cases,and perform training to the larger organization. b. Customer will execute test scenarios and scripts cases at a consistent pace throughout the entire test phase according to the agreed-upon test plan and related processes. c. The Customer is responsible for all testing and validation. 4. Customer validation of adjustments resulting from solution build revisions and Go-Live ready solution 5. Customer owns end-user training and Q&A with support from their Customer Success Manager a. Customer end-users take online training according to their Training Plan b. Customer Training Team conducts instructor-led training according to their Training Plan 6. Customer maintains responsibility for the update,or production,of any documentation relating to internal procedures and controls.Workiva will provide advice and guidance related to use of the Platform. Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 vlorkiv" Exhibit C As copied from:https://www.workiva.com/legal/customdocsetup_l9176 Custom Document Setup Services 1. DESCRIPTION. Workiva will import Customer's requested Document(s).The requested setup has been estimated to require the quantity of hours specified below and the total fee is based on this estimate. Workiva will review text and tables for formatting accuracy(font style,font size,spacing,borders,shading).Set up headers and footers based on the provided document as applicable. Import and place graphics as applicable. 2. REQUIREMENTS. In order to perform the Setup Services,Customer documents must be provided in .docx or.pptx format,or be available for download from the SEC in HTML EDGAR format. 3. ADDITIONAL NOTES. The Setup Services shall be deemed accepted by the Customer forty-eight(48)hours after the Document Setup is complete.Customer must utilize these Setup Services within four(4)months of the later of the two signatures below or additional fees may apply. Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 vlorkiv" Exhibit D As copied from:https://www.workiva.com/legal/datamngste_2023083 Data Management Suite Enablement Phase 1:Align The Align phase will set forth the expectations of the project through initiation of the Project Plan,which includes: 1. The establishment of stakeholder communication,alignment,and staffing with the Workiva and Customer project teams. 2. Customer's delivery of files and documents to Workiva for document setup and Customer's completion of required customer training. Phase 2:Solution During the Solution phase,Workiva and the Customer will collaborate as a project team to perform discovery and confirm Customer's project requirements.This will include design recommendations and a confirmation of the solution Workiva recommends for the Customer's review("Solution").Before proceeding to the Build Phase,Customer will be expected to review and,when applicable,provide feedback on and validate: 1. the discovery and design documentation 2. the finalized Project Plan 3. Workiva's proposed solution Phase 3:Build The Build phase will replicate the design, perform a unit test,and deliver the Solution within the customer's production account and implementation workspace. 1. The build will align with the project scope and the Customer's Solution confirmation. 2. Workiva's Project Manager will collaborate with the Customer's project team to initiate a cutover plan and prepare for testing. Phase 4:Test During the Test phase,Customer will validate the operation of the Solution for design and build. Customer will perform user acceptance testing within the customer production account and implementation workspace.Workiva will perform any final revisions within agreed scope to the Customer's environment based on testing outcomes.Upon Workiva's completion of requested revisions to the build,the Customer will validate that the Solution is ready for go-live.Workiva will not perform any build modifications post acceptance under the associated Statement of Work. Phase 5:Go-Live In the Go-Live phase,Customer will finalize training for its end users.Use of the Workiva environment,specific to this Statement of Work,will be available upon or thereafter the start of this phase.The project implementation is complete and Customer's Solution will be supported by Workiva's Customer Success and Support teams.As such, it contains all of the Project Close activities for the combined project team. Project Manaoement The objective of Project Management is to plan,manage,monitor,control,and execute the project activities and resources in such a way that they adhere to the schedule, budget,and scope,and are delivered with a high level of quality.Workiva will provide Project Management service,tools,processes,and practices for managing the scope of work and project change control processes to ensure consistency,accuracy,and timeliness during the project. As part of the Services,Workiva will fulfill the roles, responsibilities,and obligations associated with Project Management identified in the list below*: 1. Create and maintain a project plan 2. Schedule and coordinate necessary meetings to support execution of the Statement of Work 3. Provide project communication and correspondence between Workiva's project team and the Customer project manager and project team 4. Manage project scope,schedule,and budget 5. Coordinate Workiva's resources to complete the project 6. Produce and maintain recurring status reports throughout the duration of the project 7. Identify and mitigate project risk *Note:This is a general list for project management services and may not be applicable to all Workiva services(enablement for example).Timelines provided will apply unless otherwise specified in the Solution specific SOW deliverables. Project Change Control The Statement of Work represents the requirements of the applicable service engagement at the time of signature.Changes to the requirements not reflected in the Statement of Work must undergo a process designed to capture,classify,and process them.Some changes may be sufficiently distant from the scope of work described in the Statement of Work to require a new Statement of Work or Change Order.All change requests(addition,modification,or deletion)are to be sent from the Customer to Workiva for evaluation. 1. Hourly estimates are based on the deliverables,formats,and documents provided during scoping. 2. Lack of Customer availability after the schedule has been mutually agreed upon may result in change order of requirements or additional hours. Project Assumptions and Dependencies 1. Implementation timeline will rely on a project plan with project assumptions and dependencies. 2. Timeline of phases is subject to change depending on the complexity,completion of prerequisites,and availability of both Customer and Workiva resources. 3. Providing required documents is a prerequisite for scheduling the Project Kickoff call. Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 vlorkiv" 4. Completing the assigned online Workiva training is a prerequisite for scheduling the Kickoff call. 5. Project planning and go-live date will be mutually agreed upon between Workiva and Customer based on completion of required deliverables,and availability of both Customer and Workiva resources. 6. Customer governance structure(in collaboration with the Workiva Project Manager)will ensure the project objectives are delivered as agreed upon,with appropriate validation from Customer contact(s). 7. Each phase will be deemed accepted upon conclusion of phase review call and written confirmation has been exchanged between Workiva and the Customer. Customer Responsibilities and Data Requirements 1. Solution specific training requirements must be completed by the core Customer Implementation Team,as identified during the Welcome Call,prior to Workiva Project Team being resourced. 2. Identification of Core Project Team with Sponsor,Project Manager/Owner/Lead,and Subject Matter Experts a. Provide a Customer Project Manager to support the coordination of resources,file gathering,file uploading,risk management, escalation procedures,and change management. b. Providing Subject Matter Expert(s)to assist in each of the following areas as coordinated by the customer project manager: i. Identifying business rules and resolving process discrepancies ii. Providing access to and troubleshooting(as needed)any technical systems/endpoints for purposes of integration or otherwise iii. Development of testing activities and performance of platform tests. iv. Training of Customer end users 3. Timely provision of requested solution files and documents.Customer is responsible for all end-user testing. a. Customer will schedule and manage appropriate personnel to execute test scenarios,script cases,and perform training to the larger organization. b. Customer will execute test scenarios and scripts cases at a consistent pace throughout the entire test phase according to the agreed-upon test plan and related processes. C. The Customer is responsible for all testing and validation. 4. Customer validation of adjustments resulting from solution build revisions and Go-Live ready solution 5. Customer owns end-user training and Q&A with support from their Customer Success Manager a. Customer end-users take online training according to their Training Plan b. Customer Training Team conducts instructor-led training according to their Training Plan 6. Customer maintains responsibility for the update,or production,of any documentation relating to internal procedures and controls.Workiva will provide advice and guidance related to use of the Platform. Data Review and Proposal: 1. 1-Hour Review Session with client on data files(s)from source system(s)that produce data report view 2. Identify with Customer,potential data restructure needs to ensure optimal setup 3. Provide documentation of proposed build structure and debrief session with client 4. Product Requirements: a. Customer will provide source data in a flat.csv or.tsv format. b. Data must be provided in a consistent format,with identifiable primary keys and sustainable column headers Hands-on Training Workshops: Data Management Enablement includes a high level process discussion and hands-on training by a Workiva instructor.The instructor will be a fundamental and technical expert of the Data Management Suite capabilities within the Workiva platform. The hands-on enablement is delivered remotely/virtually in the following schedule: 1. Session 1 —Connected Experience Overview(assumes 1 hour time commitment) a. What is the Connected Experience? b. Data Gathering and transformation C. Reporting on your data d. Workflows e. Connect,Transform, Report 2. Session 2—Tables&Queries Basics(assumes 1 hour time commitment) a. DMS basics(navigation,functionality,etc.) b. Data types and intake mechanisms C. Creation of tables i. Dimension vs Data d. Basic Query Writing i. Select fields ii. Joins iii. Filters iv. Parameters 3. Session 3—Chains Basics(assumes 1 hour time commitment) a. Chain basics(navigation,functionality,etc.) b. Building a Chain C. Scheduling d. Environments e. Grouping f. Chain Templates 4. Session 4—DMS Data Prep(assumes 1 hour time commitment) a. Data Prep Basics(navigation,functionality,etc.) b. Functional vs Technical Transformations C. Pipelines Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 vvio r k iva d. Mapping Groups e. Take home exercises(assumes up to 3-5 hour time commitment) i. Hands on exercises based on lessons learned from Sessions 1-4 f. Will include components surrounding: i. Tables ii. Queries iii. Connections iv. Chains V. Data Prep 5. Session 5—Troubleshooting(assumes 1 hour time commitment) a. Identifying Chain Errors b. When to engage and who to engage with at Workiva C. How to write a support ticket d. Community 6. Session 6—Capstone Experience/Q&A(up to 1.5 hour time commitment) a. Hands-on activity review b. Security C. Tables,Queries&Chain Permissioning d. Open Q&A for questions from the team e. Data Management Best Practices Data Management Enablement Exclusions: To ensure that timelines and the deliverables of this objective are met,Workiva resources will not perform any of the following activities: 1. Import and format source data into Tables 2. Build any customization to the queries built in the workshops 3. Build an integration/connection to client system 4. Build Chains and/or Data Prep to automate Client Processes 5. Perform installations or configurations of Chains GroundRunners 6. Provide functional analysis&design for the Workiva Solution 7. Provide technical analysis&design for the Workiva Solution Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 vlorkiv" Exhibit E As copied from:https://www.workiva.com/legal/auditmngtenableonboard_11082023 Workiva Audit Management Enablement Onboarding This description outlines the scope and definition of the services to be delivered as part of the Audit Management Enablement Onboarding implementation. The project scope of work below defines the specific activities,tasks,and deliverables included within this service agreement. Please note,any additional services or deliverables not specifically stated herein are considered"out of scope". The following description outlines the scope and definition of the Audit Management Enablement Onboarding service to be delivered as part of the Audit Management implementation. The project scope of work below defines the specific activities,tasks,and deliverables included. Please note,any additional services or deliverables not specifically stated in this description are considered "out of scope". Phase 1:Align The Align phase will set forth the expectations of the project through initiation of the Project Plan,which includes: 1. The establishment of stakeholder communication,alignment,and staffing with the Workiva and Customer project teams. 2. Customer's delivery of files and documents to Workiva for document setup and Customer's completion of required customer training. Phase 2:Solution During the Solution phase,Workiva and the Customer will collaborate as a project team to perform discovery and confirm Customer's project requirements.This will include design recommendations and a confirmation of the solution Workiva recommends for the Customer's review("Solution").Before proceeding to the Build Phase,Customer will be expected to review and,when applicable,provide feedback on and validate: 1. the discovery and design documentation 2. the finalized Project Plan 3. Workiva's proposed solution Phase 3: Build The Build phase will replicate the design,perform a unit test,and deliver the Solution within the customer's production account and implementation workspace.. 1. The build will align with the project scope and the Customer's Solution confirmation. 2. Workiva's Project Manager will collaborate with the Customer's project team to initiate a cutover plan and prepare for testing. Phase 4:Test During the Test phase,Customer will validate the operation of the Solution for design and build. Customer will perform user acceptance testing within the customer production account and implementation workspace.Workiva will perform any final revisions within agreed scope to the Customer's environment based on testing outcomes.Upon Workiva's completion of requested revisions to the build,the Customer will validate that the Solution is ready for go-live.Workiva will not perform any build modifications post acceptance under the associated Statement of Work. Phase 5:Go-Live In the Go-Live phase,Customer will finalize training for its end users.Use of the Workiva environment,specific to this Statement of Work,will be available upon or thereafter the start of this phase.The project implementation is complete and Customer's Solution will be supported by Workiva's Customer Success and Support teams.As such, it contains all of the Project Close activities for the combined project team. Project Management The objective of Project Management is to plan,manage,monitor,control,and execute the project activities and resources in such a way that they adhere to the schedule, budget,and scope,and are delivered with a high level of quality.Workiva will provide Project Management service,tools,processes,and practices for managing the scope of work and project change control processes to ensure consistency,accuracy,and timeliness during the project. As part of the Services,Workiva will fulfill the roles, responsibilities,and obligations associated with Project Management identified in the list below*: 1. Create and maintain a project plan 2. Schedule and coordinate necessary meetings to support execution of the Statement of Work 3. Provide project communication and correspondence between Workiva's project team and the Customer project manager and project team 4. Manage project scope,schedule,and budget 5. Coordinate Workiva's resources to complete the project 6. Produce and maintain recurring status reports throughout the duration of the project 7. Identify and mitigate project risk *Note:This is a general list for project management services and may not be applicable to all Workiva services(enablement for example).Timelines provided will apply unless otherwise specified in the Solution specific SOW deliverables. Project Change Control The Statement of Work represents the requirements of the applicable service engagement at the time of signature.Changes to the requirements not reflected in the Statement of Work must undergo a process designed to capture,classify,and process them.Some changes may be sufficiently distant from the scope of work described in the Statement of Work to require a new Statement of Work Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 w1orkiva or Change Order.All change requests(addition,modification,or deletion)are to be sent from the Customer to Workiva for evaluation. 1. Hourly estimates are based on the deliverables,formats,and documents provided during scoping. 2. Lack of Customer availability after the schedule has been mutually agreed upon may result in change order of requirements or additional hours. Project Assumptions and Dependencies 1. Implementation timeline will rely on a project plan with project assumptions and dependencies. 2. Timeline of phases is subject to change depending on the complexity,completion of prerequisites,and availability of both Customer and Workiva resources. 3. Providing required documents is a prerequisite for scheduling the Project Kickoff call. 4. Completing the assigned online Workiva training is a prerequisite for scheduling the Kickoff call. 5. Project planning and go-live date will be mutually agreed upon between Workiva and Customer based on completion of required deliverables,and availability of both Customer and Workiva resources. 6. Customer governance structure(in collaboration with the Workiva Project Manager)will ensure the project objectives are delivered as agreed upon,with appropriate validation from Customer contact(s). 7. Each phase will be deemed accepted upon conclusion of phase review call and written notice has been exchanged between Workiva and the Customer.. Customer Responsibility and Customer Data Requirements 1. Solution specific training requirements must be completed by the core Customer Implementation Team,as identified during the Welcome Call,prior to Workiva Project Team being resourced. 2. Identification of Core Project Team with Sponsor,Project Manager/Owner/Lead,and Subject Matter Experts a. Provide a Customer Project Manager to support the coordination of resources,file gathering,file uploading,risk management, escalation procedures,and change management. b. Providing Subject Matter Expert(s)to assist in each of the following areas as coordinated by the customer project manager: i. Identifying business rules and resolving process discrepancies ii. Providing access to and troubleshooting(as needed)any technical systems/endpoints for purposes of integration or otherwise iii. Development of testing activities and performance of platform tests. iv. Training of Customer end users 3. Timely provision of requested solution files and documents.Customer is responsible for all end-user testing. a. Customer will schedule and manage appropriate personnel to execute test scenarios,script cases,and perform training to the larger organization. b. Customer will execute test scenarios and scripts cases at a consistent pace throughout the entire test phase according to the agreed-upon test plan and related processes. C. The Customer is responsible for all testing and validation. 4. Customer validation of adjustments resulting from solution build revisions and Go-Live ready solution 5. Customer owns end-user training and Q&A with support from their Customer Success Manager a. Customer end-users take online training according to their Training Plan b. Customer Training Team conducts instructor-led training according to their Training Plan 6. Customer maintains responsibility for the update,or production,of any documentation relating to internal procedures and controls.Workiva will provide advice and guidance related to use of the Platform. 7. Workpaper template versions of the following provided in native Microsoft Office formats: a. Annual Audit Risk Assessment-(1 template) b. Annual Audit Plan-(1 template) C. Audit Announcement Memo-(1 template) d. Final Audit Report-(1 template) e. Quarterly Audit Committee Report-(1 template) i. For each type of audit engagement(e.g.financial,operational, IT,compliance,etc.),a completed template version provided in native Microsoft Office Document(.docx)or Powerpoint(.pptx)format. 8. A Workiva consultant(s)will be assigned after receipt of the above listed files and completion of the solution specific required training courses. 9. Below is a list of additional Customer data deliverables,if applicable,with acceptable file format in order for Workiva to execute the services mentioned herein.(if documents are not provided in the native,editable format shown in parentheticals next to each data deliverable type below,a Change Order will be required). Final versions of the following files are due within the first two (2)weeks of the project start date to ensure timely delivery. a. Open Existing issues/deficiencies/findings/observations/etc.data(.xlsx) 10. Customer is responsible for population of provided Workiva Standard Import Sheets,if necessary.Receipt of completed Standard Import Sheets is due before the'Build'phase to ensure timely delivery of the services listed herein. Imported data can include: a. Audit Program and Procedures b. Audit Test Steps and Attributes C. Audit PBC Imports 11. Database configuration validation is due within one(1)week of the Solution Confirmation session. If validation feedback is not received by this time,the onboarding process will be deemed complete. 12. Workiva Solution User Acceptance Testing(UAT)is due within(2)two weeks of the completion of the"Build"Onboarding Phase. If UAT is not completed by the agreed upon due date,the feedback provided up to that deadline will be deemed sufficient. Dependent key stakeholder resource(s)availability for implementation,training,or meeting schedules. Your core user's adoption is a key component to a successful implementation. In-Scope Services&Deliverables Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 vlorkiv" Workiva shall perform the following: 1. Map out current process and determine compatibility with Audit Data Model a. Compatibility determined if Customer's data set requires additional data types added to the Audit Data Model 2. Model and set up Customer audit data in Workiva Database according to Audit Data Model.This includes,but is not limited to, the following activities: a. Map Customer audit programs and procedures to Audit Data Model based on Solution Phase meetings with Customer b. Customize Audit Data Model for additional data types as needed to accommodate Customer's data that is not included in the Audit Data Model C. Configure forms based on Customer requirements 3. One(1)import of Customer's audit data to Workiva Database via Workiva provided standard import templates, if applicable 4. One(1)import of Customer's issue/deficiency and action plan data to Workiva Database. 5. Create five(5)custom Workiva Database reports identified as implementation requirements by the Customer 6. Import,format,and link Audit workpaper documentation within the Workiva Platform(Documents,Spreadsheets,and Presentations).This includes setup of workpaper template versions of the following: a. Annual Audit Risk Assessment-(1 template) b. Annual Audit Plan-(1 template) C. Audit Announcement Memo-(1 template) d. Final Audit Report-(1 template) e. Quarterly Audit Committee Report-(1 template) 7. Import standard Workiva Database reports and dashboards(see Appendix for full list of standard Workiva Database reports and dashboards). Project Assumptions and Dependencies 1. The implementation plan timeline expectations above are an estimate and are subject to change. 2. The"Discovery"phase above may span several weeks dependent upon the nature and extent of documentation to review with the Customer. 3. Customer's purchased Audit Management solution will be setup using one(1)Workiva Workspace, under the"Audit Management"solution type. 4. Additional services or deliverables not specifically stated in this description will be evaluated by Workiva and an additional Statement of Work or Change Order may be executed between the parties. Workiva Standard Reports and Dashboards Workiva Database standard reports: 1. [Connected Sheet]Final Report-utilized to link audit results to reports 2. Audit History-historical list of all audits performed by audit area 3. Audit Plan-overview of general audit information 4. Issues Log-details of issues found during testing 5. Leveraged SOX Control Testing-report to show related SOX control testing results 6. My Assigned Issues-user-centric report to show issues assigned to current user 7. My Audits-user-centric report to show listing of audits current user is working on 8. My Reviews-user-centric report to show listing of audits and/or procedures that a user has been assigned as a reviewer 9. PBC Requests-provides detailed view of PBC Requests and corresponding status 10. Procedure Results-report to demonstrate procedure status and conclusion 11. Time Log-detailed time tracking by audit Workiva Database standard administrative reports: 1. [Admin Only]Advanced Permissions-Data Listings-report available only to administrator users to allow for non-administrator users to see all data enumeration options 2. [Admin Only]Advanced Permissions-Reports-report available only to administrator users to provision reports for users and groups 3. [Admin Only]Current Year Report Filter-report required for maintaining the current year on Audit Program Year that feeds into the other reports 4. [Admin Only]Procedure Form Update-report available only to administrator(s)to change the procedure form layout 5. [Permissions]PBC Requests-report available only to administrator users to grant access to PBC Requests for users and groups Workiva Database standard dashboards: 1. My Dashboard-list of assigned audits and issues by current user 2. Audit Overview-audit information and status tracking 3. Issues-outlines all issues identified across all audits 4. Resource Management-tracks auditor responsibility and workload The list below includes the number of audit engagement types allotted to each Audit Management Onboarding service.The appropriate package is determined by the number of unique audit engagement types that are performed in the audit management process. 1. Audit Management Onboarding-Tier 1: 1 Type 2. Audit Management Onboarding-Tier 2:2 Types 3. Audit Management Custom Onboarding: More than 2 Types Docusign Envelope ID: B6C07DCB-AD00-486D-B57E-F00572EE35D9 vforkiv"