The URL can be used to link to this page

Home My WebLink AboutAgreement A-25-049 with Noble Software Group LLC.pdf Agreement No. 25-049 1 SERVICE AGREEMENT 2 This Service Agreement ("Agreement") is dated February 11, 2025 and is between 3 Noble Software Group LLC, a California limited liability company ("Contractor"), and the County 4 of Fresno, a political subdivision of the State of California ("County"). 5 Recitals 6 A. The County, through its Probation Department (Department), has determined 7 there is a need for specific software to bolster delivery of evidence-based program interventions 8 derived from a validated assessment tool. The Department intends to utilize this internet-based 9 licensing of, access to, and use of certain automated, evidence-based, risk-assessment 10 software applications, and related services, for the purpose of managing and monitoring adult 11 and juvenile probationers within Fresno County. 12 B. The Department has determined that its staff does not have the expertise to provide 13 these services and that the Contractor possesses unique capabilities to provide the services 14 requested by the Department. 15 C. The Department issued Request for Proposal (RFP) 25-012 on September 17, 2024, 16 Addendum Number One on October 7, 2024, and Addendum Number Two on October 11, 2024 17 (collectively, the RFP), which solicited proposals from qualified vendors to provide the 18 aforementioned services. 19 D. The Contractor responded to the RFP to provide such software assessment tools 20 through its software to the Department, and the Department has selected this Contractor as its 21 provider for these services. 22 E. The Contractor represents that it is qualified and willing to perform these services for the 23 Department. 24 The parties therefore agree as follows: 25 26 27 28 1 1 Article 1 2 Contractor's Services 3 1.1 Scope of Services. The Contractor shall perform all of the services provided in 4 Exhibit A to this Agreement, titled "Scope of Services." 5 1.2 Representation. The Contractor represents that it is qualified, ready, willing, and 6 able to perform all of the services provided in this Agreement. 7 1.3 Compliance with Laws. The Contractor shall, at its own cost, comply with all 8 applicable federal, state, and local laws and regulations in the performance of its obligations 9 under this Agreement, including but not limited to workers compensation, labor, and 10 confidentiality laws and regulations. 11 1.4 Definitions of Terms. 12 (A) For the purposes of this Agreement, the terms set forth below shall have the 13 following meanings: 14 (B) "Access" means the ability of County to operate accurately and effectively from 15 all its respective work environments, the Contractor-hosted Noble software 16 application, and the System. 17 (C) "Account Setup/Configuration" means the initial Access-related setup of each 18 County employee's information into Noble software application, and any other 19 System configurations activities, necessary to ensure proper access to full 20 functioning Noble applications and System as defined herein. 21 (D) "Anonymized" means Data Information that has been stripped of all identifying 22 information that can tie it to a specific individual such that said information cannot 23 thereafter be used to identify the individual. 24 (E) "Customization" means modifications to Noble software application to meet 25 specific County needs. 26 (F) "Data Information" means the physical, logical, electronic, magnetic, paper, 27 verbal, written or other confidential information and records that have been 28 entered or transferred into, or are stored in, Noble software application and 2 1 Systems, and storage devices related thereto, as well as any communications to 2 or from the County relating to its probationers and using Noble software 3 application and System in any way whatsoever. 4 (G)"Hosting" means providing and maintaining the facility that stores the physical 5 computer and network structure that (i) runs Noble software application, (ii) 6 stores and backs up the Data Information, (iii) secures the Data Information, and 7 (iv) makes the application and stored Data Information available to the County 8 through an internet-connected personal computer interface. 9 (H) "Integration" means a process provided by Contractor to County by which a 10 computer-controlled interface is created between Noble software application and 11 existing County case management systems, pursuant to which Data Information 12 is periodically transferred from one automated environment to another in a 13 secure manner. 14 (1) "Intellectual Property" means all intellectual property rights related to the 15 assets or businesses of Contractor, including: patents; copyrights; trade names; 16 trademarks; service marks; trade secrets; inventions; databases; names and 17 logos; trade dress; technology; know-how; and, other proprietary information and 18 licenses from third parties granting Contractor the right to use any of the 19 foregoing. 20 (J) The term "Intellectual Property" also includes: all computer applications, 21 programs and other software, including without limitation operating software, 22 firmware, middleware, and design software; all design tools, System 23 documentation and instructions; databases; product literature; artwork; design, 24 development and manufacturing files; formulations and specification; quality 25 records and reports; and, other books records, studies, surveys, reports, plans 26 and documents. The term Intellectual Property does not include the Data 27 Information. 28 3 1 (K) "Maintenance" means all updates and modifications to any and all applications, 2 underlying software, computer equipment, networks and operating systems, 3 done on either a periodic or an emergency basis, that are needed to maintain the 4 functionality, Security and operational viability of Noble software application and 5 the System. 6 (L) "Noble software application" is a collaborative rehabilitation management 7 system that will be integrated with Fresno County Probation's Probation Records 8 and Information Management System (PRI MS). Some of the commonly used 9 Juvenile assessments included in Noble Case Manager are PACT, R-PACT, 10 CARE-2, OYAS. PREA, and CRAFFT. While the commonly used Adult 11 assessments include SRNA, WRNA, ODARA, VPRAI, DRAOR, IDA, and PSA. 12 (M)"Security" means protection against the unauthorized use (including but not 13 limited to unauthorized downloading, unauthorized viewing, unauthorized copying 14 and unauthorized forwarding), loss, misuse and alteration of any County Data 15 Information under Contractor's control. 16 (N) "System" means the complete automated technological environment maintained 17 by the Contractor, which environment supports all aspects of Noble software 18 application, and makes said applications available to County users. System 19 includes, but is not limited to, servers, storage devices, networks, communication 20 hardware, operating systems, purchased software, developed software, 21 compilers, and backups. 22 (0)"Training" means the process of informing and familiarizing County personnel in 23 the use of Noble software application at sites and times determined by the 24 County. Training includes all Contractor staff, training materials and Systems 25 required to comprehensively communicate and instruct County employees and 26 partners. 27 28 4 1 1.5 Obligations of the Contractor. 2 (A) Contractor shall provide the use of certain automated, evidence-based, risk 3 assessment software applications, including Noble software application, and 4 supervised and/or unsupervised related services, for the purpose of managing 5 and monitoring applicable adult and juvenile persons within Fresno County, in 6 accordance with the Scope of Work, attached as Exhibit A and incorporated by 7 this reference. 8 (B) Contractor shall complete training activities associated with Noble software 9 application on the timeline determined by the County and communicated to 10 Contractor in writing. On-site training shall be conducted by Contractor in classes 11 with no more than thirty (30) trainees per class. 12 (C) County may request in writing that Contractor provide Customization services, or 13 other additional services, which request may be made at any time during the 14 term of this Agreement. Contractor shall supply performance timeframes for 15 requested services within thirty (30) days from receiving County's written request, 16 and Contractor shall initiate activity within thirty (30) days of receiving written or 17 email approval for same from County. 18 (D) In performing its obligations pursuant to the terms of this Agreement, including 19 but not limited to Contractor's obligations to provide Training, Customization and 20 Integration, Contractor shall meet or exceed each and every one of the following 21 standards of performance: 22 (1) County users shall be able to log on successfully and access Noble software 23 application Manager using Microsoft Edge, version 42 or greater or Google 24 Chrome, version 71 or greater, while running Microsoft Windows 10.0 or 25 greater from their workstations. Noble software application may be accessed 26 using mobile devices such as Apple Phone or Pad using iOS 11 or greater; 27 Android smartphones with OS Version 8 or greater from manufactures 28 Samsung, Google, LG, or Motorola. In the event the software doesn't render 5 1 adequately on outlined mobile devices, County and Contractor shall 2 collaborate to find a viable solution and or work around. 3 (2) The page navigation function of Noble software application shall work reliably 4 and accurately at all times; 5 (3) Noble software application shall perform reliably and with full functionality 6 when Data Information is entered or transferred or otherwise input into the 7 System; 8 (4) Data Information entered or transferred or otherwise input into the System 9 shall appear on-screen reliably and accurately when called-up by County 10 users utilizing Noble software application and; 11 (5) The search native to Noble software application shall reliably and accurately 12 return the correct records. 13 (E) Security: Contractor shall comply with all requirements of Exhibit E, Data 14 Security, and shall implement and maintain all Security policies, processes, 15 procedures, software and actions to protect and preserve County's Data 16 Information, and County's use thereof, including but not limited to the following: 17 (i) regular, complete backup of County's Data Information as well as all other 18 data needed to maintain the full functionality of Noble software application 19 together with County's use of the Data Information therewith; (ii) reliable recovery 20 processes and software; (iii) user identification and password encryption 21 procedures and software; (iv) effective and regularly updated firewall software; 22 (v) secure and encrypted Data Information communications systems and 23 procedures; and (vi) a secure operations center based on current industry 24 standards that is sufficient to prevent the loss and/or disclosure or transmission 25 of Data Information to unauthorized third parties. Access to Noble software 26 application shall be with an encrypted and valid User identification and password 27 combination. Password protected information shall be accessible only to 28 authorized County users. County Data Information shall not be communicated, 6 1 transferred or conveyed to any other entity, including State or Federal 2 governments, without the express written permission of the County. 3 (F) Confidentiality: Contractor acknowledges that any Data Information that may 4 come into Contractor's possession or knowledge pursuant to this Agreement or 5 pursuant to the performance of Contractor's obligations hereunder is confidential 6 and the unauthorized disclosure of said Data Information to, or use by, third 7 parties is hereby expressly prohibited. Contractor agrees: (i) to hold all Data 8 Information in the strictest confidence; (ii) not to make use of the Data 9 Information or any part thereof for any purpose other than the performance of 10 Contractor's obligations pursuant to this Agreement; (iii) to release the Data 11 Information only to authorized employees of Contractor or Subcontractors of 12 Contractor requiring such information, and only under such conditions and care 13 as will maintain and protect the confidentiality of the Data Information from 14 unauthorized disclosure by said employees or Subcontractors, and only after 15 obtaining a signed written agreement with said employees or Subcontractors to 16 protect the confidentiality of the Data Information; (iv) not to release or disclose 17 the Data Information to any other party without the prior written approval of the 18 County; and (v) to disclose to the County any breach or compromise of data 19 within 24 hours of such occurrence. Contractor further agrees to return all such 20 data information in non-obfuscated Microsoft SQL (.BAK) backup file format with 21 entire data base structure including all data tables and data transaction logs to 22 the County at the expiration or termination of this Agreement, as well as to 23 destroy any and all back-up copies and prior versions and/or formats of the Data 24 Information in Contractor's possession at such time. Contractor may aggregate 25 Data Information obtained from County using Noble products and services under 26 the terms of this Agreement for research and statistical purposes but only if (a) 27 the Data Information so used is anonymized and (b) such aggregation is 28 specifically authorized in writing by County. This section shall not impose any 7 1 obligation on the Contractor regarding any information that is: (1) publicly known 2 at the time of its disclosure; (2) already fully known to the receiving party at the 3 time it is furnished to such party by the Contractor, and such knowledge was 4 obtained in full compliance with the law and the provisions of the prior paragraph 5 hereinabove; or (3) independently developed by the receiving party without use 6 of the proprietary Data Information. 7 (G)Maintenance: Contractor shall at all times maintain Noble software application, 8 the System and Data Information, as well as maintain any Customization, 9 Implementation, and Integration performed for County in relation thereto. 10 Contractor's performance of its Maintenance obligations shall be undertaken and 11 completed in such a way that the operation and functionality of Noble software 12 application and the System shall not be negatively affected during regular 13 business hours. All required maintenance shall be at Contractor's sole expense 14 and will not be an additional cost to the County. 15 (H) Support: Contractor will establish, provide and maintain customer support of 16 Noble Case Manager and the System to the County. 17 (1) Contractor's customer support obligation shall include the following 18 communication channels: 19 (a) Telephone Support: Contractor shall maintain telephone 20 support from a help desk between 5:00 a.m. and 5:00 p.m. Pacific 21 Standard Time, to assist County in reporting problems and in provide 22 first-line support in the use and operation of Noble software 23 application and the System. 24 (b) Internet Email: Contractor shall maintain an email address for the 25 express purpose of providing customer support to County, which 26 email address shall be support@noblesg.com. Contractor shall 27 maintain email support during Regular Business Hours to 28 8 1 assist County in reporting errors and in providing first-line support in 2 the use and operation of Noble software application and the System. 3 (2) Contractor and County agree that County's point of contact for Maintenance 4 and support of Noble software application and the System shall be 5 designated staff from the County, who will act as the support liaisons 6 between Contractor and County. 7 (3) Contractor shall at all times make a reasonable effort to provide modifications 8 or additions to correct errors in Noble software application and the System, 9 as reported by County to Contractor. Upon notification from County of an 10 error, whether via telephone or email, Contractor will assign a priority level to 11 the error, which priority level shall be determined according to the following 12 criteria: 13 (a) Priority A: An error that results in Noble software application and the 14 System being substantially or completely nonfunctional or 15 inoperative. Contractor agrees to provide a correction or"work- 16 around" solution to Priority A errors within two (2) business days after 17 said error is first reported to the Contractor, and a full solution to such 18 errors no later than fifteen (15) business days after said error is first 19 reported to the Contractor. 20 (b) Priority B: An error that results in Noble software application and the 21 System operating or performing other than as represented, but which 22 does not have a material adverse impact on the performance of 23 Noble software application and the System. Contractor agrees to 24 provide a correction or "work-around" solution to Priority B errors 25 within seven (7) business days after said error is first reported to the 26 Contractor, and a full solution to such errors no later than thirty (30) 27 business days after said error is first report to the Contractor. 28 9 1 (4) Contractor will make all reasonable efforts to correct any and all errors or 2 provide a work-around solution for each priority level and, if a work-around is 3 the immediate solution, will make reasonable efforts to provide a final 4 resolution of the Error. 5 (1) Continued development of Noble software application: Contractor shall continue 6 in its efforts to improve Noble software application without: (i) impacting Noble 7 software application's evidence-based efficacy; (ii) changing Noble application 8 software's operational usability (requiring additional training); (iii) requiring the 9 County to incur greater costs than outlined in this Agreement; or (iv) putting at 10 risk the statistical validity of Noble software application. Contractor's 11 improvements may be cosmetic, may include added features, and may involve 12 the release of new versions of the original tool or modifications thereto. 13 Contractor shall notify the Department at least 48 hours in advance of any 14 updates or changes to the software that will render the software inaccessible. 15 The notification shall include the specific time frame during which the software 16 will be inaccessible. Notifications shall be sent via email to: 17 probationautomationassistance(a)-fresnocountyca.go� . 18 Article 2 19 County's Responsibilities 20 2.1 The County shall compensate Contractor as set forth in Article 3 of this 21 Agreement, and shall monitor the outcomes achieved by the Contractor. 22 2.2 The County shall maintain a primary contact person for the coordination and 23 communication of Agreement-related activities and payments. 24 2.3 The County shall make available on-site training facilities to accomplish all necessary 25 Training. 26 2.4 The County understands and acknowledges that Contractor will not be liable 27 for network-related problems not under Contractor's control, and attributable to the 28 operation of Noble software application on the County's network. 10 1 2.5 The County agrees that this Agreement is for license and access to Noble software 2 application only and that no title to said applications passes to County. 3 2.6 The County may not export Noble software application, or any of Contractor's other 4 tools, instruments or applications, without the prior written consent of Contractor. 5 2.7 The County shall not assert any ownership rights over the Intellectual Property. 6 County agrees not to modify, de-compile, disassemble, re-configure, reverse 7 compile, reverse assemble, or reverse engineer the intellectual Property, and further 8 agrees not to distribute or disclose the Intellectual Property, or to use or copy the 9 intellectual Property, except as expressly permitted under this Agreement. County 10 acknowledges that the Intellectual Property is comprised of information deemed 11 trade secrets or otherwise proprietary to Contractor, and County agrees to handle 12 the Intellectual Property in a confidential manner and use the same degree of caution 13 that, except as required by law, it employs to protect its own confidential or 14 proprietary information. The Contractor shall retain all right, title and interest in all 15 Intellectual Property that results from the County's use and customization activities 16 with Contractor. 17 2.8 County understands that Contractor does not warrant that the functions contained in 18 Noble software application, will be entirely uninterrupted or error free. 19 2.9 County shall be responsible for scheduling and coordinating all Training that 20 Contractor is obligated to provide pursuant to both the terms of the Agreement. 21 County's obligation to schedule and coordinate shall be as follows: County shall 22 determine which of its personnel need to be trained, and when such training needs to 23 be done. 24 25 26 27 28 11 1 Article 3 2 Compensation, Invoices, and Payments 3 3.1 The County agrees to pay, and the Contractor agrees to receive, compensation for 4 the performance of its services under this Agreement as described in this section and in Exhibit 5 B, which is attached and incorporated by this reference. 6 3.2 Maximum Compensation. The maximum compensation payable to the Contractor 7 under this Agreement is ninety thousand dollars ($90,000) annually for three (3) years. The total 8 maximum compensation for the initial three-year term of the Agreement is two hundred seventy 9 thousand dollars ($270,000). If this Agreement is extended for an additional one-year, the 10 maximum compensation for the four (4) year term shall not exceed three hundred sixty 11 thousand dollars ($360,000). If this Agreement is extended for an additional second year, the 12 maximum compensation for the full five (5) year term shall not exceed four hundred fifty 13 thousand dollars ($450,000). The Contractor acknowledges that the County is a local 14 government entity, and does so with notice that the County's powers are limited by the 15 California Constitution and by State law, and with notice that the Contractor may receive 16 compensation under this Agreement only for services performed according to the terms of this 17 Agreement and while this Agreement is in effect, and subject to the maximum amount payable 18 under this section. The Contractor further acknowledges that County employees have no 19 authority to pay the Contractor except as expressly provided in this Agreement. 20 3.3 Invoices. The Contractor shall submit monthly invoices in the amount of seven 21 thousand five hundred dollars ($7,500) to the County of Fresno, Probation Department Business 22 Office, 3333 E. American Avenue, Suite B, Fresno, CA 93725 or to 23 Probation Invoices(ab-fresnocountyca.w . The Contractor shall submit each invoice within 60 24 days after the month in which the Contractor performs services and in any case within 60 days 25 after the end of the term or termination of this Agreement. 26 3.4 Payment. The County shall pay each correctly completed and timely submitted 27 invoice within 45 days after receipt. The County shall remit any payment to the Contractor's 28 address specified in the invoice. 12 1 3.5 Incidental Expenses. The Contractor is solely responsible for all of its costs and 2 expenses that are not specified as payable by the County under this Agreement. 3 Article 4 4 Term of Agreement 5 4.1 Term. This Agreement is effective on February 12, 2025, and terminates on 6 February 11, 2028, except as provided in section 4.2, "Extension," or Article 6, "Termination and 7 Suspension," below. 8 4.2 Extension. The term of this Agreement may be extended for no more than two, one- 9 year periods only upon written approval of both parties at least 30 days before the first day of 10 the next one-year extension period. The Chief Probation Officer or his or her designee is 11 authorized to sign the written approval on behalf of the County based on the Contractor's 12 satisfactory performance. The extension of this Agreement by the County is not a waiver or 13 compromise of any default or breach of this Agreement by the Contractor existing at the time of 14 the extension whether or not known to the County. 15 Article 5 16 Notices 17 5.1 Contact Information. The persons and their addresses having authority to give and 18 receive notices provided for or permitted under this Agreement include the following: 19 For the County: 20 Chief Probation Officer County of Fresno 21 3333 E. American Avenue, Building 701, Suite B Fresno, CA 93725 22 ProbationInvoices@fresnocountyca.gov 23 For the Contractor: 24 Noble Software Group LLC Aaron Picton, Chief Financial Officer 25 1320 Yuba Street, Suite 208 Redding, CA 96001 26 27 28 13 1 5.2 Change of Contact Information. Either party may change the information in section 2 5.1 by giving notice as provided in section 5.3. 3 5.3 Method of Delivery. Each notice between the County and the Contractor provided 4 for or permitted under this Agreement must be in writing, state that it is a notice provided under 5 this Agreement, and be delivered either by personal service, by first-class United States mail, by 6 an overnight commercial courier service, or by Portable Document Format (PDF) document 7 attached to an email. 8 (A) A notice delivered by personal service is effective upon service to the recipient. 9 (B) A notice delivered by first-class United States mail is effective three County 10 business days after deposit in the United States mail, postage prepaid, addressed to the 11 recipient. 12 (C)A notice delivered by an overnight commercial courier service is effective one 13 County business day after deposit with the overnight commercial courier service, 14 delivery fees prepaid, with delivery instructions given for next day delivery, addressed to 15 the recipient. 16 (D)A notice delivered by PDF document attached to an email is effective when 17 transmission to the recipient is completed (but, if such transmission is completed outside 18 of County business hours, then such delivery is deemed to be effective at the next 19 beginning of a County business day), provided that the sender maintains a machine 20 record of the completed transmission. 21 5.4 Claims Presentation. For all claims arising from or related to this Agreement, 22 nothing in this Agreement establishes, waives, or modifies any claims presentation 23 requirements or procedures provided by law, including the Government Claims Act (Division 3.6 24 of Title 1 of the Government Code, beginning with section 810). 25 Article 6 26 Termination and Suspension 27 6.1 Termination for Non-Allocation of Funds. The terms of this Agreement are 28 contingent on the approval of funds by the appropriating government agency. If sufficient funds 14 1 are not allocated, then the County, upon at least 30 days' advance written notice to the 2 Contractor, may: 3 (A) Modify the services provided by the Contractor under this Agreement; or 4 (B) Terminate this Agreement. 5 6.2 Termination for Breach. 6 (A) Upon determining that a breach (as defined in paragraph (C) below) has 7 occurred, the County may give written notice of the breach to the Contractor. The written 8 notice may suspend performance under this Agreement, and must provide at least 30 9 days for the Contractor to cure the breach. 10 (B) If the Contractor fails to cure the breach to the County's satisfaction within the 11 time stated in the written notice, the County may terminate this Agreement immediately. 12 (C) For purposes of this section, a breach occurs when, in the determination of the 13 County, the Contractor has: 14 (1) Obtained or used funds illegally or improperly; 15 (2) Failed to comply with any part of this Agreement; 16 (3) Submitted a substantially incorrect or incomplete report to the County; or 17 (4) Improperly performed any of its obligations under this Agreement. 18 6.3 Termination without Cause. In circumstances other than those set forth above, the 19 County may terminate this Agreement by giving at least 30 days advance written notice to the 20 Contractor. 21 6.4 No Penalty or Further Obligation. Any termination of this Agreement by the County 22 under this Article 6 is without penalty to or further obligation of the County. 23 6.5 County's Rights upon Termination. Upon termination for breach under this Article 24 6, the County may demand repayment by the Contractor of any monies disbursed to the 25 Contractor under this Agreement that, in the County's sole judgment, were not expended in 26 compliance with this Agreement. The Contractor shall promptly refund all such monies upon 27 demand. This section survives the termination of this Agreement. 28 15 1 Article 7 2 Independent Contractor 3 7.1 Status. In performing under this Agreement, the Contractor, including its officers, 4 agents, employees, and volunteers, is at all times acting and performing as an independent 5 Contractor, in an independent capacity, and not as an officer, agent, servant, employee,joint 6 venturer, partner, or associate of the County. 7 7.2 Verifying Performance. The County has no right to control, supervise, or direct the 8 manner or method of the Contractor's performance under this Agreement, but the County may 9 verify that the Contractor is performing according to the terms of this Agreement. 10 7.3 Benefits. Because of its status as an independent Contractor, the Contractor has no 11 right to employment rights or benefits available to County employees. The Contractor is solely 12 responsible for providing to its own employees all employee benefits required by law. The 13 Contractor shall save the County harmless from all matters relating to the payment of 14 Contractor's employees, including compliance with Social Security withholding and all related 15 regulations. 16 7.4 Services to Others. The parties acknowledge that, during the term of this 17 Agreement, the Contractor may provide services to others unrelated to the County. 18 Article 8 19 Indemnity and Defense 20 8.1 Indemnity. The Contractor shall indemnify and hold harmless and defend the 21 County (including its officers, agents, employees, and volunteers) against all claims, demands, 22 injuries, damages, costs, expenses (including attorney fees and costs), fines, penalties, and 23 liabilities of any kind to the County, the Contractor, or any third party that arise from or relate to 24 the performance or failure to perform by the Contractor (or any of its officers, agents, 25 Subcontractors, or employees) under this Agreement. The County may conduct or participate in 26 its own defense without affecting the Contractor's obligation to indemnify and hold harmless or 27 defend the County. 28 8.2 Survival. This Article 8 survives the termination or expiration of this Agreement. 16 1 Article 9 2 Insurance 3 9.1 The Contractor shall comply with all the insurance requirements in Exhibit D to this 4 Agreement. 5 Article 10 6 Inspections, Audits, and Public Records 7 10.1 Inspection of Documents. The Contractor shall make available to the County, and 8 the County may examine at any time during business hours and as often as the County deems 9 necessary, all of the Contractor's records and data with respect to the matters covered by this 10 Agreement, excluding attorney-client privileged communications. The Contractor shall, upon 11 request by the County, permit the County to audit and inspect all of such records and data to 12 ensure the Contractor's compliance with the terms of this Agreement. 13 10.2 State Audit Requirements. If the compensation to be paid by the County under this 14 Agreement exceeds $10,000, the Contractor is subject to the examination and audit of the 15 California State Auditor, as provided in Government Code section 8546.7, for a period of three 16 years after final payment under this Agreement. This section survives the termination of this 17 Agreement. 18 10.3 Public Records. The County is not limited in any manner with respect to its public 19 disclosure of this Agreement or any record or data that the Contractor may provide to the 20 County. The County's public disclosure of this Agreement or any record or data that the 21 Contractor may provide to the County may include but is not limited to the following: 22 (A) The County may voluntarily, or upon request by any member of the public or 23 governmental agency, disclose this Agreement to the public or such governmental 24 agency. 25 (B) The County may voluntarily, or upon request by any member of the public or 26 governmental agency, disclose to the public or such governmental agency any record or 27 data that the Contractor may provide to the County, unless such disclosure is prohibited 28 by court order. 17 1 (C)This Agreement, and any record or data that the Contractor may provide to the 2 County, is subject to public disclosure under the Ralph M. Brown Act (California 3 Government Code, Title 5, Division 2, Part 1, Chapter 9, beginning with section 54950). 4 (D)This Agreement, and any record or data that the Contractor may provide to the 5 County, is subject to public disclosure as a public record under the California Public 6 Records Act (California Government Code, Title 1, Division 10, beginning with section 7 7920.000) ("CPRA"). 8 (E) This Agreement, and any record or data that the Contractor may provide to the 9 County, is subject to public disclosure as information concerning the conduct of the 10 people's business of the State of California under California Constitution, Article 1, 11 section 3, subdivision (b). 12 (F) Any marking of confidentiality or restricted access upon or otherwise made with 13 respect to any record or data that the Contractor may provide to the County shall be 14 disregarded and have no effect on the County's right or duty to disclose to the public or 15 governmental agency any such record or data. 16 10.4 Public Records Act Requests. If the County receives a written or oral request 17 under the CPRA to publicly disclose any record that is in the Contractor's possession or control, 18 and which the County has a right, under any provision of this Agreement or applicable law, to 19 possess or control, then the County may demand, in writing, that the Contractor deliver to the 20 County, for purposes of public disclosure, the requested records that may be in the possession 21 or control of the Contractor. Within five business days after the County's demand, the 22 Contractor shall (a) deliver to the County all of the requested records that are in the Contractor's 23 possession or control, together with a written statement that the Contractor, after conducting a 24 diligent search, has produced all requested records that are in the Contractor's possession or 25 control, or (b) provide to the County a written statement that the Contractor, after conducting a 26 diligent search, does not possess or control any of the requested records. The Contractor shall 27 cooperate with the County with respect to any County demand for such records. If the 28 Contractor wishes to assert that any specific record or data is exempt from disclosure under the 18 1 CPRA or other applicable law, it must deliver the record or data to the County and assert the 2 exemption by citation to specific legal authority within the written statement that it provides to 3 the County under this section. The Contractor's assertion of any exemption from disclosure is 4 not binding on the County, but the County will give at least 10 days' advance written notice to 5 the Contractor before disclosing any record subject to the Contractor's assertion of exemption 6 from disclosure. The Contractor shall indemnify the County for any court-ordered award of costs 7 or attorney's fees under the CPRA that results from the Contractor's delay, claim of exemption, 8 failure to produce any such records, or failure to cooperate with the County with respect to any 9 County demand for any such records. 10 Article 11 11 Disclosure of Self-Dealing Transactions 12 11.1 Applicability. This Article 11 applies if the Contractor is operating as a corporation, 13 or changes its status to operate as a corporation. 14 11.2 Duty to Disclose. If any member of the Contractor's board of directors is party to a 15 self-dealing transaction, he or she shall disclose the transaction by completing and signing a 16 "Self-Dealing Transaction Disclosure Form" (Exhibit C to this Agreement) and submitting it to 17 the County before commencing the transaction or immediately after. 18 11.3 Definition. "Self-dealing transaction" means a transaction to which the Contractor is 19 a party and in which one or more of its directors, as an individual, has a material financial 20 interest. 21 Article 12 22 General Terms 23 12.1 Modification. Except as provided in Article 6, "Termination and Suspension," this 24 Agreement may not be modified, and no waiver is effective, except by written agreement signed 25 by both parties. The Contractor acknowledges that County employees have no authority to 26 modify this Agreement except as expressly provided in this Agreement. 27 12.2 Non-Assignment. Neither party may assign its rights or delegate its obligations 28 under this Agreement without the prior written consent of the other party. 19 1 12.3 Governing Law. The laws of the State of California govern all matters arising from 2 or related to this Agreement. 3 12.4 Jurisdiction and Venue. This Agreement is signed and performed in Fresno 4 County, California. Contractor consents to California jurisdiction for actions arising from or 5 related to this Agreement, and, subject to the Government Claims Act, all such actions must be 6 brought and maintained in Fresno County. 7 12.5 Construction. The final form of this Agreement is the result of the parties' combined 8 efforts. If anything in this Agreement is found by a court of competent jurisdiction to be 9 ambiguous, that ambiguity shall not be resolved by construing the terms of this Agreement 10 against either party. 11 12.6 Days. Unless otherwise specified, "days" means calendar days. 12 12.7 Headings. The headings and section titles in this Agreement are for convenience 13 only and are not part of this Agreement. 14 12.8 Severability. If anything in this Agreement is found by a court of competent 15 jurisdiction to be unlawful or otherwise unenforceable, the balance of this Agreement remains in 16 effect, and the parties shall make best efforts to replace the unlawful or unenforceable part of 17 this Agreement with lawful and enforceable terms intended to accomplish the parties' original 18 intent. 19 12.9 Nondiscrimination. During the performance of this Agreement, the Contractor shall 20 not unlawfully discriminate against any employee or applicant for employment, or recipient of 21 services, because of race, religious creed, color, national origin, ancestry, physical disability, 22 mental disability, medical condition, genetic information, marital status, sex, gender, gender 23 identity, gender expression, age, sexual orientation, military status or veteran status pursuant to 24 all applicable State of California and federal statutes and regulation. 25 12.10 No Waiver. Payment, waiver, or discharge by the County of any liability or obligation 26 of the Contractor under this Agreement on any one or more occasions is not a waiver of 27 performance of any continuing or other obligation of the Contractor and does not prohibit 28 enforcement by the County of any obligation on any other occasion. 20 1 12.11 Entire Agreement. This Agreement, including its exhibits, is the entire agreement 2 between the Contractor and the County with respect to the subject matter of this Agreement, 3 and it supersedes all previous negotiations, proposals, commitments, writings, advertisements, 4 publications, and understandings of any nature unless those things are expressly included in 5 this Agreement. If there is any inconsistency between the terms of this Agreement without its 6 exhibits and the terms of the exhibits, then the inconsistency will be resolved by giving 7 precedence first to the terms of this Agreement without its exhibits, and then to the terms of the 8 exhibits. 9 12.12 No Third-Party Beneficiaries. This Agreement does not and is not intended to 10 create any rights or obligations for any person or entity except for the parties. 11 12.13 Authorized Signature. The Contractor represents and warrants to the County that: 12 (A) The Contractor is duly authorized and empowered to sign and perform its 13 obligations under this Agreement. 14 (B) The individual signing this Agreement on behalf of the Contractor is duly 15 authorized to do so and his or her signature on this Agreement legally binds the 16 Contractor to the terms of this Agreement. 17 12.14 Electronic Signatures. The parties agree that this Agreement may be executed by 18 electronic signature as provided in this section. 19 (A) An "electronic signature" means any symbol or process intended by an individual 20 signing this Agreement to represent their signature, including but not limited to (1) a 21 digital signature; (2) a faxed version of an original handwritten signature; or (3) an 22 electronically scanned and transmitted (for example by PDF document) version of an 23 original handwritten signature. 24 (B) Each electronic signature affixed or attached to this Agreement (1) is deemed 25 equivalent to a valid original handwritten signature of the person signing this Agreement 26 for all purposes, including but not limited to evidentiary proof in any administrative or 27 judicial proceeding, and (2) has the same force and effect as the valid original 28 handwritten signature of that person. 21 1 (C)The provisions of this section satisfy the requirements of Civil Code section 2 1633.5, subdivision (b), in the Uniform Electronic Transaction Act (Civil Code, Division 3, 3 Part 2, Title 2.5, beginning with section 1633.1). 4 (D) Each party using a digital signature represents that it has undertaken and 5 satisfied the requirements of Government Code section 16.5, subdivision (a), 6 paragraphs (1) through (5), and agrees that each other party may rely upon that 7 representation. 8 (E) This Agreement is not conditioned upon the parties conducting the transactions 9 under it by electronic means and either party may sign this Agreement with an original 10 handwritten signature. 11 12.15 Counterparts. This Agreement may be signed in counterparts, each of which is an 12 original, and all of which together constitute this Agreement. 13 [SIGNATURE PAGE FOLL0INS] 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 22 1 The parties are signing this Agreement on the date stated in the introductory clause. 2 NokPicton, re Group, LLC COUNTY OF FRESNO 3 4 5 A on Chief Financial Officer Ernest Buddy Mendes, Chairman of the Board of Supervisors of the 6 1320 Yuba Street, Suite 208 County of Fresno Redding, CA 96001 7 Attest: Bernice E. Seidel 8 Clerk of the Board of Supervisors County of Fresno, State of California 9 10 By: Deputy 11 For accounting use only: 12 Org No.: 34300300 13 Account No.: 7295 Fund No.: 0001 14 Subclass No.: 10000 15 and 16 Org No.: 34300200 Account No.: 7295 17 Fund No.: 0001 18 Subclass No.: 10000 19 20 21 22 23 24 25 26 27 28 23 Exhibit A 1 Scope of Services 2 Contractor will transition County from its previous vendor integrated software platform to 3 Contractor's software application. County will be utilizing the Assessments, Case Planning, 4 Integration, and Business Intelligence modules, and legacy data will be migrated as described 5 herein. As the County is under this transition period, the Contractor will have the capabilities to 6 maintain the following assessment tools until replacement assessment instruments are 7 integrated: STRONG-R, PACT 2020, CSE-IT, and DRAI 2.0. 8 9 Project Deliverables 10 Deliverable 1 — Noble Platform Software Subscription 11 Contractor will provide a hosted, web-based platform accessible from any standard 12 browser with 275 total user-subscriptions, including both adult and 13 juvenile. Subscription fee is built into the overall annual price and includes: 14 . Noble Case Manager for 275 users 15 . Noble Case Manager Integration 16 . Noble View for 275 users 17 . Noble Inter-Rater Reliability (IRR) Site for 275 users 18 . Noble Case Planning Module 19 • Noble Assessment Module 20 . Noble Business Intelligence (BI) Tools 21 Deliverable 2— Noble Assessment Module 22 Application setup includes a thorough analysis of features and modules that fit with the 23 need of the target environment and includes a library of pre-built risk and needs 24 assessment instruments. Work typically addressed in an application setup includes but 25 is not limited to the following: 26 CSE-IT 27 DRAI 2.0 28 PACT A-1 Exhibit A 1 SRNA 2 Also, allowing for future integration of additional assessment tools for various 3 supervision populations, including but not limited to the following: 4 • General Juvenile 5 • General Adult 6 Deliverable 4— Noble Case Planning Module 7 Contractor's case planning tools shall meet the needs of the County with similar 8 functionality to the current tools the County utilizes. Contractor's automated case- 9 planning module shall help staff craft a comprehensive and individualized case plan. 10 Contractor encompasses this by automatically connecting assessment results to integral 11 criminogenic needs, which lends to clear insight into the needs of supervised individuals. 12 The system shall allow for adding goals and interventions to indicate needs, as well as 13 clear indication of stabilizing factors. This then allows staff to create transparent and 14 concise case plans for offenders and their families. Contractor shall also allow case 15 plans to be customized during the implementation process or anytime thereafter. 16 Deliverable 5— Noble Integration and Data Migration 17 Contractor shall provide single sign-on integration from case management to 18 assessment tools. Noble Case Manager shall be integrated with PRI MS through 19 Contractor's standardized REST (Representational State Transfer architecture)-Based 20 Application Programming Interface (APIs) endpoints. County may select from the current 21 developed and available endpoints, but at a minimum, this shall include: 22 • User 23 • Subject 24 • Criminal History 25 For data migration, using the prior system's non-obfuscated Microsoft SQL (.BAK) 26 backup file, Contractor shall migrate County's historical data into Contractor's software 27 solution. Contractor will allow County to view historical completed assessments in a 28 user-friendly section within their software solution. Contractor shall also ensure A-2 Exhibit A 1 continuous historical data is transferred back to PRI MS with access to "frozen" 2 timestamps for assessments, case plans, recidivism data, and offenses. Data from the 3 prior system will not be used in new assessments or case planning, post-transition to 4 Contractor's system. 5 Deliverable 6: Business Intelligence 6 The Noble Business Intelligence solution will be included with its role-based security. 7 Canned reports will be available, as well with direct database access to perform ad hoc 8 reports and the ability to connect Power BI as an enhanced tool. Customized dashboard 9 development shall be made available upon request, which shall be included in the cost. 10 Deliverable 7: Tool Development and Validation 11 Contractor shall validate selected assessment tools for local populations within one year 12 of system implementation. Contractor shall conduct revalidation of selected tools after 13 local historical data has been collected. Contractor shall provide a tool for creating 14 custom forms and assessments for data capture. Contractor shall conduct analyses 15 investigating the relationship between instrument scores and recidivism measures 16 (arrests, convictions, violations). Contractor shall assess the predictive validity of 17 selected assessment tools and recommend potential item elimination. 18 Deliverable 8: Support and Updates 19 Contractor shall provide on-going technical support as well as continuous quality 20 improvement plan. Contractor shall provide written guidance on implementing 21 recommended changes to scoring guides and tools and present findings to County. 22 Contractor shall provide continuous data access, standard reports, and training to run 23 reports and provide statistical information. Contractor shall also deliver research updates 24 as they become available. 25 Deliverable 9: Training 26 Train the Trainer 27 Contractor shall conduct a Train the Trainer session for up to four participants. This 28 training will consist of one single session lasting five days with the Contractor providing A-3 Exhibit A 1 sufficient persons necessary to train the four participants. The training session will be 2 held on site at a County facility, unless otherwise arranged prior to the scheduled date. 3 The training course will encompass all topics and materials necessary to develop an 4 internal training team capable of providing viable and sustaining training services to staff. 5 Once complete, Contractor shall give a follow up observation session for a team of two 6 students at a time consisting of one session lasting two days. During this session, 7 Contractor shall provide feedback and ensure trainer clarity and understanding of the 8 materials. 9 Initial Assessment and Case Plan Training 10 Once Train the Trainer is completed, Department certified trainers will conduct initial 11 training, covering content including: 12 • Overview of the assessment tool 13 • Scoring the assessment tool with proficiency and accuracy 14 • Interpreting the results of the assessment including strategies of intervention 15 based on the assessment results 16 • Overview of evidence-based practices and principles of effective intervention 17 • Effective interviewing and engagement skills to improve validity and inter-rater 18 reliability of the tool, with a focus on motivational interviewing techniques 19 • Use of the assessment results to create case plans. 20 Each two-day training session will be designated for either Adult or Juvenile with up to 21 25 attendees each. The scheduled users who will be trained will be prioritized at the 22 discretion of the Department. 23 Assessment Refresher and Case Planning Training 24 Department certified trainers will conduct refresher training for staff using Contractor 25 designed curriculum to assist participants renew their knowledge base in: 26 The use of the actual software and how to use it to perform assessments and 27 manage case plans, answering any questions that may have arisen 28 A-4 Exhibit A 1 • Increasing awareness of updates in assessment and case planning research and 2 techniques 3 • Maintain structure to the assessment model and reengage on core principles of 4 evidence-based practices to correct any possible deviations. 5 These refresh trainings will be in half-day format, every two years with scheduling to be 6 coordinated once the date approaches. 7 Train the Trainer Recertification 8 Contractor shall conduct train the trainer recertification every two years. This entails a 9 two-day observation session; the goal of this session is to monitor trainers performing 10 actual training to staff and then give the trainers feedback and reinforcements on their 11 techniques. This observation session is designed to ensure certified trainers are up to 12 date on the latest research and software enhancements. Scheduling will be coordinated 13 once the date approaches. These training sessions will also be held on site at a County 14 facility, unless otherwise arranged prior to the scheduled date. 15 Justice Partner Training 16 Contractor shall conduct up to four one-hour initial training sessions for justice partners 17 on evidence-based practices and deliver annual four-hour assessment refresher training 18 for staff. Scheduling will be coordinated once the date approaches. These training 19 sessions will also be held on site at Fresno County unless otherwise arranged prior to 20 the scheduled date. 21 Deliverable 10 — Project Timeline for System Transition, Integration, Initial Traininq 22 Contractor shall adhere to the following timeline for transition with Noble Case Manager 23 taking the place of the County's prior assessment platform. 24 First month: Agreement Signing 25 o Milestones: Finalize contract terms and agreement 26 o Deliverables: The signed Agreement 27 o Completion Date: January 17, 2025 (With Board date approving the 28 Agreement on February 11, 2025) A-5 Exhibit A 1 Second month: Initial Planning, System Setup and Configuration, Data Migration 2 Planning 3 o Milestones: Establish project team, conduct initial planning meetings, set 4 up Noble Case Manager test and production sites, configure system 5 settings, evaluate, and plan data migration, begin integration work on 6 middleware to enable PRI MS integration. 7 o Deliverables: Project plan, Data Migration Plan, Integration Plan, 8 Configured system 9 o Start Date: February 12, 2025 10 o Completion Date: March 7, 2025 11 Third month: Middleware Testing, Initial Trainings, System Customization, 12 Officially Launch 13 o Milestones: Complete middleware integration testing and validation of 14 results, provide comprehensive training for selective staff on new system 15 functionality, conduct final system customizations based on user 16 feedback for launch 17 o Deliverables: Confirm completion of middleware integration, test results 18 for integration, training materials, trainers certified, users trained, launch 19 new system including Case Manager in production 20 o Start Date: March 8, 2025 21 o Completion Date: March 31, 2025 22 Fourth month: Final Migration and System Monitoring 23 o Milestones: Perform data migration for historical data and resolve any 24 issues, providing ongoing support and system monitoring 25 o Deliverables: All historical data successfully migrated, successful support 26 structure in place 27 o Start Date: April 1, 2025 28 o Completion Date: April 25, 2025 A-6 Exhibit B 1 Compensation 2 The Contractor will be compensated for performance of its services under this 3 Agreement as provided in this Exhibit B. The Contractor is not entitled to any compensation 4 except as expressly provided in this Exhibit B. 5 Juvenile Probation 6 Description Cost 7 Annual hosting for Noble Case Manager; total of 275 Included in total 8 users including both Juvenile and Adult staff 9 Annual hosting for Noble View; total of 275 users Included in total 10 including both Juvenile and Adult staff 11 Annual hosting for Noble IRR Site; total of 275 users Included in total 12 including both Juvenile and Adult staff 13 Project Planning Included in total 14 Data Migration Included in total 15 Integration Included in total 16 Training —Train the Trainer Included in total 17 Training —Train the Trainer Recertification Included in total 18 Training — Stakeholder Training Included in total 19 Juvenile Probation Total $45,000 yearly 20 21 22 Adult Probation 23 Description Cost 24 Annual hosting for Noble Case Manager; total of 275 Included in total 25 users including both Juvenile and Adult staff 26 Annual hosting for Noble View; total of 275 users Included in total 27 including both Juvenile and Adult staff 28 B-1 Exhibit B 1 Annual hosting for Noble IRR Site; total of 275 users Included in total 2 including both Juvenile and Adult staff 3 Project Planning Included in total 4 Data Migration Included in total 5 Integration Included in total 6 Training —Train the Trainer Included in total 7 Training —Train the Trainer Recertification Included in total 8 Training — Stakeholder Training Included in total 9 Adult Probation Total $45,000 yearly 10 11 12 Total Costs 13 Description Cost 14 Juvenile Probation services (As outlined above) $45,000 yearly 15 Adult Probation services (As outlined above) $45,000 yearly 16 Total $90,000 yearly 17 18 19 20 21 22 23 24 25 26 27 28 B-2 Exhibit C Self-Dealing Transaction Disclosure Form In order to conduct business with the County of Fresno ("County"), members of a Contractor's board of directors ("County Contractor"), must disclose any self-dealing transactions that they are a party to while providing goods, performing services, or both for the County. A self-dealing transaction is defined below: "A self-dealing transaction means a transaction to which the corporation is a party and in which one or more of its directors has a material financial interest." The definition above will be used for purposes of completing this disclosure form. Instructions (1) Enter board member's name, job title (if applicable), and date this disclosure is being made. (2) Enter the board member's company/agency name and address. (3) Describe in detail the nature of the self-dealing transaction that is being disclosed to the County. At a minimum, include a description of the following: a. The name of the agency/company with which the corporation has the transaction; and b. The nature of the material financial interest in the Corporation's transaction that the board member has. (4) Describe in detail why the self-dealing transaction is appropriate based on applicable provisions of the Corporations Code. The form must be signed by the board member that is involved in the self-dealing transaction described in Sections (3) and (4). C-1 Exhibit C (1) Company Board Member Information: Name: Date: Job Title: (2) Company/Agency Name and Address: (3) Disclosure (Please describe the nature of the self-dealing transaction you are a party to) (4) Explain why this self-dealing transaction is consistent with the requirements of Corporations Code § 5233 (a) (5) Authorized Signature Signature: Date: C-2 Exhibit D Insurance Requirements 1. Required Policies Without limiting the County's right to obtain indemnification from the Contractor or any third parties, Contractor, at its sole expense, shall maintain in full force and effect the following insurance policies throughout the term of this Agreement. (A) Commercial General Liability. Commercial general liability insurance with limits of not less than One Million Dollars ($1,000,000) per occurrence and an annual aggregate of Two Million Dollars ($2,000,000). This policy must be issued on a per occurrence basis. Coverage must include products, completed operations, property damage, bodily injury, personal injury, and advertising injury. The Contractor shall obtain an endorsement to this policy naming the County of Fresno, its officers, agents, employees, and volunteers, individually and collectively, as additional insureds, but only insofar as the operations under this Agreement are concerned. Such coverage for additional insureds will apply as primary insurance and any other insurance, or self-insurance, maintained by the County is excess only and not contributing with insurance provided under the Contractor's policy. (B) Automobile Liability. Automobile liability insurance with limits of not less than One Million Dollars ($1,000,000) per occurrence for bodily injury and for property damages. Coverage must include any auto used in connection with this Agreement. (C)Workers Compensation. Workers compensation insurance as required by the laws of the State of California with statutory limits. (D) Employer's Liability. Employer's liability insurance with limits of not less than One Million Dollars ($1,000,000) per occurrence for bodily injury and for disease. (E) Technology Professional Liability (Errors and Omissions). Technology professional liability (errors and omissions) insurance with limits of not less than Two Million Dollars ($2,000,000) per occurrence and in the aggregate. Coverage must encompass all of the Contractor's obligations under this Agreement, including but not limited to claims involving Cyber Risks. (F) Cyber Liability. Cyber liability insurance with limits of not less than Two Million Dollars ($2,000,000) per occurrence. Coverage must include claims involving Cyber Risks. The cyber liability policy must be endorsed to cover the full replacement value of damage to, alteration of, loss of, or destruction of intangible property (including but not limited to information or data) that is in the care, custody, or control of the Contractor. Definition of Cyber Risks. "Cyber Risks" include but are not limited to (i) Security Breach, which may include Disclosure of Personal Information to an Unauthorized Third Party; (ii) data breach; (iii) breach of any of the Contractor's obligations under Exhibit E, Data Security, of this Agreement; (iv) system failure; (v) data recovery; (vi) failure to timely disclose data breach or Security Breach; (vii) failure to comply with privacy policy; (viii) payment card liabilities and costs; (ix) infringement of intellectual property, including but not limited to infringement of copyright, trademark, and trade dress; (x) invasion of privacy, including release of private information; (xi) information theft; (xii) damage to or destruction or alteration of electronic information; (xiii) cyber extortion; (xiv) extortion D-1 Exhibit D related to the Contractor's obligations under this Agreement regarding electronic information, including Personal Information; (xv) fraudulent instruction; (xvi) funds transfer fraud; (xvii) telephone fraud; (xviii) network security; (xix) data breach response costs, including Security Breach response costs; (xx) regulatory fines and penalties related to the Contractor's obligations under this Agreement regarding electronic information, including Personal Information; and (xxi) credit monitoring expenses. 2. Additional Requirements (A) Verification of Coverage. Within 30 days after the Contractor signs this Agreement, and at any time during the term of this Agreement as requested by the County's Risk Manager or the County Administrative Office, the Contractor shall deliver, or cause its broker or producer to deliver, to the County Risk Manager, at 2220 Tulare Street, 16th Floor, Fresno, California 93721, or HRRiskManagement@fresnocountyca.gov, and by mail or email to the person identified to receive notices under this Agreement, certificates of insurance and endorsements for all of the coverages required under this Agreement. (i) Each insurance certificate must state that: (1) the insurance coverage has been obtained and is in full force; (2) the County, its officers, agents, employees, and volunteers are not responsible for any premiums on the policy; and (3) the Contractor has waived its right to recover from the County, its officers, agents, employees, and volunteers any amounts paid under any insurance policy required by this Agreement and that waiver does not invalidate the insurance policy. (ii) The commercial general liability insurance certificate must also state, and include an endorsement, that the County of Fresno, its officers, agents, employees, and volunteers, individually and collectively, are additional insureds insofar as the operations under this Agreement are concerned. The commercial general liability insurance certificate must also state that the coverage shall apply as primary insurance and any other insurance, or self-insurance, maintained by the County shall be excess only and not contributing with insurance provided under the Contractor's policy. (iii) The automobile liability insurance certificate must state that the policy covers any auto used in connection with this Agreement. (iv) The professional liability insurance certificate, if it is a claims-made policy, must also state the retroactive date of the policy, which must be prior to the date on which services began under this Agreement. (v) The technology professional liability insurance certificate must also state that coverage encompasses all of the Contractor's obligations under this Agreement, including but not limited to claims involving Cyber Risks, as that term is defined in this Agreement. (vi) The cyber liability insurance certificate must also state that it is endorsed, and include an endorsement, to cover the full replacement value of damage to, D-2 Exhibit D alteration of, loss of, or destruction of intangible property (including but not limited to information or data) that is in the care, custody, or control of the Contractor. (B) Acceptability of Insurers. All insurance policies required under this Agreement must be issued by admitted insurers licensed to do business in the State of California and possessing at all times during the term of this Agreement an A.M. Best, Inc. rating of no less than A: VI I. (C) Notice of Cancellation or Change. For each insurance policy required under this Agreement, the Contractor shall provide to the County, or ensure that the policy requires the insurer to provide to the County, written notice of any cancellation or change in the policy as required in this paragraph. For cancellation of the policy for nonpayment of premium, the Contractor shall, or shall cause the insurer to, provide written notice to the County not less than 10 days in advance of cancellation. For cancellation of the policy for any other reason, and for any other change to the policy, the Contractor shall, or shall cause the insurer to, provide written notice to the County not less than 30 days in advance of cancellation or change. The County in its sole discretion may determine that the failure of the Contractor or its insurer to timely provide a written notice required by this paragraph is a breach of this Agreement. (D) County's Entitlement to Greater Coverage. If the Contractor has or obtains insurance with broader coverage, higher limits, or both, than what is required under this Agreement, then the County requires and is entitled to the broader coverage, higher limits, or both. To that end, the Contractor shall deliver, or cause its broker or producer to deliver, to the County's Risk Manager certificates of insurance and endorsements for all of the coverages that have such broader coverage, higher limits, or both, as required under this Agreement. (E) Waiver of Subrogation. The Contractor waives any right to recover from the County, its officers, agents, employees, and volunteers any amounts paid under the policy of worker's compensation insurance required by this Agreement. The Contractor is solely responsible to obtain any policy endorsement that may be necessary to accomplish that waiver, but the Contractor's waiver of subrogation under this paragraph is effective whether or not the Contractor obtains such an endorsement. (F) County's Remedy for Contractor's Failure to Maintain. If the Contractor fails to keep in effect at all times any insurance coverage required under this Agreement, the County may, in addition to any other remedies it may have, suspend or terminate this Agreement upon the occurrence of that failure, or purchase such insurance coverage, and charge the cost of that coverage to the Contractor. The County may offset such charges against any amounts owed by the County to the Contractor under this Agreement. (G)Subcontractors. The Contractor shall require and verify that all Subcontractors used by the Contractor to provide services under this Agreement maintain insurance meeting all insurance requirements provided in this Agreement. This paragraph does not authorize the Contractor to provide services under this Agreement using Subcontractors. D-3 Exhibit E 1. Definitions Capitalized terms used in this Exhibit E have the meanings set forth in this section 1. (A) "Authorized Employees" means the Contractor's employees who have access to Personal Information. (B) "Authorized Persons" means: (i) any and all Authorized Employees; and (ii) any and all of the Contractor's Subcontractors, representatives, agents, outsourcers, and consultants, and providers of professional services to the Contractor, who have access to Personal Information and are bound by law or in writing by confidentiality obligations sufficient to protect Personal Information in accordance with the terms of this Exhibit E. (C) "Director" means the County's Director of Internal Services/Chief Information Officer or his or her designee. (D) "Disclose" or any derivative of that word means to disclose, release, transfer, disseminate, or otherwise provide access to or communicate all or any part of any Personal Information orally, in writing, or by electronic or any other means to any person. (E) "Person" means any natural person, corporation, partnership, limited liability company, firm, or association. (F) "Personal Information" means any and all information, including any data, provided, or to which access is provided, to the Contractor by or upon the authorization of the County, under this Agreement, including but not limited to vital records, that: (i) identifies, describes, or relates to, or is associated with, or is capable of being used to identify, describe, or relate to, or associate with, a person (including, without limitation, names, physical descriptions, signatures, addresses, telephone numbers, e-mail addresses, education, financial matters, employment history, and other unique identifiers, as well as statements made by or attributable to the person); (ii) is used or is capable of being used to authenticate a person (including, without limitation, employee identification numbers, government-issued identification numbers, passwords or personal identification numbers (PINs), financial account numbers, credit report information, answers to security questions, and other personal identifiers); or (iii) is personal information within the meaning of California Civil Code section 1798.3, subdivision (a), or 1798.80, subdivision (e). Personal Information does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records. (G)"Privacy Practices Complaint" means a complaint received by the County relating to the Contractor's (or any Authorized Person's) privacy practices, or alleging a Security Breach. Such complaint shall have sufficient detail to enable the Contractor to promptly investigate and take remedial action under this Exhibit E. (H) "Security Safeguards" means physical, technical, administrative or organizational security procedures and practices put in place by the Contractor (or any Authorized Persons) that relate to the protection of the security, confidentiality, value, or integrity of Personal Information. Security Safeguards shall satisfy the minimal requirements set forth in section 3(C) of this Exhibit E. E-1 Exhibit E (1) "Security Breach" means (i) any act or omission that compromises either the security, confidentiality, value, or integrity of any Personal Information or the Security Safeguards, or (ii) any unauthorized Use, Disclosure, or modification of, or any loss or destruction of, or any corruption of or damage to, any Personal Information. (J) "Use" or any derivative of that word means to receive, acquire, collect, apply, manipulate, employ, process, transmit, disseminate, access, store, disclose, or dispose of Personal Information. 2. Standard of Care (A) The Contractor acknowledges that, in the course of its engagement by the County under this Agreement, the Contractor, or any Authorized Persons, may Use Personal Information only as permitted in this Agreement. (B) The Contractor acknowledges that Personal Information is deemed to be confidential information of, or owned by, the County (or persons from whom the County receives or has received Personal Information) and is not confidential information of, or owned or by, the Contractor, or any Authorized Persons. The Contractor further acknowledges that all right, title, and interest in or to the Personal Information remains in the County (or persons from whom the County receives or has received Personal Information) regardless of the Contractor's, or any Authorized Person's, Use of that Personal Information. (C)The Contractor agrees and covenants in favor of the Country that the Contractor shall: (i) keep and maintain all Personal Information in strict confidence, using such degree of care under this section 2 as is reasonable and appropriate to avoid a Security Breach; (ii) Use Personal Information exclusively for the purposes for which the Personal Information is made accessible to the Contractor pursuant to the terms of this Exhibit E; (iii) not Use, Disclose, sell, rent, license, or otherwise make available Personal Information for the Contractor's own purposes or for the benefit of anyone other than the County, without the County's express prior written consent, which the County may give or withhold in its sole and absolute discretion; and (iv) not, directly or indirectly, Disclose Personal Information to any person (an "Unauthorized Third Party") other than Authorized Persons pursuant to this Agreement, without the Director's express prior written consent. (D) Notwithstanding the foregoing paragraph, in any case in which the Contractor believes it, or any Authorized Person, is required to disclose Personal Information to government regulatory authorities, or pursuant to a legal proceeding, or otherwise as may be required by applicable law, Contractor shall (i) immediately notify the County of the specific demand for, and legal authority for the disclosure, including providing County with a copy of any notice, discovery demand, subpoena, or order, as applicable, received by the Contractor, or any Authorized Person, from any government regulatory authorities, or in relation to any legal proceeding, and (ii) promptly notify the County before such Personal Information is offered by the Contractor for such disclosure so that E-2 Exhibit E the County may have sufficient time to obtain a court order or take any other action the County may deem necessary to protect the Personal Information from such disclosure, and the Contractor shall cooperate with the County to minimize the scope of such disclosure of such Personal Information. (E) The Contractor shall remain liable to the County for the actions and omissions of any Unauthorized Third Party concerning its Use of such Personal Information as if they were the Contractor's own actions and omissions. 3. Information Security (A) The Contractor covenants, represents and warrants to the County that the Contractor's Use of Personal Information under this Agreement does and will at all times comply with all applicable federal, state, and local, privacy and data protection laws, as well as all other applicable regulations and directives, including but not limited to California Civil Code, Division 3, Part 4, Title 1.81 (beginning with section 1798.80), and the Song- Beverly Credit Card Act of 1971 (California Civil Code, Division 3, Part 4, Title 1.3, beginning with section 1747). If the Contractor Uses credit, debit or other payment cardholder information, the Contractor shall at all times remain in compliance with the Payment Card Industry Data Security Standard ("PCI DSS") requirements, including remaining aware at all times of changes to the PCI DSS and promptly implementing and maintaining all procedures and practices as may be necessary to remain in compliance with the PCI DSS, in each case, at the Contractor's sole cost and expense. (B) The Contractor covenants, represents and warrants to the County that, as of the effective date of this Agreement, the Contractor has not received notice of any violation of any privacy or data protection laws, as well as any other applicable regulations or directives, and is not the subject of any pending legal action or investigation by, any government regulatory authority regarding same. (C)Without limiting the Contractor's obligations under section 3(A) of this Exhibit E, the Contractor's (or Authorized Person's) Security Safeguards shall be no less rigorous than accepted industry practices and, at a minimum, include the following: (i) limiting Use of Personal Information strictly to the Contractor's and Authorized Persons' technical and administrative personnel who are necessary for the Contractor's, or Authorized Persons', Use of the Personal Information pursuant to this Agreement; (ii) ensuring that all of the Contractor's connectivity to County computing systems will only be through the County's security gateways and firewalls, and only through security procedures approved upon the express prior written consent of the Director; (iii) to the extent that they contain or provide access to Personal Information, (a) securing business facilities, data centers, paper files, servers, back-up systems and computing equipment, operating systems, and software applications, including, but not limited to, all mobile devices and other equipment, operating systems, and software applications with information storage capability; (b) employing adequate controls and data security measures, both internally and externally, to protect (1) the Personal Information from potential loss or E-3 Exhibit E misappropriation, or unauthorized Use, and (2) the County's operations from disruption and abuse; (c) having and maintaining network, device application, database and platform security; (d) maintaining authentication and access controls within media, computing equipment, operating systems, and software applications; and (e) installing and maintaining in all mobile, wireless, or handheld devices a secure internet connection, having continuously updated anti-virus software protection and a remote wipe feature always enabled, all of which is subject to express prior written consent of the Director; (iv) encrypting all Personal Information at advance encryption standards of Advanced Encryption Standards (AES) of 128 bit or higher (a) stored on any mobile devices, including but not limited to hard disks, portable storage devices, or remote installation, or (b) transmitted over public or wireless networks (the encrypted Personal Information must be subject to password or pass phrase, and be stored on a secure server and transferred by means of a Virtual Private Network (VPN) connection, or another type of secure connection, all of which is subject to express prior written consent of the Director); (v) strictly segregating Personal Information from all other information of the Contractor, including any Authorized Person, or anyone with whom the Contractor or any Authorized Person deals so that Personal Information is not commingled with any other types of information; (vi) having a patch management process including installation of all operating system and software vendor security patches; (vii) maintaining appropriate personnel security and integrity procedures and practices, including, but not limited to, conducting background checks of Authorized Employees consistent with applicable law; and (viii) providing appropriate privacy and information security training to Authorized Employees. (D) During the term of each Authorized Employee's employment by the Contractor, the Contractor shall cause such Authorized Employees to abide strictly by the Contractor's obligations under this Exhibit E. The Contractor shall maintain a disciplinary process to address any unauthorized Use of Personal Information by any Authorized Employees. (E) The Contractor shall, in a secure manner, backup daily, or more frequently if it is the Contractor's practice to do so more frequently. (F) The Contractor shall not knowingly include or authorize any Trojan Horse, back door, time bomb, drop dead device, worm, virus, or other code of any kind that may disable, erase, display any unauthorized message within, or otherwise impair any County computing system, with or without the intent to cause harm. 4. Security Breach Procedures (A) Immediately upon the Contractor's awareness or reasonable belief of a Security Breach, the Contractor shall (i) notify the Director of the Security Breach, such notice to be given first by telephone at the following telephone number, followed promptly by email at the following email address: (559) 600-6200/servicedesk@fresnocountyca.gov (which E-4 Exhibit E telephone number and email address the County may update by providing notice to the Contractor), and (ii) preserve all relevant evidence (and cause any affected Authorized Person to preserve all relevant evidence) relating to the Security Breach. The notification shall include, to the extent reasonably possible, the identification of each type and the extent of Personal Information that has been, or is reasonably believed to have been, breached, including but not limited to, compromised, or subjected to unauthorized Use, Disclosure, or modification, or any loss or destruction, corruption, or damage. (B) Immediately following the Contractor's notification to the County of a Security Breach, as provided pursuant to section 4(A) of this Exhibit E, the Parties shall coordinate with each other to investigate the Security Breach. The Contractor agrees to fully cooperate with the County, including, without limitation: (i) assisting the County in conducting any investigation; (ii) providing the County with physical access to the facilities and operations affected; (iii) facilitating interviews with Authorized Persons and any of the Contractor's other employees knowledgeable of the matter; and (iv) making available all relevant records, logs, files, data reporting and other materials required to comply with applicable law, regulation, industry standards, or as otherwise reasonably required by the County. To that end, the Contractor shall, with respect to a Security Breach, be solely responsible, at its cost, for all notifications required by law and regulation, or deemed reasonably necessary by the County, and the Contractor shall provide a written report of the investigation and reporting required to the Director within 30 days after the Contractor's discovery of the Security Breach. (C) County shall promptly notify the Contractor of the Director's knowledge, or reasonable belief, of any Privacy Practices Complaint, and upon the Contractor's receipt of that notification, the Contractor shall promptly address such Privacy Practices Complaint, including taking any corrective action under this Exhibit E, all at the Contractor's sole expense, in accordance with applicable privacy rights, laws, regulations and standards. In the event the Contractor discovers a Security Breach, the Contractor shall treat the Privacy Practices Complaint as a Security Breach. Within 24 hours of the Contractor's receipt of notification of such Privacy Practices Complaint, the Contractor shall notify the County whether the matter is a Security Breach, or otherwise has been corrected and the manner of correction, or determined not to require corrective action and the reason for that determination. (D) The Contractor shall take prompt corrective action to respond to and remedy any Security Breach and take mitigating actions, including but not limiting to, preventing any reoccurrence of the Security Breach and correcting any deficiency in Security Safeguards as a result of such incident, all at the Contractor's sole expense, in accordance with applicable privacy rights, laws, regulations and standards. The Contractor shall reimburse the County for all reasonable costs incurred by the County in responding to, and mitigating damages caused by, any Security Breach, including all E-5 Exhibit E costs of the County incurred relation to any litigation or other action described section 4(E) of this Exhibit E. (E) The Contractor agrees to cooperate, at its sole expense, with the County in any litigation or other action to protect the County's rights relating to Personal Information, including the rights of persons from whom the County receives Personal Information. 5. Oversight of Security Compliance (A) The Contractor shall have and maintain a written information security policy that specifies Security Safeguards appropriate to the size and complexity of the Contractor's operations and the nature and scope of its activities. (B) Upon the County's written request, to confirm the Contractor's compliance with this Exhibit E, as well as any applicable laws, regulations and industry standards, the Contractor grants the County or, upon the County's election, a third party on the County's behalf, permission to perform an assessment, audit, examination or review of all controls in the Contractor's physical and technical environment in relation to all Personal Information that is Used by the Contractor pursuant to this Agreement. The Contractor shall fully cooperate with such assessment, audit or examination, as applicable, by providing the County or the third party on the County's behalf, access to all Authorized Employees and other knowledgeable personnel, physical premises, documentation, infrastructure and application software that is Used by the Contractor for Personal Information pursuant to this Agreement. In addition, the Contractor shall provide the County with the results of any audit by or on behalf of the Contractor that assesses the effectiveness of the Contractor's information security program as relevant to the security and confidentiality of Personal Information Used by the Contractor or Authorized Persons during the course of this Agreement under this Exhibit E. (C) The Contractor shall ensure that all Authorized Persons who Use Personal Information agree to the same restrictions and conditions in this Exhibit E. that apply to the Contractor with respect to such Personal Information by incorporating the relevant provisions of these provisions into a valid and binding written agreement between the Contractor and such Authorized Persons, or amending any written agreements to provide same. 6. Return or Destruction of Personal Information. Upon the termination of this Agreement, the Contractor shall, and shall instruct all Authorized Persons to, promptly return to the County all Personal Information, whether in written, electronic or other form or media, in its possession or the possession of such Authorized Persons, in a machine readable form used by the County at the time of such return, or upon the express prior written consent of the Director, securely destroy all such Personal Information, and certify in writing to the County that such Personal Information have been returned to the County or disposed of securely, as applicable. If the Contractor is authorized to dispose of any such Personal Information, as provided in this Exhibit E, such certification shall state the date, time, and manner (including standard) of disposal and by whom, specifying the title of the individual. The Contractor shall comply with all reasonable directions provided by the Director with respect to the return or disposal of Personal Information and copies of Personal Information. If return or disposal of such Personal Information or copies of Personal Information is not feasible, the Contractor shall notify the County according, specifying the reason, and continue to extend the E-6 Exhibit E protections of this Exhibit E to all such Personal Information and copies of Personal Information. The Contractor shall not retain any copy of any Personal Information after returning or disposing of Personal Information as required by this section 6. The Contractor's obligations under this section 6 survive the termination of this Agreement and apply to all Personal Information that the Contractor retains if return or disposal is not feasible and to all Personal Information that the Contractor may later discover. 7. Equitable Relief. The Contractor acknowledges that any breach of its covenants or obligations set forth in this Exhibit E may cause the County irreparable harm for which monetary damages would not be adequate compensation and agrees that, in the event of such breach or threatened breach, the County is entitled to seek equitable relief, including a restraining order, injunctive relief, specific performance and any other relief that may be available from any court, in addition to any other remedy to which the County may be entitled at law or in equity. Such remedies shall not be deemed to be exclusive but shall be in addition to all other remedies available to the County at law or in equity or under this Agreement. 8. Indemnity. The Contractor shall defend, indemnify and hold harmless the County, its officers, employees, and agents, (each, a "County Indemnitee") from and against any and all infringement of intellectual property including, but not limited to infringement of copyright, trademark, and trade dress, invasion of privacy, information theft, and extortion, unauthorized Use, Disclosure, or modification of, or any loss or destruction of, or any corruption of or damage to, Personal Information, Security Breach response and remedy costs, credit monitoring expenses, forfeitures, losses, damages, liabilities, deficiencies, actions, judgments, interest, awards, fines and penalties (including regulatory fines and penalties), costs or expenses of whatever kind, including attorneys' fees and costs, the cost of enforcing any right to indemnification or defense under this Exhibit E and the cost of pursuing any insurance providers, arising out of or resulting from any third party claim or action against any County Indemnitee in relation to the Contractor's, its officers, employees, or agents, or any Authorized Employee's or Authorized Person's, performance or failure to perform under this Exhibit E or arising out of or resulting from the Contractor's failure to comply with any of its obligations under this section 8. The provisions of this section 8 do not apply to the acts or omissions of the County. The provisions of this section 8 are cumulative to any other obligation of the Contractor to, defend, indemnify, or hold harmless any County Indemnitee under this Agreement. The provisions of this section 8 shall survive the termination of this Agreement. 9. Survival. The respective rights and obligations of the Contractor and the County as stated in this Exhibit E shall survive the termination of this Agreement. 10. No Third Party Beneficiary. Nothing express or implied in the provisions of in this Exhibit E is intended to confer, nor shall anything in this Exhibit E confer, upon any person other than the County or the Contractor and their respective successors or assignees, any rights, remedies, obligations or liabilities whatsoever. 11. No County Warranty. The County does not make any warranty or representation whether any Personal Information in the Contractor's (or any Authorized Person's) possession or control, or Use by the Contractor (or any Authorized Person), pursuant to the terms of this Agreement is or will be secure from unauthorized Use, or a Security Breach or Privacy Practices Complaint. E-7