The URL can be used to link to this page

Agenda 02-01-22 The City of wr Boynton Beach y City Commission Agenda Tuesday, February 1 , 2022, 5:30 PM GoToWebinar Online Meeting and City Hall Commission Chambers, 100 E. Ocean Avenue Boynton Beach City Commission Mayor Steven B. Grant (At Large) Vice Mayor Woodrow L. Hay (District 11) Commissioner Justin Katz (District 1) Commissioner Christina L. Romelus (District III) Commissioner Ty Penserga (District IV) Lori LaVerriere, City Manager James Cherof, City Attorney Crystal Gibson, City Clerk *Mission* To create a sustainable community by providing exceptional municipal services, in a financially responsible manner. -to- die,,C0 www.boy nton-beach.org Page 1 of 580 Welcome Thank you for attending the City Commission Meeting General Rules & Procedures for Public Participation at City of Boynton Beach Commission Meetings The Agenda: There is an official agenda for every meeting of the City Commissioners, which determines the order of business conducted at the meeting. The City Commission will not take action upon any matter, proposal, or item of business, which is not listed upon the official agenda, unless a majority of the Commission has first consented to the presentation for consideration and action. • Consent Agenda Items: These are items which the Commission does not need to discuss individually and which are voted on as a group. • Regular Agenda Items: These are items which the Commission will discuss individually in the order listed on the agenda. • Voice Vote: A voice vote by the Commission indicates approval of the agenda item. This can be by either a regular voice vote with "Ayes& Nays" or by a roll call vote. Speaking at Commission Meetings: The public is encouraged to offer comment to the Commission at their meetings during Public Hearings, Public Audience, and on any regular agenda item, as hereinafter described. City Commission meetings are business meetings and, as such, the Commission retains the right to impose time limits on the discussion on an issue. • Public Hearings: Any citizen may speak on an official agenda item under the section entitled "Public Hearings." • Public Audience: Any citizen may be heard concerning any matter within the scope of the jurisdiction of the Commission - Time Limit- Three (3) Minutes. Regular Agenda Items: Any citizen may speak on any official agenda item(s) listed on the agenda after a motion has been made and properly seconded, with the exception of Consent Agenda Items that have not been pulled for separate vote, reports, and presentations. - Time Limit- Three (3) Minutes. Addressing the Commission: When addressing the Commission, please step up to either podium and state your name for the record. Decorum: Any person who disputes the meeting while addressing the Commission may be ordered by the presiding officer to cease further comments and/or to step down from the podium. Failure to discontinue comments or step down when so ordered shall be treated as a continuing disruption of the public meeting. An order by the presiding officer issued to control the decorum of the meeting is binding, unless over-ruled by the majority vote of the Commission members present. Please turn off all cellular phones in the City Commission Chambers while the City Commission Meeting is in session. The City of Boynton Beach encourages interested parties to attend and participate in public meetings either in-person or via communications media technology online. To view and/or participate in the City Commission meeting online you have the following options: 1. Watch the meeting online, but not participate: Page 2 of 580 You may watch the meeting via the GoToWebinar platform. Visit the City's website at www.boynton-beach.org to access the up-to-date link to the meeting. 2.Watch the meeting online and provide public comment during the meeting: To request to speak during the meeting, you can electronically "raise your hand" or type a question using the GoToWebinar platform. The meeting moderator will announce when it is your turn to speak or have your question addressed. Please note that time limits will be enforced so comments must be limited to no more than 3 minutes. For additional information or for special assistance prior to the meeting, please contact Crystal Gibson, City Clerk, at cityclerk@bbfl.us or (561) 742-6061. Page 3 of 580 1. Openings A. Call to Order - Mayor Steven B. Grant Roll Call Invocation by Rabbi Simon, Temple Beth Kodesh Pledge of Allegiance to the Flag led by Mayor Steven B. Grant Agenda Approval: 1. Additions, Deletions, Corrections 2. Adoption 2. Other A. Informational items by the Members of the City Commission. 3. Announcements, Community And Special Events And Presentations A. Presentation of FY 20/21 Grant Report by Grants Manager, Tess Lacroix B. Presentation from Gerda Klein about the Boynton Beach Mental Health Committee's initiatives. C. Announcement by Stephanie Soplop of the Joe DiMaggio Children's Health Specialty Center Magic Wheels & Special Deals and Barrier Free 5K Events. D. Announcement by Kacy Young, Recreation & Parks Department Director, regarding The Immortal Four Chaplains Memorial Service being held at Tom Kaiser, USN Boynton Beach Veterans Memorial Park on February 6th, starting at 2pm. E. Announcement by Gabrielle Favitta, Events Manager, regarding First Friday @ 5 and Friday Flicks in February. F. Early Voting for the March 8, 2022 Special Election for the office of State Representative, District 88, and the Municipal Election will begin on Saturday, February 26, 2022 and will continue through Sunday, March 6, 2022. The Early Voting hours are from 10:00 a.m. until 6:00 p.m. daily at the Ezell Hester Community Center located at 1901 North Seacrest Boulevard. As of 30 days prior to the election, a listing of Early Voting locations throughout Palm Beach County will be available at the following website: https://www.votepalmbeach.gov/Voters/Early-Voting. G. Proclaim February 11-17, 2022 as 2-1-1 Awareness Week. Patrice Schroeder, 211's Community Relations Specialist, will be online to accept the proclamation virtually. H. Proclaim February 7, 2022 as Robert E. Wells Day. Bishop Bernard Wright will accept the proclamation. 4. Public Audience Individual Speakers Will Be Limited To 3 Minute Presentations (at the discretion of the Chair, this 3 minute allowance may need to be adjusted depending on the level of business coming before the City Commission) 5. Administrative A. Appointment of eligible members of the community to serve in vacant positions on City advisory boards. 6. Consent Agenda Page 4 of 580 Matters in this section of the Agenda are proposed and recommended by the City Manager for "Consent Agenda" approval of the action indicated in each item, with all of the accompanying material to become a part of the Public Record and subject to staff comments A. Proposed Resolution No. R22-023- Approve utilizing The Village of Wellington, FL. Bid No. 202202 (rebid) and Authorize the City Manager to sign an agreement with K & B Maintenance Services, LLC DBA Professional Tennis Court Services of Loxahatchee, FL for Tennis Court Maintenance Services for an estimated annual cost of $79,000.00. The Village of Wellington's procurement process satisfies the City's competitive bid requirements. B. Proposed Resolution No. R22-024- Approve the ranking as recommended by the Evaluation Committee for RFP UTL22-006 Tree Inventory Services and authorize the City Manager to sign a Professional Services Agreement with PlanIT Geo, LLC. of Arvada CO for Tree Inventory Services with a not to exceed amount of$50,000. C. Legal Expenses- December 2021 - information at the request of the City Commission. No action required. D. Approve the one-year extension for RFPs/Bids and/ or piggy-backs for the procurement of services and/or commodities under $100,000 as described in the written report for February 1, 2022 - "Request for Extensions and/or Piggybacks." E. Proposed Resolution No. R22-025— Approve and authorize the City Manager to sign an Agreement with Florida Atlantic University Board of Trustees, on behalf of The John Scott Dailey Florida Institute of Government at Florida Atlantic University of Boca Raton, FL to provide strategic planning support services in the amount not-to-exceed $24,000. F. Approve minutes from the January 18, 2022 City Commission meeting. 7. Consent Bids And Purchases Over$100,000 A. Approve the one-year extension for RFPs/Bids and/ or piggy-backs for the procurement of services and/or commodities over $100,000 as described in the written report for February 1, 2022 - "Request for Extensions and/or Piggybacks." B. Proposed Resolution No. R22-026- Authorize the City Manager to utilize the State of Florida DMS Alternate contract source number 43230000-NASPO-16-ACS for software licensing through Software House International and sign any associated agreement with Microsoft Corporation for a three-year period for an annual amount of$280,927.93. C. Authorize utilizing the GSA contract GS-07F-173GA, previously approved on 9/1/2020, for the purchase of services for support and maintenance of citywide camera, access control, and Real Time Crime Center technology as needed from Broadcast Systems in the amount of up to $110,000. 8. Public Hearing - None 6 p.m. or as soon thereafter as the agenda permits. The City Commission will conduct these public hearings in its dual capacity as Local Planning Agency and City Commission. 9. City Manager's Report A. Approve City Hall Cafe Space RFP Scope of Work presented by David Scott, Director of Economic Development and Strategy. 10. Unfinished Business A. Continue discussion for clarification to staff on language to be included in the Resolution and on the Plaque for the Progress Pride Intersection. Page 5 of 580 11. New Business A. Mayor Grant has requested a discussion regarding naming the urban orchard at Sara Sims Park for Latosha Clemons. B. Mayor Grant has requested a discussion on creating a Citizens Engagement Committee for Police Department. 12. Legal A. Proposed Ordinance 22-004 - First Reading - Approve Mural Ordinance creating a mural standards section in the City's Land Use Regulations. B. Proposed Ordinance 22-005 - First Reading - Approve Ordinance Amending Chapter 26 entitled "Water, Sewers and City Utilities," by Amending Article I, entitled "In General," to create §26-6, entitled "Conditions for Utility Service; Penalties," establishing requirements for utility service, penalties for non-compliance, and appeals; amending Article "IV" entitled "Sewers," §26-57, entitled "Connections Required," to amend the time period to connect to sewer; providing for severability, conflicts, codification, and an effective date. 13. Future Agenda Items A. School Board Member Erica Whitfield has requested to present the 2021-2022 School Year State of Education Report to the City Commission. - February 15, 2022 B. Discuss potential Parks Bond Referendum and approve resolution to enter into agreement for Parks Master Plan for CAPRA accreditation and potential Parks Bond Referendum. - February 15, 2022 C. Building Department staff will present an update on the implementation of the new SagesGov software for permitting and inspections- March 1, 2022 D. Discuss disposition of vacant 3.62 acre parcel adjacent to Leisurevillle and west of SW 8th Avenue -TBD E. Proposed Ordinance No. 21-025 First Reading. Approve Development Agreement Ordinance. (Tabled from the September 21, 2021 City Commission Meeting.) - TBD F. Mayor Grant has requested a discussion on J KM lawsuit- TBD G. Discuss Building Safety Inspection Program- (Pending outcome of 2022 legislative session) 14. Adjournment Notice lfaperson decides to appeal to any decision made by the City Commission with respect to any matter considered at this meeting,He/She will need a record ofthe proceedings and,for such purpose,He/She may need to ensure that a verbatimrecord ofthe proceedings is made,which record includes the testimony and evidence upon which the appeal is to be based.(ES.286.0105) The city shall furnish appropriate auxiliary aids and services where necessary to afford an individual with a disability an equal opportunity to participate in and enjoy the benefits of a service,program,or activity conducted by the city.Please contact the City Clerks office,(561)742- 6060 or(TTY)1-800-955-8771,at least 48 hours prior to the programor activity in order for the city to reasonably accommodate your request. Additional agenda iterns may be added subsequent to the publication ofthe agenda on the city's web site.Information regarding iterns added to the agenda after it is published on the city's web site can be obtained fromthe office ofthe City Clerk Page 6 of 580 1.A. Opening Items 2/11/2022 City of Boynton Beach Agenda Item Request Form Commission Meeting Date: 2/1/2022 Requested Action by Commission: Call to Order- Mayor Steven B. Grant Roll Call Invocation by Rabbi Simon, Temple Beth Kodesh Pledge of Allegiance to the Flag led by Mayor Steven B. Grant Agenda Approval: 1. Additions, Deletions, Corrections 2. Adoption Explanation of Request: How will this affect city programs or services? Fiscal Impact: Alternatives: Strategic Plan: Strategic Plan Application: Climate Action Application: Is this a grant? Grant Amount: Attachments: Page 7 of 580 2.A. Other 2/11/2022 City of Boynton Beach Agenda Item Request Form Commission Meeting Date: 2/1/2022 Requested Action by Commission: Informational items by the Members of the City Commission. Explanation of Request: How will this affect city programs or services? Fiscal Impact: Alternatives: Strategic Plan: Strategic Plan Application: Climate Action Application: Is this a grant? Grant Amount: Attachments: Page 8 of 580 3.A. Announcements, Community and Special Events and Presentations 2/11/2022 City of Boynton Beach Agenda Item Request Form Commission Meeting Date: 2/1/2022 Requested Action by Commission: Presentation of FY 20/21 Grant Report by Grants Manager, Tess Lacroix. Explanation of Request: How will this affect city programs or services? Fiscal Impact: None Alternatives: Not provide a presentation Strategic Plan: Strategic Plan Application: Climate Action Application: Is this a grant? No Grant Amount: Attachments: Type Description Attachment FY 20/21 Annual Grant Report Presentation Page 9 of 580 I Gk 0 +� 1 co � .; 4- b�ACLa� #' rk c'i` buo a o 0 fa t � N r00fa ++ �� t r� IN 1 t • ��ids I- Q1 (8 I �� r 99� Gk > � rte 4 O i C�AMco 4=1U 4—J O 4=1O —o E 1 a� dim E CL 4-J CL AM t� I I ® ' U iil 4—J 4—J , G ; O ' 4=1 4—J LM O 0 4-J r CL i�4 � iss )� �,s _ 4�� ssdsysy Jss 1lr�r� Pihs,it �� sit Is�1�1 is\ �t�7�4 �t{��1�t}I, • -�� ' std+f �7l s s t iss •• �. � �r ttntti its r � , t,�l • �� j!s s 1t�s�l s�3s;� tt't ih7lt��zrs' "k zi � �,3 � l'j. ,lttitst�''7R s�s{}i(}ill{j. )l s�iti�� kmi M�� . S�� s 'ttsui � �Gyfttis 1 .r ��itl� Mpq' f�� tl�1�r aft tiJr Pi'air 4-4 JR ,mow is tai il't ��Its�l, s i .................i ''. � hilt ,��t,1 �.• ,< sub„rl,t t�t�'ik''dh�. 1�; 0 co LO 4- 0 (Y) (1) 3 F I. S _ k9' l F f N 0 +J co LO 4- 0 0 CID aA 00 }+ N Lo N Ln U 00 CID 00 a) r-I m � o { ® 0 CO a-J o C: w " ,i i��;1 t�`i 4 4srt ii�r�is1 t3,i �" 1 rAl + I s •rtoo �1 + " AVON a AsS of •• " " • u lA4, •(, e �� i ® (� CID t CoCID a)p rr{ U N N L 4-JCID c a) i A � U _&_— cn ca L QL �. O vi N 4=1O .O N X 't 1 °o •— a--+ �--+ �--+ �' � 4- a--+ O +� ate--+ +� O N t i' (C) CD Am a N a) E -0 CD p O k i ca N 1 a t�0 Am a O 'vi ff -0 ca cn -E £ ECIDr r L 4..� (� i r O U 0 �� + Almlk O LimO _0 � • U •+�-+ N_0 N OvE O F o ;X15 1t 40- 4=1vi O .U aA +� O ® -0 � �' Q i If r�'r _ — �. •� O t N � — > LO C ca N cr le 110 N Q O -0 0 •N 4-J -0 N Ln � f� � cn •— N N � EN �U i N -0 N � N +' cn m +a 00}' p N N w O p E -o � ca •Ln vii N �� }' O i O C: - O E — I• O Q f6 W i U W -0 a.., ,k P 9� Gk II ( (g •p- p Ln \ i " s �� \ R76 t. U Nbl � ' 't i co 3 Q 4-+ U t' o �-+ N E ;; Am aa Q Q !r i C;- p of,, V O s E a� Q _ p _0 4a o s a w p r U s AM S cn LM v I LL 4-J f +` f S �fi v cn ca co gym+ O m Z O O -0 N vI i 7 m '� U Ln i�4 � O N fu I i N f6 f �Ul) Y4 0 co�t LO co z 0) Am a \ }\t - U Q -W N t V co L m 2 Q ttl 0 N �ik, I tx LU LM G1 Z i N , E „ 4 , r i}{ ... � E 43 N O N `J c U 4 U f0 _ U_ z z E s J� "S V r O viCID ��"le , `�s� � O O ca a O U � "� N f� ate-+ •; � � ,,� l,t; COO Lo 4=1 46 vi –0 c6 O N ON c6 � rn V � '70 CID u N !� ti Ep O fu O O-0m ca U CID > r r k CID 0 N _0N Q N — � E ca (� O ® + £ !k U C6 N U U O Q ca O I 0 +-+ O +-+ i U UAM S CID QL CID aA �' dl Nij , p —QL 0 > LMJ CID cca� > N ® 2 fu > a--+ "psi > C6 � � N N I� � _0aA E C6 ate, cu 0ON Q O cc _0N Q �, x 0 U N N aN-+ 0 N Law CID CD Q > WQ N i4 fD CID E 4— O •— O N '� ca +-+ U F +•' O �' J � 4-Jca ! f E fu ° U m u a�i0 U c: ° =3 Q- j S: 1, kh 4 (srr tz � h r + iV �s 5 • • • 4 . • :s, s 1- ! � t •� � � � is t. t s, iz +v�t> U CID 0 N LO m 4— N^' Oq W LM fu 0f` tf • t •U 444 S 11i i'4ii Law �..7 CD tG S i d r6 9� Gk �rI a T 'J y 1 > ` U 1 3 no no PP `, _ ,}u E U -a o a LO 0 ,o , LM C.1f ` ' N QJ no 1 U _ u i� CD no i t C- W � ti f GJ g Q CD �� a LLC GjUp r Q 0 no _ t . 0 �t ® 00 - elm : uno LMU AM S C6 CLS s11 t � ._ ' AM S AR y , co AMAJO1'' 6MILMfir-+ V C� = 0) - (U4--J�^/� .� H 0111 j 313 C) to I , -4--J }, ,-H--? EE 4--JU t�II U a-J ® ® +J +J I i�4 � I Gk O > t a--+ ''' N C6 �'� i 4-J •UO .v Z N cc , CID N N 4-JH co cn t�,o ca C6 ® rk ri N Q `� i N �, O Q '� � i � E C6 •— ._ aAAm a N 0 Co •ca �_ gyp , a✓ ; �y -0 UCID Q CID Q N -0CID N N ; f6 O +� •N `� +� +� �, fu } Z U ® + vi vi ca U N vii m U ' CID 4-J N N 4-' O N U vi 4-J +� (D +., U '•� aA O ca ca N N 'N E a O U Q '0 N O O N N I- -0 U ca m C: Q -0 0 Q N f6 ` � �� r 9� Gk 3„ CID CIDp iY .A(S rytiSl rCIDU E O N •� % I � •Q _ 4-+ — U c6 p _0 - •c6 p Q , f -0 N N _0 O _0 _„ O . r N 4-J O � �, ,r 1 co u 4- _0 fu U -0 •Q •� I ami N 0— i = O v k a 4=1p � p t f C N ca 0 v •p N Q � h _0 NN Q f CD -0 i O ® ca c}'n vi N a••, i — > '� OO Q N fu i �1 N +-j — X O ) CO)- { �I 1 a--+ U N U > w O -o m U -0 c O f6 O O O 4-J § t O r U N N � Ln CID CID N = -0 N •� iit p C 07 � N r Gk CID O U a.., - Ca a-Jcy- CID 00 r4 co OO U C: p • Ca N i a-J •— Q 4=1CI =3 CID D �� p ®� •� N O N N r r} N vi t�0 ca _0 C N _0 0) C: C: m f O (3) U .0 + N Ln -o 1 CIDii a=+ 00 N a..+ O O N +� O >� * U +U, —0 U �--' a--+ Q i •� .F 4— QLate--+ _0O _0 N U U •N -1-j ® ® O ca ca N N aA Q -0 -0 N N ca c 'CIDr� f6 > O CD CID fu LM f6 C: Q _0 f6 fufu Ut�0 Q N O t� ca ca ca v, O +� � j `— ca _0 +� € +-+ O CID .0 N > CD �� r Ir Gk 14 X51 i CC co CID N O O (A � �, �,� I Lo NLo 4-J O c� N LMJ }, U U a E cca LM fu ®_ Q U C� CID co a) 1 N N _0 I— N U •� p i t O N ar CID 0) N o o cv O f N t�0 N 4-1 � r CID -0 CID a--+ N 0) C6 ,>> i i a--+ E N f� N E CID — p O (� U — U G r"4 i CD ca Q- a.., CID -0O CID t.0 ' U -I-- Q (3) • i ca 0) ca �� r 9� Gk II ( (g �r 1o I co o 0 L< r r s 0 � 4 (8 I �� r 3.B. Announcements, Community and Special Events and Presentations 2/11/2022 City of Boynton Beach Agenda Item Request Form Commission Meeting Date: 2/1/2022 Requested Action by Commission: Presentation from Gerda Klein about the Boynton Beach Mental Health Committee's initiatives. Explanation of Request: At the January 18, 2022 City Commission meeting, Commissioner Romelus requested that a member of the Boynton Beach Mental Health Committee speak about their initiatives at the ne)d meeting. How will this affect city programs or services? Fiscal Impact: Alternatives: Strategic Plan: Strategic Plan Application: Climate Action Application: Is this a grant? Grant Amount: Attachments: Page 28 of 580 3.C. Announcements, Community and Special Events and Presentations 2/11/2022 City of Boynton Beach Agenda Item Request Form Commission Meeting Date: 2/1/2022 Requested Action by Commission: Announcement by Stephanie Soplop of the Joe DiMaggio Children's Health Specialty Center Magic Wheels & Special Deals and Barrier Free 5K Events. Explanation of Request: Joe DiMaggio Children's Health Specialty Center Magic Wheels& Special Deals event will take place at Centennial Park, 120 E. Ocean Ave., on Friday, February 11 from 5:00 to 8:00pm. This event is free and will include vendors, music, food, and fun. The event will also include the Big Reveal of this year's Magic Wheels for Jason, who has been selected as the honorary starter of the 10th Annual Barrier Free 5K which takes place on Saturday, February 12 at Barrier Free Park, 3111 S. Congress Ave. at 7:30am. To participate in the 5K Walk, Run, or Roll event, please visit http://barrierfree5k.pbrace.com/. How will this affect city programs or services? Fiscal Impact: Alternatives: Strategic Plan: Strategic Plan Application: Climate Action Application: Is this a grant? Grant Amount: Attachments: Page 29 of 580 3.D. Announcements, Community and Special Events and Presentations 2/11/2022 City of Boynton Beach Agenda Item Request Form Commission Meeting Date: 2/1/2022 Requested Action by Commission: Announcement by Kacy Young, Recreation & Parks Department Director, regarding The Immortal Four Chaplains Memorial Service being held at Tom Kaiser, USN Boynton Beach Veterans Memorial Park on February 6th, starting at 2pm. Explanation of Request: The City of Boynton Beach and the Boynton Beach Veterans Task Force will host The Immortal Four Chaplains Memorial Service at Tom Kaiser, USN Boynton Beach Veterans Memorial Park at 2pm on February 6, 2022. How will this affect city programs or services? Support Services for the Immortal Four Chaplains Memorial Service will be provided by the Recreation & Parks Department, Public Works, and Marketing & Special Events. Fiscal Impact: No Fiscal Impact Alternatives: Not make the announcement Strategic Plan: Building Wealth in the Community Strategic Plan Application: Hosting special events provides an opportunity for residents and non-residents to visit Tom Kaiser, USN Boynton Beach Veterans Memorial Park. Climate Action Application: No Climate Action Application Is this a grant? Grant Amount: Attachments: Page 30 of 580 3.E. Announcements, Community and Special Events and Presentations 2/11/2022 City of Boynton Beach Agenda Item Request Form Commission Meeting Date: 2/1/2022 Requested Action by Commission: Announcement by Gabrielle Favitta, Events Manager, regarding First Friday @ 5 and Friday Flicks in February. Explanation of Request: This month's First Friday @ 5 Concert, scheduled for Friday, February 4 will feature Shane Ducan Band, a southern-rock band. The following food trucks are participating: Cousins Maine Lobster, Fins Kitchen, Just Eatz, Las Mexicanas, Moop Pops, and Potions and Motion. Friday Flicks on Friday, February 18 will be Charlie and The Choloate Factory and will include Broadway Bistro, NY Phat Pies, G's Hibachi and TMI. Both events will include children's activities and begin at 5:00 p.m. at Centennial Park and Amphitheatre in Downtown Boynton. Those attending are encouraged to bring chairs and blankets. How will this affect city programs or services? For the safety of attendees and vendors, the following roads will be closed from 3:00 p.m. to 9:00 p.m. during these events: - E. Ocean Ave., from Seacrest to S E 1 st St. - S.E. 1 st Ave., from Seacrest to S E 1 st St. To learn more about these events, visit boynton-beach.org/concerts or call 561-742-6010. Fiscal Impact: Support services for these events are provided by City Departments such as Customer Service, Finance, Fire, Human Resources& Risk Management, Police, Public Works, Recreation and Parks, and Utilities. Alternatives: Do not make the annoucement. Strategic Plan: Strategic Plan Application: Climate Action Application: Is this a grant? Page 31 of 580 Grant Amount: Attachments: Page 32 of 580 3.F. Announcements, Community and Special Events and Presentations 2/11/2022 City of Boynton Beach Agenda Item Request Form Commission Meeting Date: 2/1/2022 Requested Action by Commission: Early Voting for the March 8, 2022 Special Election for the office of State Representative, District 88, and the Municipal Election will begin on Saturday, February 26, 2022 and will continue through Sunday, March 6, 2022. The Early Voting hours are from 10:00 a.m. until 6:00 p.m. daily at the Ezell Hester Community Center located at 1901 North Seacrest Boulevard. As of 30 days prior to the election, a listing of Early Voting locations throughout Palm Beach County will be available at the following website: https://www.votepalmbeach.gov/Voters/Early-Voting. Explanation of Request: In cooperation with the Palm Beach County Supervisor of Elections, the Ezell Hester Community Center will be an Early Voting location. This location is available to all citizens within Palm Beach County. How will this affect city programs or services? There will be no effect on City programs or services. Fiscal Impact: Alternatives: The alternative would be to not cooperate with the Palm Beach County Supervisor of Elections in this effort to provide additional opportunities for our citizens to cast their votes. Strategic Plan: Strategic Plan Application: Climate Action Application: Is this a grant? Grant Amount: Attachments: Page 33 of 580 3.G. Announcements, Community and Special Events and Presentations 2/11/2022 City of Boynton Beach Agenda Item Request Form Commission Meeting Date: 2/1/2022 Requested Action by Commission: Proclaim February 11-17, 2022 as 2-1-1 Awareness Week. Patrice Schroeder, 211's Community Relations Specialist, will be online to accept the proclamation virtually. Explanation of Request: 211 is a community helpline and crisis hotline that provides suicide prevention, crisis intervention, information, assessment, and referral to community services for people of all ages. I ndividuals and families living in Palm Beach County, can call 2-1-1 to speak with a highly trained resource specialist. The 211 Helpline is available 24/7 and all calls are free and confidential. How will this affect city programs or services? N/A Fiscal Impact: N/A Alternatives: Not to proclaim February 11-17, 2022 as 2-1-1 Awareness Week. Strategic Plan: Strategic Plan Application: Climate Action Application: Is this a grant? Grant Amount: Attachments: Type Description Proclamation Proclamation 211 Helpline Page 34 of 580 rd&,,T aeaeA I proclamation WHEREAS,2-1-1 HelpLine is entering its 6th decade of quality&caring service to the community;and WHEREAS, over this span of time 2-1-1 HelpLine has responded to over 3 million requests for help from people of all walks of life-providing the guidance and support they've needed; 2-1-1 continues to do so through these trying times;and WHEREAS, Mental & Emotional Health, Addiction, Housing/Utilities, Food Insecurity and Health concerns are the top needs expressed by people reaching out to us. 2-1-1's caring staff continue to be that beacon of hope providing crisis support and resources when people are overwhelmed and do not know where to turn... 2-1-1 is available any time of day or night;and WHEREAS, 2-1-1 also has specialized advocacy and support programs that include The Caregiver Support Project,The Special Needs HelpLine,Help Me Grow catching children's developmental delays early,Elder Crisis Outreach;and WHEREAS,2-1-1's life-saving"Sunshine" Daily Telephone Reassurance calls continue to brighten the lives of local isolated seniors and has expanded to include isolated caregivers;and WHEREAS,2-1-1's My Florida Veterans provides peer-to-peer support and helps veterans to readjust, providing linkages to services for veterans and their families. NOW, THEREFORE, I, Steven B. Grant, Mayor of the City of Boynton Beach, hereby proclaim February 11-17th,2022 as: 2-1-1 Awareness Week in the City of Boynton Beach,and urge all citizens to be aware that if they are overwhelmed and in crisis or just need to talk...211 is available any time of day or night. 211 staff can also provide referrals for Mental Health Counseling, Substance Abuse, Health Care, Employment, Food Assistance, Day Care, Support Groups,Volunteering,VITA free income tax preparation and so much more. IN WITNESS WHEREOF, I hereunto set my hand and cause the official seal of the City of Boynton Beach,Florida,to be affixed this 1st day of February,2022. Steven B. Grant,Mayor ATTEST: Crystal Gibson,MMC City Clerk 3.H. Announcements, Community and Special Events and Presentations 2/11/2022 City of Boynton Beach Agenda Item Request Form Commission Meeting Date: 2/1/2022 Requested Action by Commission: Proclaim February 7, 2022 as Robert E. Wells Day. Bishop Bernard Wright will accept the proclamation. Explanation of Request: Robert E. Wells is a significant figure in Boynton's history and deserves this special recognition. Mr. Wells settled in Boynton Beach in 1890 and raised his family in the City. He helped found the oldest church in the City - St. Paul's AME Church; was a petitioner for the provision of the first black/African American school; was a signatory of the document incorporating Boynton as a town; and platted the Robert Wells subdivision in 1925. This proclamation honors his memory and recognizes his contributions to the City of Boynton Beach. How will this affect city programs or services? N/A Fiscal Impact: N/A Alternatives: Do not proclaim February 7, 2022 as Robert E. Wells Day. Strategic Plan: Strategic Plan Application: N/A Climate Action Application: N/A Is this a grant? Grant Amount: Attachments: Type Description Proclamation Proclamation - Robert E. Wells Day Page 36 of 580 lay proclamation WHEREAS,Mr. Robert E.Wells,a merchant sailor from Cat Island in the Bahamas,settled in Boynton in 1590 where he and his wife,Elizabeth,raised one son,Harry. WHEREAS, in 1592, Robert and Elizabeth Wells helped found St. Paul's African Methodist Episcopal Church. Officially established in 1900,St. Paul's AME is the oldest church in the city. WHEREAS, in 1596, Mr. Wells, and other members of St. Paul's AME, successfully petitioned Dade County School Board to provide a school for Boynton's black/African American children. Originally called "Boynton Colored School",it later became known as"Poinciana Elementary." WHEREAS, On April 14, 1920, Mr. Wells was a signatory of the document incorporating Boynton as a town;however, the land owned by him and the rest of the historic Heart of Boynton was not recognized in the incorporation and was called`Boynton Colored Town." WHEREAS,in 1925, Mr.Wells platted the Robert Wells Subdivision. He built the main thoroughfare in the historic Heart of Boynton called Wells Avenue (now known as Martin Luther King Junior Boulevard) and built a home at number 416. In addition to selling land and building houses,Mr.Wells donated lots to those in need, including St. Paul's AME for the building of a church. In time, Wells Avenue became a thriving downtown area for the black/African American community. NOW THEREFORE, I,Woodrow L. Hay,Vice Mayor of the City of Boynton Beach, Florida, do hereby proclaim the 7th of February,Two Thousand Twenty-two as: Robert E. Wells Day IN WITNESS WHEREOF,I have hereunto set my hand and caused the Seal of the City of Boynton Beach, Florida,to be affixed at Boynton Beach Florida,the 1st day of February,Two Thousand Twenty-two. Woodrow L. Hay,Vice Mayor ATTEST: Crystal Gibson City Clerk 5.A. Administrative 2/11/2022 City of Boynton Beach Agenda Item Request Form Commission Meeting Date: 2/1/2022 Requested Action by Commission: Appointment of eligible members of the community to serve in vacant positions on City advisory boards. Explanation of Request: The attached list contains term openings and vacancies on the various advisory boards with the designated Commission members having responsibility for the appointment to fill each term opening and vacancy. There are no new applicants at this time. How will this affect city programs or services? Appointments are necessary to keep city advisory boards full and operating as effectively as possible. Fiscal Impact: Alternatives: Allow vacancies to remain unfilled Strategic Plan: Building Wealth in the Community Strategic Plan Application: Climate Action Application: Is this a grant? Grant Amount: Attachments: Type Description Attachment Appointments and Applicants for February 1, 2022 Page 38 of 580 Appointments and Applicants for February 1, 2022 Building Board of Adjustments and Appeals IV Penserga Reg 2 yr term to 3/23 Mayor Grant Alt 1 yr term to 3/22 I Katz Alt 1 yr term to 3/22 Applicants: None Education and Youth Advisory Board IV Penserga Student 1 yr term to 3/22 (Voting) Mayor Grant Student 1 yr term to 3/23 (Non-Voting) Applicants: None Historic Resources Preservation Board IV Penserga Alt 1 yr term to 3/22 Applicants: None Library Board Mayor Grant Reg 2 yr term to 3/22 Vice Mayor Hay Alt 1 yr term to 3/22 I Katz Alt 1 yr tern to 3/22 Applicants: None C:\Program Files(x86)\neevia.com\docConverterPro\temp\NVDC\6AA9D421-89BC-486F-985D-E9909602874F\Boynton Beach.31605.1.Appointments_for_02-01- 22.docx Page 39 of 580 6.A. Consent Agenda 2/11/2022 City of Boynton Beach Agenda Item Request Form Commission Meeting Date: 2/1/2022 Requested Action by Commission: Proposed Resolution No. R22-023-Approve utilizing The Village of Wellington, FL. Bid No. 202202 (rebid) and Authorize the City Manager to sign an agreement with K & B Maintenance Services, LLC DBA Professional Tennis Court Services of Loxahatchee, FL for Tennis Court Maintenance Services for an estimated annual cost of$79,000.00. The Village of Wellington's procurement process satisfies the City's competitive bid requirements. Explanation of Request: Agreement Term: February 2, 2022 through December 13, 2024 K & B Maintenance Services, LLC DBA Professional Tennis Court Services has been awarded the tennis court maintenance services from The Village of Wellington under a continuing services contract for a thee (3) year term and by mutual agreement renewable for two (2) additional one-year periods. The Contractor shall furnish all supervision, labor and equipment as necessary to properly maintain the facilities and complete court maintenance. The Boynton Beach Recreation and Parks Department is seeking consent to piggyback this contract and establish an agreement with K & B Maintenance Services, LLC DBA Professional Tennis Court Services to provide tennis court maintenance services at designated courts within the City of Boynton Beach. Services include daily brushing of the 17 above ground tennis courts, checking for high lines, inspecting wind screens, nets, center straps, adjusting tennis nets to proper heights and removal of debris and weeds. The hard courts will be blown off with hand blower, rinsed off as needed. Weekly services include monitoring court irrigation for proper moisture ratio and adjust/repair court irrigation filters, treat courts to prevent algae and weed growth, remove and repair any "dead" spots, divots, low areas or surface damage. The rolling courts will be done on a bi-weekly basis. How will this affect city programs or services? Enhance the quality of each tennis court within the City. Fiscal Impact: B udgeted 001-2710-572.49-17 Alternatives: Postpone procuring these services to develop and advertise bid in-house. Strategic Plan: Strategic Plan Application: Climate Action Application: Page 40 of 580 Isthis mgrant? No Grant Amount: Contracts Vendor Name: K & B Maintenance Services, LLC DBA Professional Tennis Court Services Start Date: 2/2/2022 End Date: 12/13/2024 Contract Value: 79.000. Minority Owned Contractor?: No Em±mnaionAvmi|mb|m7: Yes Extension Explanation: Two (2) additional one-year options, by mutual agreement Attachments: Type Description O Resolution Resolution approving agreement with K&B Maintenance for Tennis Courts Page 41Of580 1 RESOLUTION NO. R22- 2 3 4 A RESOLUTION OF THE CITY OF BOYNTON BEACH, FLORIDA, 5 APPROVING THE USE OF THE VILLAGE OF WELLINGTON, FL. BID 6 NO. 202202 (REBID)AND AUTHORIZING THE CITY MANAGER TO 7 SIGN AN AGREEMENT WITH K&B MAINTENANCE SERVICES, LLC 8 DBA PROFESSIONAL TENNIS COURT SERVICES OF 9 LOXAHATCHEE, FL FOR TENNIS COURT MAINTENANCE 10 SERVICES FOR AN ESTIMATED ANNUAL COST OF $79,000.00; 11 AND PROVIDING AN EFFECTIVE DATE. 12 13 14 WHEREAS, the Recreation and Parks Department is seeking tennis court maintenance 15 services at the designated courts within the City of Boynton Beach.; and 16 WHEREAS, K & B Maintenance Services, LLC DBA Professional Tennis Court Services has 17 been awarded the tennis court maintenance services from The Village of Wellington under a 18 continuing services contract for a thee (3) year term and by mutual agreement renewable for 19 two (2) additional one-year periods; and 20 WHEREAS, Contractor shall furnish all supervision, labor and equipment as necessary to 21 properly maintain the facilities and complete court maintenance; and 22 WHEREAS, the City Commission of the City of Boynton Beach, Florida deems it to be in 23 the best interests of the citizens and residents of the City of Boynton to approve utilizing The 24 Village of Wellington, FL. Bid No. 202202 (rebid) and Authorize the City Manager to sign an 25 agreement with K & B Maintenance Services, LLC DBA Professional Tennis Court Services of 26 Loxahatchee, FL for Tennis Court Maintenance Services for an estimated annual cost of 27 $79,000.00. 28 NOW, THEREFORE, BE IT RESOLVED BY THE CITY COMMISSION OF THE CITY OF 29 BOYNTON BEACH, FLORIDA, THAT: S:ACA\RESO\Agreements\Piggy-Back Wellington For K&B Maintenance(Tennis Court) -Reso.Docx Page 42 of 580 30 Section 1. The foregoing "Whereas" clauses are hereby ratified and confirmed as 31 being true and correct and are hereby made a specific part of this Resolution upon adoption 32 hereof. 33 Section 2. The City Commission hereby approves utilizing The Village of Wellington, 34 FL. Bid No. 202202 (rebid) and authorizes the City Manager to sign an agreement with K & B 35 Maintenance Services, LLC DBA Professional Tennis Court Services of Loxahatchee, FL for Tennis 36 Court Maintenance Services for an estimated annual cost of$79,000.00,a copy of the Agreement 37 is attached hereto as Exhibit "A. 38 Section 3. This Resolution shall become effective immediately upon passage. 39 40 PASSED AND ADOPTED this 1 st day of February, 2022. 41 CITY OF BOYNTON BEACH, FLORIDA 42 43 YES NO 44 45 Mayor— Steven B. Grant 46 47 Vice Mayor—Woodrow L. Hay 48 49 Commissioner—Justin Katz 50 51 Commissioner— Christina L. Romelus 52 53 Commissioner—Ty Penserga 54 55 VOTE 56 ATTEST: 57 58 59 Crystal Gibson, MMC 60 City Clerk 61 62 63 (Corporate Seal) S:ACA\RESO\Agreements\Piggy-Back Wellington For K&B Maintenance(Tennis Court) -Reso.Docx Page 43 of 580 6.B. Consent Agenda 2/11/2022 City of Boynton Beach Agenda Item Request Form Commission Meeting Date: 2/1/2022 Requested Action by Commission: Proposed Resolution No. R22-024-Approve the ranking as recommended by the Evaluation Committee for RFP UTL22-006 Tree Inventory Services and authorize the City Manager to sign a Professional Services Agreement with PlanIT Geo, LLC. of Arvada CO for Tree Inventory Services with a not to exceed amount of$50,000. Explanation of Request: On November 10, 2021, Purchasing issued a Request for Proposal (RFP) seeking the services of a qualified firm to provide tree inventory on City-owned properties. The purpose is to identify the health, condition, and maintenance needs of existing trees located on public property. On January 20, 2022, in a public noticed evaluation meeting, the Selection Committee, comprised of City Staff, revealed and discussed their independent scores for each of the proposals based upon the evaluation criteria described in the RFP. The Committee ranked the proposals as follows: Rank 1: PlanIT Geo, LLC. Rank 2: E Sciences, Inc. Rank 3: The F.A. Bartlett Tree Expert Company The Committee's recommendation is to award the Agreement to PlanIT Geo, LLC. as the highest-ranked qualified firm. How will this affect city programs or services? On September 1, 2020 the City Commission adopted a Citywide tree planting goal to increase tree canopy coverage from 16.1% to 20% by 2035 (R20-091). In 2021, the City received a grant from the Florida Department of Agriculture and Consumer Services (FDACS) Managing Community Forests Grant Program, which provides a three-year path to help the City develop a realistic strategy to achieve the canopy goal and ensure that City investments yield the expected results. This Tree Inventory project is year 1 of the grant program. The selected firm will inventory trees throughout City-owned parks, other City properties, and right-of-ways. The inventory will entail collecting data on (at minimum) tree location, species, diameter at breast height, condition, and need for maintenance. These data will be provided to the City and summarized in a final report by a professional arborist. The inventory will support the development of an Urban Forestry Management Plan, under a separate grant contract, in year 2. Specifically, it will allow the City to set objectives for tree planting to increase diversity of the urban forest; address potential hazards; and prepare work plans and budgets for removal, planting, and pruning. Fiscal Impact: B udgeted The estimated cost of the Tree Inventory project is $50,000. $25,000 will be coming from the grant agreement and a $25,000 match is allocated in FY 2021-2022 in the Utilities Sustainability Account#401-2821-536.95- 44. Page 44 of 580 Alternatives: Strategic Plan: Building Wealth in the Community, Transportation and Mobility , Public Health and Safety , Environmental Sustainability Strategic Plan Application: By supporting the City's tree canopy program, this project will enhance property values and economic development across the city, contribute to more walkable neighborhoods, reduce urban heat, and enhance community sustainability. Climate Action Application: 2020 Climate Action Plan Strategy C-1.5 Urban Forestry. Is this a grant? Yes Grant Amount: $25,000 Contracts Vendor Name: PlanIT Geo, Inc. Start Date: 2/2/2022 End Date: 7/1/2022 Contract Value: $50,000 Minority Owned Contractor?: Extension Available?: No Extension Explanation: Attachments: Type Description Resolution Resolution approving Professional Services Agreement for Tree Inventory D Agreement Professional Services Agreement- Plan It Geo, LLC. Page 45 of 580 1 RESOLUTION NO. R22- 2 3 A RESOLUTION OF THE CITY OF BOYNTON BEACH, FLORIDA, 4 APPROVING THE RANKING AS RECOMMENDED BY THE 5 EVALUATION COMMITTEE FOR RFP UTL22-006 TREE INVENTORY 6 SERVICES AND AUTHORIZE THE CITY MANAGER TO SIGN A 7 PROFESSIONAL SERVICES AGREEMENT WITH PLANIT GEO, LLC OF 8 ARVADA CO FOR TREE INVENTORY SERVICES WITH A NOT TO 9 EXCEED AMOUNT OF $50,000.00; AND PROVIDING AN EFFECTIVE 10 DATE. 11 12 13 WHEREAS, on November 10, 2021, Purchasing issued a Request for Proposal (RFP) 14 seeking the services of a qualified firm to provide tree inventory on City-owned properties 15 to identify the health, condition, and maintenance needs of existing trees located on public 16 property; and 17 WHEREAS, on January 20, 2022, in a public noticed evaluation meeting, the 18 Selection Committee, comprised of City Staff, revealed and discussed their independent 19 scores for each of the proposals based upon the evaluation criteria described in the RFP; 20 and 21 WHEREAS the Committee's recommendation is to award the Agreement to PlanIT 22 Geo, LLC. as the highest-ranked qualified firm; and 23 WHEREAS, staff is recommending for the City Commission to approve the ranking 24 as recommended by the Evaluation Committee for RFP UTL22-006 Tree Inventory Services 25 and authorize the City Manager to sign a Professional Services Agreement with PlanIT Geo, 26 LLC of Arvada CO for Tree Inventory Services with a not to exceed amount of $50,000.00. 27 NOW, THEREFORE, BE IT RESOLVED BY THE CITY COMMISSION OF THE CITY 28 OF BOYNTON BEACH, FLORIDA, THAT: S:\CA\RESO\Agreements\Professional Services Agreement Wth Planit Geo LLC(Tree Inventory Services)-Reso.docx Page 46 of 580 29 Section 1. The foregoing "Whereas" clauses are hereby ratified and confirmed 30 as being true and correct and are hereby made a specific part of this Resolution upon 31 adoption hereof. 32 Section 2. The City Commission of the City of Boynton Beach, Florida does 33 hereby approve the ranking as recommended by the Evaluation Committee for RFP UTL22- 34 006 Tree Inventory Services and authorize the City Manager to sign a Professional Services 35 Agreement with PlanIT Geo, LLC of Arvada CO for Tree Inventory Services with a not to 36 exceed amount of $50,000.00,a copy of which is attached hereto as Exhibit'W'. 37 Section 3. This Resolution shall become effective immediately upon passage. 38 PASSED AND ADOPTED this 1 st day of February, 2022. 39 CITY OF BOYNTON BEACH, FLORIDA 40 41 YES NO 42 Mayor— Steven B. Grant 43 44 Vice Mayor—Woodrow L. Hay 45 46 Vice Mayor—Justin Katz 47 48 Commissioner— Christina L. Romelus 49 50 Commissioner—Ty Penserga 51 52 ATTEST: VOTE 53 54 55 Crystal Gibson, MMC 56 City Clerk 57 58 59 (Corporate Seal) S:\CA\RESO\Agreements\Professional Services Agreement Wth Planit Geo LLC(Tree Inventory Services)-Reso.docx Page 47 of 580 0 PROFESSIONAL SERVICES AGREEMENT FOR TREE INVENTORY SERVICES THIS AGREEMENT ("Agreement"), is entered into between the City of Boynton Beach, a municipal corporation organized and existing under the laws of Florida, with a business address of 100 East Ocean Ave., Boynton Beach, FL 33435, hereinafter referred to as "CITY', and PlanIT Geo, LLC a limited liability corporation authorized to do business in the State of Florida, with a business address of 7878 Wadsworth Blvd, Suite 340, Arvada, CO 80003, hereinafter referred to as "CONSULTANT". In consideration of the mutual benefits, terms, and conditions hereinafter specified the Parties agree as set forth below. WHEREAS, the CITY solicited proposals for a non-exclusive contract to perform Tree Inventory Services, and WHEREAS, the CITY issued a REQUEST FOR PROPOSALS FOR TREE INVENTORY SERVICES, RFP No. UTL22-006; and WHEREAS, RFP No. UTL22-006 defined Scope of Services for Tree Inventory Services; and WHEREAS, the CITY determined that CONSULTANT was qualified for appointment to perform the scope of services set forth in RFP No. UTL22-006; and WHEREAS, the CITY Commission on February 1, 2022, determined that CONSULTANT was qualified for appointment to perform the scope of services set forth in the REQUEST FOR PROPOSALS FOR TREE INVENTORY SERVICES; and NOW, THEREFORE, in consideration of the mutual covenants expressed herein, the parties agree as follows: ARTICLE 1 - SERVICES 1.1 CONSULTANT hereby agrees to perform the services for the tree inventory, as more particularly described in RFP No. UTL22-006, attached hereto as Exhibit "A" and by this reference made a part hereof. 1.2 CONSULTANT shall furnish all services, labor, equipment, and materials necessary and as may be required in the performance of this Agreement, except as otherwise specifically provided for herein, and all work performed under this Agreement shall be done in a professional manner. 1.3 CONSULTANT assumes professional and technical responsibility for performance of its services to be provided hereunder in accordance with recognized professional and ethical guidelines established by their profession. If within one Page 48 of 580 year following completion of its services, such services fail to meet the aforesaid standards, and the CITY promptly advises CONSULTANT thereof in writing, CONSULTANT agrees to re-perform such deficient services without charge to the CITY. 1.4 The relationship between CITY and CONSULTANT created hereunder and the services to be provided by CONSULTANT pursuant to this Agreement are non- exclusive. CITY shall be free to pursue and engage similar relationships with other contractors to perform the same or similar services performed by CONSULTANT hereunder, so long as no other consultant shall be engaged to perform the specific project(s) assigned to CONSULTANT while CONSULTANT is so engaged without first terminating such assignment. CONSULTANT shall be free to pursue relationships with other parties to perform the same or similar services, whether or not such relationships are for services to be performed within the CITY, so long as no such relationship shall result in a conflict of interest, ethical or otherwise, with the CITY's interests in the services provided by CONSULTANT hereunder. 1.5 CONSULTANT shall not utilize the services of any sub-consultant without the prior written approval of CITY. 1.6 The CITY's Representative during the performance of this Agreement shall be Rebecca Harvey, Sustainability Coordinator, 561-742-6494, Harvey (-bbfl.us. 1.7 The CONSULTANT'S Representative during the performance of the Agreement shall be TJ Wood, Director of Field Services, tiwoodp_planitgeo.com. ARTICLE 2 - TERM 2.1 The initial Agreement period shall be for an initial term of six (6) months, commencing on February 2, 2022. The services to be performed during the initial six (6) month term will be governed by this Agreement, and that there is no guarantee of future work being given to the Consultant. 2.2 In the event that services are scheduled to end either by contract expiration or by termination by the CITY (at the CITY's discretion), the CONSULTANT shall continue the services, if requested by the CITY, or until task or tasks is/are completed. At no time shall this transitional period extend more than one-hundred and eighty (180) calendar days beyond the expiration date of the existing contract. The CONSULTANT will be reimbursed for this service at the rate in effect when this transitional period clause was invoked by the CITY. ARTICLE 3 - TIME OF PERFORMANCE 3.1 Work under this Agreement shall commence upon the giving of written notice by the CITY to the CONSULTANT by way of a purchase order. CONSULTANT shall perform all services and provide all work products required pursuant to this Agreement within the time period set forth herein unless otherwise agreed to in the purchase order. Page 49 of 580 ARTICLE 4 - PAYMENT 4.1 The CONSULTANT shall be paid by the CITY for completed work and for services rendered under this agreement as follows: A. Payment for the work provided by the CONSULTANT shall be made promptly on all invoices submitted to the CITY properly and in accordance with "PRICE PROPOSAL". B. The CONSULTANT may submit invoices to the CITY during the progress of the contract term. Invoices shall include information such as the date(s) of service, type of service(s) performed, length of time spent, the level/status of the employee performing the task if relevant, all applicable fees and costs, an adequate description for all fees and costs, and any other information reasonably required by CITY. Such invoices will be reviewed by the CITY, and upon approval thereof, payment will be made to the CONSULTANT in the amount approved. C. Final payment of any balance due to the CONSULTANT of the total price earned will be made promptly upon its ascertainment and verification by the CITY after the completion of the work under this Agreement and its acceptance by the CITY. D. The payment as provided in this section by the CITY shall be full compensation for work performed, services rendered, and for all materials, supplies, equipment, and incidentals necessary to complete the work. E. The Professional's records and accounts pertaining to this agreement are to be kept available for inspection by representatives of the CITY and State for a period of three (3) years after the termination of the Agreement. Copies shall be made available upon request. F. All payments shall be governed by the Local Government Prompt Payment Act, as set forth in Part VII, Chapter 218, Florida Statutes. ARTICLE 5 - OWNERSHIP AND USE OF DOCUMENTS 5.1 Upon completion of the project and final payment to CONSULTANT, all documents, drawings, specifications, and other materials produced by the CONSULTANT in connection with the services rendered under this agreement shall be the property of the CITY whether the project for which they are made is executed or not. Notwithstanding the foregoing, the CONSULTANT shall maintain the rights to reuse standard details and other design copies, including reproducible copies, of drawings and specifications for information, reference, and use in connection with CONSULTANT's endeavors. Any use of the documents for purposes other than as originally intended by this Agreement, without the written consent of CONSULTANT, shall be at the CITY's sole risk and without liability to CONSULTANT and CONSULTANT'S sub-CONSULTANTS. Page 50 of 580 ARTICLE 6 - FUNDING 6.1 This Agreement shall remain in full force and effect only as long as the expenditures provided in the Agreement have been appropriated by the CITY in the annual budget for each fiscal year of this Agreement and is subject to termination based on lack of funding. ARTICLE 7 -WARRANTIES AND REPRESENTATIONS 7.1 CONSULTANT represents and warrants to the CITY that it is competent to engage in the scope of services contemplated under this Agreement and that it will retain and assign qualified professionals to all assigned projects during the term of this Agreement. CONSULTANT's services shall meet a standard of care for [service description]. In submitting its response to the RFP, CONSULTANT has represented to CITY that certain individuals employed by CONSULTANT shall provide services to CITY pursuant to this Agreement. CITY has relied upon such representations. Therefore, CONSULTANT shall not change the designated Project Manager for any project without the advance written approval of the CITY, which consent may be withheld in the sole and absolute discretion of the CITY. ARTICLE 8 - COMPLIANCE WITH LAWS 8.1 CONSULTANT shall, in performing the services contemplated by this Service Agreement, faithfully observe and comply with all federal, state, and local laws, ordinances, and regulations that are applicable to the services to be rendered under this Agreement. ARTICLE 9 - INDEMNIFICATION 9.1 The CONSULTANT shall indemnify and hold harmless the CITY, its officers, employees, agents, and instrumentalities from any and all liability, losses or damages, including attorneys' fees and costs of defense, which the CITY or its officers, employees, agents, or instrumentalities may incur as a result of claims, demands, suits, causes of actions or proceedings of any kind or nature arising out of, relating to and resulting from the performance of this Agreement by the CONSULTANT, its employees, agents, partners, principals or subcontractors. The CONSULTANT shall pay all claims and losses in connection therewith and shall investigate and defend all claims, suits or actions of any kind or nature in the name of the CITY, where applicable, including appellate proceedings, and shall pay all costs, judgments, and attorneys' fees which may issue thereon. Neither party to this Agreement shall be liable to any third party claiming directly or through the other respective party, for any special, incidental, indirect, or consequential damages of any kind, including but not limited to lost profits or use that may result from this Agreement or out of the services or goods furnished hereunder. 9.2 The parties understand and agree that the covenants and representations relating to this indemnification provision shall survive the term of this Agreement and continue in full force and effect as to the party's responsibility to indemnify. Page 51 of 580 9.3 Nothing contained herein is intended nor shall be construed to waive CITY's rights and immunities under the common law or§768.28, Fla. Stat., as may be amended from time to time. ARTICLE 10 - INSURANCE 10.1 During the performance of the services under this Agreement, CONSULTANT shall maintain the following insurance policies, and provide originals or certified copies of all policies to CITY's Director of Human Resources and Risk Management. All policies shall be written by an insurance company authorized to do business in Florida. CONSULTANT shall be required to obtain all applicable insurance coverage, as indicated below, prior to commencing any service pursuant to this Agreement: A. Worker's Compensation Insurance: The CONSULTANT shall procure and maintain for the life of this Agreement, Worker's Compensation Insurance covering all employees with limits meeting all applicable state and federal laws. This coverage shall include Employer's Liability with limits meeting all applicable state and federal laws. This coverage must extend to any sub-CONSULTANT that does not have their own Worker's Compensation and Employer's Liability Insurance. The policy must contain a waiver of subrogation in favor of the CITY of Boynton Beach, executed by the insurance company. B. Comprehensive General Liability: The CONSULTANT shall procure and maintain for the life of this Agreement, Comprehensive General Liability Insurance. This coverage shall be on an "Occurrence" basis. Coverage shall include Premises and Operations; Independent consultants, Products-Completed Operations and Contractual Liability with specific reference to Article 7, "Indemnification" of this Agreement. This policy shall provide coverage for death, personal injury, or property damage that could arise directly or indirectly from the performance of this Agreement. CONSULTANT shall maintain a minimum coverage of $1,000,000 per occurrence and $1,000,000 aggregate for personal injury/ and $1,000.000 per occurrence/aggregate for property damage. The general liability insurance shall include the CITY as an additional insured and shall include a provision prohibiting cancellation of the policy upon thirty (30) days prior written notice to the CITY. C. Business Automobile Liability: The CONSULTANT shall procure and maintain, for the life of this Agreement, Business Automobile Liability Insurance. The CONSULTANT shall maintain a minimum amount of $1,000,000 combined single limit for bodily injury and property damage liability to protect the CONSULTANT from claims for damage for bodily and personal injury, including death, as well as from claims for property damage, which may arise from the ownership, use of maintenance of owned and non-owned automobile, included rented automobiles, whether such operations be by the CONSULTANT or by anyone directly or indirectly employed by the CONSULTANT. Page 52 of 580 D. Professional Liability (Errors and Omissions) Insurance: The CONSULTANT shall procure and maintain for the life of this Agreement in the minimum amount of$1,000,000 per occurrence. E. Umbrella/Excess Liability Insurance in the amount of $1,000,000.00 as determined appropriate by the CITY depending on the type of job and exposures contemplated. Coverage must follow form of the General Liability, Auto Liability, and Employer's Liability. This coverage shall be maintained for a period of no less than the later of three (3) years after the delivery of goods/services or final payment pursuant to the Agreement. 10.2 CONSULTANT shall provide the CITY with all Certificates of Insurance required under this section prior to beginning performance under this Agreement. Failure to maintain the required insurance will be considered a default of the Agreement. 10.3 The CITY shall be named as an additional insured. The coverage shall contain no limitations on the scope of protection afforded the CITY, its officers, officials, employees, or volunteers. A current valid insurance policy meeting the requirements herein identified shall be maintained during the duration of this Agreement, and shall be endorsed to state that coverage shall not be suspended, voided, or canceled by either party, reduced in coverage in limits except after thirty (30) days prior written notice by either certified mail, return receipt requested, has been given to the CITY. 10.4 The CITY reserves the right to reasonably require any additional insurance coverage or increased limits as determined necessary by the Director of Human Resources and Risk Management. The CITY reserves the right to review, modify, reject, or accept any required policies of insurance, including limits, coverage, or endorsements throughout the term of the Agreement. ARTICLE 11 - INDEPENDENT CONSULTANT 11.1 CONSULTANT is an independent CONSULTANT with respect to the services provided pursuant to this Agreement. Nothing in this Agreement shall be considered to create the relationship of employer and employee between the parties hereto. Neither CONSULTANT nor any employee of CONSULTANT shall be entitled to any benefits accorded CITY employees by virtue of the services provided under this Agreement. The CITY shall not be responsible for withholding or otherwise deducting federal income tax or social security or for contributing to the state industrial insurance program, otherwise assuming the duties of an employer with respect to CONSULTANT, or any employee of CONSULTANT. ARTICLE 12 - COVENANT AGAINST CONTINGENT FEES 12.1 The CONSULTANT warrants that he has not employed or retained any company or person, other than a bonafide employee working solely for the CONSULTANT, to solicit or secure this Agreement, and that he has not paid or agreed to pay any company or person, other than a bonafide employee working solely for the CONSULTANT, any fee, commission, percentage, brokerage fee, gifts, or any other consideration contingent upon or resulting from the award or making of this Agreement. For breach or violation of this warranty, the CITY shall have the right Page 53 of 580 to annul this Agreement without liability or, in its discretion to deduct from the contract price or consideration, or otherwise recover, the full amount of such fee, commission, percentage, brokerage fee, gift, or contingent fee. ARTICLE 13— TRUTH-IN-NEGOTIATION CERTIFICATE 13.1 Execution of this Agreement by the CONSULTANT shall act as the execution of a truth-in-negotiation certificate certifying that the wage rates and costs used to determine the compensation provided for in this Agreement is accurate, complete, and current as of the date of the Agreement and no higher than those charged the CONSULTANT's most favored customer for the same or substantially similar service. 13.2 The said rates and costs shall be adjusted to exclude any significant sums should the CITY determine that the rates and costs were increased due to inaccurate, incomplete, or non-current wage rates or due to inaccurate representations of fees paid to outside CONSULTANT& The CITY shall exercise its rights under this "Certificate" within one (1) year following payment. ARTICLE 14 - DISCRIMINATION PROHIBITED 14.1 The CONSULTANT, with regard to the work performed by it under this Agreement, will not discriminate on the grounds of race, color, national origin, religion, creed, age, sex, or the presence of any physical or sensory handicap in the selection and retention of employees or procurement of materials or supplies. ARTICLE 15 -ASSIGNMENT 15.1 The CONSULTANT shall not sublet or assign any of the services covered by this Agreement without the express written consent of the CITY. ARTICLE 16 - NON-WAIVER 16.1 A waiver by either CITY or CONSULTANT of any breach of this Agreement shall not be binding upon the waiving party unless such waiver is in writing. In the event of a written waiver, such a waiver shall not affect the waiving party's rights with respect to any other or further breach. The making or acceptance of a payment by either party with knowledge of the existence of a default or breach shall not operate or be construed to operate as a waiver of any subsequent default or breach. ARTICLE 17— TERMINATION 17.1 Termination for Convenience: This Agreement may be terminated by the CITY for convenience, upon fourteen (14) days of written notice by the terminating party to the other party for such termination in which event the CONSULTANT shall be paid its compensation for services performed to the termination date, including services reasonably related to termination. In the event that the CONSULTANT abandons the Agreement or causes it to be terminated, the CONSULTANT shall indemnify the CITY against loss pertaining to this termination. Page 54 of 580 17.2 Termination for Cause: In addition to all other remedies available to CITY, this Agreement shall be subject to cancellation by CITY for cause, should CONSULTANT neglect or failure to perform or observe any of the terms, provisions, conditions, or requirements herein contained if such neglect or failure shall continue for a period of thirty (30) days after receipt by CONSULTANT of written notice of such neglect or failure. ARTICLE 18 - DISPUTES 18.1 Any and all legal action necessary to enforce the terms of this Agreement shall be governed by the laws of the State of Florida.Any legal action arising from the terms of this Agreement shall be submitted to a court of competent jurisdiction located in Palm Beach County. 18.2 Correction of Work. If in the judgment of CITY, work provided by CONSULTANT does not conform to the requirements of this Agreement, or if the work exhibits poor workmanship, CITY reserves the right to require that CONSULTANT correct all deficiencies in the work to bring the work into conformance without additional cost to CITY, and/or replace any personnel who fail to perform in accordance with the requirements of this Agreement. CITY shall be the sole judge of non- conformance and the quality of workmanship. 18.3 Remedies in Default. In case of default by CONSULTANT, CITY shall notify CONSULTANT, in writing, of such abandonment, delay, refusal, failure, neglect, or default and direct CONSULTANT to comply with all provisions of the Agreement. If the abandonment, delay, refusal, failure, neglect, or default is not cured within seven (7) days of when notice was sent by CITY, CITY may declare a default of the Agreement and notify CONSULTANT of such declaration of default and terminate the Agreement. A. Upon such declaration of default, all payments remaining due CONSULTANT at the time of default, less all sums due CITY for damages suffered, or expenses incurred by reason of default, shall be due and payable to CONSULTANT. B. CITY may complete the Agreement, or any part thereof, either by day labor, use of a subcontractor, or by re-letting a contract for the same, and procure the equipment and the facilities necessary for the completion of the Agreement, and charge the cost of same to CONSULTANT together with the costs incident thereto to such default. C. In the event CITY completes the Agreement at a lesser cost than would have been payable to CONSULTANT under this Agreement, if the same had been fulfilled by CONSULTANT, CITY shall retain such differences. Should such cost to CITY be greater, CONSULTANT shall pay the amount of such excess to the CITY. D. Notwithstanding the other provisions in this Article, CITY reserves the right to terminate the Agreement at any time, whenever the service provided by CONSULTANT fails to meet reasonable standards of the trade after CITY Page 55 of 580 gives written notice to the CONSULTANT of the deficiencies as set forth in the written notice within fourteen calendar (14) days of the receipt by CONSULTANT of such notice from CITY. ARTICLE 19— UNCONTROLLABLE FORCES 19.1 Neither the CITY nor CONSULTANT shall be considered to be in default of this Agreement if delays in or failure of performance shall be due to Uncontrollable Forces, the effect of which, by the exercise of reasonable diligence, the non- performing party could not avoid. The term "Uncontrollable Forces" shall mean any event which results in the prevention or delay of performance by a party of its obligations under this Agreement and which is beyond the reasonable control of the non-performing party. It includes, but is not limited to pandemic, epidemic, acts of God, fire, flood, earthquakes, storms, lightning, epidemic, war, riot, civil disturbance, sabotage, and governmental actions. 19.2 Neither party shall, however, be excused from performance if non-performance is due to forces that are preventable, removable, or remediable, and which the non- performing party could have, with the exercise of reasonable diligence, prevented, removed, or remedied with reasonable dispatch. The non-performing party shall, within a reasonable time of being prevented or delayed from the performance by an uncontrollable force, give written notice to the other party describing the circumstances and uncontrollable forces preventing the continued performance of the obligations of this Agreement. ARTICLE 20 - NOTICES Notices to the CITY of Boynton Beach shall be sent to the following address- City of Boynton Beach Attn: Lori LaVerriere, City Manager 100 E. Ocean Avenue Boynton Beach, FL 33435 Notices to CONSULTANT shall be sent to the following address: PlanIT Geo, LLC ADDRESS: 7878 Wadsworth Blvd, Suite 340 CITY/STATE/ZIP: Arvada, CO 80003 Attn: Emily Solis Tel: 720-481-7639 Email: admin@planitgeo.com ARTICLE 21 - INTEGRATED AGREEMENT 21.1 This Agreement, together with the RFP and any addenda and/or attachments, represents the entire and integrated agreement between the CITY and the Page 56 of 580 CONSULTANT and supersedes all prior negotiations, representations, or agreements written or oral. This Agreement may be amended only by written instrument signed by both CITY and CONSULTANT. ARTICLE 22 - MISCELLANEOUS 22.1 In the event that either party brings suit for enforcement of this Agreement, each party shall bear its own attorney's fees and court costs, except as otherwise provided under the indemnification provisions set forth herein above. 22.2 It shall be the CONSULTANT's responsibility to be aware of and comply with all statutes, ordinances, rules, orders, regulations, and requirements of all local, city, state, and federal agencies as applicable. 22.3 This Agreement represents the entire and integrated agreement between CITY and CONSULTANT and supersedes all prior negotiations, representations, or agreements, either written or oral.This Agreement is intended by the parties hereto to be final expression of this Agreement, and it constitutes the full and entire understanding between the parties with respect to the subject hereof, notwithstanding any representations, statements, or agreements to the contrary heretofore made. In the event of a conflict between this Agreement, the solicitation, and the CONSULTANT's bid proposal, this Agreement shall govern then the solicitation, and then the bid proposal. 22.4 This Agreement will take effect once signed by both parties. This Agreement may be executed by hand or electronically in multiple originals or counterparts, each of which shall be deemed to be an original and together shall constitute one and the same agreement. Execution and delivery of this Agreement by the Parties shall be legally binding, valid, and effective upon delivery of the executed documents to the other party through facsimile transmission, email, or other electronic delivery. ARTICLE 23— PUBLIC RECORDS 23.1 Sealed documents received by the CITY in response to an invitation are exempt from public records disclosure until thirty (30) days after the opening of the Bid unless the CITY announces intent to award sooner, in accordance with Section 119.07, Florida Statutes. 23.2 The CITY is a public agency subject to Chapter 119, Florida Statutes. The CONSULTANT shall comply with Florida's Public Records Law. Specifically, the CONSULTANT shall: A. Keep and maintain public records required by the CITY to perform the service; B. Upon request from the CITY's custodian of public records, provide the CITY with a copy of the requested records or allow the records to be inspected or copied within a reasonable time at a cost that does not exceed the cost provided in chapter 119, Fla. Stat. or as otherwise provided by law; C. Ensure that public records that are exempt or that are confidential and Page 57 of 580 exempt from public record disclosure requirements are not disclosed except as authorized by law for the duration of the contract term and, following completion of the contract, CONSULTANT shall maintain in a secured manner all copies of such confidential and exempt records remaining in its possession once the CONSULTANT transfers the records in its possession to the CITY; and D. Upon completion of the contract, Consultant shall transfer to the CITY, at no cost to the CITY, all public records in CONSULTANT'S possession. All records stored electronically by CONSULTANT must be provided to the CITY, upon request from the CITY's custodian of public records, in a format that is compatible with the information technology systems of the CITY. IF THE CONSULTANT HAS QUESTIONS REGARDING THE APPLICATION OF CHAPTER 119, FLORIDA STATUTES, TO THE CONSULTANT'S DUTY TO PROVIDE PUBLIC RECORDS RELATING TO THIS AGREEMENT, CONTACT THE CUSTODIAN OF PUBLIC RECORDS: CRYSTAL GIBSON, CITY CLERK 100 E. OCEAN AVENUE BOYNTON BEACH, FLORIDA, 33435 TELEPHONE: 561-742-6061 GIBSONC@BBFL.US ARTICLE 24— SCRUTINIZED COMPANIES 24.1 By execution of this Agreement, CONSULTANT certifies that it is not participating in a boycott of Israel. CONSULTANT further certifies that it is not on the Scrutinized Companies that Boycott Israel list, not on the Scrutinized Companies with Activities in Sudan List, and not on the Scrutinized Companies with Activities in the Iran Petroleum Energy Sector List, nor has it engaged in business operations in Syria. Subject to limited exceptions provided in state law, the CITY will not contract for the provision of goods or services with any scrutinized company referred to above. Submitting a false certification shall be deemed a material breach of contract. The CITY shall provide notice, in writing, to the CONSULTANT of the CITY's determination concerning the false certification. CONSULTANT shall have five (5) days from receipt of notice to refute the false certification allegation. If such false certification is discovered during the active contract term, CONSULTANT shall have ninety (90) days following receipt of the notice to respond in writing and demonstrate that the determination of false certification was made in error. If the CONSULTANT does not demonstrate that the CITY's determination of false certification was made in error then the CITY shall have the right to terminate the contract and seek civil remedies pursuant to Section 287.135, Florida Statutes, as amended from time to time. Page 58 of 580 ARTICLE 25— E-VERIFY 25.1 CONSULTANT certifies that it is aware of and complies with the requirements of Section 448.095, Florida Statutes, as may be amended from time to time and briefly described hereinbelow. 25.2 Definitions for this Section: A. "Contractor" means a person or entity that has entered or is attempting to enter into a contract with a public employer to provide labor, supplies, or services to such employer in exchange for a salary, wages, or other remuneration. "Contractor" includes, but is not limited to, a vendor or consultant. B. "Subcontractor" means a person or entity that provides labor, supplies, or services to or for a contractor or another subcontractor in exchange for a salary, wages, or other remuneration. C. "E-Verify system" means an Internet-based system operated by the United States Department of Homeland Security that allows participating employers to electronically verify the employment eligibility of newly hired employees. 25.3 Registration Requirement; Termination: Pursuant to Section 448.095, Florida Statutes, effective January 1, 2021, Contractors, shall register with and use the E- verify system in order to verify the work authorization status of all newly hired employees. The contractor shall register for and utilize the U.S. Department of Homeland Security's E-Verify System to verify the employment eligibility of: A. All persons employed by a Contractor to perform employment duties within Florida during the term of the contract; and B. All persons (including sub-vendors/sub-consultants/sub-contractors) assigned by Contractor to perform work pursuant to the contract with the CITY of Boynton Beach. The Contractor acknowledges and agrees that registration and use of the U.S. Department of Homeland Security's E- Verify System during the term of the contract is a condition of the contract with the CITY of Boynton Beach; and C. The Contractor shall comply with the provisions of Section 448.095, Fla. Stat., "Employment Eligibility," as amended from time to time. This includes, but is not limited to registration and utilization of the E-Verify System to verify the work authorization status of all newly hired employees. The contractor shall also require all subcontractors to provide an affidavit attesting that the subcontractor does not employ, contract with, or subcontract with, an unauthorized alien. The Contractor shall maintain a copy of such affidavit for the duration of the contract. Failure to comply will lead to termination of this Contract, or if a subcontractor knowingly violates the statute,the subcontract must be terminated immediately.Any challenge to termination under this provision must be filed in the Circuit Court no later Page 59 of 580 than twenty (20) calendar days after the date of termination. Termination of this Contract under this Section is not a breach of contract and may not be considered as such. If this contract is terminated for a violation of the statute by the Contractor, the Contractor may not be awarded a public contract for a period of one (1) year after the date of termination. ARTICLE 26— FEDERAL REQUIREMENTS Notwithstanding anything to the contrary set forth herein, vendor shall comply with the all applicable federally required standard provisions whether set forth hereinbelow, in 2 CFR Part 200, or otherwise. Any reference made to CONSULTANT in this section shall also apply to any subcontractor under the terms of this Agreement. 26.1 Equal Employment Opportunity. During the performance of this contract, CONSULTANT agrees as follows: A. CONSULTANT will not discriminate against any employee or applicant for employment because of race, color, religion, sex, sexual orientation, gender identity, or national origin. CONSULTANT will take affirmative action to ensure that applicants are employed and that employees are treated during employment,without regard to their race, color, religion, sex, sexual orientation, gender identity, or national origin. Such action shall include, but not be limited to the following: Employment, upgrading, demotion, or transfer, recruitment or recruitment advertising; layoff or termination; rates of pay or other forms of compensation; and selection for training, including apprenticeship. CONSULTANT agrees to post in conspicuous places, available to employees and applicants for employment, notices to be provided by the contracting officer setting forth the provisions of this nondiscrimination clause. B. CONSULTANT will, in all solicitations or advertisements for employees placed by or on behalf of CONSULTANT, state that all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin. C. CONSULTANT will not discharge or in any other manner discriminate against any employee or applicant for employment because such employee or applicant has inquired about, discussed, or disclosed the compensation of the employee or applicant or another employee or applicant. This provision shall not apply to instances in which an employee who has access to the compensation information of other employees or applicants as a part of such employee's essential job functions discloses the compensation of such other employees or applicants to individuals who do not otherwise have access to such information, unless such disclosure is in response to a formal complaint or charge, in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or is consistent with CONSULTANT's legal duty to furnish information. D. CONSULTANT will send to each labor union or representative of workers with which it has a collective bargaining agreement or other contract or Page 60 of 580 understanding, a notice to be provided by the agency contracting officer, advising the labor union or workers' representative of CONSULTANT's commitments under section 202 of Executive Order 11246 of September 24, 1965, and shall post copies of the notice in conspicuous places available to employees and applicants for employment. E. CONSULTANT will comply with all provisions of Executive Order 11246 of September 24, 1965, and of the rules, regulations, and relevant orders of the Secretary of Labor. F. CONSULTANT will furnish all information and reports required by Executive Order 11246 of September 24, 1965, and by the rules, regulations, and orders of the Secretary of Labor, or pursuant thereto, and will permit access to his books, records, and accounts by the contracting agency and the Secretary of Labor for purposes of investigation to ascertain compliance with such rules, regulations, and orders. G. In the event of CONSULTANT's non-compliance with the nondiscrimination clauses of this contract or with any of such rules, regulations, or orders, this Agreement may be canceled, terminated, or suspended in whole or in part and CONSULTANT may be declared ineligible for further Government contracts in accordance with procedures authorized in Executive Order 11246 of September 24, 1965, and such other sanctions may be imposed and remedies invoked as provided in Executive Order 11246 of September 24, 1965, or by rule, regulation, or order of the Secretary of Labor, or as otherwise provided by law. H. CONSULTANT will include the provisions of paragraphs (A) through (H) in every subcontract or purchase order unless exempted by rules, regulations, or orders of the Secretary of Labor issued pursuant to section 204 of Executive Order 11246 of September 24, 1965, so that such provisions will be binding upon each subcontractor or vendor. CONSULTANT will take such action with respect to any subcontract or purchase order as may be directed by the Secretary of Labor as a means of enforcing such provisions including sanctions for noncompliance: Provided, however, that in the event CONSULTANT becomes involved in, or is threatened with, litigation with a subcontractor or vendor as a result of such direction, CONSULTANT may request the United States to enter into such litigation to protect the interests of the United States. The CITY further agrees that it will be bound by the above equal opportunity clause with respect to its own employment practices when it participates in federally assisted construction work: Provided, that if the CITY so participating is a state or local government, the above equal opportunity clause is not applicable to any agency, instrumentality or subdivision of such government which does not participate in work on or under the contract. The CITY further agrees that it will assist and cooperate actively with the administering agency and the Secretary of Labor in obtaining the Page 61 of 580 compliance of contractors and subcontractors with the equal opportunity clause and the rules, regulations, and relevant orders of the Secretary of Labor, that it will furnish the administering agency and the Secretary of Labor such information as they may require for the supervision of such compliance, and that it will otherwise assist the administering agency in the discharge of the agency's primary responsibility for securing compliance. The CITY further agrees that it will refrain from entering into any contract or contract modification subject to Executive Order 11246 of September 24, 1965, with a contractor debarred from, or who has not demonstrated eligibility for, Government contracts and federally assisted construction contracts pursuant to the Executive Order and will carry out such sanctions and penalties for violation of the equal opportunity clause as may be imposed upon contractors and subcontractors by the administering agency or the Secretary of Labor pursuant to Part II, Subpart D of the Executive Order. In addition, the CITY agrees that if it fails or refuses to comply with these undertakings, the administering agency may take any or all of the following actions: Cancel, terminate, or suspend in whole or in part this grant (contract, loan, insurance, guarantee); refrain from extending any further assistance to the CITY under the program with respect to which the failure or refund occurred until satisfactory assurance of future compliance has been received from such CITY; refer the case to the Department of Justice for appropriate legal proceedings. 26.2 Davis-Bacon Act. CONSULTANT shall comply with the Davis-Bacon Act(40 U.S.C. 276a to 276a-7)as supplemented by Department of Labor Regulations(29 CFR Part 5). In accordance with the statute, CONSULTANT must be required to pay wages to laborers and mechanics at a rate not less than the prevailing wages specified in a wage determination made by the Secretary of Labor. In addition, CONSULTANT must be required to pay wages not less than once a week. 26.3 Copeland "Anti-Kickback" Act. CONSULTANT shall comply with the Copeland "Anti-Kickback" Act, (40 U.S.C. 3145), as supplemented by Department of Labor regulations (29 CFR Part 3, "Contractors and Subcontractors on Public Building or Public Work Financed in Whole or in Part by Loans or Grants from the United States"). CONSULTANT must be prohibited from inducing, by any means, any person employed in the construction, completion, or repair of public work, to give up any part of the compensation to which he or she is otherwise entitled. CITY must report all suspected or reported violations to the Federal awarding agency. 26.4 Contract Work Hours and Safety Standards Act (40 U.S.C. 3701- 3708). Where applicable, pursuant to 40 U.S.C. 3702 and 3704, as supplemented by Department of Labor regulations (29 CFR Part 5) CONSULTANT must be required to compute the wages of every mechanic and laborer on the basis of a standard workweek of 40 hours. Work in excess of the standard workweek is permissible provided that the worker is compensated at a rate of not less than one and a half times the basic rate of pay for all hours worked in excess of 40 hours in the workweek. The requirements of 40 U.S.C. 3704 are applicable to construction work and provide that no laborer or mechanic must be required to work in surroundings or under working conditions which are unsanitary, hazardous, or dangerous. Page 62 of 580 A. Overtime requirements. No contractor or subcontractor contracting for any part of the contract work which may require or involve the employment of laborers or mechanics shall require or permit any such laborer or mechanic in any workweek in which he or she is employed on such work to work in excess of forty hours in such workweek unless such laborer or mechanic receives compensation at a rate not less than one and one-half times the basic rate of pay for all hours worked in excess of forty hours in such workweek. B Violation; liability for unpaid wages; liquidated damages. In the event of any violation of the clause set forth in paragraph (A) of this section the CONSULTANT and any subcontractor responsible therefore shall be liable for the unpaid wages. In addition, such contractor and subcontractor shall be liable to the United States (in the case of work done under contract for the District of Columbia or territory, to such District or to such territory), for liquidated damages. Such liquidated damages shall be computed with respect to each individual laborer or mechanic, including watchmen and guards, employed in violation of the clause set forth in paragraph (A) of this section, in the sum of$10 for each calendar day on which such individual was required or permitted to work in excess of the standard workweek of forty hours without payment of the overtime wages required by the clause set forth in paragraph (A) of this section. C. Withholding for unpaid wages and liquidated damages. CITY shall upon its own action or upon written request of an authorized representative of the Department of Labor withhold or cause to be withheld, from any moneys payable on account of work performed by CONSULTANT or subcontractor under any such contract or any other Federal contract with the same prime contractor, or any other federally-assisted contract subject to the Contract Work Hours and Safety Standards Act, which is held by the same prime contractor, such sums as may be determined to be necessary to satisfy any liabilities of such contractor or subcontractor for unpaid wages and liquidated damages as provided in the clause set forth in paragraph (26.4.2) of this section. D. Subcontracts. CONSULTANT or subcontractor shall insert in any subcontracts the clauses set forth in paragraph (A)through (D) of this section and also a clause requiring the subcontractors to include these clauses in any lower-tier subcontracts. The prime contractor shall be responsible for compliance by any subcontractor or lower-tier subcontractor with the clauses set forth in paragraphs (A) through (D) of this section. 26.5 CONSULTANT agrees to comply with all applicable standards, orders, or regulations issued pursuant to the Clean Air Act (42 U.S.C. 7401-7671 q) and the Federal Water Pollution Control Act, as amended (33 U.S.C. 1251- 1387). CITY will report violations to the Federal awarding agency and the Regional Office of the Environmental Protection Agency (EPA). A. Clean Air Act. CONSULTANT agrees to comply with all applicable standards, orders, or regulations issued pursuant to the Clean Air Act, as amended, 42 U.S.C. § 7401 et seq. CONSULTANT agrees to report each Page 63 of 580 violation to CITY and understands and agrees that the CITY will, in turn, report each violation as required to assure notification to the State, Federal Emergency Management Agency, and the appropriate Environmental Protection Agency Regional Office. CONSULTANT agrees to include these requirements in each subcontract exceeding $150,000 financed in whole or in part with Federal assistance. B. Federal Water Pollution Control Act. CONSULTANT agrees to comply with all applicable standards, orders, or regulations issued pursuant to the Federal Water Pollution Control Act, as amended, 33 U.S.C. 1251 et seq. CONSULTANT agrees to report each violation to the CITY and understands and agrees that the CITY will, in turn, report each violation as required to assure notification to the State, Federal Emergency Management Agency, and the appropriate Environmental Protection Agency Regional Office. CONSULTANT agrees to include these requirements in each subcontract exceeding one hundred fifty thousand dollars ($150,000) financed in whole or in part with Federal assistance. 26.6 Suspension and Debarment.This Agreement is a covered transaction for purposes of 2 C.F.R. pt. 180 and 2 C.F.R. pt. 3000, as such CONSULTANT is required to verify that none of the CONSULTANT's agents, principals (defined at 2 C.F.R. § 180.995), or affiliates (defined at 2 C.F.R. § 180.905) are excluded (defined at 2 C.F.R. § 180.940) or disqualified (defined at 2 C.F.R. § 180.935). A. CONSULTANT must comply with 2 C.F.R. pt. 180, subpart C and 2 C.F.R. pt. 3000, subpart C and must include a requirement to comply with these regulations in any lower tier covered transaction it enters into. This certification is a material representation of fact relied upon by CITY. If it is later determined that CONSULTANT did not comply with 2 C.F.R. pt. 180, subpart C and 2 C.F.R. pt. 3000, subpart C, in addition to remedies available to State and CITY,the Federal Government may pursue available remedies, including but not limited to suspension and/or debarment. B. The bidder or proposer agrees to comply with the requirements of 2 C.F.R. pt. 180, subpart C and 2 C.F.R. pt. 3000, subpart C while this offer is valid and throughout the period of any contract that may arise from this offer. The bidder or proposer further agrees to include a provision requiring such compliance in its lower-tier covered transactions. 26.7 Byrd Anti-Lobbying Amendment, as amended (31 U.S.C. § 1352). CONSULTANT shall file the required certification pursuant to 31 U.S.C. 1352. Each tier certifies to the tier above that it will not and has not used Federal appropriated funds to pay any person or organization for influencing or attempting to influence an officer or employee of any agency, a member of Congress, officer or employee of Congress, or an employee of a member of Congress in connection with obtaining any Federal contract, grant, or any other award covered by 31 U.S.C. § 1352. Each tier shall also disclose any lobbying with non-Federal funds that takes place in connection with obtaining any Federal award. Such disclosures are forwarded from tier to tier up to the recipient. 26.8 Compliance with State Energy Policy and Conservation Act. CONSULTANT Page 64 of 580 shall comply with all mandatory standards and policies relating to energy efficiency contained in the State energy conservation plan issued in compliance with the Energy Policy and Conservation Act (Pub. L. 94-163, 89 Stat. 871). 26.9 Procurement of Recovered Materials. The CITY and CONSULTANT must comply with Section 6002 of the Solid Waste Disposal Act, as amended by the Resource Conservation and Recovery Act.The requirements of Section 6002 include procuring only items designated in guidelines of the Environmental Protection Agency(EPA) at 40 CFR part 247 that contain the highest percentage of recovered materials practicable, consistent with maintaining a satisfactory level of competition, where the purchase price of the item exceeds $10,000 or the value of the quantity acquired during the preceding fiscal year exceeded $10,000; procuring solid waste management services in a manner that maximizes energy and resource recovery; and establishing an affirmative procurement program for procurement of recovered materials identified in the EPA guidelines. 26.10 Reporting. Pursuant to 44 CFR 13.36(1)(7), CONSULTANT shall comply with federal requirements and regulations pertaining to reporting, including but not limited to those set forth at 44 CFR 40 and 41, if applicable. Furthermore, both parties shall provide the FEMA Administrator, U.S. DOT Administrator, the Comptroller General of the United States, or any of their authorized representative access to any books, documents, papers, and records of CONSULTANT which are directly pertinent to this contract for the purpose of making audits, examinations, excerpts, and transcriptions. Also, both Parties agree to provide FEMA Administrator or his authorized representative access to construction or other work sites pertaining to the work being completed under the Agreement. 26.11 Rights to Inventions. CONSULTANT agrees that if this Agreement results in any copyrightable materials or inventions, the Federal Government reserves a royalty- free, nonexclusive and irrevocable license to reproduce, publish, or otherwise use the copyright of said materials or inventions for Federal Government purposes. 26.12 No Obligation by the Federal Government. The federal government is not a party to this contract and is not subject to any obligations or liabilities to the non-federal entity, contractor, or any other party pertaining to any matter resulting from the contract. 26.13 Department of Homeland Security(DHS) Seal, Logo, and Flags. CONSULTANT shall not use DHS(s), logos, crests, or reproductions of flags or likenesses of DHS agency officials without specific federal pre-approval. 26.14 Compliance with Federal Law, Regulations, and Executive Orders. This is an acknowledgment that federal financial assistance will be used to fund the Agreement only. CONSULTANT will comply with all applicable federal laws, regulations, executive orders, policies, procedures, and directives. 26.15 Fraudulent Statements. CONSULTANT acknowledges that 31 U.S.C. Chap. 38 applies to CONSULTANT's actions pertaining to this Agreement. 26.16 Prohibition on Contracting for Covered Telecommunications Equipment or Services. As used in this clause, the terms backhaul; covered foreign country; Page 65 of 580 covered telecommunications equipment or services; interconnection arrangements; roaming; substantial or essential component; and telecommunications equipment or services have the meaning as defined in FEMA Policy 405-143-1, Prohibitions on Expending FEMA Award Funds for Covered Telecommunications Equipment or Services (Interim), as used in this clause. A. Prohibitions. i. Section 889(b)of the John S. McCain National Defense Authorization Act for Fiscal Year 2019, Pub. L. No. 115-232, and 2 C.F.R. §200.216 prohibit the head of an executive agency on or after Aug.13, 2020, from obligating or expending grant, cooperative agreement, loan, or loan guarantee funds on certain telecommunications products or from certain entities for national security reasons. ii. Unless an exception in paragraph (B) of this clause applies, the CONSULTANT and its subcontractors may not use grant,cooperative agreement, loan, or loan guarantee funds from the Federal Emergency Management Agency to: a. Procure or obtain any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology of any system; b. Enter into, extend, or renew a contract to procure or obtain any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology of any system; c. Enter into, extend, or renew contracts with entities that use covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system; or d. Provide, as part of its performance of this contract, subcontract, or other contractual instrument, any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system. B Exceptions. i. This clause does not prohibit CONSULTANT from providing: (a) A service that connects to the facilities of a third-party, such as backhaul, roaming, or interconnection arrangements; or (b) Telecommunications equipment that cannot route or redirect user data traffic or permit visibility into any user data or packets that such equipment transmits or otherwise handles. ii. By necessary implication and regulation, the prohibitions also do not Page 66 of 580 apply to (a) Covered telecommunications equipment or services that i.Are not used as a substantial or essential component of any system; and ii. Are not used as critical technology of any system. (b) Other telecommunications equipment or services that are not considered covered telecommunications equipment or services. C. Reporting requirement. i. In the event CONSULTANT identifies covered telecommunications equipment or services used as a substantial or essential component of any system, or as critical technology as part of any system, during contract performance, or the contractor is notified of such by a subcontractor at any tier or by any other source, the contractor shall report the information in paragraph (ii) of this clause to the recipient or sub-recipient unless elsewhere in this contract are established procedures for reporting the information. ii. The CONSULTANT shall report the following information pursuant to this section: (i) Within one business day from the date of such identification or notification: The contract number; the order number(s), if applicable; supplier name; supplier unique entity identifier (if known); supplier Commercial and Government Entity (CAGE) code (if known); brand; model number (original equipment manufacturer number, manufacturer part number, or wholesaler number); item description; and any readily available information about mitigation actions undertaken or recommended. (ii) Within ten (10) business days of submitting the information required by this Section: Any further available information about mitigation actions undertaken or recommended. In addition, the contractor shall describe the efforts it undertook to prevent use or submission of covered telecommunications equipment or services, and any additional efforts that will be incorporated to prevent future use or submission of covered telecommunications equipment or services. The CONSULTANT shall insert the substance of this clause, including this in all subcontracts and other contractual instruments. 26.17 Domestic Preference for Procurements. As appropriate, and to the extent consistent with law, the CONSULTANT should, to the greatest extent practicable, provide a preference for the purchase, acquisition, or use of goods, products, or materials produced in the United States. This includes, but is not limited to iron, aluminum, steel, cement, and other manufactured products. For purposes of this clause: Produced in the United States means, for iron and steel products, that all manufacturing processes, from the initial melting stage through the application of coatings, occurred in the United States. Manufactured products mean items and construction materials composed in whole or in part of non-ferrous metals such as aluminum; plastics and polymer-based products such as polyvinyl chloride pipe; aggregates such as concrete; glass, including optical fiber; and lumber. 26.18 Affirmative Socioeconomic Steps. If subcontracts are to be let, CONSULTANT is required to take all necessary steps identified in 2 C.F.R. § 200.321(b)(1)-(5) to ensure that small and minority businesses,women's business enterprises, and labor Page 67 of 580 surplus area firms are used when possible. 26.19 License and Delivery of Works Subject to Copyright and Data Rights. If applicable, the CONSULTANT grants to CITY, a paid-up, royalty-free, nonexclusive, irrevocable, worldwide license in data first produced in the performance of this contract to reproduce, publish, or otherwise use, including prepare derivative works, distribute copies to the public, and perform publicly and display publicly such data. For data required by the contract but not first produced in the performance of this contract, CONSULTANT will identify such data and grant to the CITY or acquires on its behalf a license of the same scope as for data first produced in the performance of this contract. Data, as used herein, shall include any work subject to copyright under 17 U.S.C. § 102, for example, any written reports or literary works, software and/or source code, music, choreography, pictures or images, graphics, sculptures, videos, motion pictures or other audiovisual works, sound and/or video recordings, and architectural works. Upon or before the completion of this contract, CONSULTANT will deliver to the CONSULTANT data first produced in the performance of this contract and data required by the contract but not first produced in the performance of this contract in formats acceptable by CONSULTANT. THE REMAINDER OF THE PAGE IS INTENTIONALLY LEFT BLANK. Page 68 of 580 This Agreement will take effect once signed by both parties. This Agreement may be signed by the parties in counterparts which together shall constitute one and the same agreement among the parties. A facsimile signature shall constitute an original signature for all purposes. IN WITNESS WHEREOF, the parties have hereunto set their hands and seals on the day and year set forth below their respective signatures. DATED this day of 12022. CITY OF BOYNTON BEACH PLANIT GEO, LLC Lori LaVerriere, City Manager (Signature), Company Print Name of Authorized Official Title (Corporate Seal) Attest/Authenticated: Witness Print Name Approved as to Form: James A. Cherof, City Attorney Attested/Authenticated: Crystal Gibson, City Clerk Page 69 of 580 6.C. Consent Agenda 2/11/2022 City of Boynton Beach Agenda Item Request Form Commission Meeting Date: 2/1/2022 Requested Action by Commission: Legal Expenses- December 2021 - information at the request of the City Commission. No action required. Explanation of Request: Outside counsel invoices received thru Risk Management are also attached. How will this affect city programs or services? n/a Fiscal Impact: Budgeted Alternatives: n/a Strategic Plan: Strategic Plan Application: Climate Action Application: Is this a grant? Grant Amount: Attachments: Type Description Attachment Goren Cherof December 2021 Invoices Attachment Goren Cherof Risk Litigation December 2021 1 nvoices D Attachment Outside Counsel Readon November 2021 Invoice D Attachment Jones Foster Town Square litigation December 2021 Page 70 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-0603180 Boynton Beach FL 33435 STATEMENT NO: 39111 Attn: Lynn Swanson LABOR- General HOURS 12/02/2021 JAC Review bargaining session audio 0.50 SHB Various correspondence with Oldbury re: military leave matters. 0.10 12/03/2021 JAC Calls and follow up with Julie Oldbury regarding necessity of negotiations for wage increases; Review notated CBA from previous rounds of bargaining; email Katie Mendoza; 1.20 12/05/2021 SHB Review documents re: employee return from military leave. Review USERRA provisions and follow up with Oldbury. 0.20 12/06/2021 SHB Check officer's military status and send update to Oldbury. 0.20 12/10/2021 JAC Review collective-bargaining agreement and participate in conference call with managers bargaining team regarding contract issues 1.70 12/13/2021 JAC Follow up call with Julie O regarding collective-bargaining and wage adjustments 0.50 12/28/2021 SHB Review EAR and accompanying correspondence and prep part-time employment letter. 0.40 12/29/2021 SHB Various correspondence, revision, and formatting of part-time employment letter; follow up with Mack. 0.90 FOR CURRENT SERVICES RENDERED 5.70 1,282.50 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL JAMES A. CHEROF 3.90 $225.00 $877.50 SHANA H. BRIDGEMAN 1.80 225.00 405.00 TOTAL CURRENT WORK 1,282.50 BALANCE DUE $1,282.50 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 71 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-0806020 Boynton Beach FL 33435 STATEMENT NO: 39112 Attn: Lynn Swanson Red Light Cameras HOURS 11/30/2021 PE Sort organized and prepared notices for SHB approval. Converted to PDF/A and e-filed. Sent prose notices to printer for mailing. 3.70 12/03/2021 PE Sort organized and prepared 22 notices, converted to PDF/A and e-filed. Sent prose notices to printer for mailing. 9.00 SHB Review and approve NOls. 0.40 12/08/2021 SHB Receive and review Motion to Dismiss for Jones; follow up with PD re: evidence packet. Review court docket. 0.60 12/13/2021 SHB Receive and review affidavit; review statute and discuss with PD. Follow up re: returned mail items. Telephone conference with Counsel for Ryan Watley re: trial; receive and review Motion to Continue and transmit to PD for review. 0.70 12/17/2021 PE Looked up each notice on clerks website, sort organized and prepared 10 1/11/2021 notices for SHB approval. Converted to PDF/A and e-filed. Sent prose notices to the printer for mailing. 4.00 SHB Review and approve NOls. 0.10 12/20/2021 SHB Receive and review correspondence re: dismissed red light camera case. Review files re: status of pending NOls; follow up with MDC. Review court docket to confirm NOls have been posted. 1.10 12/21/2021 SHB Follow up re: status of Watley case. 0.10 12/27/2021 PE Updated tracking log. Looked up notices on the clerks website, sort organized and prepared 13 notices for 1/11 and 1/25/2022 hearing for SHB approval. Contacted PD to verify violator address. 3.00 SHB Review status of pending trials. Review and approve NOls. 0.50 12/28/2021 PE Converted to PDF/A and e-filed 13 notices for 1/11 and 1/25/2022 hearing. Sent prose notices to printer for mailing. 2.00 12/29/2021 PE Looked up notices on the clerks website, sort organized and prepared 15 notices for 1/25/2022 hearing for SHB approval. 4.00 12/30/2021 SHB Review and approve NOls. 0.30 PE Looked up cases on clerks website. Sort organized and prepared 15 notices for 1/25/2021 hearing and e-filed. 2.00 Page 72 of 580 Page: 2 CITY OF BOYNTON BEACH 01/04/2022 ACCOUNT NO: 306-0806020 STATEMENT NO: 39112 Red Light Cameras HOURS FOR CURRENT SERVICES RENDERED 31.50 4,317.50 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL SHANA H. BRIDGEMAN 3.80 $225.00 $855.00 PATRICIA EUGENE 27.70 125.00 3,462.50 Photocopies 16.80 TOTAL EXPENSES THRU 12/31/2021 16.80 TOTAL CURRENT WORK 4,334.30 BALANCE DUE $4,334.30 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 73 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9001821 Boynton Beach FL 33435 STATEMENT NO: 39113 Attn: Lynn Swanson General Matters HOURS 12/01/2021 HN Edits to Fortinet NDA based on discussion with Shana Bridgeman. Email to SHB. Phone discussion with Charles Stevens. Email exchange with SHB. 0.80 QEM Edit and prepare Requested changes to the Leads on Line Agency User Agreement; transmit draft to Ms. Swanson. 1.40 SHB PD- Review MOU and requirements for authorization to release information from death database; begin drafting response to Bailey. 0.40 SMS Review of latest ARPA Grant Agreement and correspondence. 0.30 JAC Research regarding mobility related claim and dual rational nexus; call with Clark and research regarding delinquent fees for candidate qualifying; review commercial property improvement forgivable loan program; follow up regarding JKM south parcel application status with staff 4.00 12/02/2021 DS Reviewed and revised dissertation study informed consent and authorization letter. 0.30 MDC meet and review ordinance revising Chapter 27 (utilities) 0.30 JAC Review dissertation study agreement draft; review items for City commission agenda; review internal process for review and approval of ARPA funds and provisions for sub recipient agreements to ensure collection 3.40 JAC Review published agenda and discuss miscellaneous issues with assistant city attorneys 1.00 12/03/2021 JAC Review Palm Beach County SEO revisions to agreement with municipalities; review risk department inquiry regarding mangrove Park insurance coverage; review inquiries regarding commercial property improvement forgivable loan program; review quantum Park draft letter from Amanda Radigan;Discuss military leave return to work issue with Shana Bridgeman; review agenda for special commission meeting; review assistant CityAttorney assignments 4.50 12/06/2021 QEM Review and respond to Cellebrite PO issues; respond to staff re: matter. 1.80 QEM Review and respond to Running Fire Track Club Agreement issues; respond to staff re: matter. 2.30 QEM Begin review of documents re: RFQ -Cured-In-Place Pipe Lining (CIPP). 0.30 JAC Attend virtual staff meeting regarding city commission agenda; follow up preparation for commission meeting; review ARPA reports and update usage of funds research; follow up call and prep regarding quantum Park with Spencer Sax; continue review of earnest Magnoli emails and follow up with CityManager; review status of assignments to assistant CityAttorneys; review public records request regarding legal research; 4.50 SMS Correspondences related to Lutheran Special Warranty Deed. 0.30 Page 74 of 580 Page: 2 CITY OF BOYNTON BEACH 01/04/2022 ACCOUNT NO: 306-9001821 STATEMENT NO: 39113 General Matters HOURS 12/07/2021 GB Email to Advanced Roofing regarding update on settlement check. 0.10 SMS Call with ACM and correspondences with staff related to Grant Subrecipient Agreement and related inclusions; Review of FDOT Maintenance Maps; Correspondences and review related to FAU First Amendment. 1.80 QEM Review and respond to staff re: RFQ -Cured-In-Place Pipe Lining (CIPP). 2.40 QEM Review of documents and coordinate with staff re: PACE Shield Technology - Golf Cars. 1.30 DS Drafted email re: dissertation study informed consent. 0.20 JAC Review status of Lutheran services transaction and deed; research regarding public records request; on site review of pending departmental requests and office administration issues; review procurement issue concerning out-of-state lease transaction; Review vacant lot/veterans Park temporary use agreement; prepare for and attend workshop meeting and regular city commission meeting 7.30 SHB Call with Oldbury re: PRR matters. Review DAVID MOU and follow up with Bailey. Discuss solicitation matters with JAC. Attend Commission meeting. 1.80 12/08/2021 DS Drafted email re: dissertation study. 0.10 HN Email to Charles Stevens regarding getting a copy of a NDA that is not password protected so we can include edits and comments. 0.10 JAC City commission meeting follow up notations to agenda and discuss with assistant city attorney's; follow up concerning Lutheran services deed and reverter provisions; review and reply to Steven Rappaport regarding sub use agreements for not-for-profit organizations; follow up regarding citizen Questions regarding nativity scene; 4.20 SMS Correspondences and revisions to Lutheran Special Warranty Deed. 0.40 SHB Review interagency agreement, complete agreement, and send to PD for signature. 0.50 12/09/2021 HN Edits to NDA with Fortinet, Review of Section 119.0713, Florida Statutes, email exchange with SHB, email to Charles Stevens cc SHB and Lynn Swanson with redlined NDA. Review of email exchanges re: to a meeting with Glenn Weiss next week re: mural ordinance. Review of draft mural ordinance materials. Edits to mural ordinance. Review of Boynton Beach Mural Initiative draft. Review of 17 U.S. Code § 106A-Visual Art Rights Act. 2.40 SHB Review and discuss NDA agreement with HN. 0.10 JAC Review Mignoli correspondence; review mural ordinance and guidelines/Glenn Weiss draft; follow up on commission meeting notated agenda items;Review issue regarding annual Marina meeting 3.70 SMS Review and revisions to ILA with FIU related to Economic Development Plan 0.50 12/10/2021 JAC On-site office administration issues; review pending staff requests; update research regarding state and federal regulations concerning safe workplace; review citizen compliant concerning parade route closures; 3.00 DJD Review minutes re: Lutheran Services. 0.30 SMS Correspondences and revisions to Lutheran Services Special Warranty Deed. 0.30 12/13/2021 HN Review of email exchanges with SHB, JAC, and BJS re: SHB's code related questions. Research and review of Section 162, Florida Statutes. Email to SHB, BJS, JAC and MJS in response to SHB email. 0.40 Page 75 of 580 Page: 3 CITY OF BOYNTON BEACH 01/04/2022 ACCOUNT NO: 306-9001821 STATEMENT NO: 39113 General Matters HOURS QEM Review and evaluation of REVISED bibliotheca Service Renewal Quote - City of Boynton Beach - US-115763-XOC7; respond to Ms. Swanson re: matter. 2.20 QEM Follow-up and respond to staff re: PACE Shield Technology -Golf Cars. 0.40 BJS Review code compliance question re: door hangers and draft follow up correspondence 0.40 JAC Follow up regarding read bar complaint; review and call with city finance director regarding ARPA administrative and legal costs/tracking and recovery;Review Code Compliance process/door hangers in lieu of meeting;Review issue regarding sewer connection in Ocean Ridge and communications with Ocean Ridge town attorney regarding same; discuss records/file system issue with SB and LS; Call with tax collectors representative regarding undeveloped parcels Monarca and tax fault; continued review of Magnoli emails regarding condominium code issues and proposed donation of nativity scene; Review pending state legislation impact in water and sewer utilities and discuss with assistance CityAttorney's; 4.50 SMS Correspondences related to Special Warranty Deed for Lutheran. 0.20 SHB Review and discuss code, NTA, and compliance matters with JAC, HN, and BJS. Follow up re: recently-filed legislative bills. 1.00 12/14/2021 GB Emails with City regarding settlement agreement and general release with DRMP. Reviewed settlement agreement and general release drafted by DRMP and made edits and provided comments. Emails with City regarding settlement check from Advanced Roofing. 0.60 QEM Review and respond to staff re: PaceShield Technology- Golf Cars. 0.70 QEM Review and respond to requested changes to the Leads on Line Agency User Agreement. 0.70 JAC Follow up with title company regarding 906 Northwest 13 Ave.; Follow up regarding signature on opioid settlement with Mayor; review and prep Pension code amendment regarding location and procedures for Pension board meetings;Review tow company storage of vehicle complaint; review new Mignoli emails; review and research regarding Bonni Jensen draft ordinance for Pension amendment;Follow up with Steven Rappaport regarding dismissal of liens; follow up review of golf bridge and FPL understanding of agreement 4.30 SMS Correspondences and review related to Wells Landing Performance Bond/Letter of Credit. 0.40 12/15/2021 QEM Review of status provided by staff for requested changes to the Leads on Line Agency User Agreement. 0.70 HN Review of notes, draft mural ordinance, and Mural Initiative document for meeting tomorrow morning with Glenn Weiss, Kathryn Matos, and JAC. 0.50 SHB Discuss chronic nuisance matters with HN. Review first amendment case law and discuss with JAC. Follow up re: January commission meeting. 0.80 JAC Follow up research regarding placement and maintenance of monuments; review and sign off on employment agreements; follow up with Lynn Swanson regarding Pension code amendment; follow up research regarding code issues and process/Mignoli issues; review Carisse LeJeune correspondence and reply regarding ARPA Application process; research ARPA issues/federal rules and interpretation; Review Glenn Weiss draft documents for phone conference; Review city clerk inquiry regarding Mayor's signature/supplemental documents following commission approval; review donation policy; follow up research regarding monuments and donations;Review employment contracts; 5.20 Page 76 of 580 Page: 4 CITY OF BOYNTON BEACH 01/04/2022 ACCOUNT NO: 306-9001821 STATEMENT NO: 39113 General Matters HOURS SMS Review of Letter of Credit requirements and correspondences for Wells Landing. 0.20 12/16/2021 QEM Review and evaluation of annual advertising contract; preparation of addendum for matter; respond to Ms. Swanson re: comments. 1.90 HN Preparation and attendance of zoom meeting with JAC, Kathryn Matos and Glenn Weiss relating to draft mural ordinance and resolution. Edits to ordinance based on meeting and started drafting resolution. 3.50 JAC Prepare for, participate in, and follow up regarding draft mural ordinance and operational handbook; review employment agreements; follow up with staff regarding a RP funding documents, applications, and implications of sunshine law 4.00 SMS Review and revisions to Letter of Credit for Wells Landing. 0.50 SHB Follow up re recently filed legislation and priorities for 2022 legislative session. 0.30 12/17/2021 HN Called and left voice message for Mike Rumpf re: to adding "historic" language to mural ordinance. Edits to mural ordinance. Drafted mural resolution. Email to JAC with draft resolution and ordinance. 1.60 QEM Review of multiple email correspondence re: JCI termination; prepare coordinate changes to termination letters with staff. 2.70 MDC review correspondence and documents relating to water utility billing practices at Sunny South Mobile Home Park, exchange emails with counsel 0.30 SHB Follow up re: status of recently-filed legislation and update spreadsheet. Prepare and send memo re: 2022 legislation. 1.00 JAC Review issues regarding public records request for P3 project;Review issue regarding termination of Johnson Controls contract; follow up with Heather Needelman regarding same code and Mural code convergence; Review pending departmental requests for assignment to assistant CityAttorney's 3.30 12/20/2021 MDC review materials on Suny South water utility inquiry, review statutes and city practices per website, confer with Jim Cherof, call with Lynn Swanson to coordinate delivery of information to utilities department and forward information to Lynn Swanson 0.80 HN Email exchange with JAC. Left a voice message and emailed Mike Rumpf re: mural ordinance and sign ordinance. Phone discussion with Mike Rumpf and email to Mike cc JAC. Email to JAC re: Mike Rumpfs question re: permits for street performers. Email exchange with JAC and SSG re: street performer question. Review of Key West code regarding permits for street performances. Phone discussion with JAC. Review of the City's code to see if there is any language that would include street performances or performers. Left message for Key West City Attorney Shawn Smith. 1.30 QEM Review of Parkmobile contract issues and related documents; telephone conference with Mr. Young re: matter. 1.60 DS Reviewed public records request re: baseball facility p3 project. Reviewed and analyzed s. 255.065, Florida Statutes. Drafted research response re: public records request for P3 proposal. 1.90 QEM Telephone conference with Mr. Ylijoki re: paceshield lease agreement; review and prepare an addendum to the agreement. 2.20 QEM Review and edit 2022 Sponsorship Agreement; transmit to staff for review. 0.90 Page 77 of 580 Page: 5 CITY OF BOYNTON BEACH 01/04/2022 ACCOUNT NO: 306-9001821 STATEMENT NO: 39113 General Matters HOURS JAC Review incoming staff request for agenda item approvals; review special warranty deed Lutheran services revision; review state legislation status and evaluate proposed Business with foreign entities restriction; review Mignoli public records issue and respond; follow up regarding sign ordinance in mural ordinance scheduling; research regarding Street performance; discuss same with Heather N; conference with Mike Cirullo regarding Sunny South mobile home Park demand for waiver of delinquency fees; follow up statutory research regarding tenants and land ownership/utility accounts; review pace shield technology revised contract; Review and discuss P3 public records exemption with DS; review statute 5.50 SMS Correspondences and revisions to Special Warranty Deed. 0.40 12/21/2021 MDC review and respond to emails from Utility Director Re: Sunny South Mobile Home Park 0.20 QEM Review of follow-up discussion from JCI re: cancellations. 0.90 HN Left voice message with Glenn Weiss relating to resolution approving the art guidelines. Phone discussion with Glenn Weiss re: mural ordinance. Left voice message with Mike Rumpf re: street performer question. Review of email from Saleica Brown relating to street performer question. Research as to state statute relating to street performers. 0.90 GB Emails with City regarding finalizing and signing DRMP release and depositing settlement check. 0.20 JAC Continue review of Commission agenda items; discussions with assistant CityAttorney regarding assignments and January commission meeting; follow up on public records issues with Ernest Mignoli; review draft of easement encroachment agreement and research/redrafting related to same; call regarding city towing; Follow up regarding landfill notices; follow up with staff regarding commercial property improvement forgivable loan program; 4.50 SMS Call, discussions, and revisions to Letter of Credit for Wells Landing Developments. 0.90 GB Edits to City's Settlement and Mutual Release with DRMP, Inc. Email edits to City for review and approval. 0.60 12/22/2021 JAC Finalize review of commission meeting agenda items; conference call regarding limitation and prohibition of use of easements; review and sign employment agreements; call with property owner regarding city towing use of alleyway and easements; follow up research regarding same; review Mignoli emails and status of records; review state and county COVID-19 regulations; Review FEC maintenance payment issue; follow up research regarding ARPA fund usage 4.50 SMS Review of updated Letters of Credit for Wells Landing and call with Bank and City Staff. 0.60 12/23/2021 HN Review of westlaw cases and florida attorney general opinions re: to guidance as to permits for street performers. 1.20 SMS Correspondences on Letters of Credit finalization. 0.20 Page 78 of 580 Page: 6 CITY OF BOYNTON BEACH 01/04/2022 ACCOUNT NO: 306-9001821 STATEMENT NO: 39113 General Matters HOURS JAC Review Mignoli email; review staff requested agenda items, comment and approve; Plemon airy review of agreements regarding the Pierce development; Review additional provisions of community property improvement for forgivable loan program; preliminary review of transportation waivers; communicate with Commissioners regarding holiday displays; review explorers agreement; calls and review regarding evolving COVID-19 trends and workplace safety issues; review correspondence from Mayor regarding transaction of 209 N. Federal Highway; review FEC maintenance payment issue; follow up regarding city towing dispute; follow up regarding draft Pension ordinance amendment; 5.00 GB Emails to City regarding settlement check. Email to Advanced Roofing regarding settlement check. 0.20 12/27/2021 MDC Telephone conference call with counsel for Sunny Isles trailer park, follow up with utilities Re: water billing 0.20 GB Drafted release and waiver for parents allowing their children to use City transportation to Martin Luther King Jr field trip. Email to City attached waiver. Email to City regarding receipt of new check from Advanced Roofing. 1.10 JAC Calls and review regarding motorcycle accident; 1.50 SMS Correspondences related to Special Warranty Deed for Lutheran Services; Correspondences related to Wells Landing Agreements with CRA. 0.40 12/28/2021 JAC Review and research regarding utility service agreements outside jurisdiction/mobile home park communities/mandatory property owner connections; 2.30 12/29/2021 MDC review materials, attend conference call with Utility Director, Utility Billing Manager and Assistant City Manager Re: Sunny South Water Bill inquiries 1.00 SHB Various correspondence and telephone conferences with PD re: public records request and PRR matters. Follow up with JAC, MDC, KLE. 1.70 JAC Review Mignoli public records request and respond; review pending staff assignments and upcoming city commission meeting agenda issues; follow-up calls and review regarding dirtbike accident issue; discuss Marsy Law issue with assistant CityAttorneys; research regarding same; review status of pending litigation cases and budget related issue 4.80 12/30/2021 MDC review information from Erin Dunn on Sunny South Utilities 0.20 JAC Call CityManager in call with Mayor regarding Post dirtbike incident issues; review Mignoli correspondence and follow up research regarding signage issue; call with Andrew Mack regarding media inquiries; 0.50 FOR CURRENT SERVICES RENDERED 146.60 20,224.50 TOTAL CURRENT WORK 20,224.50 BALANCE DUE $20,224.50 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 79 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9904950 Boynton Beach FL 33435 STATEMENT NO: 39114 Attn: Lynn Swanson Litigation Miscellaneous HOURS 12/02/2021 SHB Attend hearing on Motion to Return Property (Powell). 1.20 12/03/2021 MDC meet with Gal Betesh and Jim Cherof on pending litigation, status of cases 1.00 BJS Draft follow up and closeout correspondence re: Dalkix Guerra/Petition to Seal Records, follow up re: request to return firearm 0.70 12/14/2021 JAC Review revised tort defense summary and audit pleadings for discussion with GB and MC 1.80 12/17/2021 SHB Attend hearing on Motion to Return Property. Receive and review order signed by judge; transmit to PD for processing. 0.70 12/21/2021 JAC File, correspondence, pleading status audit of all pending forfeiture and foreclosure cases; evaluate process and prepare for discussion/report to CityManager; review tort case status report for discussion with CityManager 3.30 FOR CURRENT SERVICES RENDERED 8.70 1,957.50 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL JAMES A. CHEROF 5.10 $225.00 $1,147.50 MICHAEL D. CIRULLO 1.00 225.00 225.00 SHANA H. BRIDGEMAN 1.90 225.00 427.50 BRIAN J. SHERMAN 0.70 225.00 157.50 TOTAL CURRENT WORK 1,957.50 BALANCE DUE $1,957.50 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 80 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905206 Boynton Beach FL 33435 STATEMENT NO: 39115 Attn: Lynn Swanson adv. Secured Holdings, Inc. HOURS 12/02/2021 JAC Prepare for and correspondence with Spencer Sax regarding case status conference with Judge 0.60 12/03/2021 JAC Email with Spencer Sax and conduct virtual case management conference with Judge; miscellaneous follow up 0.50 12/10/2021 JAC Conference with attorney Sax and Olen representative regarding pending quantum park issues 1.00 12/13/2021 JAC Review and approve draft motion to dismiss and draft order of dismissal; follow up with CityManager regarding same 0.30 FOR CURRENT SERVICES RENDERED 2.40 540.00 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL JAMES A. CHEROF 2.40 $225.00 $540.00 TOTAL CURRENT WORK 540.00 BALANCE DUE $540.00 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 81 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905359 Boynton Beach FL 33435 STATEMENT NO: 39116 Attn: Lynn Swanson adv. HSBC Bank USA, N.A. (Estime, Ludny, et., al.) HOURS 12/01/2021 SHB Telephone conference with Guim re: outstanding liens and status of code cases; update memo to City. 0.30 FOR CURRENT SERVICES RENDERED 0.30 67.50 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL SHANA H. BRIDGEMAN 0.30 $225.00 $67.50 TOTAL CURRENT WORK 67.50 BALANCE DUE $67.50 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 82 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905401 Boynton Beach FL 33435 STATEMENT NO: 39117 Attn: Lynn Swanson adv. 534 NW 5th, LLC (Complaint to Quiet Title) HOURS 12/01/2021 SHB Review file and pleadings. Attend CMC. hearing. Various correspondence with Quinones re: resolution of case. 0.90 FOR CURRENT SERVICES RENDERED 0.90 202.50 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL SHANA H. BRIDGEMAN 0.90 $225.00 $202.50 TOTAL CURRENT WORK 202.50 BALANCE DUE $202.50 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 83 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905432 Boynton Beach FL 33435 STATEMENT NO: 39118 Attn: Lynn Swanson Laurore, Iva and Renan (Code/Foreclosure) HOURS 12/02/2021 KLE TF Robin Weiner, Chapter 13 Trustee; review Citibank claim. 0.50 12/14/2021 KLE Review Docket Entry re: The information required by the title 11 United States Code, Section 521(a)(1)as provided by the debtor(s) in this case is complete to the satisfaction of the trustee. 0.20 12/15/2021 KLE Review Bankruptcy court order Determining Debtor's Compliance with Section 521(a)(1). 0.20 12/21/2021 KLE Review Order Authorizing Chapter 13 Trustee to Disburse Payments Renan Laurore. 0.20 FOR CURRENT SERVICES RENDERED 1.10 247.50 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL KERRY L. EZROL 1.10 $225.00 $247.50 TOTAL CURRENT WORK 247.50 BALANCE DUE $247.50 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 84 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905433 Boynton Beach FL 33435 STATEMENT NO: 39119 Attn: Lynn Swanson v. Ho, Benjamin and Karen (Code/Foreclosure) HOURS 12/01/2021 MDC review issues with pending motion for summary judgment, confer with Heather Needelman on notice 0.30 HN Meeting with MDC to discuss defendants response to City's Motion for Summary Judgment. Phone discussion with Tanya Guim. Drafted Reply to Defendants' response to city's motion for summary judgment. Email exchange with Crystal Gibson for certified copies. 1.70 12/02/2021 JAC Review pleadings and status of case dismissal and options regarding attorneys fees and related compliance 0.80 12/03/2021 HN Drafted reply and emailed to MDC for review. review of docket. Review of MDC edits to reply. Edits to reply. 1.60 MDC review and comment on reply to motion for summary judgment 0.30 JAC Review and discuss conflicting orders concerning dismissal and discovery with GB; review pleadings and post dismissal options 0.80 12/06/2021 JAC Review status of all case pleadings and discuss options and demolition issues 1.20 12/09/2021 HN Review of the Judge's division instructions, phone discussion with Karen Ho in compliance with local rule 4 and email to Karen Ho cc MDC. 0.30 12/13/2021 HN Edits to Notice of Hearing on City's Motion for Summary Judgment. Review of local rule 4. 0.20 12/15/2021 HN Review of the Judge's confirmation instructions for the hearing scheduled for January 31. Review of local rule 4. Coordinating compliance with the Judge's confirmation instructions. Review and edits to notice of hearing. Email to JAC cc MDC. 0.50 12/16/2021 HN Review and edit of cover letter to judge and review of package to the judge. 0.20 12/27/2021 HN Review of city's motion for default final judgment and motion for summary judgment. Email to MDC. 1.30 12/28/2021 HN Meeting with assistant re: preparation for hearing on 1/31. Discussion with MDC. research related to 40 day requirement for filing motion for summary judgment. Email to MDC with legal analysis. Email exchange with Vestiguerne Pierre and edits to his affidavit. 2.40 MDC Telephone conference call with Heather Needelman on correcting affidavit 0.20 Page 85 of 580 Page: 2 CITY OF BOYNTON BEACH 01/04/2022 ACCOUNT NO: 306-9905433 STATEMENT NO: 39119 v. Ho, Benjamin and Karen (Code/Foreclosure) HOURS 12/29/2021 MDC review revised affidavit and case law, confer with HN on how to proceed with hearing 0.40 HN Review of Vestiguerne Pierre's Affidavit and attachments. Email exchange with Vestiguerne Pierre. Email exchange with MDC. Drafted notice of filing of amended affidavit. Discussions with MDC. Edits to notice of filing. 2.60 JAC Review and compare amended complaint to prior allegations and orders on dismissal; evaluate options for motion to strike and sanctions 0.80 FOR CURRENT SERVICES RENDERED 15.60 3,510.00 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL JAMES A. CHEROF 3.60 $225.00 $810.00 MICHAEL D. CIRULLO 1.20 225.00 270.00 HEATHER NEEDELMAN 10.80 225.00 2,430.00 Photocopies 90.30 TOTAL EXPENSES THRU 12/31/2021 90.30 12/16/2021 Federal Express - Invoice 7-605-07426 17.69 Fed Ex 17.69 TOTAL ADVANCES THRU 12/31/2021 17.69 TOTAL CURRENT WORK 3,617.99 BALANCE DUE $3,617.99 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 86 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905456 Boynton Beach FL 33435 STATEMENT NO: 39120 Attn: Lynn Swanson adv. Priority Towing HOURS 12/01/2021 GB Emails with opposing counsel regarding case management order. 0.10 12/07/2021 GB Email to opposing counsel regarding deadlines set by case management order. 0.10 12/17/2021 GB Reviewed file in preparation to draft Motion for Summary Judgment. 1.50 12/23/2021 GB Legal research for Motion for Summary Judgment. 1.10 FOR CURRENT SERVICES RENDERED 2.80 630.00 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL GAL BETESH 2.80 $225.00 $630.00 TOTAL CURRENT WORK 630.00 BALANCE DUE $630.00 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 87 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905495 Boynton Beach FL 33435 STATEMENT NO: 39121 Attn: Lynn Swanson Bamboo/Palmer Special Assessment HOURS 12/01/2021 DS Reviewed and revised notice of reimbursement letter. Reviewed and revised draft ordinance. 0.40 12/02/2021 DS Discussed draft ordinance and reimbursement letter with JAC and MDC. Reviewed and revised draft ordinance. Drafted email re: reimbursement letter. 1.10 MDC meet with Jim Cherof and Danielle Schwabe on letters for Development Agreement 0.30 JAC Conference with attorneys regarding assessments and collection of infrastructure improvement costs and reimbursement to initiating property owner; follow up research regarding latter issue 1.20 12/07/2021 DS Reviewed and revised draft ordinance re: conditions to utility service. 1.70 12/09/2021 DS Reviewed and revised draft ordinance. Discussed water service agreements with Dunn. Discussed draft ordinance with JAC. 1.70 12/10/2021 DS Researched statutory utility liens and septic tank abandonment. Revised draft ordinance. Drafted email re: draft ordinance. 2.20 12/13/2021 DS Followed up with Utility Department re: payment of developer costs and draft ordinance. 0.20 12/15/2021 DS Left voicemail follow up with Roscheck re: draft ordinance. 0.10 12/17/2021 DS Drafted email re: draft ordinance. 0.20 12/23/2021 DS Drafted email re: conference call for draft ordinance. 0.20 12/30/2021 DS Reviewed draft ordinance re: conditions fo utility service and City code. 0.30 FOR CURRENT SERVICES RENDERED 9.60 2,160.00 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL JAMES A. CHEROF 1.20 $225.00 $270.00 MICHAEL D. CIRULLO 0.30 225.00 67.50 DANIELLE SCHWABE 8.10 225.00 1,822.50 Page 88 of 580 Page: 2 CITY OF BOYNTON BEACH 01/04/2022 ACCOUNT NO: 306-9905495 STATEMENT NO: 39121 Bamboo/Palmer Special Assessment TOTAL CURRENT WORK 2,160.00 BALANCE DUE $2,160.00 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 89 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905503 Boynton Beach FL 33435 STATEMENT NO: 39122 Attn: Lynn Swanson adv. Lionesz Investments, LLC. (Tarpon IV, LLC) HOURS 12/01/2021 SHB Finalize and send memo to City re: status of case. 0.10 FOR CURRENT SERVICES RENDERED 0.10 22.50 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL SHANA H. BRIDGEMAN 0.10 $225.00 $22.50 TOTAL CURRENT WORK 22.50 BALANCE DUE $22.50 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 90 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905505 Boynton Beach FL 33435 STATEMENT NO: 39123 Attn: Lynn Swanson adv. MJBS Holdings, LLC (Tarpon IV, LLC) HOURS 12/01/2021 SHB Finalize and send memo to City re: status of case. 0.10 FOR CURRENT SERVICES RENDERED 0.10 22.50 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL SHANA H. BRIDGEMAN 0.10 $225.00 $22.50 TOTAL CURRENT WORK 22.50 BALANCE DUE $22.50 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 91 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905507 Boynton Beach FL 33435 STATEMENT NO: 39124 Attn: Lynn Swanson Adv. MJBS Holdings, LLC (KC Enterprise/Tarpon IV, LLC) HOURS 12/01/2021 SHB Finalize and send memo to City re: status of case. 0.10 FOR CURRENT SERVICES RENDERED 0.10 22.50 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL SHANA H. BRIDGEMAN 0.10 $225.00 $22.50 TOTAL CURRENT WORK 22.50 BALANCE DUE $22.50 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 92 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905508 Boynton Beach FL 33435 STATEMENT NO: 39125 Attn: Lynn Swanson adv. MJBS Holdings, LLC 2 (KC Enterprise/Tarpon IV, LLC) HOURS 12/01/2021 SHB Finalize and send memo to City re: status of case. 0.10 FOR CURRENT SERVICES RENDERED 0.10 22.50 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL SHANA H. BRIDGEMAN 0.10 $225.00 $22.50 TOTAL CURRENT WORK 22.50 BALANCE DUE $22.50 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 93 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905512 Boynton Beach FL 33435 STATEMENT NO: 39126 Attn: Lynn Swanson adv. Sterling Village Condominium (Duperault, Don) HOURS 12/15/2021 SHB Attend hearing on Plaintiffs motion for attorney fees and surplus. Review proposed order and follow up with Aboud. Draft Motion for Surplus Funds and Affidavit in support of Motion; transmit Affidavit to Fredriksen for review and signature. 1.90 12/16/2021 SHB Prepare Motion for Surplus and Affidavit. Transmit affidavit to City for review and signature. 0.80 12/17/2021 SHB Finalize and file Motion for Surplus. 0.10 FOR CURRENT SERVICES RENDERED 2.80 630.00 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL SHANA H. BRIDGEMAN 2.80 $225.00 $630.00 TOTAL CURRENT WORK 630.00 BALANCE DUE $630.00 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 94 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905525 Boynton Beach FL 33435 STATEMENT NO: 39127 Attn: Lynn Swanson v. JKM BTS Capital, LLC (Declaratory Action) HOURS 12/01/2021 GB Telephone conference call with City clerk regarding public records request from JKM. Reviewed documents to be produced in response to public records request to ensure no confidential or exempt documents were being produced. 0.50 12/02/2021 GB Continued drafting deposition summary of andrew mack's deposition. 1.80 12/03/2021 GB Meeting with JAC and MDC regarding case status and strategy. 0.30 12/06/2021 JAC Follow up with staff and Tom Baird regarding South development application review and status 0.40 12/10/2021 GB Deposition summary for Andrew Mack. Emails with Joanne O'Connor regarding hearing on City's objections to discovery. 0.90 12/13/2021 GB Reviewed all documents relevant to hearing on City's Objection to Defendant's Second Request for Production and legal research regarding City's objections in preparation for phone conference with Joanne O'Connor on the subject. Telephone conference call with Joanne O'Connor regarding hearing on City's Objection to Defendant's Second Request for Production. Reviewed and highlighted portions of Carlos Mercado's deposition to support City's objection to JKM's request for geographical certifications and email to Joanne OConnor. 1.60 12/15/2021 GB Emails with Joanne O'Connor and City regarding JKM's discovery. Reviewed documents produced to JKM from Florida Department of Health and email to City regarding supporting documents needed for discovery. 0.70 12/16/2021 GB Emails with City regarding telephone conference and JKM's Third Request for Production. 0.30 12/17/2021 GB Deposition summary of Andrew Mack. 1.30 12/20/2021 JAC Review case pleading and discovery status for discussion with CityManager 0.60 12/21/2021 GB Received and reviewed documents from City in response to JKM's discovery requests. Emails with Joanne O'Connor regarding documents from City. Reviewed discovery request from JKM and email to City regarding additional documents needed. Telephone conference call with Joanne O'Connor and City regarding discovery request. Emails with the City regarding discovery requests. 1.10 Page 95 of 580 Page: 2 CITY OF BOYNTON BEACH 01/04/2022 ACCOUNT NO: 306-9905525 STATEMENT NO: 39127 v. JKM BTS Capital, LLC (Declaratory Action) HOURS 12/22/2021 GB Emails with City regarding JKM's Third Request for Production. Emails to Joanne O'Connor regarding outstanding discovery. Received and began reviewing documents from City responsive to JKM's discovery requests. 0.40 GB Continued summary of Andrew Mack's deposition. 0.20 12/23/2021 GB Reviewed additional documents provided by the City in responses to JKM's latest request for production. 1.30 12/27/2021 GB Drafted and finalized deposition summary for Andrew Mack. Email to Joanne O'Connor and Andrew Mack attaching deposition summary. 1.50 FOR CURRENT SERVICES RENDERED 12.90 2,902.50 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL JAMES A. CHEROF 1.00 $225.00 $225.00 GAL BETESH 11.90 225.00 2,677.50 12/14/2021 Phipps Reporting - Invoice 208883 637.50 Depo 637.50 TOTAL ADVANCES THRU 12/31/2021 637.50 TOTAL CURRENT WORK 3,540.00 BALANCE DUE $3,540.00 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 96 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905528 Boynton Beach FL 33435 STATEMENT NO: 39128 Attn: Lynn Swanson Sara Sims Park Plat-examination of title to approve Plat HOURS 12/02/2021 SMS Calls and discussion related to use of Code Enforcement procedure for property. 0.90 FOR CURRENT SERVICES RENDERED 0.90 202.50 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL SEAN M. SWARTZ 0.90 $225.00 $202.50 TOTAL CURRENT WORK 202.50 BALANCE DUE $202.50 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 97 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905539 Boynton Beach FL 33435 STATEMENT NO: 39129 Attn: Lynn Swanson adv. Sharon R. Bock (City of Pahokee) HOURS 12/01/2021 SHB Finalize and send memo to City re: status of case. 0.10 FOR CURRENT SERVICES RENDERED 0.10 22.50 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL SHANA H. BRIDGEMAN 0.10 $225.00 $22.50 TOTAL CURRENT WORK 22.50 BALANCE DUE $22.50 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 98 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905542 Boynton Beach FL 33435 STATEMENT NO: 39130 Attn: Lynn Swanson PBA Captains Unit Formation 2021 HOURS 12/07/2021 GB Received and reviewed order denying City's Motion for Reconsideration. Emails with MDC and JAC regarding order. 0.30 JAC Reply to request for joint statement submittal; Review order denying motion for reconsideration; review motion to dismiss 0.70 12/10/2021 JAC Review correspondence with HR and PBA rep; assist in draft response Regarding addressing wage in our issues at bargaining table; discuss same with CityManager in HR director 0.70 12/27/2021 JAC Review and forward correspondence from Katie Mendoza regarding discovery; review transcript to evaluate discovery/depositions 0.80 FOR CURRENT SERVICES RENDERED 2.50 562.50 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL JAMES A. CHEROF 2.20 $225.00 $495.00 GAL BETESH 0.30 225.00 67.50 TOTAL CURRENT WORK 562.50 BALANCE DUE $562.50 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 99 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905552 Boynton Beach FL 33435 STATEMENT NO: 39131 Attn: Lynn Swanson Canal Maintenance Special Assessment HOURS 12/03/2021 MDC confer with Jim Cherof on status of agenda materials, and follow up with Lynn Swanson on proof of publication for intent resolution 0.20 JAC Follow up regarding transition from billable to ad valorem collection assessment; discuss with Mike Cirullo; review maps and notices 1.20 FOR CURRENT SERVICES RENDERED 1.40 315.00 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL JAMES A. CHEROF 1.20 $225.00 $270.00 MICHAEL D. CIRULLO 0.20 225.00 45.00 TOTAL CURRENT WORK 315.00 BALANCE DUE $315.00 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 100 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905566 Boynton Beach FL 33435 STATEMENT NO: 39132 Attn: Lynn Swanson adv. The Preserve at Boynton Beach (50 Friends Fund Capital) HOURS 12/01/2021 SHB Receive and review Notice of Hearing on Motion for Final Judgement. Review file; various correspondence with Riggin. 0.60 FOR CURRENT SERVICES RENDERED 0.60 135.00 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL SHANA H. BRIDGEMAN 0.60 $225.00 $135.00 TOTAL CURRENT WORK 135.00 BALANCE DUE $135.00 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 101 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905567 Boynton Beach FL 33435 STATEMENT NO: 39133 Attn: Lynn Swanson adv. Ho, Wing and Ho, Karen (Petition for Preliminary Injunction) HOURS 12/01/2021 HN Edits to Reply before filing today. Edits to notice of taking depo. Review of Karen Ho's Response to motion to compel. Review of Rule 45 relating to subpoenas and rule 30 relating to notice of depositions. Edits to subpoena and notice of deposition. 2.80 GB Meeting with HN regarding subpoena to architect. Edits to Subpoena to architect. 0.40 12/02/2021 HN Review meeting minutes from the 3 hearings before the building board of adjustment and appeals. Drafted the majority of the statement of material facts based on review of minutes. Review of the Judge's order on city's motion for pretrial conference. Email to MDC and GB re: orders. Edits to John Kuntzman affidavit. Discussion with John. 4.70 GB Received and reviewed order from court denying motion for pretrial conference and referring discovery motions to judge Matthewman. 0.30 12/03/2021 HN Review of magistrate's order and the report Justice Roberts issued that the Magistrate said to review. Email to GB and MDC. Review of emails from John Kuntzman. Review of Judge Matthewman's Order, review of Judge Middlebrooks' order, discussions with GB and MDC. 2.20 MDC review discovery order; review order dismissing complaint; confer with Heather Needelman and Gal Betesh 0.30 GB Meeting with JAC and MDC regarding case status and strategy. Received and reviewed order granting motion to dismiss and order setting hearing for discovery motions. Meeting with MDC and HN regarding orders. Telephone conference calls with Judge's chambers regarding orders. 0.80 12/06/2021 HN Review of order of dismissal, order on motion for default and review of federal rule of civil procedure 15. Discussion with JAC. Email exchange with JAC, MDC and GB. Review of Judge Matthewman's Order canceling the hearing. Review of email from Crystal Gibson. Phone discussion with John Kuntzman. 0.70 GB Left voicemails for Wing Ho and Karen Ho regarding cancellation of hearing on Wednesday December 8, 2021. Sent emails to Plaintiffs memorializing voicemail. Telephone conference call with Karen Ho regarding cancellation of hearing on Wednesday December 8, 2021. Email to Plaintiffs memorializing phone conversation and court granting Motion to Dismiss. Drafted and had filed notice of compliance with court order. 0.80 MDC review emails on orders and status of discovery 0.20 12/07/2021 HN Review of Notice of Mediation Cancellation. Phone discussion with Julie Oldbury. Review of Karen and Wing Ho's responses to City's discovery Page 102 of 580 Page: 2 CITY OF BOYNTON BEACH 01/04/2022 ACCOUNT NO: 306-9905567 STATEMENT NO: 39133 adv. Ho, Wing and Ho, Karen (Petition for Preliminary Injunction) HOURS motions that were served today. Research as to what is required to get the court to dismiss a case with prejudice. Review of case law. Review of Judge Mattewman's order denying plaintiffs' motion to continue hearing. 1.70 GB Edits to Notice of Cancellation of Mediation. Emails with HN regarding cancellation of mediation. 0.30 12/09/2021 HN Discussion with Karen Ho re: her amending the complaint by dec. 20. Started drafting motion to dismiss with prejudice. 1.20 12/10/2021 HN Drafted motion to dismiss with prejudice and drafting motion for sanctions. Review of the many cases in which the Hos were plaintiffs in state and federal court. Review of the court's orders in those matters. Started drafted request for judicial notice. 4.30 12/13/2021 HN discussion re: notifying plaintiffs that deposition was not proceeding due to court's dismissal. Research related to what kind of cases can be judicially noticed. Edits to request for judicial notice. 1.60 12/14/2021 HN Research relating to when a defendant can recover attorneys fees when case is filed under 42 use 1983. Review of Lozman v. Riviera Beach. Edits to request for judicial notice, review of orders and complaints relating to other cases filed by karen ho. Discussion with GB re: karen Ho's statement that they are amending the complaint. Drafted motion for extension of time. 2.50 12/15/2021 HN Review of motion to dismiss with prejudice and newly added case law related to dismissing with prejudice 1.20 12/20/2021 HN Phone discussion with Wing Ho. Meeting with MDC to discuss Wing's request for more time to amend complaint. Started drafted response to anticipated motion for extension to amend complaint. 0.80 MDC confer with Heather Needelman on request for extension of time for amended complaint 0.20 12/21/2021 MDC review Motion Extension of Time, confer with Heather Needelman on response; review and provide comments on City's response 0.40 HN Edits to Response to Plaintiffs' Motion for extension. Review of MDC and GB's edits. 1.20 GB Reviewed and edits to City's Response in Opposition to Plaintiffs' Motion for Extension of Time. Email to HN regarding edits. 0.50 12/22/2021 HN Review of the Judge's order on Plaintiffs' Motion for extension of time. Discussion with GB. Edits to draft motion to dismiss with prejudice. 0.60 12/23/2021 HN Discussion with GB re: ho amended complaint and moving to dismiss with prejudice and in the alternative without prejudice. 0.30 12/27/2021 HN Edits to Motion to Dismiss with Prejudice. Review of case law relating to the court taking judicial notice at the motion to dismiss phase. Review of local rules. 1.50 12/29/2021 HN Review of amended complaint and review of cited statutes in the amended complaint. 2.70 12/30/2021 MDC review Amended Complaint and Proof of Service, confer with Heather Needelman on response, follow up with Jim Cherof 0.80 Page 103 of 580 Page: 3 CITY OF BOYNTON BEACH 01/04/2022 ACCOUNT NO: 306-9905567 STATEMENT NO: 39133 adv. Ho, Wing and Ho, Karen (Petition for Preliminary Injunction) HOURS HN Review of amended complaint. Discussion with MDC re: amended complaint. Edits to Motion to Dismiss. Review of sunbiz document referenced in amended complaint. Review of the Florida Civil Rights Act, review of the United States Civil Rights Act, review of related case law, review of federal and state negligence case law and statutes. 3.70 FOR CURRENT SERVICES RENDERED 38.70 8,707.50 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL MICHAEL D. CIRULLO 1.90 $225.00 $427.50 HEATHER NEEDELMAN 33.70 225.00 7,582.50 GAL BETESH 3.10 225.00 697.50 Photocopies 43.75 TOTAL EXPENSES THRU 12/31/2021 43.75 TOTAL CURRENT WORK 8,751.25 BALANCE DUE $8,751.25 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 104 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905571 Boynton Beach FL 33435 STATEMENT NO: 39134 Attn: Lynn Swanson adv. Newrez LLC (Norfus, Ricky 2021) HOURS 12/28/2021 SHB Receive and review Notice of Dismissal. Prepare and send memo to client re: status of litigation and code lien. 0.70 FOR CURRENT SERVICES RENDERED 0.70 157.50 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL SHANA H. BRIDGEMAN 0.70 $225.00 $157.50 TOTAL CURRENT WORK 157.50 BALANCE DUE $157.50 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 105 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905572 Boynton Beach FL 33435 STATEMENT NO: 39135 Attn: Lynn Swanson adv. Webb, Jesse Rufus, Jr. (Forfeiture of$8,425) HOURS 12/16/2021 BJS Telephone call with State Attorney's Office and draft follow up correspondence re: Webb/Plea Conference 1.00 12/23/2021 BJS Review criminal docket and draft follow up correspondence to City re: plea and resolution, draft update correspondence to staff 0.50 FOR CURRENT SERVICES RENDERED 1.50 337.50 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL BRIAN J. SHERMAN 1.50 $225.00 $337.50 Photocopies 0.35 TOTAL EXPENSES THRU 12/31/2021 0.35 12/29/2021 John Abruzzo -Certification of Records 14.00 Filing fee 14.00 TOTAL ADVANCES THRU 12/31/2021 14.00 TOTAL CURRENT WORK 351.85 BALANCE DUE $351.85 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 106 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905579 Boynton Beach FL 33435 STATEMENT NO: 39136 Attn: Lynn Swanson adv. Clerk of Court (RJ Simple Solution, LLC) HOURS 12/01/2021 SHB Telephone conference with Brian Gottlieb re: potential settlement of case in lieu of trial. 0.10 12/10/2021 SHB Follow up with. Gottlieb re: settlement matters. 0.10 12/15/2021 SHB Receive and review settlement offer. Transmit to City for review. Receive response from City and follow up with atty Gottlieb. 0.40 12/16/2021 SHB Various correspondence with Gottlieb and City re: lien matters. 0.20 FOR CURRENT SERVICES RENDERED 0.80 180.00 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL SHANA H. BRIDGEMAN 0.80 $225.00 $180.00 TOTAL CURRENT WORK 180.00 BALANCE DUE $180.00 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 107 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905584 Boynton Beach FL 33435 STATEMENT NO: 39137 Attn: Lynn Swanson adv. Power Financial Credit Union (Boynton Partners, LLC) HOURS 12/07/2021 SHB Receive and review pleadings re: motion for assignment of rents. 0.30 FOR CURRENT SERVICES RENDERED 0.30 67.50 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL SHANA H. BRIDGEMAN 0.30 $225.00 $67.50 TOTAL CURRENT WORK 67.50 BALANCE DUE $67.50 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 108 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905604 Boynton Beach FL 33435 STATEMENT NO: 39138 Attn: Lynn Swanson Wells Landing ARPA Grant Agreement HOURS 12/09/2021 JAC Review transaction and proposed/draft documents involving sub recipient of ARPA funds; Research regarding same and enforcement/collectibility issues 2.00 12/13/2021 JAC Review documents; options for security of city participation; discuss with SS 0.80 12/15/2021 SMS Call, revisions, and correspondences related to Wells Landing ARPA Grant Agreement. 0.40 12/16/2021 JAC Review correspondence from CIRA regarding some recipient agreement; 0.20 FOR CURRENT SERVICES RENDERED 3.40 765.00 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL JAMES A. CHEROF 3.00 $225.00 $675.00 SEAN M. SWARTZ 0.40 225.00 90.00 TOTAL CURRENT WORK 765.00 BALANCE DUE $765.00 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 109 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905029 Boynton Beach FL 33435 STATEMENT NO: 39071 Attn: Lynn Swanson adv. Ford, Sharron (negligence arrest) Billing Category 18-RLO Claim#001470000245GB HOURS 12/03/2021 GB Meeting with JAC and MDC regarding case status and strategy. 0.30 FOR CURRENT SERVICES RENDERED 0.30 67.50 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL GAL BETESH 0.30 $225.00 $67.50 TOTAL CURRENT WORK 67.50 BALANCE DUE $67.50 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 110 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905098 Boynton Beach FL 33435 STATEMENT NO: 39072 Attn: Lynn Swanson adv. Venegas, Jesusa Billing Category 18-RLO Claim#00 1 470000367AB HOURS 12/07/2021 GB Received and reviewed Amended Complaint. Reviewed case file in preparation for responding to Amended Complaint. 0.70 12/16/2021 GB Reviewed Amended Complaint in preparation for drafting a response. Email to Bill Berk regarding Amended Complaint. Drafted and file Joined to Motion for Extension of Time. 0.70 FOR CURRENT SERVICES RENDERED 1.40 315.00 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL GAL BETESH 1.40 $225.00 $315.00 TOTAL CURRENT WORK 315.00 BALANCE DUE $315.00 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 111 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905190 Boynton Beach FL 33435 STATEMENT NO: 39073 Attn: Lynn Swanson adv. Readon, Jayden, Estate of(police chase) Billing Category: 18-RLO Claim#001470-000396-AB-01 HOURS 12/01/2021 MDC Telephone conference call with Gal Betesh on hearing outcome, next steps. 0.20 GB Prepared for and attended Motion for Reconsideration hearing. Meeting with MDC regarding motion and finding. 2.00 12/03/2021 GB Meeting with JAC and MDC regarding case status and strategy. 0.30 12/07/2021 MDC confer with GB on discovery issues 0.20 12/09/2021 GB Emails with opposing counsel regarding proposed order on Motion for Reconsideration. Edits to proposed order and email to MDC regarding additional changes to order. 0.30 MDC review proposed order on public records disclosure/discovery 0.20 12/20/2021 GB Email to opposing counsel regarding Thomas Wallace's address. Drafted Notice of Compliance with Court's Order on City's Motion for Reconsideration. 0.40 FOR CURRENT SERVICES RENDERED 3.60 810.00 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL MICHAEL D. CIRULLO 0.60 $225.00 $135.00 GAL BETESH 3.00 225.00 675.00 12/02/2021 Prestige Reporting Service - Invoice 106953 115.00 Depo 115.00 11/24/2021 Federal Express - Invoice 7-588-71928 18.44 Fed Ex 18.44 TOTAL ADVANCES THRU 12/31/2021 133.44 Page 112 of 580 Page: 2 CITY OF BOYNTON BEACH 01/04/2022 ACCOUNT NO: 306-9905190 STATEMENT NO: 39073 adv. Readon, Jayden, Estate of(police chase) TOTAL CURRENT WORK 943.44 BALANCE DUE $943.44 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 113 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905310 Boynton Beach FL 33435 STATEMENT NO: 39074 Attn: Lynn Swanson adv. Philson, Tammi A. (Personal Injury-Carolyn Sims Center) Billing Category: 18- RLO Claim#001470000440GB HOURS 12/02/2021 GB Legal research regarding opposing counsel's argument in opposition to City's Motion to Dismiss. 1.60 GB Telephone conference call with City regarding claim. 0.30 12/03/2021 GB Meeting with JAC and MDC regarding case status and strategy. 0.30 12/14/2021 GB Emails with City regarding conference call with Gail Mootz and Richard Ignoffo regarding claim. 0.30 12/16/2021 GB Drafted City's First Set of Interrogatories to the Plaintiff and First Request for Production to the Plaintiff. 1.50 12/21/2021 GB Emails with City regarding telephone call. 0.10 12/22/2021 MDC confer with Gal Betesh on motion to dismiss and responding to opposing counsel 0.20 GB Prepared for and participated in telephone conference call with City regarding claim and lights at Sims Center. Prepared for and participated in meeting with MDC regarding motion to dismiss. 1.50 12/23/2021 GB Emails and telephone conference calls with City regarding lights at the Simms Center on date of incident. 0.30 FOR CURRENT SERVICES RENDERED 6.10 1,372.50 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL MICHAEL D. CIRULLO 0.20 $225.00 $45.00 GAL BETESH 5.90 225.00 1,327.50 TOTAL CURRENT WORK 1,372.50 BALANCE DUE $1,372.50 Page 114 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905347 Boynton Beach FL 33435 STATEMENT NO: 39075 Attn: Lynn Swanson adv. Benitez, Antonio (Park Injuries) Billing Category: 18- RLO Claim#0014700000452GB HOURS 12/01/2021 GB Telephone conference call and emails with with Dr. Chlal and his officer regarding CME of Plaintiff. 0.70 12/02/2021 GB Telephone conference call with City regarding claim and discovery. 0.30 12/03/2021 GB Meeting with JAC and MDC regarding case status and strategy. 0.30 12/07/2021 GB Telephone conference call and emails with Dr. Michael Ziede's officer regarding CME. Drafted Notice of Compulsory Medical Evaluation. Emails with JAC and TC regarding Tristar request for fee updates. 0.80 12/09/2021 GB Drafted Compulsory Medical Evaluation request. Email with Tristar regarding insurance policy and rates. Drafted letter to judge enclosing material for motion to compel hearing. 0.90 12/14/2021 GB Finalized and filed Request for CME. Email to City regarding CME request and agreement with Dr. Zeide. Letter to Dr. Zeide enclosing medical records received in response to Subpoena Duces Tecum from Plaintiffs medical providers. 0.60 12/15/2021 GB Received and reviewed supplemental documents to City's discovery requests. Emails with opposing counsel regarding motion to compel hearing. Drafted and had filed notice of cancellation of motion to compel. Emails to City and Tristar regarding additional documents produced by Plaintiff. Emails with City regarding deposition of Witnesses. Emails with opposing counsel regarding depositions and mediation. 1.20 12/20/2021 GB Drafted letter to Dr. Zeide enclosing additional medical documents for Plaintiff received in response to Subpoena Duces Tecum. 0.20 12/21/2021 GB Reviewed medical records for Plaintiff. 0.90 12/22/2021 GB Telephone conference call with City and Tristar regarding strategy and ISO report generated by Tristar regarding Plaintiff's prior insurance claims. Reviewed medical records of Plaintiff for injuries prior to incident described in the Complaint. 1.00 Page 115 of 580 Page: 2 CITY OF BOYNTON BEACH 01/04/2022 ACCOUNT NO: 306-9905347 STATEMENT NO: 39075 adv. Benitez, Antonio (Park Injuries) HOURS 12/23/2021 JAC Review ISO report; review status of discovery and motion in limine; Evaluate report to Commission and need for closed or session 1.00 12/27/2021 GB Received and reviewed Plaintiff's objection to CME notice and proposed agreed order on Objection. Edits to proposed agreed order. Legal research regarding CMEs. Email to opposing counsel attaching revised agreed order limiting scope of CME. 1.20 FOR CURRENT SERVICES RENDERED 9.10 2,047.50 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL JAMES A. CHEROF 1.00 $225.00 $225.00 GAL BETESH 8.10 225.00 1,822.50 Photocopies 52.85 TOTAL EXPENSES THRU 12/31/2021 52.85 11/17/2021 Ciox Health - Invoice 0356745076 203.57 11/30/2021 Sharecare Health Data Services, LLC- Invoice 6235781 42.44 12/13/2021 Central Palm Beach Surgery Center-Copy of Medical Records 238.92 Outside Copying 484.93 11/16/2021 Dennis J. Leavy &Associates, Inc. - Invoice 19757 862.50 Professional Services 862.50 10/29/2021 Compass Investigations - Invoice 2021010306 40.00 Service Process 40.00 TOTAL ADVANCES THRU 12/31/2021 1,387.43 TOTAL CURRENT WORK 3,487.78 BALANCE DUE $3,487.78 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 116 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905369 Boynton Beach FL 33435 STATEMENT NO: 39076 Attn: Lynn Swanson adv. Moyse, Roseline (RLO) Billing Category: 18- RLO Claim#19754303 HOURS 12/01/2021 GB Emails with Karen Klein regarding case status and reviewed file in order to accurately respond to her inquiries. 0.50 12/06/2021 GB Email to City regarding mediation. 0.10 12/07/2021 GB Continued working on Motion for Summary Judgment. 0.40 12/13/2021 GB Began drafting mediation summary. Deposition summary of Keith Thompson in preparation to draft mediation summary and Motion for Summary Judgment. 3.50 12/14/2021 GB Deposition summary of Lawrence Allen's deposition. Reviewed timeline and Plaintiff's deposition summary in preparation to draft mediation statement and Motion for Summary Judgment . 1.90 12/16/2021 GB Finalized mediation statement. Prepared for mediation by reviewing file and all discovery received and produced in this matter, relevant case law and telephone conference calls with the City. 4.20 12/20/2021 GB Prepared for and attended mediation. Drafted settlement agreement and general release. 6.50 JAC Review case status and pending mediation; discussed mediation outcome with Gal Betesh and prepare for case closure and discussion with administration 1.20 12/21/2021 GB Telephone conference call with opposing counsel regarding release and settlement. Email to City regarding settlement agreement and payment. Telephone conference call with City regarding notary in release. 0.50 12/22/2021 GB Emails with opposing counsel regarding signed general release and settlement agreement. Emails with City and Tristar regarding fully executed agreement and settlement payment. 0.20 FOR CURRENT SERVICES RENDERED 19.00 4,275.00 Page 117 of 580 Page: 2 CITY OF BOYNTON BEACH 01/04/2022 ACCOUNT NO: 306-9905369 STATEMENT NO: 39076 adv. Moyse, Roseline (RLO) RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL JAMES A. CHEROF 1.20 $225.00 $270.00 GAL BETESH 17.80 225.00 4,005.00 12/20/2021 Robyn S. Hankins, PL- Invoice 5488 2,000.00 Professional Services 2,000.00 TOTAL ADVANCES THRU 12/31/2021 2,000.00 TOTAL CURRENT WORK 6,275.00 BALANCE DUE $6,275.00 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 118 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905375 Boynton Beach FL 33435 STATEMENT NO: 39077 Attn: Lynn Swanson adv. Geraci, Sanford and Meredith Geraci, John (Confrontation/Police Officer) Billing Category: 18- RLO Claim#19757010 HOURS 12/03/2021 GB Meeting with JAC and MDC regarding case status. 0.30 FOR CURRENT SERVICES RENDERED 0.30 67.50 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL GAL BETESH 0.30 $225.00 $67.50 TOTAL CURRENT WORK 67.50 BALANCE DUE $67.50 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 119 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905421 Boynton Beach FL 33435 STATEMENT NO: 39078 Attn: Lynn Swanson adv. McFadden, Patrick (K9 Injuries) Billing Category: 18- RLO Claim#19779868 HOURS 12/03/2021 GB Meeting with JAC and MDC regarding case status and strategy. 0.30 12/10/2021 GB Prepared for trial by reviewing file including deposition transcripts, motions and discovery responses to draft opening statement. 3.80 FOR CURRENT SERVICES RENDERED 4.10 922.50 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL GAL BETESH 4.10 $225.00 $922.50 TOTAL CURRENT WORK 922.50 BALANCE DUE $922.50 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 120 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905423 Boynton Beach FL 33435 STATEMENT NO: 39079 Attn: Lynn Swanson adv Mata Chorwadi Inc- Homing Inn Federal Lawsuit Billing Category: 18- RLO Claim#19780873 HOURS 12/01/2021 GB Emails with City regarding mediation in new appeal of order granting City costs. Emails with MDC regarding mediation in new appeal. 0.30 12/03/2021 GB Meeting with JAC and MDC regarding case status and strategy. 0.30 FOR CURRENT SERVICES RENDERED 0.60 135.00 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL GAL BETESH 0.60 $225.00 $135.00 TOTAL CURRENT WORK 135.00 BALANCE DUE $135.00 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 121 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905444 Boynton Beach FL 33435 STATEMENT NO: 39080 Attn: Lynn Swanson adv. Estella, Jean (MVA) Billing Category: 18- RLO Claim#19798151 HOURS 12/01/2021 GB Received and reviewed Motion for Extension of Time to respond to discovery. Telephone conference call and emails with opposing counsel regarding extension. 0.50 12/03/2021 GB Meeting with JAC and MDC regarding case status and strategy. 0.30 12/09/2021 GB Telephone conference call with opposing counsel regarding motion for extension of time to respond to discovery and motion to withdraw filed by Plaintiff's counsel. 0.30 12/10/2021 GB Telephone conference call with opposing counsel's officer regarding hearing on plaintiff's request for extension of time to respond to discovery and opposing counsel's motion to withdraw. Drafted and filed notice of hearing on plaintiff's motion for extension of time to respond to discovery. 0.50 12/21/2021 GB Emails with MDC regarding motion to dismiss. 0.20 12/22/2021 GB Prepared for and attended hearing on Plaintiffs counsel's motion to withdraw and motion for extension of time to respond to City's discovery requests. 1.00 12/27/2021 GB Emails with opposing counsel regarding proposed order withdrawing counsel and extension of time. Edits to Order granting motion to withdraw and motion for extension of time. Emails with City and Tristar regarding insurance information. Drafted letter to Judge enclosing proposed order withdrawing counsel and extension of time and uploaded order for the judge's signature. 1.20 FOR CURRENT SERVICES RENDERED 4.00 900.00 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL GAL BETESH 4.00 $225.00 $900.00 TOTAL CURRENT WORK 900.00 Page 122 of 580 Page: 2 CITY OF BOYNTON BEACH 01/04/2022 ACCOUNT NO: 306-9905444 STATEMENT NO: 39080 adv. Estella, Jean (MVA) BALANCE DUE $900.00 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 123 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905462 Boynton Beach FL 33435 STATEMENT NO: 39081 Attn: Lynn Swanson adv. Capobianco, Ewa (Charge of Discrimination) Billing Category: 18- RLO Claim#20806974 HOURS 12/03/2021 GB Meeting with JAC and MDC regarding case status and strategy. 0.30 GB Emails with mediator and emails with City regarding mediation. 0.20 12/21/2021 GB Legal research cat's paw theory for Motion for Summary Judgment. 1.00 FOR CURRENT SERVICES RENDERED 1.50 337.50 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL GAL BETESH 1.50 $225.00 $337.50 TOTAL CURRENT WORK 337.50 BALANCE DUE $337.50 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 124 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905492 Boynton Beach FL 33435 STATEMENT NO: 39082 Attn: Lynn Swanson adv. Flake, Natalie (MVA) Billing Category: 18- RLO Claim#20818346 HOURS 12/01/2021 GB Emails with Sgt. LLopis regarding pre deposition conference. 0.20 12/03/2021 GB Meeting with JAC and MDC regarding case status and strategy. 0.30 12/06/2021 GB Telephone conference call with Sgt. Sanders regarding claim. Telephone conference call with Risk Management regarding witness testimony. Legal research regarding discovery of records made confidential as part of risk management file. 0.90 12/07/2021 GB Emails with opposing counsel regarding good faith conference. 0.20 GB Prepared for and and participated in telephone conference call with opposing counsel in good faith to work out objections to Plaintiff's First Request for Admission and Plaintiffs Third Request for Production. Email to opposing counsel memorializing the conversation. 1.50 12/09/2021 GB Attended and prepared for Officer Schalk's deposition. Drafted letter to City providing update on discovery, case status, and requesting to hire Dr. Zeide. 4.00 12/13/2021 GB Drafted amended responses to discovery pursuant to good faith conference with opposing counsel. Called, left voicemail and email to opposing counsel regarding request number 5. Drafted amended subpoena to rehab facility pursuant to good faith call with opposing counsel. 1.20 12/14/2021 GB Received and listed to radio transmittance during pursuit. Voicemail to D.C. Snow regarding discovery. Email to D.C. Snow regarding training of Officer Schalk. Drafted letter to Dr. Zeide requesting CME, providing information about Plaintiff as requested and enclosing pertinent documents for his review. Prepared for hearing on Plaintiff's objection to Subpoena Duces Tecum to rehab facility. 1.50 12/15/2021 GB Prepared for and attended hearing on Plaintiffs Objection to City's Subpoena Duces Tecum to New Season Treatment Center. Drafted proposed order memorializing Judge's ruling at hearing. Emails with opposing counsel regarding proposed order. Drafted letter to judge enclosing proposed order. Submitted order to judge for signature. 1.40 Page 125 of 580 Page: 2 CITY OF BOYNTON BEACH 01/04/2022 ACCOUNT NO: 306-9905492 STATEMENT NO: 39082 adv. Flake, Natalie (MVA) HOURS 12/20/2021 GB Drafted subpoena duces tecum to Plaintiffs cell phone carrier. Edits to Joint Stipulation for extension of time for Plaintiff to respond to City's 2nd Request for Production. Drafted Agreed Order adopting stipulation. Email with opposing counsel attaching joint stipulation adn agreed order. 0.50 12/21/2021 GB Emails with Dr. Zeide's officer regarding Plaintiff's CME. Drafted Subpoena to T-Mobile, Plaintiff's phone service provider. Email to City regarding agreement with Dr. Zeide for CME. Drafted Notice of CME. 1.00 12/22/2021 GB Email to opposing counsel regarding supoena to rehab center. 0.10 12/23/2021 GB Emails with opposing counsel regarding stipulation for extension of time to respond to City's discovery. 0.10 12/27/2021 GB Emails with opposing counsel regarding subpoena to rehab facility and extension of time to respond to discovery. 0.20 FOR CURRENT SERVICES RENDERED 13.10 2,947.50 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL GAL BETESH 13.10 $225.00 $2,947.50 Photocopies 18.55 TOTAL EXPENSES THRU 12/31/2021 18.55 12/09/2021 Universal Court Reporting - Invoice 20428327 351.75 12/27/2021 Universal Court Reporting - Invoice 20430191 521.25 Depo 873.00 TOTAL ADVANCES THRU 12/31/2021 873.00 TOTAL CURRENT WORK 3,839.05 BALANCE DUE $3,839.05 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 126 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905549 Boynton Beach FL 33435 STATEMENT NO: 39083 Attn: Lynn Swanson adv Federick, Carolyn Personal Injuries—Trip and Fall Sidewalk Injuries Billing Category: 18- RLO Claim#21851368 HOURS 12/01/2021 GB Emails with City regarding surveillance. Emails with investigator regarding surveillance. 0.20 12/06/2021 GB Received and reviewed investigation results from investigator. Email to City and Tristar with investigator's findings. 0.10 12/07/2021 GB Email to Tristar and City regarding claim. 0.10 12/16/2021 GB Emails with Tristar and City regarding claim and strategy moving forward. 0.20 12/22/2021 GB Telephone conference call with City and Tristar regarding claim and strategy moving forward. 0.40 FOR CURRENT SERVICES RENDERED 1.00 225.00 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL GAL BETESH 1.00 $225.00 $225.00 TOTAL CURRENT WORK 225.00 BALANCE DUE $225.00 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 127 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905573 Boynton Beach FL 33435 STATEMENT NO: 39084 Attn: Lynn Swanson adv. Hughes, Elba (slip &fall) Billing Category: 18- RLO Claim#21855286 HOURS 12/13/2021 GB Received and reviewed medical bills for claimant from City in preparation for claims call. 0.20 12/15/2021 GB Telephone conference call with City and Tristar regarding claim update. 0.30 FOR CURRENT SERVICES RENDERED 0.50 112.50 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL GAL BETESH 0.50 $225.00 $112.50 TOTAL CURRENT WORK 112.50 BALANCE DUE $112.50 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 128 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905592 Boynton Beach FL 33435 STATEMENT NO: 39085 Attn: Lynn Swanson adv. Barth, Margaret Billing Category: 18- RLO Claim#21870612 HOURS 12/01/2021 GB Emails with City regarding incident and reviewed demand letter from attorney for FDOT. Searched docket to ascertain can status. 0.30 12/02/2021 GB Telephone conference call with City regarding claim and strategy moving forward. Reviewed additional documents regarding this claim provided by City. 0.50 12/03/2021 GB Telephone conference call and left voicemail to attorney for FDOT regarding demand letter and sent email memorializing voicemail. 0.30 12/06/2021 GB Telephone conference call with City regarding claim and inspection. Emails with City regarding contract with FDOT. Email to FDOT's attorney regarding demand letter. Telephone conference call with attorney for FDOT. Email to City regarding update on phone call. 0.90 12/07/2021 GB Reviewed City's agreement with FDOT to ascertain if the City was responsible for maintaining area where incident occurred. Email to FDOT's attorney regarding agreement. 0.90 12/09/2021 GB Emails with attorney for FDOT regarding locations that agreement covers. Emails and telephone conference call with City regarding update. 0.50 12/10/2021 GB Telephone conference call with City regarding matter. Email to JAC regarding case status. 0.30 12/14/2021 GB Meeting with JAC regarding claim. Email to City regarding meeting with JAC. 0.20 12/15/2021 GB Telephone conference call with City and Tristar regarding claim update. 0.30 FOR CURRENT SERVICES RENDERED 4.20 945.00 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL GAL BETESH 4.20 $225.00 $945.00 Page 129 of 580 Page: 2 CITY OF BOYNTON BEACH 01/04/2022 ACCOUNT NO: 306-9905592 STATEMENT NO: 39085 adv. Barth, Margaret TOTAL CURRENT WORK 945.00 BALANCE DUE $945.00 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 130 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905593 Boynton Beach FL 33435 STATEMENT NO: 39086 Attn: Lynn Swanson v. Perez, Daniel (Subrogation) Billing Category: 18- RLO Claim# HOURS 12/02/2021 GB Began drafting bad faith claim against insurance company. Reviewed all letters sent to insurance company by Tristar on behalf of City. Email to Tristar regarding additional information for claim. 0.70 12/06/2021 GB Drafted bad faith claim against insurance company. Email to City and Tristar copy of filed claim and email regarding strategy moving forward. Telephone conference call with insurance company regarding subrogation claim and bad faith claim. Email to City and Tristar regarding update. 1.60 12/07/2021 GB Called and left voicemail to adjuster regarding claim. 0.20 12/09/2021 GB Telephone conference call with adjuster for Security Insurance Company regarding City's claim. Email to City and Tristar regarding Perez was insured with Progressive. 0.40 FOR CURRENT SERVICES RENDERED 2.90 652.50 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL GAL BETESH 2.90 $225.00 $652.50 TOTAL CURRENT WORK 652.50 BALANCE DUE $652.50 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 131 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905594 Boynton Beach FL 33435 STATEMENT NO: 39087 Attn: Lynn Swanson FDOT- GCME Water Main Damage Billing Category: 18- RLO Claim#21870606 HOURS 12/01/2021 GB Emails with City regarding incident. 0.30 12/02/2021 GB Telephone conference call with City regarding claim and strategy. 0.30 12/03/2021 GB Telephone conference call with Richard Ignoffo regarding incident. Telephone conference call with Chris Roschek regarding incident. Began drafting demand letter to FDOT and GMCE. 1.10 12/06/2021 GB Finalized first draft of demand letter to FDOT and GCME and email letter to City for review and approval. Emails with City regarding changes. Put letter in final form and send it out to recipients. 1.30 12/07/2021 GB Emailed FDOT, GCME and the architect a copy of the demand letter that was mailed out yesterday. Emails with City regarding exact location of incident as requested by FDOT claims department. 0.30 12/15/2021 GB Telephone conference call with City and Tristar regarding claim update. Emails to FDOT regarding confirmation that additional information requested was received. 0.40 12/16/2021 GB Email to City and Tristar regarding FDOT's investigation of the claim. 0.10 12/27/2021 GB Email to City and Tristar advising that FDOT's claims department received the City's demand letter. 0.10 FOR CURRENT SERVICES RENDERED 3.90 877.50 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL GAL BETESH 3.90 $225.00 $877.50 TOTAL CURRENT WORK 877.50 BALANCE DUE $877.50 Page 132 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905595 Boynton Beach FL 33435 STATEMENT NO: 39088 Attn: Lynn Swanson adv. Felix, Kathleen Billing Category; 18- RLO Claim#21870336 HOURS 12/09/2021 GB Received initial documents regarding claim and reviewed and analyzed claim. 0.20 12/15/2021 GB Telephone conference call with City and Tristar regarding claim update. 0.30 FOR CURRENT SERVICES RENDERED 0.50 112.50 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL GAL BETESH 0.50 $225.00 $112.50 TOTAL CURRENT WORK 112.50 BALANCE DUE $112.50 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 133 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905596 Boynton Beach FL 33435 STATEMENT NO: 39089 Attn: Lynn Swanson adv. Paszti, Denes Billing Category; 18- RLO Claim#21870337 HOURS 12/09/2021 GB Received and reviewed initial claim documents. 0.20 12/10/2021 GB Telephone conference call with opposing counsel regarding preservation of evidence letter. Email to City and Tristar regarding update on call with opposing counsel. 0.30 12/14/2021 GB Email to opposing counsel regarding preservation of evidence letter and public records request. Email to City Clerk claimant's attorney's public records request. 0.30 12/15/2021 GB Telephone conference call with City and Tristar regarding claim update. 0.30 12/21/2021 GB Email with City regarding public records request. 0.10 12/22/2021 GB Telephone conference call with City regarding public records request from claimant's attorney. 0.30 FOR CURRENT SERVICES RENDERED 1.50 337.50 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL GAL BETESH 1.50 $225.00 $337.50 TOTAL CURRENT WORK 337.50 BALANCE DUE $337.50 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 134 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905597 Boynton Beach FL 33435 STATEMENT NO: 39090 Attn: Lynn Swanson adv. Starukhin, Aleksandr (Subrogation) Billing Category; 18- RLO Claim#21870352 HOURS 12/09/2021 GB Received and reviewed initial claim documents. 0.20 FOR CURRENT SERVICES RENDERED 0.20 45.00 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL GAL BETESH 0.20 $225.00 $45.00 TOTAL CURRENT WORK 45.00 BALANCE DUE $45.00 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 135 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905599 Boynton Beach FL 33435 STATEMENT NO: 39091 Attn: Lynn Swanson adv. Wynne, Sharon Billing Category: 18- RLO Claim#21870546 HOURS 12/10/2021 GB Received and reviewed claim documents in preparation for claim call with City. 0.30 12/15/2021 GB Telephone conference call with City and Tristar regarding claim update. 0.30 FOR CURRENT SERVICES RENDERED 0.60 135.00 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL GAL BETESH 0.60 $225.00 $135.00 TOTAL CURRENT WORK 135.00 BALANCE DUE $135.00 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 136 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905600 Boynton Beach FL 33435 STATEMENT NO: 39092 Attn: Lynn Swanson adv. KMG Holdings, LLC Billing Category: 18- RLO Claim#21870498 HOURS 12/10/2021 GB Received and reviewed claim documents in preparation for claim call with City. 0.30 12/15/2021 GB Telephone conference call with City and Tristar regarding claim update. 0.30 FOR CURRENT SERVICES RENDERED 0.60 135.00 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL GAL BETESH 0.60 $225.00 $135.00 TOTAL CURRENT WORK 135.00 BALANCE DUE $135.00 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 137 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905601 Boynton Beach FL 33435 STATEMENT NO: 39093 Attn: Lynn Swanson adv. Carter, Jennie Billing Category: 18- RLO Claim# HOURS 12/10/2021 GB Received and reviewed claim documents in preparation for claim call with City. 0.30 FOR CURRENT SERVICES RENDERED 0.30 67.50 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL GAL BETESH 0.30 $225.00 $67.50 TOTAL CURRENT WORK 67.50 BALANCE DUE $67.50 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 138 of 580 GOREN, CHEROF, DOODY & EZROL, P.A. Attorneys at Law 3099 East Commercial Boulevard Suite 200 Fort Lauderdale, Florida 33308 Telephone (954) 771-4500 Page: 1 CITY OF BOYNTON BEACH 01/04/2022 100 E. Ocean Avenue ACCOUNT NO: 306-9905602 Boynton Beach FL 33435 STATEMENT NO: 39094 Attn: Lynn Swanson adv. Calicchio,Anthony Billing Category: 18- RLO Claim#21870549 HOURS 12/10/2021 GB Received and reviewed claim documents in preparation for claim call with City. 0.30 12/13/2021 GB Received and reviewed initial claim documents in preparation for claim call with City. 0.30 12/15/2021 GB Telephone conference call with City and Tristar regarding claim update. 0.30 12/16/2021 GB Received and reviewed additional documents regarding claim. 0.20 FOR CURRENT SERVICES RENDERED 1.10 247.50 RECAPITULATION TIMEKEEPER HOURS HOURLY RATE TOTAL GAL BETESH 1.10 $225.00 $247.50 TOTAL CURRENT WORK 247.50 BALANCE DUE $247.50 AMOUNTS PREVIOUSLY BILLED NOT INCLUDED ABOVE Page 139 of 580 ROBERTS, REYNOLDS, BEDARD & TUZZIO, PLLC 470 Columbia Drive, Suite C-101 West Palm Beach, Florida 33409 Telephone (561)688-6560 Tax ID No. 65-0004867 Tristar Risk Management December 22, 2021 Attn: Karen Klein Bill No. 62360 P.O. Box 2805 Clinton, Iowa 52733-2805 CLIENT: Gallagher Bassett Services, Inc. 138 MATTER: Readon v. Boynton Beach 18187 Claim #001470-000396-AB-01 BILL FOR FEES AND COSTS THROUGH 11/30/21 PROFESSIONAL SERVICES Date Services Attorney Hours 11/01/21 Review/Analyze correspondence to and correspondence from SWK 0.20 Plaintiffs counsel re proposed order on Plaintiffs Motion to Compel Defendant to Provide Witness Address. 11/01/21 Review/Analyze correspondence to and from Gal Betesh, SWK 0.20 counsel for City, re re proposed order on Plaintiffs Motion to Compel Defendant to Provide Witness Address. 11/02/21 Receipt and review of co-Defendant, City of Boynton Beach's SWK 0.30 Motion for Reconsideration of Judge's Ruling Granting Plaintiffs Motion to Compel Defendant to Provide Witness Address. 11/03/21 Receipt and review of co-Defendant, City of Boynton Beach's SWK 0.10 Notice of Hearing on their Motion for Reconsideration of Judge's Ruling Granting Plaintiffs Motion to Compel Defendant to Provide Witness Address. 11/24/21 Receipt and review of Plaintiffs Response to co-Defendant, SWK 0.40 City of Boynton Beach's Motion for Reconsideration. 11/29/21 Receipt and review of Correspondence from Gail Betesh to SWK 0.10 judge re: binder for hearing on Motion for Reconsideration. PROFESSIONAL SERVICES SUMMARY Code Name Hours Rate Amount SWK Stephanie W. Kaufer, Partner 1.30 185.00 240.50 Total Professional Services 1.30 $240.50 Page 140 of 580 Client: Gallagher Bassett Services, Inc. December 22, 2021 Matter: 18187 - Readon v. Boynton Beach Page 2 CURRENT BILL TOTAL AMOUNT DUE $ 240.50 Balance Forward: 6,219.50 Payments &Adjustments: -4,192.00 Total Due: $ 2,268.00 Page 141 of 580 Please return this page with remittance to Roberts, Reynolds, Bedard & Tuzzio, PLLC 470 Columbia Drive, Suite C-101 West Palm Beach, Florida 33409 Bill Number: 62360 Bill Date: December 22, 2021 Client Code: 138 Client Name: Gallagher Bassett Services, Inc. Matter Code: 18187 Matter Name: Readon v. Boynton Beach Total Professional Services 240.50 Total Disbursements 0.00 CURRENT BILL TOTAL AMOUNT DUE $ 240.50 Balance Forward: 6,219.50 Payments &Adjustments: -4,192.00 Total Due: $ 2,268.00 Past Due Balance 2,027.50 TOTAL AMOUNT DUE $2,268.00 Page 142 of 580 JONES FOSTER P.A. P.O. Box 3475 West Palm each, FIL 33402-3475 505 South Flagler Drive, Suite 1100 West Palm each, FL 33401-5950 561 659 3000 T Tax I.D. 59-1292566 jonesfoster.com City of Boynton Beach December 31, 2021 c/o James Cherof, Esq. Invoice No. 247484 100 E Ocean Ave File No. 29049.00002 Boynton Beach, FIL 33435 TJB Represent City with respect to litigation over a development REMITTANCE COPY TOTALS FOR THIS STATEMENT RATE/HR. HOURS AMOUNT JOANNE M.. 0 350.00 350.00 1.80 $630.00 THOMAS J. BAIRD 350.00 0.50 $175.00 $805.00 TOTAL FEES THIS INVOICE TOTAL COSTS ADVANCED THIS INVOICE $0.00 TOTAL CHARGES THIS INVOICE $805.00 PREVIOUS BALANCE $0.00 TOTAL ACCOUNT BALANCE $805.00 PLEASE RETURN THIS PAGE WITH YOUR REMITTANCE. PAYMENTS RECEIVED AFTER THE PREPARATION OF THIS INVOICE WILL NOT BE REFLECTED. IF AN UNPAID PRIOR BALANCE IS DISPLAYED ABOVE AND YOU HAVE RECENTLY REMITTED PAYMENT, PLEASE PAY ONLY THE CURRENT INVOICE CHARGES. THANK YOU DUE UPON RECEIPT Page 143 of 580 JONES FOSTER P.A. P.O. Box 3475 West Palm each, FL 33402-3475 505 South Flagler Drive, Suite 1100 West Palm each, FL 33401-5950 561 659 3000 T Tax I.D. 59-1292566 jonesfoster.com City of Boynton each December 31, 2021 c/o James Cherof, Esq. Invoice No. 247484 100 E Ocean Ave it No. 29049.00002 Boynton each, FL 33435 TJB Represent City with respect to litigation over a development TOTALS FOR THIS STATEMENT RATE HOURS AMOUNT JOANNE M. OCONNOR 350.00 1.80 $630.00 THOMAS J. BAIRD 350.00 0.50 $175.00 TOTAL FEE THIS INVOICE $805.00 TOTAL COSTS ADVANCED THIS INVOICE $0.00 TOTAL CHARGES THIS INVOICE $805.00 PREVIOUS BALANCE $0.00 TOTAL ACCOUNT BALANCE $805.00 Page 144 of 580 JONES FOSTER P.A. City of Boyntoneach December 31, 2021 Represent City withrespect to litigation over a development Invoice No. 247484 File No. 29049.00002 Page FOR PROFESSIONALSERVICES ATE INDV DESCRIPTIONVICES HOURS AMOUNT 12/01/21 JMO EMAILS WITH STEMPLER'S OFFICE RE HEARING 0.10 35.00 2ND REQUEST TOPRODUCE; REVIEW NOTICE HEARING 12/02/21 TJB REVIEWAIL CORRESPONDENCE EXCHANGED0.20 70.00 ATTORNEYBETWEEN STEMPLER&CRYSTAL I S (2 ); RECEIVE AND REVIEW NOTICE OF HEARINGIN REPLAINTIFF'S OBJECTIONS TO THE DEFENDANT'S 2ND REQUEST FOR PRODUCTION 12/07/21 TJB RECEIVE AND REVIEW CORRESPONDENCE FROM 0.30 105.00 ATTORNEY STE PLE , J 'S 2ND REQUEST T PRODUCE THE CITY'S RESPONSE TO THE SAME AND NOTICE OF HEARINGPLAINTIFF'S OBJECTIONS TO THE 2ND REQUEST TO PRODUCE 12/14/21 JMO REVIEWOUR RESPONSES TO SECOND REQUEST 0.60 210.00 FOR PRODUCTION IN ADVANCE OF HEARING OBJECTIONS; REVIEW JKM MOST RECENT PUBLIC RECORDSREQUEST; TEL CALL G BETESH: TEL CALL STEMPLER TO MEET AND CONFER RE OBJECTIONS 12/14/21 JMO DRAFT AGREED ORDER ON OBJECTIONS TO 0.20 70.00 SECOND REQUEST TOPRODUCE; EMAILS WITH STE PLE 12/15/21 JMO EMAILS WITH STEMPLER RE CANCELLINGI 0.20 70.00 REVIEW NOTICECANCELLATION 12/15/21 JMO CONFER STEMPLER AND REVISE0.20 70.00 SECOND REQUEST FOR PRODUCTION; EMAILS WITH ETESH RE DISCOVERYRESPONSES 12/21/21 JMO TEL CALL G BETESH, A MACK, C ROSCHECK, P 0.30 105.00 KALKAT RE THIRD REQUEST FOR PRODUCTION 12/21/21 JMO REVIEWAPPLICATIONS SENT TO FDOH RELATIVETO 0.20 70.00 THIRD REQUEST FOR PRODUCTION TOTAL HOURS 2.30 Page 145 of 580 6.D. Consent Agenda 2/11/2022 City of Boynton Beach Agenda Item Request Form Commission Meeting Date: 2/1/2022 Requested Action by Commission: Approve the one-year extension for RFPs/Bids and/or piggy-backs for the procurement of services and/or commodities under $100,000 as described in the written report for February 1, 2022 - "Request for Extensions and/or Piggybacks." Explanation of Request: As required, the Finance/Procurement Department submits requests for award to the Commission; requests for approval to enter into contracts and agreements as the result of formal solicitations; and to piggy-back governmental contracts. Options to extend or renew are noted in the "Agenda Request Item" presented to Commission as part of the initial approval process. Procurement seeks to provide an accurate and efficient method to keep the Commission informed of pending renewals and the anticipated expenditure by reducing the paperwork of processing each renewal and/or extension individually and summarizing the information in a monthly report(as required). VENDOR(S) DESCRIPTION OF SOLICITATION RENEWAL AMOUNT SOLICITATION NUMBER TERM Annual Administrator of Record March 1, Estimated Property Registration Champions, for Abandoned, COBB RLI 001- 2022 - Generating LLC Foreclosed, and Vacant 2019 February Revenue Properties 28, 2023 $75,000 February 3, Annual Medical Director for the Estimated Elite Medical Specialists, LLC City's Emergency Medical COBB RFP 2022 - Expenditure Services Program (EMS) 005-2210-19/IT February 2, 2023 $39,000 Gentile Glas Holloway O'Mahoney & February Annual Associates; Schmidt Nichols; The General Planning COBB RFQ 15, 2022 - Estimated Mellgren Planning Group, A SEPI Services 049-2410-17/IT February Expenditure Company 14, 2023 $5,000 How will this affect city programs or services? This renewal report will be used for those solicitations, contracts/agreements and piggy-backs that are renewed/extended with the same terms and conditions and pricing as the initial award. Fiscal Impact: Funds have been budgeted under line items as noted on the attached report. Alternatives: Page 146 of 580 Not approve renewals and require new solicitations to be issued. Strategic Plan: Strategic Plan Application: Climate Action Application: Is this a grant? No Grant Amount: Attachments: Type Description D Attachment Bid Extensions and Piggy® acs under $100,000 D Attachment Renewal Interest Letter ® Property Registration Champions, LLC ® 2022-2023 D Attachment Renewal Interest Letter ® Elite Medical Specialists, LLC ® 2022-2023 D Attachment Renewal Interest Letter ® Gentile Glas Holloway O'Mahoney &Associates® 2021-2022 D Attachment Renewal Interest Letter ® Schmidt Nichols- 2022- 2023 D Attachment Renewal Interest Letter ® The Mellgren Group. - 2022-2023 Page 147 of 580 CITY OF BOYNTON BEACH REQUESTS FOR BID EXTENSIONS AND PIGGY-BACKS UNDER $100,000 February 1, 2022 REQUESTING DEPARTMENT: DEVELOPMENT— COMMUNITY STANDARDS DEPARTMENT CONTACT:Adam Temple, Director of Development TERM: March 1, 2022, to February 28, 2023 SOURCE FOR PURCHASE: RLI 001-2019 ACCOUNT NUMBER: Revenue Generating VENDOR(S): PROPERTY REGISTRATION CHAMPIONS, LLC ANNUAL ESTIMATE: Revenue Generating$75,000.00 DESCRIPTION: On April 2, 2019, Commission authorized the City Manager to sign the Agreement Resolution R19-038, between the City of Boynton Beach and Property Registration Champions dba ProChamps of Melbourne, FL for the Administrator of Records for Abandoned, foreclosed, and vacant properties with Property Registration Champions, LLC as a cost free and revenue generating Agreement for the City. The Agreement allows for an initial (1)year period with three (3)additional one-year renewals. The vendor has agreed to renew the Agreement for the 31d one-year renewal term with the same terms, and conditions. REQUESTING DEPARTMENT: Fire Rescue DEPARTMENT CONTACT: Chief Bruder TERM: February 3, 2022, to February 2, 2023 SOURCE FOR PURCHASE: City of Boynton Beach RFP 005-2210-19/IT ACCOUNT NUMBER: 001-2210-522-34-51 VENDOR(S): ELITE MEDICAL SPECIALISTS, LLC ANNUAL ESTIMATE: $39,000.00 DESCRIPTION: On January 15, 2019, Commission approved the City Manager to sign an Agreement with Elite Medical Specialists, LLC of Jupiter, Florida for RFP No. 005-2210-19/IT for the Medical Director for Fire-Rescue. The Agreement was for an initial three (3) year period with the option to renew for two (2) additional one-year terms at the discretion of the City and based upon mutually agreeable rates. The vendor has agreed to renew the agreement for the 1 st one-year term with the same rates, terms, and conditions. REQUESTING DEPARTMENT: Development DEPARTMENT CONTACT: Michael Rumpf TERM: February 15, 2022, to February 14, 2023 SOURCE FOR PURCHASE: City of Boynton Beach RFQ 049-2410-1711T ACCOUNT NUMBER VENDOR(S): GENTILE GLAS HOLLOWAY O'MAHONEY AND ASSOCIATES; SCHMIDT NICHOLS; THE MELLGREN PLANNING GROUP ANNUAL ESTIMATE: $5,000 DESCRIPTION: On February 6, 2018, Commission approved the City Manager to sign individual Agreements with Gentile Glas Holloway O'Mahoney and Associates, Schmidt Nichols, and The Mellgren Planning Group Elite Medical for RFQ No. 049-2410-17/IT for General Planning Services. The Agreement was for an initial three (3) year period with the option to renew for two (2) additional one-year terms. All vendors have agreed to renew their agreement for the 1St one-year term with the same terms and conditions. The Ciftj of Boynton Beach Finance/Procurement Services 100 E. Ocean Avenue Boynton Beach, FL 33435 P.O. Box 310 -s Boynton Beach, Florida 33425-0310 Telephone No:(561) 742-6310 January 4, 2022 David Mulberry, PresidenUCEO Property Registration Champions, LLC VIA EMAIL TRANSMITTAL TO: cshiflett(d_)cchampions.com RFI: ADMINISTRATOR OF RECORD FOR ABANDONED, FORECLOSED, AND VACANT PROPERTIES RFI No.: 001-2019 CURRENT AGREEMENT TERM: MARCH 9, 2029 —FEBRUARY 28, 2022 Dear Mr. Mulberry: The current agreement term for"Administrator of Record for Abandoned, Foreclosed, and Vacant Properties" expires February 28, 2022. The agreement documents allow for three (3)additional one-year renewals. The City of Boynton Beach would like to renew this agreement for its 31d renewal for an additional one-year period with the same terms, and conditions. Please indicate your response on the following page and return it to Procurement Services along with the company's update COI via email to prattt(a_bbfi.us at your earliest convenience. If you should have any questions, please do not hesitate to contact Taralyn Pratt, Contract Administrator at(561) 742-6308. Sincerely, 1*6'. a�� Mara Frederiksen Director of Financial Services Cc: Adam Temple, Director of Community Standards tp America's Gateway to the Gulf Stream Page 150 of 580 The City Boynton Beach Finance/Procurement Services 100 E. Ocean Avenue Boynton Beach,FL 33435 P.O. Box 310 Boynton Beach,Florida 33425-0310 Telephone No:(561) 742-6310 January 4, 2022 RFI: ADMINISTRATOR OF RECORD FOR ABANDONED, FORECLOSED, AND VACANT PROPERTIES RFI No.: 001-2019 Agreement between the CITY OF BOYNTON BEACH and PROPERTY REGISTRATION CHAMPIONS, LLC AGREEMENT RENEWAL TERM: MARCH 1,2022—FEBRUARY 28, 2023 X_ Yes, I agree to renew the existing agreement under the same terms, and conditions for an additional one-year term_ No, I do not wish to renew the bid for the following reason(s) PROPERTY REGISTRATION CHAMPIONS LLC NAME OF COMPANY SrN11Robert Mannarino C NAME OF REPRESENTATIVE TITLE (please print) 01/05/2022 13211421-6639 DATE (AREA CODE)TELEPHONE NUMBER RMannarinogprochamps.com E-MAIL America's Gateway to the Gulf Stream Page 151 of 580 The City of Boynton Beach Finance/Procurement Services 100 E. Ocean Avenue Boynton Beach, FL 33435 P.O. Box 310 Boynton Beach, Florida 33425-0310 Telephone No:(561) 742-6310 January 10, 2022 Kenneth A. Scheppke, MD, FAAEM Elite Medical Specialists, LLC P.O. Box 2764 Jupiter, FL 33468 VIA EMAIL TRANSMITTAL TO: KScheppkep_comcast.net RFP: MEDICAL DIRECTOR FOR FIRE - RESCUE RFP No.: 005-2210-19/IT CURRENT AGREEMENT TERM: FEBRUARY 3, 2019—FEBRUARY 2, 2022 Dear Mr. Scheppke: The current agreement term for "Medical Director for the City's Emergency Medical Services Program (EMS)" expires February 2, 2022. The contract documents allow for two (2) additional one-year renewals. The City of Boynton Beach would like to renew this contract for its 1St renewal for an additional one-year period with the same terms, conditions, and pricing. Please indicate your response on the following page and return it to Procurement Services along with the company's update COI via email to pratttp_bbfl.us at your earliest convenience. If you should have any questions, please do not hesitate to contact Taralyn Pratt, Contract Administrator at (561) 742-6308. Sincerely, in" Mara Frederiksen Director of Financial Services Cc: Midline Civil, Finance Coordinator tp America's Gateway to the Gulf Stream Page 152 of 580 The City of Boynton Beach Finance/Procurement Services 100 E. Ocean Avenue Boynton Beach, FL 33435 P.O. Box 310 Boynton Beach, Florida 33425-0310 Telephone No:(561) 742-6310 January 10, 2022 RFP: MEDICAL DIRECTOR FOR FIRE - RESCUE RFP No.: 005-2210-19/IT Agreement between the CITY OF BOYNTON BEACH and ELITE MEDICAL SPECIALISTS, LLC. AGREEMENT RENEWAL TERM: FEBRUARY 3, 2022— FEBRUARY 2, 2023 X Yes, I agree to renew the existing agreement under the same terms, conditions, and pricing for an additional one-year term. No, I do not wish to renew the bid for the following reason(s) ELITE MEDICAL SPECIALISTS, LLC NAME OF COMPANY SIGNATURE Kenneth A Scheppke, MD, FAEMS President NAME OF REPRESENTATIVE TITLE (please print) January 11, 2022 561-436=2291 DATE (AREA CODE)TELEPHONE NUMBER KScheppkea.EliteMedical.net E-MAIL America's Gateway to the Gulf Stream Page 153 of 580 The City of Boynton Beach Finance/Procurement Services 100 E. Ocean Avenue Boynton Beach, FL 33435 P.O. Box 310 Boynton Beach, Florida 33425-0310 Telephone No:(561) 742-6310 January 12, 2022 Dodi Glas Gentile Glas Holloway O'Mahoney&Associates 1907 Commerce Lane, Suite 101 Jupiter, FL 33458 VIA EMAIL TRANSMITTAL TO: dodio_2gho.com; jessicao_2gho.com RFQ: GENERAL PLANNING SERVICES RFQ No.: 049-2410/17/IT CURRENT AGREEMENT TERM: FEBRUARY 15, 2021 —FEBRUARY 14, 2022 Dear Dodi Glas: The current contract term for"GENERAL PLANNING SERVICES" expires February 14, 2022. The contract allows for two (2)additional one (1)year extensions. The City of Boynton Beach would like to extend the bid for its 2nd renewal for an additional one-year period with the same terms and conditions. Please indicate your response on the following page and return it to Procurement Services via email to pratttp_bbfl.us at your earliest convenience. If you should agree to renew, please include the company's updated Certificate of Insurance (COI) naming the City as an additional insured. If you should have any questions, please do not hesitate to contact Taralyn Pratt, Contract Administrator at (561)742-6308. Sincerely, in" a�� Mara Frederiksen Director of Financial Services Cc: Patsy Grissom, Development Services Operations Manager Michael Rumpf, Planning &Zoning Administrator Amanda Radigan, Principal Planner tp America's Gateway to the Gulf Stream Page 154 of 580 The City of Boynton Beach Finance/Procurement Services 100 E. Ocean Avenue Boynton Beach, FL 33435 P.O. Box 310 Boynton Beach, Florida 33425-0310 Telephone No:(561) 742-6310 January 12, 2022 RFQ: GENERAL PLANNING SERVICES RFQ No.: 049-2410-17/IT Agreement between the CITY OF BOYNTON BEACH and GENTILE GLAS HOLLOWAY O'MAHONEY& ASSOCIATES. AGREEMENT RENEWAL TERM: FEBRUARY 15, 2022—FEBRUARY 14, 2023 X Yes, I agree to renew the existing agreement under the same terms and conditions for an additional one-year term. No, I do not wish to renew the bid for the following reason(s) GENTILE GLAS HOLLOWAY O'MAHONEY AND ASSOCIATES 7� NAME OF COMPANY SIGNATURE George G. Gentile President NAME OF REPRESENTATIVE TITLE (please print) January 18, 2022 561-575-9557 DATE (AREA CODE)TELEPHONE NUMBER Georgea-2gho.com E-MAIL America's Gateway to the Gulf Stream Page 155 of 580 The City of Boynton Beach Finance/Procurement Services 100 E. Ocean Avenue Boynton Beach, FL 33435 P.O. Box 310 Boynton Beach, Florida 33425-0310 Telephone No:(561) 742-6310 January 12, 2022 Jon E. Schmidt, President Schmidt Nichols 1551 N. Flager Drive, Suite 102 West Palm Beach, FL 33401 VIA EMAIL TRANSMITTAL TO: ischmidt@snlandplan.com RFQ: GENERAL PLANNING SERVICES RFQ No.: 049-2410/17/IT CURRENT AGREEMENT TERM: FEBRUARY 13, 2021 —FEBRUARY 12, 2022 Dear Mr. Schmidt: The current contract term for"GENERAL PLANNING SERVICES" expires February 12, 2022. The contract allows for two (2) additional one (1)year extensions. The City of Boynton Beach would like to extend the bid for its 2nd renewal for an additional one-year period with the same terms and conditions. Please indicate your response on the following page and return it to Procurement Services via email to prattt@bbfl.us at your earliest convenience. If you should agree to renew, please include the company's updated Certificate of Insurance (COI) naming the City as an additional insured. If you should have any questions, please do not hesitate to contact Taralyn Pratt, Contract Administrator at (561) 742-6308. Sincerely, lyk. a�� Mara Frederiksen Director of Financial Services Cc: Patsy Grissom, Development Services Operations Manager Michael Rumpf, Planning &Zoning Administrator Amanda Radigan, Principal Planner tp America's Gateway to the Gulf Stream Page 156 of 580 The City of Boynton Beach Finance/Procurement Services 100 E. Ocean Avenue Boynton Beach, FL 33435 P.O. Box 310 Boynton Beach, Florida 33425-0310 Telephone No:(561)742-6310 January 12, 2022 RFQ: GENERAL PLANNING SERVICES RFQ No.: 049-2410-17/IT Agreement between the CITY OF BOYNTON BEACH and SCHMIDT NICHOLS AENT RENEWAL TERM: FEBRUARY 13, 2022—FEBRUARY 12,2023 7es, I agree to renew the existing agreement under the same terms and conditions for an additional one-year term. No, I do not wish to renew the bid for the following reason(s) SCHMIDT NICHOLS ;�o'�o7 / NAME OF COMPANY SI Jon E.Schmidt President NAME OF REPRESENTATIVE TITLE (please print) 1/18/2022 561-684-6141 DATE (AREA CODE) TELEPHONE NUMBER ischmidt@snlandplan.com E-MAIL America's Gateway to the Gulf Stream Page 157 of 580 The City of Boynton Beach Finance/Procurement Services 100 E. Ocean Avenue Boynton Beach, FL 33435 P.O. Box 310 Boynton Beach, Florida 33425-0310 Telephone No:(561) 742-6310 January 12, 2022 Michele Mellgren, President The Mellgren Planning Group A Sepi Company 3350 NW 53rd Street, Suite 101 Fort Lauderdale, FL 33309 VIA EMAIL TRANSMITTAL TO: mmeligrenpsepiinc.com RFQ: GENERAL PLANNING SERVICES RFQ No.: 049-2410/17/IT CURRENT AGREEMENT TERM: FEBRUARY 22, 2021 —FEBRUARY 21, 2022 Dear Ms. Mellgren: The current contract term for"GENERAL PLANNING SERVICES" expires February 21, 2022. The contract allows for two (2)additional one (1)year extensions. The City of Boynton Beach would like to extend the bid for its 2nd renewal for an additional one-year period with the same terms and conditions. Please indicate your response on the following page and return it to Procurement Services via email to pratttp_bbfl.us at your earliest convenience. If you should agree to renew, please include the company's updated Certificate of Insurance (COI) naming the City as an additional insured. If you should have any questions, please do not hesitate to contact Taralyn Pratt, Contract Administrator at (561)742-6308. Sincerely, Mara Frederiksen Director of Financial Services Cc: Patsy Grissom, Development Services Operations Manager Michael Rumpf, Planning &Zoning Administrator Amanda Radigan, Principal Planner tp America's Gateway to the Gulf Stream Page 158 of 580 The City of Boynton Beach Finance/Procurement Services 100 E. Ocean Avenue Boynton Beach, FL 33435 P.O. Box 310 Boynton Beach, Florida 33425-0310 Telephone No:(561) 742-6310 January 12, 2022 RFQ: GENERAL PLANNING SERVICES RFQ No.: 049-2410-17/IT Agreement between the CITY OF BOYNTON BEACH and The Mellgren Planning Group, A Sepi Company AGREEMENT RENEWAL TERM: FEBRUARY 22, 2022—FEBRUARY 21, 2023 X Yes, I agree to renew the existing agreement under the same terms and conditions for an additional one-year term. No, I do not wish to renew the bid for the following reason(s) THE MELLGREN PLANNING GROUP, A SEPI COMPANY NAME OF COMPANY SIGNATURE Michele Mellgren, AICP Vice President - Planning; NAME OF REPRESENTATIVE TITLE (please print) 1.13.22 954-475-3070 DATE (AREA CODE)TELEPHONE NUMBER MMell reg n@sepiinc.com E-MAIL America's Gateway to the Gulf Stream Page 159 of 580 6.E. Consent Agenda 2/11/2022 City of Boynton Beach Agenda Item Request Form Commission Meeting Date: 2/1/2022 Requested Action by Commission: Proposed Resolution No. R22-025—Approve and authorize the City Manager to sign an Agreement with Florida Atlantic University Board of Trustees, on behalf of The John Scott Dailey Florida Institute of Government at Florida Atlantic University of Boca Raton, FL to provide strategic planning support services in the amount not-to-exceed $24,000. Explanation of Request: The City is in the process of updating the FY 20/21 Strategic Plan for FY 22/23 and developing a 5-Year Strategic Plan for FY 23 through FY 28 that will advance the City's vision of a welcoming and prosperous coastal community with a high quality of life that exemplifies equitable neighborhood economic and environmental sustainability and resiliency. Staff recommends continuing the strategic planning support services with Florida Atlantic University through a professional services agreement with The John Scott Dailey Florida Institute of Government in partnership with Trainnovations to support an update to the FY 20/21 Strategic Plan for FY 22/23 and the development of the FY 23 through FY 28 (5-Year Strategic Plan). How will this affect city programs or services? This will provide the City with strategic planning support for an update to the FY 20/21 Strategic Plan for FY 22/23 and the development of the FY 23 through FY28 (5-Year Strategic Plan). Fiscal Impact: Budgeted - Not--To-Exceed $24,000 Alternatives: N/A Strategic Plan: Building Wealth in the Community Strategic Plan Application: The plan will advance the City's vision of a welcoming and prosperous coastal community with a high quality of life that exemplifies equitable neighborhood economic and environmental sustainability and resiliency that will attract investment, support stable communities and create jobs. Climate Action Application: Is this a grant? Grant Amount: Attachments: Page 160 of 580 Type Description D Resolution Resolution approving FAU Professional Services Agreement D Agreement FAU Professional Services Agreement D Exhibit Exhibit A Scope of Work Page 161 of 580 1 RESOLUTION R22- 2 3 A RESOLUTION OF THE CITY OF BOYNTON BEACH, FLORIDA, 4 APPROVING AND AUTHORIZING THE CITY MANAGER TO SIGN AN 5 AGREEMENT WITH FLORIDA ATLANTIC UNIVERSITY BOARD OF 6 TRUSTEES,ON BEHALF OF THE JOHN SCOTT DAILEY FLORIDA INSTITUTE 7 OF GOVERNMENT AT FLORIDA ATLANTIC UNIVERSITY OF BOCA RATON, 8 FL TO PROVIDE STRATEGIC PLANNING SUPPORT SERVICES IN THE 9 AMOUNT NOT-TO-EXCEED $24,000.00; AND PROVIDING AN EFFECTIVE 10 DATE. 11 12 WHEREAS, the City is in the process of updating the FY 20/21 Strategic Plan for FY 22/23 13 and developing a 5-Year Strategic Plan for FY 23 through FY 28 that will advance the City's vision 14 of a welcoming and prosperous coastal community with a high quality of life that exemplifies 15 equitable neighborhood economic and environmental sustainability and resiliency; and 16 WHEREAS, staff recommends continuing the strategic planning support services with 17 Florida Atlantic University through a professional services agreement with The John Scott Dailey 18 Florida Institute of Government in partnership with Trainnovations to support an update to the 19 FY 20/21 Strategic Plan for FY 22/23 and the development of the FY 23 through FY 28 (5-Year 20 Strategic Plan); and 21 WHEREAS, the City Commission of the City of Boynton Beach upon recommendation of 22 staff, deems it to be in the best interest of the citizens and residents of the City of Boynton Beach 23 to approve and authorize the City Manager to sign an Agreement with Florida Atlantic University 24 Board of Trustees, on behalf of The John Scott Dailey Florida Institute of Government at Florida 25 Atlantic University of Boca Raton, FL to provide strategic planning support services in the amount 26 not-to-exceed $24,000.00. 27 NOW, THEREFORE, BE IT RESOLVED BY THE CITY COMMISSION OF THE CITY OF 28 BOYNTON BEACH, FLORIDA, THAT: S:ACA\RESO\Agreements\John Scott Dailey Inst Agreement to review Strategic Plan(2022-23)-Reso.docx Page 162 of 580 29 30 Section 1. The foregoing "Whereas" clauses are hereby ratified and confirmed as 31 being true and correct and are hereby made a specific part of this Resolution upon adoption 32 hereof. 33 Section 2. The City Commission of the City of Boynton Beach hereby approves and 34 authorizes the City Manager to sign an Agreement with Florida Atlantic University Board of 35 Trustees, on behalf of The John Scott Dailey Florida Institute of Government at Florida Atlantic 36 University of Boca Raton, FL to provide strategic planning support services in the amount not-to- 37 exceed $24,000.00, a copy of the Agreement is attached hereto and made a part here as Exhibit 38 "A". 39 Section 3. That this Resolution shall become effective immediately upon passage. 40 PASSED AND ADOPTED this 1 st day of February, 2022. 41 CITY OF BOYNTON BEACH, FLORIDA 42 YES NO 43 Mayor— Steven B. Grant 44 45 Vice Mayor—Woodrow L. Hay 46 47 Commissioner—Justin Katz 48 49 Commissioner— Christina L. Romelus 50 51 Commissioner—Ty Penserga 52 53 VOTE 54 ATTEST: 55 56 57 Crystal Gibson, MMC 58 City Clerk 59 60 (Corporate Seal) S:ACA\RESO\Agreements\John Scott Dailey Inst Agreement to review Strategic Plan(2022-23)-Reso.docx Page 163 of 580 FLORIDA ATLANTIC UNIVERSITY PROFESSIONAL SERVICES AGREEMENT This Professional Services Agreement ("Agreement") is entered into as of ("Effective Date"), by and between the Florida Atlantic University Board of Trustees, a public body corporate of the State of Florida, on behalf of The John Scott Dailey Florida Institute of Government at Florida Atlantic University,with an address of 777 Glades Road, Building 44, Room 206, Boca Raton, FL 33431 ("FAU" or "University"), and the City of Boynton Beach, a Municipality with a business address of 100 East Ocean Avenue, Boynton Beach, Florida 33735, ("Client"). In consideration of the mutual covenants and stipulations set forth herein,the parties hereby agree as follows: 1. University agrees to provide and Client agrees to accept the services set forth on Exhibit A attached hereto (the "Services") in accordance with the terms of this Agreement. University shall control the manner in which the Services are provided, giving due consideration to the requests of Client. Unless otherwise mutually agreed, the Services shall be performed at Client's premises. 2. This Agreement is legally binding as of the Effective Date, and, unless terminated as provided herein or extended by mutual written agreement of the parties, shall continue until the Services have been completed. University may terminate this Agreement at anytime for any reason upon written notice to Client. 3. Client agrees to pay University for the Services during the term hereof in accordance with the rates and terms set forth on Exhibit A attached hereto. Unless otherwise specified, payments shall be due within thirty(30) days of receipt of a University invoice. Late payments shall bear interest at 1% per month. 4. The performance of the University of the Services shall be subject to and contingent upon the availability of funds appropriated by the state legislature or the prime funding agency, or otherwise lawfully expendable for the purpose of the Services for the current and future periods. 5. All documents, papers, letters or other material made or received in conjunction with the Services shall be subject to the provisions of Chapter 119, Florida Statutes. 6. Any renewals, amendments, alterations or modifications pertaining to the Services must be signed or initialed and approved by all parties. 7. The provision of the Services and the validity,construction and effect of this Agreement shall be governed by the laws of the State of Florida. The University, as a public entity of the State of Florida, is entitled to the benefits of sovereign immunity coextensive therewith, including immunities from taxation. 8. Neither party may,without the advance written approval of the other party,assign any right or delegate any duties pertaining to the Services. 9. No default, delay or failure to perform shall be considered a default, delay or failure to perform otherwise chargeable, hereunder, if such default, delay or failure to perform is due to causes beyond either party's reasonable control including, but not limited to, strikes, lockouts or inactions of governmental authorities; epidemics; war; embargoes, fire; earthquake; acts of God; default of common carrier. In the event of such default, delay or failure to perform, any date or times 8-5-07 Page 164 of 580 by which a party is otherwise scheduled to perform shall be extended automatically for a period of time equal in duration to the time lost by reason of the excused default, delay or failure to perform. 10. The University makes no warranties of any kind, express or implied, pertaining to the Services, and to the maximum extent permitted by law, disclaims all warranties and conditions, either express or implied, pertaining to the Services. 11. To the maximum extent permitted by law, in no event shall University be liable for any special, incidental, indirect, or consequential damages whatsoever, pertaining to the Services (including,without limitation, damages for loss of business profits, business interruption,or any other pecuniary loss, including legal fees),whether for a breach of contract, failure of essential purpose, negligence or otherwise, even if the party has been advised of the possibility of such damages. 12. Neither party may use or make reference to the other party or any trade names,trademarks, service marks, logos or other designations of the other party except to the extent and in the manner which is expressly provided for in writing by the other party. 13. University reserves all rights with respect to the Services and materials provided by University or the work-product developed by University in connection with the Services. Nothing herein shall purport to grant or convey any interest or right to the University's services, materials or work-product or grant any exclusivity with respect thereto. (REMAINDER OF PAGE INTENTIOANLLY LEFT BLANK) 2 Page 165 of 580 IN WITNESS WHEREOF, the parties have caused this Agreement to be executed. CITY: ATTEST: CITY OF BOYNTON BEACH By: Crystal Gibson, City Clerk Lori Laverriere, City Manager APPROVED AS TO FORM: Office of the City Attorney FLORIDA ATLANTIC UNIVERSITY BOARD OF TRUSTEES, on behalf of The John Scott Dailey Florida Institute of Government at Florida Atlantic University Signature Name Title Date Attest/Authenticated: (Corporate Seal) By: 3 Page 166 of 580 Proposal Submitted by the John Scott Dailey Florida Institute of Government at Florida Atlantic University in partnership with Trainnovations Exhibit A Fiscal Year 2022 — Proposal Revised 12/20/21 The City will take the lead in the development of the plan. Trainnovations proposes to support the City of Boynton Beach in the Phase One Commission interactions and presentations, by fiscal year. Trainnovations will prepare, participate and facilitate the 3 Commission Sessions (see below) in April 2022, July 2022 and January 2023. The fee, including the FAU Institute of Government administrative cost. and 3o hours of preparational work is $$11,700: • FY 22 - $8775 (4.5 hours of meeting time plus 22.5 hours of prep time) • FY 23 - $2925 (1.5 hours of meeting time plus 7.5 hours of prep time) • Additional hours of service are $325/hour. This is the Trainnovations Team Rate. The team selected for this project includes a Project Manager, Six Sigma Project Lead, and Human Resources Specialist. 1.1 Strategic Alignment Workshop — Mayor and Commission (3 hours) The Department of Economic Development and Strategy(ED) team will serve as the lead facilitator for the strategic alignment activities in this workshop to build a unified foundation among the Mayor and Commission to begin the strategic planning process. 1.5 City Commission: Setting Expectations for process and info-to-date (1.5 hours) The ED will facilitate an engagement with City leadership to share the action steps for the strategic planning process, discuss Commission member expectations and participation as well as review the relevant requirements of the Sunshine Law. The specific agenda will be determined in consultation with the City Manager and Departmental Managers. 1.12 Commission Workshop: Review info-to-date and Next Steps (1.5 hours) The ED team will prepare a presentation and report of the Resident Survey Results, Community Forum I, as well as the Employee Survey and Forum. This presentation will outline activities and conclusions, solicit comment on the overarching vision and goals resulting from the Community Forum, and solicit Commission approval to proceed to Phase Two of the Strategic Planning Process. Page 167 of 580 6.F. Consent Agenda 2/1/2022 City of Boynton Beach Agenda Item Request Form Commission Meeting Date: 2/1/2022 Requested Action by Commission: Approve minutes from the January 18, 2022 City Commission meeting. Explanation of Request: The City Commission met on January 18, 2022 and minutes were prepared from the notes taken at the meeting. The Florida Statutes provide that minutes of all Commission meetings be prepared, approved and maintained in the records of the City of Boynton Beach. How will this affect city programs or services? A record of the actions taken by the City Commission will be maintained as a permanent record. Fiscal Impact: Alternatives: Approve, amend and approve, or do not approve the minutes. Strategic Plan: Building Wealth in the Community Strategic Plan Application: Climate Action Application: Is this a grant? Grant Amount: Attachments: Type Description Minutes Minutes 02®01®2022 Page 168 of 580 Minutes of the City Commission Meeting Held Online Via the GoToWebinar Platform and In-Person at the City Hall Commission Chambers 100 East Ocean Avenue, Boynton Beach, Florida On Tuesday, January 18, 2022 at 5:30 P.M. Present: Mayor Steven B. Grant Lori LaVerriere, City Manager Vice Mayor Woodrow L. Hay James Cherof, City Attorney Commissioner Justin Katz Crystal Gibson, City Clerk Commissioner Christina L. Romelus Commissioner Ty Penserga 1. Openings A. Call to Order - Mayor Steven B. Grant Mayor Grant called the meeting to order at 5:32 p.m. Roll Call City Clerk Crystal Gibson called the roll. A quorum was present. Invocation by Pastor David McCaman, First Baptist Boynton Pastor David McCaman was not in attendance. The Invocation was given by Vice Mayor Hay. Pledge of Allegiance to the Flag led by Commissioner Penserga Commissioner Penserga led the Pledge of Allegiance to the Flag. Agenda Approval- 1. pproval:1. Additions, Deletions, Corrections 2. Adoption Mayor Grant tabled Item 11 B until the February 1 meeting, removed Item 11 C from the Agenda and added Item 5C to the agenda. Commissioner Penserga would like to add an item under Administrative to allocate $500 of his Community Support Funds to the Boca Raton's Promise Organization to support the Boynton Beach Mental Health Committee. Mayor Grant would also like to donate $500. *Common terminology that may offend people is noted with asterisks. Page 169 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 Motion Vice Mayor Hay moved to approve the agenda as amended. Commissioner Katz seconded the motion. The motion passed unanimously. 2. Other A. Informational items by the Members of the City Commission. Commissioner Katz had no disclosures. Commissioner Romelus had no disclosures. Commissioner Penserga disclosed he had a conversation with a former Judge Rand Hoch from Palm Beach County's Human Rights Council regarding Item 10A. Vice Mayor Hay had no disclosures. Mayor Grant disclosed that he attended the Palm Beach County Days on January 11-12 in Tallahassee, he met with Representatives Slosberg-King, and Casello, Senators Powell and Berman, and Commissioner of Agriculture and Consumer Affairs Nikki Fried. He also noted a conversation with a representative from the Palm Beach County Fire Department. Discussion ensued about the Department's ability to assist with annexation of outside areas if they move from the Boynton Beach Fire Department into the Palm Beach County Fire Department. He also attended a Dogs on the Beach event on January 15th and expressed appreciation to the Parks and Recreation staff. Later that night, he attended the Historical Society's Highwayman presentation. On January 17th, he attended the MLK Day of Service in the morning and the Reverend Martin Luther King Jr. Celebration and Commemoration event in the afternoon. He thanked City Staff and the MLK Committee. On January 18th, he met with C. Ron Allen of the KOP Mentoring Network and Andrew Lofholm from CBS 12. Vice Mayor Hay disclosed that he attended the Palm Beach County Days. On January 17th, he attended the MLK Celebration and thanked the Boynton Beach Police Department, City Staff, and City residents. 3. Announcements, Community and Special Events and Presentations A. General Election Proclamation for March 8, 2022 - presented by Mayor Steven B. Grant. Mayor Grant proclaimed the General Election will be held on March 8, 2022, to elect one (1) Commissioner from District 1, one (1) Commissioner from District 3, at Mayor-At-Large to serve a three (3) year term, expiring March 2025. He listed the designated precinct 2 Page 170 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 polling locations. Mayor Grant asked if this election would coincide with the State House 88 Special Election. Ms. Gibson responded yes that it is the same date. Mayor Grant asked if there will be an early voting location for the municipal Election in Boynton Beach. Ms. Gibson replied that the early voting location will be at the Ezell Hester Community Center. B. Proclamation declaring January 23 - 29, 2022 Boynton Beach School Choice Week. Ron McCarthy, Principal of Quantum High School, will accept the proclamation. Ron McCarthy, Principal of Quantum High School, accepted the Proclamation and acknowledged Boynton Beach High School and the entire community. C. Proclamation recognizing January 4, 2022, as World Braille Day. The proclamation will be accepted by Larry McDowell, President of the Braille Club of Palm Beach County Inc. Larry McDowell, President of the Braille Club of Palm Beach County Inc., accepted the Proclamation and thanked the City. He noted they were formerly located in West Palm Beach for 52 years but are happy to be relocating to Boynton Beach. D. Presentation of the City's Climate Action Plan Annual Update by Rebecca Harvey, Sustainability Coordinator. Rebecca Harvey, Sustainability Coordinator, reviewed the Climate Action Plan Annual Update. She noted the City adopted the Plan on March 3, 2020, but acknowledged the sudden impact of COVID-19 two weeks later and how that shifted the City's focus to Public Health since. In 2020 and 2021, she shared, the United States experienced $42 billon in weather disasters. The City's greenhouse gas reduction targets are a 50% reduction from 2015 levels by 2035 and net zero emissions by 2050. The co-benefits of greenhouse gas reduction include cost savings, economic development, public health, ecosystem protection, and climate resilience. She explained emissions are tracked two ways. The first way is to track emissions from government operations and the second is tracking community-wide emissions. She noted the community-wide emissions are increasing, which can be attributed to the city-wide population increase of 10.4% from 2015 to 2020. In the community-wide emissions by sector breakdown, transportation decreased but stationary energy (electricity) and waste increased. She noted this data does not include the Tree Canopy Program. Ms. Harvey highlighted progress in key 3 Page 171 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 areas. She reviewed the next steps for the Climate Action Plan. Mayor Grant asked about the Sustainability Fund and if there is information or a button on the Utility webpage. Ms. Harvey replied there is no current plan how spending from the Sustainability Fund as they are focused on spending operational funds. She recalls discussion on a stand-alone button on the website and she deferred to any other City staff member who has more insight or a status update. Mayor Grant would like to see a deadline for that initiative so it can be promoted. He also noted his goal would be to use a few thousand dollars from the Sustainability Funding to plant nature flora around the lake at Echo Park. 4. Public Audience Individual Speakers Will Be Limited To 3 Minute Presentations (at the discretion of the Chair,this 3 minute allowance may need to be adjusted depending on the level of business coming before the City Commission) Bishop Bernard Wright, 713 NW 7t" Street, CEO of Bernard Wright Ministries, President of the Community Review Board. He stated there is a narrative that needs to be clipped. The narrative is this young man, Stanley Davis III, was riding his dirt bike recklessly on Boynton Beach Boulevard but he died on Federal Highway. Legally there is no connection with that and there is no substantial evidence. There was no crime. Only word of mouth. We know there is footage of him being gunned down, chasing someone, and breaking protocol. Seconds later, he is dead. This narrative needs to stop. It was not a traffic stop. This is making it seem like the parents are irresponsible and they poured their whole life into this child. He was an honor roll student. This spirit is for every child to strive for excellence because of this child. We are hearing the parents need to be charged on Facebook because of this narrative. The PBA and Police Union might control the meetings, but it comes from here. We do not want to hear no more of it. Let's look at this thing like it is supposed to be. There is no legality. It is a mockery and a farce. It is false narrative and systemic racism. We do not know what time or what point it was called in. We have an eyewitness connected with my family. Who was there to call for medical attention? I was there before they got there. A sheet was over him. We already have a Citizens Review Board and Latosha Clemons is the Vice President and I am the President. We are going to bring our table around your table until this investigation is over. I speak for and in support of this family and as your current candidate for Mayor, with eleven years of community activism. There is not a candidate running against me that can say they have done anything for these people. I support you all. Tina Hunter, SJ's grandmother, asked why the cop did not go over to SJ when he noticed him at the gas station. All of this could be avoided. He could have told SJ dirt bikes are not allowed. All of this could be avoided. He chose not to. He wanted to chase SJ and 4 Page 172 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 then tell a story about SJ driving recklessly. That is a lie. He came after him as soon as he saw him take off from the gas station. So why did he say he got him for reckless driving? His life and safety should have been more important than the chase, but he put the chase more important than his life. We do not need cops like that on the street because he does not care about human life, even if it is a child. Renee Morris, SJ's aunt, asked what it would take to get this officer off the force. Maybe losing his golf privileges. Losing his Laser privileges. Accused of raping a young lady. Three chases with no body cam or dash cam. No witnesses and him conducting the narrative. He is an animal. He is killing our kids with this car. What is it going to take? Killing one of your kids, one of the white kids. Yes, it is a race thing. He is a redneck, an animal, and does not deserve to be a Police officer. He came from Ft. Lauderdale and got kicked off the force for the way he was using his canine unit. You all felt the need to pick that scumbag up here to terrorize our community. This is not fair. I am pissed because my nephew is dead, and my other nephew is threatening to kill himself because of a racist. I know how to get him out of here. We get all of you out of here. I have been voting since I was 18 and it is time to vote you all out. You all do not care a d**n thing about our community. You came to the vigil for what. We do not want you there. You are full of crap and you are going along with them because you are running for the Senate. We are going to make sure you do not get on the Senate. Because you are full of crap too. Ester, 800 S. Federal Highway, stands with the Thompson and Davis Family. I am upset. I am outraged at the City of Boynton Beach and the Boynton Police Department. They are accountable for SJ's death. SJ was an intelligent child, from Headstart, to elementary school, to middle school and his life was robbed from him at the hands of Officer Mark Sohn. We need you guys to arrest this man and have him fired from the Police Department. He needs to be arrested. Like I heard it said earlier, when he saw SJ at the gas station, he could have stopped him. He could have put on the sirens on and said "Young man, put that bike up. I need you to call your parents." But no, he did not have good intentions. His heart was rotten. What did he do? Go behind the store and hunt this kid like he was a freaking animal. He would not have done that to nobody else. He needs to get off the force and we need dash cams. You cannot tell me, or anyone else in this room, that these Police cars do not have any dash cameras. You guys are trying to sweep this under the rug. You guys are responsible, and we demand justice. We want justice for SJ. This young man was a bright star. He could have been the next President. He could have been the next neurosurgeon. But we will never know, because of Mark Sohn. Does he have a wife? Does he have children? How can she lay up under this killer? He is responsible for three deaths already in the black community. I feel like every family should get together and sue the City of Boynton Beach and sue the Police Department. Maybe that way you guys will take him off the force. I myself was harassed by the Police Department. I have lived in Boynton most of my adult life. I go to businesses on 10th Avenue. I saw my son's friend and I said hi to him. Then I saw the Police pull up before me, so I thought "Let me get out of the way." He followed me and I knew he was following me. He followed me down streets. I stopped and he was like "Where are you going?" and 5 Page 173 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 1 am like "Tending to my business." Why are you harassing me? I was scared. I was terrified. I even had a male companion in the car with me at the time. I can just imagine how this baby felt. We are tired of this injustice. We bleed red just like you do. Mayor Grant asked I.T. if they have the hand raise feature enabled online for virtual attendees. I.T. staff confirmed it is enabled and there is one question so far. Commissioner Romelus reminded the audience there are two mics if people want to line up to make the process move along. Alonzo is hurt, angry, and mad by SJ's death. He said SJ was like a little brother to me, a little brother I never had because my mom had three girls and I am the only boy. So how I feel, words cannot explain. SJ is a good kid who tells me every morning to make sure I am up and ready for school. After we are done texting, he always says have a good day at school and I love you. He makes sure I make it to the bus stop on time, so I was to be an honor roll student just like him. I could not even get up the last few days because I did not get his text message. He did not deserve this. He was not a bad kid. My summer would not be the same because SJ made sure I was there for every game. SJ would wake me up or I would wake him up and make sure every Saturday he was ready to play his football game. SJ always looked forward to school and football and riding the bikes. It is not going to ever be the same no more. We need justice for SJ. Timothy Anderson said I do not feel good about Stanley's death because he was my main man, my right-hand man. My best friend. Now he is gone. Now we cannot spend nights together, hang together, and be there for each other. I feel like my life is in danger because I am a black man and I like to do the same thing as SJ did. When I see a cop car, I get scared because I do not know what is going to happen. Anything can happen to me. Kirsten, friend of Stanley's, said when she heard about his passing it broke her down. I could not believe what was going on because I had just seen him at Christmas. Stanley was an amazing child. He would never be in any drama and always stayed out of trouble. He was like a brother to me and his passing really hurt me. He would not want any of us to cry. I like to remember the great times like when I used to ride with him. Stanley was an amazing friend and always stuck up for his friends. He was never the type to let one of his friends to get bullied. Stanley is still a kind and loving person who puts a smile on all of our faces. Stanley is the type of person you look forward to seeing every day. Stanley is the type that made any one feel better. He was the best friend I ever had. LaToya, Kirsten's mom, said Mark Sohn is a serial killer employed by the City of Boynton Beach Police Department. All of you, every single last one of you, are just as guilty. This is not the first life he has taken, by breaking Police policy. Your policy. We get up here and we have three minutes and then you cut us off. He has taken three lives. When is it 6 Page 174 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 enough? I pray that each and every one of you do not get a peaceful moment until you do the right thing. I pray this on your mind, your heart, and your spirit. You all are just as guilty. Just as guilty. That baby should be here today. His parents should be getting up and getting him ready for school. Each and every one of you should be held accountable. But, we getting all you're a***s up out of here in March. You better believe it. Let's go baby. Shamarie Davis, SJ's cousin, said she is going to speak from the heart. Every time we have stuff like this, I just talk about the good times and stuff like that. Today, I am going to talk about a moment I had before dance practice. All day I was worrying about who was going to pick me up before practice so I can make it here before 6:00 p.m. If I ride the bus, I will get into Boynton around 6:10 p.m. and everything will be over. So, I am rushing, trying to call to see who is going to be able to pick me up and take me here. I am also just trying to get everything together. It was not the face that I would not get here. It was the fact that I would miss it. The thing is, he would have football games and other events, but I would not worry so much about getting there because there is a next time. There is another game next weekend that I could make it to instead. But I do not have a next time with this. I do not have a next time with nothing. That is what made me so angry, so mad, made me cry. If I miss it, I miss it. This was my one shot. If I miss it this is not a boomerang. I do not get to come back. I do not get another chance. This is all I got. This is my one shot. All I am trying to say is, you guys, of course you cannot have a trial. You cannot do the case over again for the same thing. You cannot do it. So, this is all our one shot. So, everything we do is going to be extreme. It is going to be so much and overwhelming because this is our one shot. We are going to do everything to get justice because it is our one shot. We do not have another chance so please help us and do right by us to help us make right by our one shot. Help me get there. Like I got here today. Help me get justice. Please. Help me get my one shot. Thank you. Tory Orr, 106 Ocean Breeze, stands with the family, stands with Shannon, and stands with the families on both sides. I just feel that this officer is not charged yet, he is not fired yet, he is still getting paid from the community. They are still paying this Officer. He has been off for seventeen (17) days, and we are still paying him. They are paying this Officer to sit at home and look at his family and chill and get paid. Is that fair? We are asking for accountability, and we are going to keep asking. We are demanding accountability for this officer to be fired and charged because a child lost his life. Like Shannon says, she will not have anyone to call her mom anymore. That is a miracle child. To see my cousin Stanley back there going through a lot. All of them are. Cousins. Aunts. It is weighing down on us. We are not going to keep asking for accountability. We know you all are supposed to do right. We pay you for that. This is our City Hall. Our Library. This is our stuff. This is our City. We put these people in these positions. We can get them out of there as well. The City of Boynton Police Department as the biggest bullies I have ever seen. I have been in Florida since 1985 and they were busting into my grandmother's house then. Way back in 1985 they have been putting down that thing on us in the black community. Like I have said before, Mark Sohn slammed me before. Good thing I had people there. He probably would have murdered me. This Officer needs to be held 7 Page 175 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 accountable. We just want this Officer fired. We do a lot in this City. We asking nicely. People saying what a bad parent my cousin is. How a bad parent Shannon is. What is going on with this? It is showing two Boyntons. Who are making these narratives up? Is it coming from City Hall? Is it coming from you? Why are these people making up these judgments? That is a child. I thought a child was a child. I did not know it needed to be a specific color. I want to tear up this d**n City Hall right now. I am not going nowhere. F**k you. Mayor Grant called time and asked Tory to leave. Pernell Davis, 832 NW 8t" Avenue, requested extra time, which was acknowledged by Mayor Grant. As we want to the Martin Luther King Celebration yesterday, and we did come in peace. I know you all want peace and quiet, but you cannot have both. We do not come in peace, and we are going to be loud every time. So, every event that is on your calendar is going to be disrupted by us. Every single time. Because we need to be heard and coming here for our three (3) minutes some people do not here it. These people are going to get tired of us coming and disrupting their stuff. We want accountability from the people in this room. I did a little bit of research. Every one of the people sitting up here is voted in except for (points to someone) you, Lori, and the Attorney. I also kept looking and Ms. Lori, you have been here since the first casualty he caused. You were the Interim City Manager in 2011 until December 2012 so you are only the common denominator. So, you and the Mayor have the power to hire and fire. Mayor Grant acknowledged he does not. Pernell Davis continued by saying the City Manager does have the power and they have not seen the problem yet. So, if you have not seen the problem them, what makes us think you'll see the problem now. It says in your Linkedln bio that you have 25 years of achievement including policy development and implementation. Your pursuit policy said it needs to be a felony to make them want to pursue. A forceable felony so, therefore, when he chased that guy in the car that ended up hitting and killing a 5-year-old, it was because he had an expired tag. I am pretty sure most of us here have made a mistake before and had an expired tag. We did not get in a high-speed chase. We did not run someone over with a car and are now facing life in prison. When Officer Sohn got what? Since 2012 your policy has been broken more than once by the same Officer who is still here. I wish this was a Q & A so you could answer some of these questions. Maybe we could have a meeting with you and Ms. Lori. I would love to talk to you. It says you oversee $172 million from the City with 70,000 citizens in this City. If you would misallocate or misappropriate $1 million, what would happen to you? You would probably be fired. So, these three lives that were taken, were not they worth at least $1 million? What happens when you break the policy?We all work here. We had jobs before. When we break policy, what happens? What is the difference here? The City is scared of the Union. We are not going nowhere. We got time. So, every time you have an event the rest of your citizens are going to be upset but we really do not care. I was told the only way we will get help or the City to see it our way is that it has to be give and take. God d**n, we gave a life. 8 Page 176 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 We ain't giving nothing else. I am going to say this again. Every single time you all have something we are going to be out there with our bullhorns. We have a right to be there. When you have your movie night on the lawn, you ain't going to hear nothing else but us. So, bring your chairs and bring your popcorn. We appreciate your time. Ms. Lori, you can hit me up if you want to have the meeting. Thank you. Carmen Morris, 333 12th Avenue, is Stanley Davis's mom and SJ's grandma. Mark Sohn, I really do not know this man. I cannot place his face. But I can remember many a time when my son, Stanley, was riding a dirt bike. They would bump him off his dirt bike. They would run him down. They would chase him. This young man is 38 years old now. It is been going on for so many years. They chase my son Stanley and now they chased my grandson and they killed him and at the scene, no car, no camera, no nothing. I am upset with the City of Boynton. I have been clean and sober for sixteen (16) years. I got rights. I want to see justice for my grandson. Mark Sohn is sitting at home, chilling and s**t, and getting paid on my money, on my dollar, and I do not feel like that is right. I do not mean to be disrespectful, but that s**t is disrespectful to my family, my son, his baby's momma. We need justice for SJ, Stanley Davis III. That is what I need. I am his grandma. When my son said he was having a baby and he needed his mom to be a better grandma I stopped doing drugs for that child. That dude kept me strong. Kept me out of the streets. Made me get a job. I have been a grandma for 17 years, not just 13, but when that dude came into the world, I changed my whole perspective of everything I did. Now my baby gone, and I do not understand that s**t. It ain't clear to me. That dude hunted my grandson. Who the h**I is Dogman? Then I hear all these stories about a grown man chasing these kids on bikes. My grandson might have looked like an adult, but he was not no f*****g adult. He was 13 years old, and that man did the most. He did the most running my grandson down. All he had to say was baby you cannot ride that bike. Call your people. I do not understand this s**t man. My heart is broken. He was a good dude. Excellent child. Spoiled rotten but he had respect for everybody. You all need to do something about that man or somebody else is. Bryce Graham, 2nd Vice President for the National Action Networks, Florida Chapter. Do you hear the pain and the cry of this community? If my math serves me correctly, three weeks ago, 23 days ago, 546 hours ago, 32,795 minutes ago, 1,967,728 second ago, when Stanley Davis I I I was pursued, and chased, and killed by your Officer. Where is the accountability in this City? I am glad his uncle said the City Manager, because it lies on you. So, I have come again to remind you that we are not going anywhere until we get justice. This city is fed up with your officers treating them any kind of way. It is not just this one officer. It is all of them. We have come to clean house in Boynton Beach. We have come with a couple of demands because it seems like there is a lag or glitch when it comes to you moving. Our demand is you stop lying and release the dash cam video and all the surrounding videos in the community. That is Federal Highway with businesses full of videos. Release the videos when Stanley Davis III was pursued and chased the day after Christmas. We have come with demands. We want to meet with you City Manager. We want to meet with all the Council and the Chief to get the answers that we need. But, number two, we want you to officially say who this Officer is in the media because the 9 Page 177 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 public know who it is. If you do not get to moving, we are going to bring national attention to this City, and you do not want the heat. Like I told you the last time, the searchlight is on. Demitri Gross is Stanley's uncle. I witnessed Officer Mark Sohn chase my nephew to his death. I was the third person on the scene after my nephew met his fatality. Officer Sohn was not rending aid and would not let me render aid to my nephew. He would not let me touch my nephew. I watched my nephew lay there and die. This cop did not give a f**k about SJ. Then I recognized who he was, and I have been having run-ins with Mark Sohn since I was 14 years old and I am four months shy of 40. 1 had a run-in with Mark Sohn three weeks ago. Mayor Grant, I see you in the community every day. I bet if I ran you're a** over, you all would have dash cams. You all would have everything. This cop has been harassing us for years. For f*****g years. F**k you too. This s**t ain't fair. You have been treating us like s**t for years. I ride down f*****g Boynton Beach Boulevard, go over 1-95, and your kids over there riding their bikes. No helmet. No parental supervision. When my nephew rides his bike, the only thing the neighbors complain about is the noise early in the morning. You all come across 1-95 and harass us daily. We cannot do nothing. We cannot stand out there and talk amongst each other without the Police bothering us and it is been going on for years. They try to harass us. They try to run us to our grave. But guess what? We gonna start fighting back so you're a** better get ready. John Dames, Boynton Beach resident for 58 years, works in Government. Born and raised in Cherry Hill. This has been happening with this Police Department for over 60 years. It is under your umbrella. You cannot tell me this kid had to lose his life like that. Everyone saw the video. You cannot tell me he did not have an opportunity to walk over to SJ. A real public servant would not have chased him. If that was his kid, he would not have chased him. If that was his neighbor's kid, he would not have chased him. So, Reverend Hay, I respect you but I am going to ask you a favor. Not because you represent District 2 and not because you have been Interim Mayor. That does not mean anything. I am asking you because you are a man of God. As a man of God, I am asking you to rebuke all these demonic spirits that is in the Police Department as I speak. As a man of God, I am asking you to connect to somebody in this City that has some discernment. Spirit recognizes spirit. Get higher. Change people. Tell people they are not going to hide behind Marshall Law and then go home and celebrate with a homemade margarita. The devil is a liar. This is just the beginning. This community is going to stick together. You have been killing us for 60 years. It does not happen in Delray. It does not happen in Boca.Why is itjust happening in this City? Because the demonic spirits in this Department have been passed down from generation to generation. Reverend Hay, rebuke it in Jesus' name. Shakira Green, lifelong resident, is here for two reasons. The first is releasing the dash cam videos.Why was not Mark's car equipped with the cam?Where is the video? Number two is to stop hiding this career criminal. Say his name. Show his ugly face. Put his whole name in the media. Show his face. Not just "Officer involved". It disgusts me to see the same panel as when we were here two weeks ago and to see nothing has been done. 10 Page 178 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 Twenty-three days and the family to Stanley III still do not have answers to what happened on December 26. We the people, have yet to get closure to what happened to a great friend, a brother, and a cousin. A great child to both his parents. To hear the children asking "what did you get for Christmas" to now. All these conversations are about death. I do not want to die. This is not right. Especially because are back here pleading with Boynton Beach to do the right thing. I guess no one up here has a conscience to do the right thing and to take it to the next level to lock this career criminal up. When you can no longer sleep and you see SJ's smile on the back of your eyelids, it is us the people. When you can no longer swallow or eat your food it is because in the back of your head you know this d**n man killed this d**n baby.When you ride down your pleasant neighborhood and you see protest signs with names of them for justice, that is us. When you have an itch that you cannot rid of in you are a**, that is us, the people. I think I want to become a Boynton Police Officer so I can kill people and go home on a paid vacation. Mark killed three people and had three paid vacations. Thank you. Shakira Prince, lifelong resident, and mother. My heart breaks for this family. I have personally witnessed Mark Sohn take children from our Community Center and have them placed down in handcuffs and zip ties. With parents willing up not knowing what was going on. This Officer was at the crime scene tape telling parents move back, get back, this is an active investigation, or you will be in handcuffs next. The only thing that made those officers take those handcuffs and zip ties off those children is when Channel 25 news pulled up. I am asking my community when they see a Police Officer who is not acting right to call the news. You cannot get your stories straight. Every time we turn around it is something different. We are being attacked as a community on your Boynton Beach Police Department page. What happened to vehicle two? Every single car is top- of-the-line. There is no realistic excuse for why there is no body cams or dash cams. It should automatically be done. You are riding around in state-of-the-art vehicles. Miami PD are still driving cars from 1990. We have cars with holographic images on the side and you do not even know it is a Boynton Beach Police Officer until you pull up on the side. There is no excuse for why we do not have what we need. If it was someone who looked like half the panel up here you guys would have dash cams, body cams, each and every video from businesses. If it was a white child killed by a black officer, we really would not be having this conversation right now at all. All we are asking for is accountability. Everyone knows Mark Sohn as the Dogman. I am not a career criminal. I go to work every day and even I have had a run-in with this man. I moved and when I come back to this City I am shaking in my boots when a Police Officer gets behind me because I am a black woman in America and it is so hard to just come to our City and visit our loved ones without feeling like we are going to be gunned down. I am scared to go buy a new car because I am scared you are going to pull me over. I'd rather ride in a bucket because you cannot progress in life and come back here and ride in this City. If you come in here with anything that is above your paygrade you do not like it and you pull us over every single time. We are going to get justice for SJ and everybody else. Stanley Davis, father of SJ, wants to share the affect the incident has on his family. At the end of the day, SJ was a kid. None of the things that transpired that day should have 11 Page 179 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 transpired. We do not live on this side of town. We live on the other side. In my community, it is my son and a couple of other white kids who ride their dirt bikes. The officers that police my neighborhood would call me with any neighbor complaints. There were times that I picked up my son and three other white kids. There was no chase and pursuit on that side of the bridge. I had run-ins with the Police. This is about patrolling certain communities, with different incomes and it is policed differently. I look at my son's friends and it is having a toll on them and a toll on me. My house was the summer house and it will not be that anymore. I took pride in having those kids in the summer where they have nowhere to go or nothing to do. That is 20-30 kids where I do not have control over their environment and knowing that they are safe. I am failing those kids. Look at me, I am 160 lbs. Before this incident, I was 190 lbs. I do not eat. I do not sleep. I have outbursts and I am violent. I am thinking about death, and I never felt like that. I was always a positive person no matter what happened to me, and I always knew I was strong. I cannot even look at his friends. It hurts me. I know I am not the man I once was to them. I would lay my life on the line for them but now I am weak. I do not like people to view me as weak. I am not asking for sympathy, and I do not want you all to see me cry. I am not here to bash you. I just want you to do what is right. Not only for me but for the community. You see the affect it is had on kids. His classmates call me. Do not fail the community. Do not fail the youth. It is about all the kids on that side of the bridge. I had to bring the kids to an event yesterday because they were terrified to come because the Police were going to be there. I got calls from certain individuals to think things are going to be out of control. It is not like that. We are not animals. We are not violent people. We might be emotional. We are just human. It does not affect you. I raised a son from a baby that I watched walk through the door every day and I would no longer feel that. You may understand but you cannot feel. I just want what is right. Stop painting a picture of my son of an individual he was not. He was not that person. My son was never on Boynton Beach Boulevard popping wheelies. You guys right the wrong. You guys know what happen. I am not pointing fingers at no one. I am more concerned at the outcome with this situation with my son and to better Boynton Beach. If you want a better community, you need to do your part to create a better relationship with the community. I always taught my son to be respectful. If you are scared, it is human nature to do what you think is right for you. I ran from them because I was scared. Does anyone on this panel feel like their life should be in jeopardy when they do something that is not right? You have the power and strength to do what is right. That is what we expect as a community. I do not want them to go through this again. I should be the last parent to feel this pain. Thank you. Carmen Morris spoke again about her son Stanley Jr. She said her son talked about killing himself last night on Facebook because his son is not there anymore. My baby has not cried since he was 3 years old. He is my strong son. I love all three of my boys. To see that he wrote "F**k life" on text this morning, that tore me up. He is not coming back. We are just asking for justice for Stanley Dale Davis III. 1 need justice for my grandson. We want peace. He raised SJ. He had him for 13 years and now he is gone. My son tore up and it hurts my heart. I was not there for them as a mother. I was out here on the streets, on drugs, the police chasing me. I could not do nothing but better myself. Clean and sober 16 years and helping my kids raising their kids. I have been in and out of jail. 12 Page 180 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 For 6 years in a row, I was in jail for Christmas and New Year's. I just need justice for my grandson. Antwon, resident, said on December 19th, you all chased us. I was with SJ. We turned around before Gateway and saw Dogman. SJ wrote a post about it later. It is not funny anymore because he is gone. You all always chase us. On January 1St, when we rallied and went to the Police Department you recorded us. You know you have dash cam video. Stop lying. If you can record us by the Hester Center, why do you say you do not have footage? I just want justice. That is it. Shakka Price said he does not know what it will take for this officer to be locked up. Mr. Hay, I saw you at the funeral, heard you speak, and say you were down with the family. If that is true and you are really down with us, you will not be sitting up there long. I think you know that. If you are really down with us, it will show. I want to know if you all saw the video of SJ being chased from the Chevron gas station? Mr. Grant is that a yes or a no. Mayor Grant replied yes. Did you see what actually occurred right before the officer was able to turn north? Did you see the car that he almost crashed into? So that means he put other lives in danger. He did. You do not want to admit it because you are on the hot seat. Let's say SJ was behind the wheel of a moving vehicle of a car, and he made a bad decision and it cost the life of another individual. Would SJ have gone home to his family that day? Would SJ have been charged? It is just so weird because I got beat up at the Hester Center and there were a million eyes around and it is so familiar, they did not have video at the gym either. It is 2022 and you still have vehicles with no dash cams? All this technology. If we sell any drug on 10th Avenue, you know. You roll up on us. It is harassment in our own city. What is it going to take to get the justice for SJ and the rest of the people? I saw the Dogman chase Cyrus. A kid dead from the same Officer. He is a serial killer. You all going to make it right? Or I am sorry Shannon, I am Stanley, I am sorry this happened to you. You gotta make that right or we are gonna make it right. Irving, resident, said you have learning moments as a young man. There is something that happens to black males, especially when they cross 10-11 years old, where you are no longer seen as a youth or kid that is learning. Why does a 13-year-old have to be smarter than this serial killer Mark Sohn?Why do we always have to be more responsible than those who are trained so we can survive? That s**t do not make no sense at all. We know what moves these rooms is money and influence. I am 36 and if a cop pulls up behind me, I get nervous. He is 13 years old and has not even lived enough live to understand how to maneuver and survive a moment. He is acting off of emotion and there are all these narratives that act like he needs to know this and that. He is 13 f*****g years old. Now he cannot have a learning moment. That is f****d up. This Mark Sohn serial killer dude needs to be locked up. There are bulls**t narratives that say what constitutes a chase? I am proud of Boynton Beach to continue to protest in the streets but you also got to play the legal and politics game. Deandre Benson, lifelong resident, had a few relatives that passed before but no one really at his age. SJ is not a family member. Just a kid I watched grow up. I idolized his 13 Page 181 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 father. I wanted to be a great father. I enjoyed every moment around SJ. He is talk about his dad a lot, rode bikes, and he was an all-around good kid. I ride bikes also. When SJ first started riding with me. I asked if you were ever in trouble by yourself with the law what would you do? He told me his dad said do not ever run, I will come help you. So, on that day, I know SJ was scared for his life. At the end of the day, everyone in the room knows SJ was a bright kid, and he was going to be something. I knew that. It should not have gone down like that. He had high school football coming up. Honor roll kid. SJ made me a better father. I love him and I hope he gets justice. Shalanda Bridges, Boca Raton, is hurt and disappointed. My son played football with SJ since he was 5-6 years old. All around good kid. Not one bad thing to say about this child. His father is broken. His mother is broken. Because someone you hired wanted to be a serial killer. He killed that child. We are not going nowhere. I will make time because we want justice. We are telling you we want justice. I am the mother of six children, and I cannot even fathom what they are going through. Whether you are white, black, purple, blue it ain't right. Whether they are riding here or out west at Boca it does not matter. Leave them the h**I alone and let them enjoy life. Now his a** is on vacation with our dollars. He is on vacation while we are suffering and crying. I have never seen Stanley cry. Ever. This did not have to happen, and it should never happen again. We want justice now. We demand justice now. We want answers. We want video. Today. Nikya, daughter of Cyrus Deal, said her dad was the first person this Officer was able to kill. My dad had a voice but he is not here to tell his side of the story. I did not know SJ, but his story touched me personally. I am 18 and my dad died when I was 8. He missed out on teen years of my life. I graduated high school and my dad could not be there for that. Ten birthdays passed and my daddy could not be there for that. I am just not understanding how he was able to kill three people. How did it get to three? Why did not you stop him at one? It just makes me so angry. I have two little brothers and I do not want them growing up around here with officers like this. When are you all going to stop it? I wish my dad was here to see me now. I have been doing hair for four years and I guarantee if my daddy was here, he would invest in my business, but he cannot because he is not here because of this officer. I am sure this officer has kids. How would he feel if someone did this to his children? This is this mom's only child. She no longer has anyone to call her mom. How does he sleep at night? He took three people. SJ did not have to die. If we get justice for SJ, we will get justice for my dad, and the little boy who died also. I wake up three times each night and every time I wake up I think about my dad and how my life would be if he was here. I cry myself back to sleep because my daddy is not here to see me grow. His kids see their dad. I really hope we get justice. Shannon Thompson, introduced herself as Stanley Dale Davis III, residing at the 300 block of Federal Highway, where he was killed. I took the liberty of looking at a few job descriptions on the panel. I noticed, Mayor, you have the ability to appoint and remove Department heads. Commissioners, your responsibility is to oversee management and administration and oversee the City's interests at the State and Federal level. I also took it upon myself to look at the job descriptions for the Boynton Beach Police Department. It 14 Page 182 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 clearly states part of the job is they are responsible for maintaining peace and safety, protecting life and property, and promoting community engagement and trusting of residents. Boynton Beach Police Officers service a diverse and highly multicultural community. Knowledge of basic first aid methods and mental health as part of their requirements. Under skills, they are to show compassion, emotional support, and empathy for others. Lastly, it says they are to accept responsibilities of their own actions. Part of the pursuit policy states "vehicular pursuits will be initiated only if the officer has reasonable belief that the person fleeing has committed a forceable felony. That is defined as murder, manslaughter, sexual battery, carjacking, home invasion, robbery, arson, kidnapping, serious aggravated assault, and battery." Stanley Dale Davis III had none of these. This officer blatantly violated the policy you have in place. Then, I looked at the role of Chief Michael Gregory and his requirements is to have extension experience working in Police Department, a solid knowledge of police methods and practice, excellent knowledge of Federal law and regulations. Why is he not reprimanding one of his staff members? It is preposterous that we are here demanding video footage to be released as if he does not exist and we know it exists. I also have the liberty of having a recording of this same Chief Michael Gregory on the scene on December 26, 2021, as my child lay there dead. You guys released an inaccurate statement and I asked him to recant the statement because those adjectives used against my child are very false, malice, and they are going to do destruction. This is one the scene but you guys were so pressed to release a statement without even having the facts, just opinions, to cover up what this officer did. In doing so, I asked him what are the policies and procedures of these vehicle? He did not know I was recording him. He stated all the vehicles are equipped with dash cams and they are to come on immediately when those lights are rendered. He then proceeded to say he does not know if that happened in this case. I am not asking about this case. I am asking what is your standard protocol and policy? For you to now be recanting, shows us to our face, you guys are covering up something and lying to us and that is what pisses me of. As a community, I want you all to know, we have the right to request records of the officers and everyone here. When we have tried to receive their records, it was a stop. I do not know why because under the Florida Freedom of Information Act, we are entitled to this information. So, why are we being stopped? It appears Boynton is incapable of the investigation because you guys are corrupt. I am here to get justice for my child. I am here to clarify some things that was part of the narrative. Let me state the facts. I just turned 32 in October, and I have been a nurse for over 10 years. I am responsible enough to care for your loved ones at the beginning of your life and sometimes I am the last one they see. I am responsible enough to serve as a Director of Nursing two times and currently serve as an Assistant Director of Nursing. I am responsible enough to go do traveling assignments. So, when they ask where his responsible parents are, she is right here. When they say it is about money I can go do a traveling assignment for 8 weeks and bring back $80,000 so this has nothing to do with money. I am a humble person. When they paint the narrative about Stanley, they need to paint it well, because he comes from responsible parents. He comes from a good background. I reside in new condos less than a mile away from the beach, paying $3,100 a month. So, this is not about us coming from poverty, not having the opportunities. He had the best of the best. Now, paint that narrative. 15 Page 183 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 Alicia Reeves said she might need longer than three minutes. She is SJ's aunt and Shannon's sister. I have not spoken throughout the case. I echo what everyone has said. We want justice. We want answers. The main thing that I have struggled with about this case is that we pleased with the Chief the day SJ died to have that statement changed. He refused to take it down. We compromised because we knew in the court of public opinion, he was already guilty. He character is being demolished. You all have allowed this narrative to remain and steadily updating the posts with these bull crap updates and it is so disheartening and disrespectful. We have shown you we are demanding accountability and transparency. You treat us like we are illiterate and idiots. This boy comes from a well pedigree family. I am an attorney. This boy would discuss the Constitution with me. He would pick my brain about reasonable suspicion and probable cause. This boy cannot call me anymore. He cannot ask me about the law. You all try us like we are primates. From this point forward, we are demanding tangibles. We want accountability. We want truthful updates. We want you all to stop lying to us like we are stupid. Stop spreading the false narratives. Stop allowing this agency to shield this officer. It is ok to cut ties with him. He messed up. It is ok to say my bad. Own it. We will take that. We should not have to threaten you with voting you out of your seats. You know the oath you all took. The last thing that bothers me about this case is that officer, as a public servant, did not render aid. If I hit someone as a civilian and I do not stop and render aid then I am charged with a crime, criminal negligence at the least. You cannot tell me this officer is not responsible for something. At the least, you all have to stop lying to us. I hate calling my sister because I am so fearful of how she will be. I have my two children here and she has none. I avoid her because I have no words for her. I cannot even look at Stanley in the face. From this day forward, we are just demanding tangibles. Stop lying to us. Period. Kayla Franklin is Shannon's sister and SJ's aunt. You could think when we put my nephew in the grave, we would have some type of closure because he was not the reason for his own demise, somebody else was. You, who put him in place, are not holding him accountable and that makes me angry. As a teacher, if I do not do what I am supposed to do, my Principal will hold me accountable. Not one is holding this man accountable after three deaths. After Cyrus died you all should have held him accountable. Was there a slap on the wrist? Did he get desk duty? He is still driving around harassing people. It is not fair to us. It is not fair to the family. What also makes me angry is we are here pleading and begging with you all to see how we feel. You all would not have been elected if you did not know what is right and what is wrong. For his daddy and mom to come up here and keep telling you what perfect a child he was. We know you do not care because it is not your kids. As his uncle Pernell said if this was a white child and a black cop, it would not be doing this. We are a week shy of a month and we are still begging you all for the basics. Nothing above your title. We are asking for simple stuff. I need some more time. It also makes me angry seeing these kids, our future, yet they are scared to go outside, to play, to be where their parents pay bills and taxes at because of the people you all hired. That is a problem for me. I have been teaching for five years and never questioned if I wanted to teach any more. I am at the point where I do not. Another thing 16 Page 184 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 that pisses me off is I had to go back to work and it was the hardest thing I ever had to do. My nephew was cheated. I teach middle school and I am constantly reminded of all the things he will never get to do. No Tik Toks. No more playing. No more just being a child. He was cheated. You got Mark at home and he is still getting paid. That is a problem for me. They do not do bereavement for instructional teachers so if I do not go to work, I do not get paid. But he is not at work. Why is he still being paid? We will see you move when the money is coming out of your pocket because you all do not care until it affects you all. Us coming here every 1St and 3rd Tuesday and pleading our case with you all. That is a problem for me. How many more Tuesdays do we need to sit in here until you all give us the stuff you all should be giving us? How many more? What is it going to take for you to let one officer go to make change? We do not want to be out her rioting. There is so much other stuff we can be out here doing as a family. You already took one of the best parts of us. I do not have kids. So, what else do we have to do? What do we need to do to get answers? We are begging for justice. That is not right. I do not care about the media narratives. He touched everybody. You know he was not breaking no laws. Your officer messed up. He took a life he did not have to take. He took three lives he did not have to take. Cyrus' daughter here ten years later begging for answers. What is it going to take? Lakesha Vargas is the parent of one of the young men who spoke earlier. My son is scared of a cop because his best friend had to lose his life over a cop. What hurts me the most is when Stanley Jr. got up to speak and said the kids coming to him are scared. My son is one of them. He used to love to go there every weekend. Shannon, his mom, called me every single moment when it was time to get him. Now my son is scared to go to his house. I have to have talks with him to go to check in on Stanley. He cried. My son is a great child too. All I am praying for is justice and for this police officer to be held accountable. My son looked up to Stanley. My son's father is here but Stanley was more like a father to my child. Do you know how bad it hurts me to see my child hurt? These kids are hurt. Do you see that? They come in here and speak on him. My son and Stanley III have been friends over eight years. My son looks at his phone daily. His screen saver is pictures of them together. It is sad that we have to come here every day and plead for justice for him. He was a great child. Last year he went out of town with us and he was so respectful. He never gave me a problem. My son's birthday is next month, and my son only wants SJ there. He loved him dearly. He has sleepless nights. It is sad, as parents, we have to go through it too. It hurts. Now my son is scared. He should not have to be afraid. They are here to protect us. The kids do not think that anymore now that you took SJ's life. I am going to stand behind his parents, every step of the way. Even time they protest, we are here. Shamarie Davis, SJ's cousin, shared again how she feels. I remember when we were little, SJ was around 3 and I was around 6-7 and that is when SJ got his first dirt bike. I was not trying to get on the dirt bike. My Uncle Jr. got us all a dirt bike because he cared about us all, not just SJ. Me and SJ went everywhere together because I was an only child. We did everything together. That was like my brother. Every family event. SJ knew everybody. SJ always paid for stuff. He was always giving and those are the type of good 17 Page 185 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 things I want to remember about him. Now I am going to go back to December 25, 2021. 1 was with my mom most of the time. SJ was mainly riding but I am going to go see him on Christmas. I got there to my grandma's house and it was me, my Uncle Jr., my stepmom Lola, my Uncle, and some others. I just got the new iPhone13 and he was more excited than I was. Me and SJ always had sleepovers. He wanted to have a sleepover but also ride his bike. That night we were texting and he wanted my new number to make sure he had it in his phone. Then, December 26 in the morning. I got up and we went to this new bagel place because we wanted to try something new. SJ said he would tell us what kind of bagel he liked so we could bring it to Boynton. We ordered food. We were sitting down and eating. My dad got a phone call from my Uncle. I really could not hear anything, but I just heard my dad yelled "SJ's dead!" It did not register. I just looked at the chair. My dad started crying. 1 never saw my dad cry. After that, we got in the car, and I put the window down because I did not feel like there was any air in there. I have never broken a bone in my body, but I felt like I could not move. I could not even cry out. I felt like I could not breathe, and nothing happened to me. We got to the scene. They went to see SJ. I could not get out of the car for 10 minutes. I just laid out on the backseat and closed my eyes and I talked to him. It was not because I was trying to get myself together. There is no way to prepare yourself for that. I wanted to calm myself down so when I went out there, I remembered every single detail for later. I walked out there calmly. I held his hand. I did not feel SJ anymore. I just saw a body there. He could not talk to me. Then, I go to school, everybody is regular and normal. You cannot even pay attention because a major event happened in your life and you go back to a place and it seems like nothing changed but you. You are not the same person you were before. I have moments. Any little thing it makes me angry and cry. My first day back my Jr. ROTC Sergeant asked the class "Where do you see yourself in five years?" and that made me cry because I felt guilty for even thinking ahead five years of my life. I did not wat to think of any moment without him. I did not even want the clock to strike on New Year's. I wanted to stay in 2021 where he was. The whole time leading up to his funeral and viewing a part of me had something to look forward to because I could see him again. But when he went in the ground, what is there to look forward to? SJ, my cousin, was one of the ugliest sleepers but in the casket, he looked so beautiful and so handsome. He was not sleeping any more. He was done. SJ looked like me. It was always the four of us, now it is three. He always talked to me about getting to college because he wanted to live by himself and do his own thing. He did not make it to the 8t" grade dance. He did not make it to high school football. He did not make it to prom. He did not make it to getting married one day. So that is a part of how I feel. That is just a piece and nothing compared to how I really feel. It hurts. Imagine how I feel every day. Thank you. Tiffany Fredrick, Boynton Beach resident, said SJ was at her house the last few hours of his life. I have a 9-year-old son here and he keeps saying what if the police kill me? I told him to stop saying that. He is 9 and that is how he is feeling. I am not upset with all the Boynton police officers because there are a few I know and care for. One is in the building right now. But that one, all we hear is bad stuff about Dogman. Something has to be done or we are gonna vote you out baby. At the end of the day, you are worried about who is riding dirt bikes because the kids are black. If a lot of white kids were riding 18 Page 186 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 dirt bikes, it would not be a problem. What you need to be focused on is the heroin overdoses and arrest the people who are doing heroin, not the people selling it. I promise you more people are dying from heroin overdoses than dirt bikes. My son is 9 years old and is questioning me what if I die? My baby is broken over this thing with SJ. He was playing with SJ in my backyard before he died. Something has to be done. Someone has to be held accountable for this baby's death. I will be here every Tuesday. I work in the hospital. I do my service. I pay my taxes. My children are good. I do not get housing. I do not get food stamps. If my taxes are going to him, he does not need to be relaxing, he needs to be in jail. This is not the first encounter I have heard with this Dogman. We are tired of it. Third strike and you are out. We want justice for SJ. Unidentified speaker said he stands with the family. I demand justice. There is no need for the family to show up here week after week demanding justice when just should have been served. Had it been the other way around things would have been different. Then you all sitting up there, looking nonchalant, unbothered, half of you probably ready to go home with your family. This family is hurting. Anyone with a heart should have sympathy for this family and be trying to figure out the situation. There is no need for them to have to sit for three weeks wondering what is going on with this case. That is why a lot of us do not show up to the communities meeting. We feel that we have no voice, that our opinion will not matter. We should not feel like that. The Boynton Police Department has been bad, one of the worst in Palm Beach County. They come on this side of 1-95 feeling like we are a threat to them, when they are a threat to us. Just the other week, police are jumping out of the car with their guns for a regular traffic stop, snatching a young man out of the car and handcuffing him. They all ain't bad. There is a couple of good ones. We have some good ones that will stop and do the proper thing serving the community. On the other hand, we get all those rookies, racists cops that come over in our neighborhood that terrorize, trigger happy, ready to dog us out because they have been dogged out in school or something. We going to continue to show up here week after week and demand justice and accountability. That officer should be held accountable because he had no right to pursue SJ. He had many times to back down, but he chose not to. He could have talked to him and had him call his father. But instead, he had an agenda he stood by, which was to take another black person off the streets. He continued to pursue SJ up Federal Highway. He caused that kid to go to his death. A good kid that I knew personally. Well-mannered and always come up to you and greet you. I am a bike rider too. We cannot even enjoy it like that. The white communities ride freely. They do not harass them. Over here, they treat us like dogs. We gonna demand justice until it is served. Ernest Mignoli, 710 NE 7t" Street, said he lives a block from where the incident happened. I was working on other incidences like this that same time that morning. When this happened, I was nearby. When I was at that scene and when I was at the church and when I was at the funeral, it feels like your own kid. When I see people up here thinking that this group is somehow going to change or make amends, like Camden, NJ, everyone had to go. Mayor, Council, City Manager, City Attorney, Police, Fire, City Employees and now the city has come back. You rehire everybody and everyone who works there has to reapply and that is how what this City needs. If you knew what this City Manager and this 19 Page 187 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 City Attorney have been involved in over the last 20 years, with lawsuits, covering up for corrupt Police and Fire, drugs, domestic violence, and excessive force, and settling racists, biased lawsuits. All the rest of you up here who are not leaving just want to get into office. You want to try to be the Mayor. You want to stay at the City lawyer. You want to stay in your quarter million job as the City Manager. Mr. Hay, you are the least person I see who cares about this family or this kid. I do not care if you like it or not. I am working on this case. I do not sleep from 1:00-5:00 a.m. because I work on this case from the minute it happened. There is one person for this case and you know he is on it now. God said who is on this case. You do not have to keep asking these people. They are not going to say anything to you. Let Benjamin Crump handle it. I already met with the Florida Highway Patrol. I already met with the Boynton Beach Police. I meet with everybody. I just have a skill that way. They are all conflicted. This case has to go Federal. I was there to prove how close they are with this Boynton Beach Police Department and how corrupt this investigation is. And it was recorded. I am going to get recordings from these Police, to show you nobody up here should be here anymore. You need a new City Manager. You need a new Mayor. We need. God bless everybody. Mayor Grant opened up the floor for comments from the virtual audience. Lolonda Byrd-Davis, 832 NW 8t" Avenue, wants to let the family know she is there for them in spirit. I love you all. I will need some extra time because I received an email from a young Boynton Beach resident, and she would like me to read her email on and her condolences to the family. Mine is really short and I only have a few questions for you guys. Since this incident happened, I wanted to know from you Mayor have you sat with Counsel in regards to the incident. Mayor Grant replied no there has not been a closed- door session. Have you guys looked into Mark Sohn's file to see how he is been policing the community for over these years. His IA file is public record so we can request that. Have you had a meeting in regard to what type of police officer we are dealing with right now? City Manager said yes but you have to wait until the investigation is done. She said she can take no action until that time. So, you cannot do anything until the investigation is closed, correct? Mayor Grant said correct. I want to go ahead and read the email from Wisneen Wilson. She read: "While 1 cannot be present with you all today, it would be remiss of me to not send my statement of some sort. First and foremost, my sincerest condolences to the Davis Family during this mourning period. May God bless you and keep you. A mistake made more than once is a choice. The Officer responsible for the 13-year-old life of Stanley Davis 111 is responsible for two other lives in the City of Boynton Beach. On several occasions, he has exhibited behavior and shown patterns to be reckless, careless, and thoughtless. With these traits, it would be most appropriate for the Officer to be terminated immediately. For far too long, his disgusting behavior has been overlooked and, in extent, enabled. The Citizens of Boynton Beach are not negotiating for change or wishing to barter for justice. We are demanding it. It is long overdue and has caused many to be unsettled, enraged, and discouraged. 1 am assuming that 1 have two minutes so, to close, 1 leave everyone with this: To survive is to stay alive in the face of opposition. Go out and 20 Page 188 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 vote and be sure to not let up. All gas. No brakes. The marathon continues. Justice for SJ and thank you." Moquesta Raul said there is power in numbers. But to Stanley, Shannon, and family, there is definitely power in the name of Jesus. It might get rough, and I have been there before. I have lost a child. But it is no comparison to what you are going through. Stanley, you hold your head high and be proud of what you and Shannon produced and what you have made that young boy to be out of. Do not feel any type of way about what you have done as parents. Continue to pray and trust in God and God will see fit that everything that is not uphill will be taken care of. To the City of Boynton, I have heard from the beginning of the meeting you have certain things on your docket and agenda every day. What about an agenda to what happened to SJ? What about an agenda letting us know if the dash cams have been put into those vehicles? We are talking about trees being planted. We are talking about everything else except for this young man's life that has been taken. If I was up on that podium where you all are setting, I would feel so bad to sit up there and listen to these stories, listen to all these people cry out for help, and not one of you on the panel show any type of remorse. I know you all are human. I know you have a job title. I am not mad with anyone. I am not against the Police but I am against what is wrong. It is either you are right or you are wrong. You can be President but if you are wrong, you are wrong. You guys do not feel sorry or remorseful for any of this of this child being rushed to his death, be killed, or anything? If I was part of that, I would resign from my job. I could not be a part of something like this. It shows no type of remorse. You have us, the City, upset on what happened with this child. It is so sad. That mother that has to say she do not have her one and only child. I could not imagine that. I pray for strength. I pray for transparency. I pray for accountability. You all do not let your guards down and do not give us. Trouble do not last always, and God sit high and look low. God gonna take care of the situation. You all have a nice night. Otisha Thomas said I stand behind Shannon and Stanley since December 26, and I am praying for them. We will get justice. Mark Waters, 114 SE 14th Avenue, said the Officer is a nasty Officer. I have had many encounters with that Officer in the past. Knowing his track record and what he did with Cyrus and what he did with the little child, that guy was no good guy. Dogman was a no- good guy. I am quite sure if something happened to your child, you would want some time of resolution. You would want that clarity. That is what they are asking for. I do not know why it is taking so long. The City has so much money to rebuild. You do all this extra stuff but you are not making sure there are working dash cams in the cars. We know how Boynton is. I know the Boynton Beach Police Department has been corrupt for a long time. You tell us there was no dash cam video. How do you expect us to believe that? It is so messed up the family and community have to come and beg you for transparency. You have kids. Give us what we need. Otisha told the Mayor to bring a Red Bull to the next meeting because he looks very sleepy. We will bring 1,000 to speak on the mic because we will get justice. Thank you. 21 Page 189 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 Willie Johnson is not a resident of Boynton Beach, but his son played with SJ. It hurts so bad to see my son. They are getting ready to start spring football. Usually, my son would get out of the car and go talk to everybody. He comes to the field, and he would not get out of that car at all. He has so many memories with SJ. So many memories. When you saw SJ, you saw Jamir. They were next to each other all the time side by side. It hurts me so much to see Stanley and Shannon the way they are right now. Are you familiar with Dana Safety Supply? They do all the police cars. I used to work for them about two years ago. They do all Boynton Beach Police Cars. All those cars have dash cams and are fairly new. You cannot tell me there are no cash cams in that car. I know that there was a dash cam in there. Look up Dana Safety. I know you guys are familiar with them. They do everything. Anything you guys ask for they put it on your car. We just need justice for the little man. A lot of these kids we coach are hurting right now. The community is hurting. We need justice. You guys gotta do something about this. Jalicia Terry, 1010 9t" Street, West Palm Beach, will be there for the next meeting. Why is there extra coverage when you have a badge? If that was a City resident, we are arrested. Regardless of the circumstances, the Officer should have been arrested that day. He broke more than one rule. He should be detained and innocent until proven guilty, correct? The fact that you guys are covering this up does not sit well with me. When that Officer chased SJ, that was his suspect and he said he pursued a chase. If there is no dash cam or extra surveillance, why has not he released a statement yet on what he saw? How the bike went down and every detail. Does not anyone on the podium want to do the right thing? Every day God will watch over your spirit until you do so. I pray for each of your spirits. This is a tragedy that his parents alone we do not have to speak about. We do not know what they are going through. It has destroyed them. It appalls me to see him that way. That man is dominant. That man is strong. For him to be raising someone who was going to be ten times better than he was, you all really do not know what you did. We are not going to give up. We are not going to stop fighting. There is going to be more people that come. It is never going to end. Justice will be served. God will trouble your spirit until you guys do what is right. Marisella Readon, 631 Evergreen Drive, Lake Park, is Corye's wife, who has had the pleasure of meeting SJ's dad and mother. My son is Jayden Readon who was killed by Officer Sohn in 2016. My condolences to you guys. I can barely manage the strength to attend our current ongoing investigation. To be there would be, emotionally, too much for me. Mayor, I am very disappointed at your pathetic Chief of Police who never shows up to these meetings is a disgrace. The least he could do is be in attendance. This family lost a child. You all on that panel are worthless. You have no emotion. You have no care. It is so sad. Boynton has been known to be corrupt forever. I worked at Boca PD and your reputation supersedes you guys. The way your organization treats its citizens is ridiculous. People are in an uproar. I do not know how you can sit behind someone like Officer Sohn. In his last deposition with him, he stated he was on desk duty. How does an officer who has constantly caused the death of loved ones get back on the road?Were you even aware he was even on desk duty? He was at one point a Field Training Officer. 22 Page 190 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 How can someone like that psychotic training anyone to do anything? How is he back on the road? Killing innocent people. What does it take? Does it take for him to kill one of your kids? Does it take for someone to hurt someone over there in your nice little office, so you do not get the privilege of singing your baby to sleep. You are telling me three times there is no dash cam? If you put him back out on the road, put a g*****n body cam on him for goodness sake. But yet you guys just beautifully sit there. You get your g*****n wonderful families that you get to go home to. You do not have to live the rest of your lives missing your child. Can you bear to fathom what we feel and go through? The bad part is life is so precious. God is the only one with power to give life but then you have morons out here in this world, people you protect, that take those lives. I am coming up on six years already in February. But this officer gets to go home. He has a nice paid vacation. He is back on the road. What has this cost him? Can you please tell me that? He has the audacity to try to come and shake my hand like that would fly. See, the problem with you guys in this office is you sit and lie for people like this. You cover for cowards like this monster is. That makes you just as guilty as he is. Just as guilty, if not more. How the h**I cannot you get documents when I have his file as well. There is a file back in 2005 of a vehicle pursuit, prior to any deaths, where he broke 12 policies. All you guys gave him was 57.5 hours of unsuspended pay. But now he is on paid vacation for killing another black child. How can you fathom for me to understand that? You can look beyond race. The problem is he has no concern for life. That is scary. That means if you are east of on 1-95, despite if you are black or Spanish, or whatever you are, because you live in that socioeconomic class, it puts a green light on you. The sad thing is you have fellow officers that instead of trying to make it right, they sit there and side with pieces of crap like that. You have officers who refuse to do their job because they know Mr. Mark Sohn. They know him very well. So, you do not want to deny him pay? That is fine. You do not want to reprimand him? That is fine. I just have one question. How many lives? It is three now. How many more do you need? How many more do you need before you have the balls to act? There is no answer. Mr. Mayor, c'mon. How many more babies do we need to lose? Mayor Grant said I am sorry we cannot answer that, but we should not have any loss of life in Boynton Beach and my condolences. Ms. Readon said not everyone who offers condolences means them. You have authority, even if it costs you your job. You have choice and free will. You have the choice to do what is right. It may cost you your job. We will see then if you mean what you say. You stand for the people and not this pathetic Officer. All of you up there have a beautiful choice. Now, the question is, will you make the right choice? I would love to hear tonight for one of you to speak out and say you stand against Mark Sohn. I would love for you to say it was him. To say his name. Say his name. Mayor Grant asked is that all the comments you have tonight? Ms. Readon responded, oh, so I am limited because I am speaking against Mark Sohn? Actually, Mr. Mayor, 1 have nothing to say to you because you are not worth my time. To SJ's family, to his mother, to his father, my heart goes out to you guys. Unfortunately, we are living it. It does not get any easier with time. With prayer and with faith, God will give you the strength to go through one day at a time. Do not stop. Do not stop. Do not stop. 23 Page 191 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 You need a whole new Council. Everyone there tonight is a pathetic excuse. Quinten Davis came to say three things. First, I ask that God wrap his hands around the family and the parents dealing with this right now. Second of all, you disrespectful as h**I. As people sat here and said their stories, you acted like you did not give a flying f***k. Third, how long are you going to tell them we do not have dash cam lies? You killed my 14-year-old brother over 15 years ago and you all told my mama the same thing. You all are full of s**t and if you keep it up, you are just going to rot in h**I. That is all I came to say. April Glover wants to give her condolences to the family, the parents, Shannon, and Stanley. I do not know the family personally or SJ, but the situation is very sad. You have to be inhumane to not feel an ounce of anything. Every family member who speaks has brought me to tears and I do not know any of them, personally. The posts I saw this morning, like from Stanley, is very sad. Mr. Grant, you are sitting here with everyone that speaks, you are rolling your eyes left and right. It is very disrespectful and the situation is very sad. I really do hope they get justice. You guys need to take yourself out of your position and into being human. What if it was your child? You are not going to understand what they are going through until you are in this position, or the community starts to retaliate. You guys say you have no dash cam. You really have to step out of your position and title and do what is right for Stanley. Again, my heart goes out to you guys. Naya Portgill Ok I want to say September 2017. Do you know what I am getting at? Hello? You do not know what I am getting at when he pulled his own Major over? And he had a dash cam. So, he does not have that car no more? Mayor Grant replied, I do not have that answer. Ms. Portgill replied, you do not have that answer? Why not? Mayor Grant said I would have to ask the City Manager or the Police Chief. She replied, ok, would the Police Chief be available if someone felt like their life was in in danger? Mayor Grant said I do not have that answer. Ms. Portgill asked, so, why has he not been reprimanded yet. You do not have that answer right? Mayor Grant replied that would be a question for the City Manager. Ms. Portgill asked, ok, so then what is your title? He answered, the Mayor. She asked, What do you do? What can you do? Mayor Grant said I am currently running the meeting and making sure everyone has an opportunity to speak. She asked, does he have the same car of a different car from 2017 because he clearly had a dash cam then when he was playing pullover games. Are you done talking to me? Mayor Grant said I do not have an answer. She replied, why do not you have an answer for me? You do not have an answer for nobody. This family is sitting over there grieving. Have you lost a child? Mayor Grant said I have not. She said, ok, so you will not understand how this family feels, right? Mayor Grant said it is not a question for me. Ms. Portgill replied, then, I am questioning anyone on that panel. Hello. If you are done talking to me, you can hang up. You do not want to talk. Bye bye. Wesley Shulers, 606 W. Atlantic, said we keep saying we do not have answers to what the family is asking. The family is specifically asking if you put yourself in these shoes then want to know about the cameras, the footage. Why are we kicking the can down the 24 Page 192 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 road again? Time after time, this Officer, and the other officers, did what they wanted to do. Now it is time for the City and the Commissioners to hold the Police accountable. You all need to, tonight, put the City Manager on notice. You need to put her on fire. It is time for her to step down. It came too far in this situation. This Officer done it three times. I know District 2, as a Pastor, you need to ask yourself how many times this Officer and other officers doing what they want to do when they want to do. The City Manager keeps covering this stuff up. The City Commissioners need to hold the Police and her accountable because now it came to a point of lawsuits after lawsuits, and nothing is getting done. Steve, if you are not going to do anything tonight, you at least need to have the Chief there, because there are answers that need answered. Answers that happened in 2010. It is getting old. Why are we keep looking at the same situation? These people are not going away. No one is going away. At the end of the day, people do pray and prayer changes things. Cemeteries are full of people and how they got there is the wrong way. You need to hold the City Manager tonight, and tell her she needs to do something, or you need to fire her tonight because she' making too much money, too many lawsuits going on, and too many situations going. That is all I have to say. Mayor Grant stated he is going to have five more minutes and then take a little break. Dr. Stephanie Hayden-Adeyemo, 2181 SW 15th Avenue, N102, speaking as a former candidate for Mayor of Boynton Beach in 2019 and as resident since 1994. 1 am also speaking as a family member of loss, standing with and supporting the Davis and Morris family. I would also like to acknowledge the heaviness inside the room, whether virtually or in person. I have sat in countless meetings and have been told to be quiet because I express the outrage, we are seeing today regarding the chasing in a cavalier fashion of unarmed young people in the ages of 8-53. A potential citation has led to the death of someone. Not someone but a young king and a young prince in his community. In 2016, 1 sat down at a meeting in the Sims Center, when we were going over the proposal for what the new park would look like, the same City Manager that sits on the dais, looked dead in my face, and stated that the request we had for an off-terrain park we asked for inside the park was a no go. I spent time looking up ordinances for our City to see if this would be possible and feasible and was there in the meeting with the Agricultural and Landscaping people. That is how specific that night we were discussing. Down to the shrubbery. So, when you have a Commission seat, there are some that are currently not there, but there are some sitting there currently that were there. The only person who has consistently been there is Ms. Lori. I cannot even speak to you Mr. Grant, you Mr. Katz, you Mr. Hay, because I believe you were the Chaplain at that time at the Police Department. Ms. Romelus, I cannot speak to you either. But the one person who has consistently been on that dais for over 10+ years is your City Manager. The City Manager is responsible for the hiring and firing of employees within our City. There is recommendations made by the HR Department. Currently, you have a new Police Chief. I heard the recommendation of Ms. LaVerriere being terminated tonight. I am going to express again what I did at a meeting in 2016, where I asked on record for the Police Chief to be fired. I asked for him to be fired within four or so months, he was fired. People that do pray, and there exists a God, who is the only one who can level true justice. That 25 Page 193 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 is what we are going to ask today. We are going to ask for those individuals who need to step down to put in your resignation letter because your job is to protect the citizens who pay every day in all four Districts. I am asking for Lori LaVerriere to step down. I am also asking the Police Chief to step down in the City. We are not asking for the next nine minutes. We would like for the next 24 days to bombard every meeting to make sure that is done. If we say it, it will happen because we are the citizens in the four districts. Thank you. I recuse my time to the next speaker. Rae Whitely, 239 NE 12th Avenue, thanked the Commission for allowing the speakers to speak tonight and their voices to be heard. I am speaking in the capacity tonight as the father of three black sons and the grandfather of six black boys. I am afraid for them. I stand with the Davis Family. When I saw Stanley Davis Jr.'s Facebook message I tried to call him. He did not answer. I texted him. I did not get a response. I drove to his house because I am afraid for him. I did not get a response, but I wanted to family to know I am standing with them. I was driving home a couple of nights ago, and I am sure every black man will echo the same sentiments, and I looked in my rear-view mirror and I saw a police officer behind me. He was going home but I was afraid. I was afraid. I got that cold feeling, I was nervous, and I did not do anything wrong. What I cannot get out of my mind when Stanley Davis Jr. said the Coroner, or the ME's office, said that when they got his son, he had tears in his eyes because that little black boy was afraid. People question why did he run. He was afraid. My grandsons are riders and I am afraid for them leaving the house, much less being riders now. I am not speaking in the capacity of a Pastor or an organizer or Director. I am just sharing from a hurting black father. So, we say we do not want these kids to ride and those types of things but where can they safely go to ride their motorcycles in Boynton Beach? As community leaders, are we looking at a safe place they can go and ride their motorcycles free of fear in a space they are comfortable in. I want to raise that question. I am waiting for the results of the investigations and the other organizers and groups we are working with to bring an accountability for the community. In the meantime, I am going to stand with these families. There was something yesterday. I was there. There was something before that. I was there. In no time at all, was there any sense of destruction. I do feel their pain. I do feel their frustration and the need for justice. Thank you, Boynton Beach, for showing up tonight and sharing your thoughts in a place where it matters. Trust me. All this that is happening now is recorded in the history of Boynton Beach. Keep coming to this place and sharing your concerns. God Bless you all. I am praying for everyone on the dais. I am praying that God gives you the courage of David and the wisdom of Solomon to know how to deal with what is happening now because these young people are looking and watching and praying in this moment for justice. Finally, I would like everybody who was listening to this, tomorrow at 12:36 p.m., I am asking everybody who knows the power of prayer to pray for the family of Stanley Davis III. Please stop whatever it is you are doing and lift this family up in prayer. Thank you. Marquesha Virgil is here to ask a couple of questions. Are you guys familiar with the pursuit policy of the Boynton Beach Police Department? Ok, I will read it to you. According to the pursuit policy vehicle or pursuits will be initiated only if the officer reasonably believes the person fleeing has committed a forcible felony, defined as murder, 26 Page 194 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 manslaughter, sexual battery, carjacking, home invasion/robbery, robbery/arson, kidnapping, or serious aggravated assault, and battery. Everyone in here knows that SJ did not that, right? Ok, that is all I had to say. Commissioner Romelus asked to speak. I would like to speak directly to Ms. Thompson and Mr. Davis. I am sorry because I am emotional right now. Mr. Davis, two weeks ago you came here, and you expressed your feelings about the situation, and I went to you and I embraced you and I whispered in your ear you have my support. I did not want to just say that to your ears, I wanted to say that out loud. Ms. Thompson, I said the same thing to you. I told you how strong of a woman you are and the fact that you gave birth to your son and the fact that you are standing here and seeking justice for him. Those words were not just words. I meant those words with every fiber of my being, and I still mean them now. I am so sorry that this has happened to your family. Please do not take me just sitting here, with an inability to respond, or answer our questions, or provide the information you are seeking, or give you solace, or to give you the absolution you need to make you feel whole at this moment. I am sorry that I cannot give you those answers. I am truly deeply sorry. You have my support. As a mother of two black boys, a five-year- old and an eight-year-old, I feel your pain. I do not understand it because I have not lost a child, but I have lost my mother as a teenager, and I know how it feels to lose a family member. I know how it feels when that person will never come back and want to talk to them and not being able to. So, I apologize to you for your pain. I feel it. I hope my words to you are not empty and do not feel like I am trying to save face, because I am not. At this moment in time, I am not a politician, I am not a Commissioner, I am a mother hurting just as much as you are. I am a black woman who is pissed off that our black boys continue to feel that they cannot be safe around our Police officers. I send a message to our Police Chief that I asked him to share with our Police Department, so they know how I feel and they know how I stand. I said please do not think that the words and expressions being stated about Police officers is expression of every single officer. It is not. But to those who put on the badge every single day to protect and serve for the right reasons I thank them. I do thank them because they do their jobs and they do it well. But for those who do not, they do not deserve to wear the badge. They make our Department, our City, our community look bad. I apologize to your family, apologize to this community for the atrocities you have had to face at the hands of Police officers who do not wear the badge for the right reasons. I apologize for that. There is nothing I can do to bring back your son. There is nothing I can do to make you feel better. But I hope my words, my solidarity, and standing next to you as a black woman of two black boys, means something to you. I hope that tonight is a lesson for all of us to understand that we can be human with one another. This situation does not have to say it is Police vs. Us or Us vs. Police. It can just be about us as humans and we can feel and empathize with one another because you are hurting, and I feel your pain. I am sorry. I stand with you. I support you. I will be there every step of the way to let your family know that we will make this right. At least I speak for myself I will work with you to make this right. This should not have happened. You should not have had to bury your 13-year-old son. He is a child. He is a boy. He deserves the privilege to still have that reputation. He deserves that. You deserve that. Thank you, Mr. Davis, for raising a young black man in this country, in this world. Thank you, Ms. 27 Page 195 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 Thompson, for being his mother. I get it. I get how hard it is to look at your son and be scared for him to go out into the world because you do not know what is going to happen. I appreciate you for the work you did for the 13 years he was able to grace this earth. I thank you for that. I know every single person who is out here and seeking justice for him is because they know how great he was, which is why they come out here and are speaking on his behalf. Again, our inability to act right now it is not a decision nor a message that we want. It is just that we have to let this ridiculous process play out. Again, I hope my words mean something to you tonight. If not, it is ok. If I am the enemy right now. It is ok. I ask you to please understand you have somebody who is on your side on this. I appreciate you coming here and every single person who is here. You have every right to be angry. You have every right to come here every single meeting and talk the words you are speaking because they are right. We need to do better. You have that commitment from me. Thank you very much. Mayor Grant recessed the meeting at 9:15 p.m. Mayor Grant reconvened the meeting at 9:34 p.m. Mayor Grant asked the Commission's permission to move up items 9C, 8A, and 10A before the Consent Agenda. Consensus was reached by the Commission to move items up. Motion Commissioner Romelus moved to approve the agenda as amended. Commissioner Katz seconded the motion. The motion passed unanimously. 5. Administrative A. Appointment of the eligible members of the community to serve in vacant positions on City advisory boards. Mayor Grant noted there is one applicant for the Building Board of Adjustments and Appeals. Motion Vice Mayor Hay moved to appoint Jyoti Kaik to the Building Board of Adjustments and Appeals. Commissioner Katz seconded the motion. The motion passed unanimously. Commissioner Penserga asked if the applicant was present for a question. Mayor Grant responded the applicant is not on virtual. 28 Page 196 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 Commissioner Penserga wanted to ask a question about the applicant's CV and an area that appears to be outdated. He said it lists his present address in another City. B. Approve the request of Vice Mayor Woodrow Hay to distribute $1,000.00 of his Community Support Funds to the Boca Raton's Promise Organization to support the Boynton Beach Mental Health Committee. Vice Mayor Hay stated May is Mental Health Awareness Month and there are activities Boynton Beach Mental Health is putting on with Healthier Boynton and with the City. Commissioner Penserga noted he would also like to distribute $500.00 of his funds. Mayor Grant stated he would also like to distribute $500.00 of his funds. Commissioner Romelus requested that a member of the Boynton Beach Mental Health Committee speak at the next meeting to provide a better understanding of their initiative. Motion Vice Mayor Hay moved to approve distribution of $1,000.00 of his funds, $500.00 of Mayor Grant's funds, and $500.00 of Commissioner Penserga's Community Support Funds to the Boca Raton's Promise Organization to support the Boynton Beach Mental Health Committee. Commissioner Katz seconded the motion. The motion passed unanimously. Item 5C was added to the agenda. C. Approve the request of Approve the request of Commissioner Romelus to attend the National Haitian American Elected Officials Network Leadership Retreat in Chandler, Arizona. Commissioner Romelus stated her itinerary opened up after a previous event in D.C. was cancelled and she would like to attend this event. This is an organization she has been involved in for the last six years and served as the Conference Chair in 2020. Motion Commissioner Penserga moved to approve. Commissioner Katz seconded the motion. The motion passed unanimously. Mayor Grant requested a short presentation upon her return. Item 9C was heard out of order. 29 Page 197 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 C. Hear Presentation by Dr. Maria D. Ilcheva, Assistant Director of Planning and Operations, Florida International University, Jorge M. Perez Metropolitan Center. Accept the recommendations of the City of Boynton Beach Racial and Social Equity Comprehensive Needs Assessment and Policy Recommendations Report. Mayor Grant introduced Dr. Ilcheva. She provided the background of the Community Needs Assessment. She noted her colleagues presented to the Commission a few months ago the information from the internal assessment. She said the presentation includes some select data points but focuses on the recommendations. She encourages all Boynton Beach community members to read the report. Dr. Ilcheva noted under the Economic Opportunity Pillar, there are significant disparities across race and ethnicity. Commissioner Penserga asked what the median number of earners there are in each household. Dr. Ilcheva replied that it varies by group, but it is, generally, under three people. She explained that Hispanic households have a higher number of adult earners so that may explain the higher median household income data. She explained that the full report shows the per capita data. She reviewed the data from Persons Living In Poverty. She noted that most of the data is from 2019 so COVID had not impact, other than the collection of 2020 data. Commissioner Penserga asked if the poverty data is standardized. Dr. Ilcheva responded that the poverty rate is a calculation from the U.S. Census Bureau. Commissioner Hay asked if there is any data from 2020. Dr. Ilcheva responded that there is very limited economic data because of COVID. She said there is some updated data on crime and health because it comes from different sources. Mayor Grant asked, moving forward, if the City is going to partner with FIU to gather its own sets of data points. Dr. Ilcheva responded yes, they can discuss opportunities to ask community members for data without being too intrusive. Mayor Grant suggested focusing on the raw numbers vs. the percentages. Dr. Ilcheva reviewed the Economic Opportunity recommendations. 30 Page 198 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 Dr. Ilcheva reviewed the breakdown of educational attainment under the Education Pillar. She noted data that is missing from this area is the trades. That data is not easily available. She noted the population with the highest level of graduate or professional degrees are Hispanic or Latino with 17.3%. Dr. Ilcheva reviewed the Education recommendations. She then noted under the Housing Pillar, there are significant disparities in ownership and cost burdened households. Renters in the City are more likely to be spending untenable amounts of their income on housing. Hispanic and Black or African American residents are more likely than White, Non-Hispanics to be renters. Dr. Ilcheva reviewed the Housing recommendations. She then noted under the Crime and Safety Pillar, juvenile crime decreased but there is a high rate in economically disadvantaged neighborhoods. There is an increase in the youth who are issued a civil citation, but a higher proportion of minority youth offenders are arrested rather than issued an alternative civil citation. She noted the same disparities exist with adult arrests. Vice Mayor Hay noted the City needs to seriously address these issues. Commissioner Penserga asked Dr. Ilcheva whether she has data on communities that employ Community Policing vs. communities that do not and if there is difference in the data set. Dr. Ilcheva noted that Community Policing is one of the recommendations. She reviewed the Crime and Safety recommendations. Commissioner Katz asked if they could get the raw data for this Pillar. He is interested in knowing the number of intakes for each year. Dr. Ilcheva confirmed the raw data is available in the full report. Commissioner Katz and Vice Mayor Hay both noted they would like to see the raw data on Crime and Safety. Vice Mayor Hay asked Dr. Ilcheva to send the data to the City Manager and she will provide it to the Commission. Discussion ensued about the correlation between economic data and crime and safety. Vice Mayor Hay asked about a correlation between educational attainment and crime and safety. He said a trend he sees more white residents moving into District 2. He noted there could be an impact and FIU might take a closer look. Commissioner Romelus requested that an interpretation is sent with the raw data. Dr. Ilcheva said the raw data will support the narrative of the full report. She noted FIU is a partner for life. Dr. Ilcheva noted under the Health Pillar, there is a disproportionately 31 Page 199 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 higher death rate of black and Hispanic residents. Heart disease, cancer, and stroke are the leading causes of death in Palm Beach County. They can be treated through regular check-ups and lifestyle changes. She noted there is a significant need for mental health services. Commissioner Katz inquired who has answers to these problems with data to backup best practices. He asked Dr. Ilcheva if she has any examples of successes. Mayor Grant replied that what worked well in 2018 would not necessarily be what works well in 2022. He stated having raw data will allow the City to see if they are helping people. He noted one metric is third grade reading level and programs to support. Commissioner Romelus stated she would like to hear an answer to Commissioner Katz's question. She said they know these numbers and they are not new. She asked what communities they could model or duplicate. She asked Dr. Ilcheva to include successful initiatives in other cities in her next presentation. Dr. Ilcheva warned that when a City does not have proper leadership or structures, initiatives may fail. She said they can provide examples from other cities where things are working but cautioned that each city has different factors even with similar demographics and disparities. She noted there are so many factors that impact success and failure. She recommended utilizing local organizations and stakeholders. Item 8A was heard out of heard. A. Proposed Ordinance No. 22-001 -Second Reading -Approving 3518 Ruskin Avenue request for Annexation (ANEX 21-001) of a 0.8-acre parcel located at 3518 Ruskin Avenue. Applicant: Steven W. Siebert, Steve Siebert Architecture, Inc. Proposed Ordinance No. 22-002 - Second Reading - Approving 3518 Ruskin Avenue request for Future Land Use Map Amendment from Palm Beach County's Medium Residential Classification with a maximum density of 5.0 dwelling units per acre (MR-5) to Office Commercial (OC). Applicant: Steven W. Siebert, Steve Siebert Architecture, Inc. Proposed Ordinance No. 22-003 - Second Reading - Approving 3518 Ruskin Avenue request for Rezoning from Palm Beach County's Single- Family Residential (RS) District to Office Professional (C-1). Applicant: Steven W. Siebert, Steve Siebert Architecture, Inc. Steven Siebert, Steve Siebert Architecture, Inc., 466 N. Federal Highway, gave a brief presentation on what he would like to do with the vacant lot located on Old Boynton Road. The firm is proposing putting in a one-story office on the lot, for 32 Page 200 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 themselves, and to have the property annexed into the City. Motion Commissioner Katz moved to approve Proposed Ordinance No. 22-001 - Second Reading. Commissioner Penserga seconded the motion. Vote City Clerk Gibson called the roll. The vote was 5-0. Motion Vice Mayor Hay moved to approve Proposed Ordinance No. 22-002 - Second Reading. Commissioner Katz seconded the motion. Vote City Clerk Gibson called the roll. The vote was 5-0. Motion Commissioner Katz moved to approve Proposed Ordinance No. 22-003 - Second Reading. Vice Mayor Hay seconded the motion. Vote City Clerk Gibson called the roll. The vote was 5-0 Item 10A was heard out of order. Hear report of recommendations from the Historic Resources Preservation Board Chair Barbara Ready regarding placement of a plaque and approving a Resolution for the Pride Intersection at E. Ocean Avenue and E. 1 st Street. Barbara Ready, Chair of the Historic Resources Preservation Board, stated in December 2021, the Board discussed the HR request for a plaque at the Pride Intersection. She said the Board Consensus was it would not be advisable to set a precedent with the plaque request. A motion was made, and unanimously approved, to recommend that the City Commission could address the specialness and protection of the Pride Intersection with a formal resolution. Mayor Grant noted the request is a Progress Pride flag and not the Pride flag and asked if that made a difference. 33 Page 201 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 Alan Hendricks, 716 NW 1St Avenue, said there is a difference between the two flags. Since part of the dedication was to Mr. Hendricks, Mayor Grant asked him what he would like the intersection to be known as. He responded that he would like the Progress Pride Intersection. Mayor Grant asked Mr. Hendricks if he was willing to accept the resolution in lieu of a plaque. Mr. Hendricks responded no. He said he would rather leave the naming up to Palm Beach County Human Rights Council (HRC) and whoever makes the decisions at the City level. Mayor Grant responded that the Commission makes the decisions at the City level, which is why they are asking Mr. Hendricks these questions. Mr. Hendricks responded he would prefer Boynton Beach Progress Pride Intersection. Mayor Grant requested from the Commission a plaque with the requested name and the date of June 5, 2021. Commissioner Katz asked Ms. Ready is the objection based on a plaque that is similar in nature to the historical plaques. Ms. Ready responded yes that is part of it. She said the other part is that a plaque is not necessary. She noted the Commission has the power to raise the specialness and protection with a resolution. Commissioner Katz said he is trying to determine if there is a compromise for paying respects to different types of commemorations. Ms. Ready stated the Board members were concerned with where does it stop if you start putting up plaques all over town. Mayor Grant stated there are plenty of buildings with names on it. He believes this dedication is a historic aspect. Vice Mayor Hay asked what the purpose of the plaque is. Mayor Grant said the purpose is the recognition and the acknowledgment. Ms. Ready noted a Board member shared there might be other members of the City who might have made contributions and would also be deserving of recognition. David Katz agreed with the Mayor about the purpose of the intersection. Mr. Katz 34 Page 202 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 provided history of his involvement with the Palm Beach County Human Rights cause. He does not believe a plaque is necessary because the intersection is not historic or a memorial. He stated Alan Hendricks' name should not be on a plaque. He believes Norman Aaron should be honored. Gemma Torcivia spoke on this topic at the City Committee meeting in late December. She took the request to the Historic Resources Preservation Board. She stated the distinction is one of law and explained the necessity of the plaque in regard to Florida statute. Mayor Grant noted that power was suddenly lost on the dais, and they are trying to work out the volume level. Mayor Grant read the Florida statute referenced and discussed the importance of a plaque or perpetual maintenance to qualify. Discussion ensued about the Florida statue, prosecution of hate crimes, and legal protections. Vice Mayor Hay asked where the plaque would be located. Commissioner Romelus asked if the plaque could be dedicated to the Palm Beach County HRC instead of Mr. Hendricks. Commissioner Penserga said the law says an individual, entity, or historical event. Commissioner Romelus replied that the HRC is an entity. City Attorney Cherof stated the backup documents did not include the full language for the Florida Statutes and read the remaining language. He noted it considers organizations that are not individuals and read some examples. Mr. Hendricks said his understanding is that the conversations Rand Hoch has had with the State Attorney was very specific for how you can protect this intersection with specific language. Motion Commissioner Romelus moved to have the City Attorney work with the State Attorney on the specific language and location for the plaque. Commissioner Penserga seconded the motion. The motion passed unanimously. There was a consensus that the plaque would be installed on the ground and not erected. Thus, the plaque will not be in the way of any future development downtown. 35 Page 203 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 Ms. Torcivia thanked the Commission for their commitment to diversity and inclusion. Mr. Katz said he applauds Commissioner Romelus for meeting in the middle and believes her recommendation is the way to go. 6. Consent Agenda Matters in this section of the Agenda are proposed and recommended by the City Manager for "Consent Agenda" approval of the action indicated in each item, with all of the accompanying material to become a part of the Public Record and subject to staff comments. Item was taken out of order on agenda as approved. A. Proposed Resolution No. R22-010 - Amend the FY 2021-22 budget, which will adjust budgeted appropriations and revenue sources and provide spending authority for the General Fund (001), Capital Improvement Funds (302 & 303), the Utility Capital Improvement Funds (403 & 404), the Solid Waste Fund (431), and the Fleet Fund (501) for previous years Purchase Orders plus unspent project budgets. B. Accept the City of Boynton Beach FY2020/2021 Annual Grants Report. C. Proposed Resolution No. R22-011 - Approve Interlocal Agreement with Boynton Beach Community Redevelopment Agency (CRA) for Partial Funding of the City's Economic Development Plan by Florida International University and authorize the Mayor to execute the agreement. D. Accept the written report to the Commission for purchases over $10,000 for the month of November 2021. E. Accept the written report to the Commission for purchases over $10,000 for the month of December 2021. F. Approve minutes from the January 4, 2022, City Commission meeting. Motion Commissioner Katz moved to approve the Consent Agenda. Vice Mayor Hay seconded the motion. The motion passed unanimously. 7. Consent Bids And Purchases Over $100,000 A. Approve the one-year extension for RFPs/Bids and/ or piggybacks for the procurement of services and/or commodities over $100,000 as described in the written report for January 18, 2022 - "Request for Extensions and/or Piggybacks." B. Approve Task Order ASPS-93-031721 with Atlantic Southern Paving & 36 Page 204 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 Sealcoating, Inc., in the amount of$233,918.65 in accordance with Bid No. 010-2512-18/IT to rehabilitate High Ridge Rd. (from NW Commerce Park Drive north to Miner Road). Motion Commissioner Katz moved to approve the Consent Bids and Purchases Over $100,000. Vice Mayor Hay seconded the motion. The motion passed unanimously. Commissioner Romelus asked for staff to give an update at the next meeting on Item 6B. Mayor Grant confirmed that item will be at the beginning of the next meeting. 8. Public Hearing 6 p.m. or as soon thereafter as the agenda permits. The City Commission will conduct these public hearings in its dual capacity as Local PlanningAgency and City Commission. A. Proposed Ordinance No. 22-001 -Second Reading -Approving 3518 Ruskin Avenue requestfor Annexation (ANEX 21-001) of a 0.8-acre parcel located at 3518 Ruskin Avenue. Applicant: Steven W. Siebert, Steve Siebert Architecture, Inc. Proposed Ordinance No. 22-002 - Second Reading -Approving 3518 Ruskin Avenue request for Future Land Use Map Amendment from Palm Beach County's Medium Residential Classification with a maximum density of 5.0 dwelling units per acre (MR-5) to Office Commercial (OC). Applicant: Steven W. Siebert, Steve Siebert Architecture, Inc. Proposed Ordinance No. 22-003 - Second Reading -Approving 3518 Ruskin Avenue request for Rezoning from Palm Beach County's Single-Family Residential (RS) District to Office Professional (C-1). Applicant: Steven W. Siebert, Steve Siebert Architecture, Inc. 9. City Manager's Report A. Update on the American Rescue Plan Notice of Funding Pre-Proposal Application Workshop by David Scott, Director of Economic Development and Strategy. B. Update City Commission on the status of the Boynton Beach City Hall Cafe RFP by David Scott, Director of Economic Development and Strategy. David Scott, Director of Economic Development and Strategy, provided notice of the 37 Page 205 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 ARPA Funding Pre-Proposal Application Workshop held on January 13. He provided a brief overview of the workshop. He shared 38 participants attended both in-person and virtually and had their questions answered by himself, Carisse LeJeune, and John Durgan. Applications can be located on the City's ARPA webpage. Applications are due February 4, 2022, at 4:30 P.M. and the Commission will hear staff's recommendations for awards on March 1, 2022. Mr. Scott provided a background on the RFP. Staff are currently developing the RFP. He briefly reviewed the draft recommendations for the Operator, Operations, Objective, and the Proposed Schedule. The RFP would be launched on February 11. Proposals would be due on March 21. Evaluations would be completed by April 5 with the hope the Commission approves the RFP Recommended Awards on April 19. The Cafe open date to be determined by Operator. Commissioner Romelus asked if the vendor would need a liquor license. Mr. Scott responded that they would at least need a beer or wine license. Commissioner Romelus asked about the food containers. Mr. Scott replied that they would work with Rebecca on the containers and straws to meet the sustainability policy. Commissioner Romelus suggested connecting with TELUS. Mayor Grant discussed economies of scale with Rebecca for Go Green products. Mayor Grant recommended a kid's menu or meal to be included in the RFP since it will be next to the Youth Library. Mr. Scott said there is an opportunity to have coffee service in the Arts and Cultural Center. Consensus was reached to continue working on the RFP and for Mr. Scott to bring it back to the next meeting. C. Receive response from staff regarding density calculation for development and the ability to include abutting rights-of-way. Mayor Grant said the City does not define gross acreage, so they are looking to the County for the definition. City Attorney Cherof corrected Mayor Grant and said the County does not define that. It would take a Code amendment to change the definition. Mayor Grant disagreed and asked again if the City defines what gross acreage is. Amanda Radigan, Principal Planner, stated the City does not specifically define gross acreage but there is some standards and best practices that are followed. She said there 38 Page 206 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 is some language in the Comprehensive Plan about exceptions to gross acreage. This is an assumption that gross acreage does not include right-of-way. Ms. Radigan provided a brief presentation. Mayor Grant noted the Commission does not seem to want to continue the conversation but thanked staff for their work on the presentation. Commissioner Katz stated he is not in favor of pursuing this. Commissioner Romelus said absolutely not. 10. Unfinished Business A. Hear report of recommendations from the Historic Resources Preservation Board Chair Barbara Ready regarding placement of a plaque and approving a Resolution for the Pride Intersection at E. Ocean Avenue and E. 1st Street. Heard earlier in the meeting. 11. New Business A. Mayor Grant has requested a discussion regarding naming the urban orchard at Sara Sims Parkfor Latosha Clemons. B. Mayor Grant has requested a discussion regarding naming the urban orchard at Sara Sims Parkfor Latosha Clemons. Motion Vice Mayor Hay moved to table 11A until next meeting. Commissioner Katz seconded the motion. The motion passed unanimously. C. Mayor Grant requested a discussion regarding his travel to Taiwan. 12. Legal — None 13. Future Agenda Items A. School Board Member Erica Whitfield to present the 2021-2022 School Year State of Education Report to the City Commission. - February 1, 2022 B. Staff will provide an update to the Commission on the costs, processes and timeline of pursuing a bond referendum for park improvements - February 1, 39 Page 207 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 2022. C. Award Contract for Public Lands Tree Inventory, RFQ No. UTL22-006 - February 1, 2022 D. Building Department staff will present an update on the implementation of the new SagesGov software for permitting and inspections -TBD E. Discuss disposition of vacant 3.62 acre parcel adjacent to Leisurevillle and west of SW 8th Avenue -TBD F. Proposed Ordinance No. 21-025 First Reading. Approve Development Agreement Ordinance. (Tabled from the September 21, 2021 City Commission Meeting.) - TBD G. Mayor Grant has requested a discussion on JKM lawsuit - TBD H. Discuss Building Safety Inspection Program - (Pending outcome of 2022 legislative session) 14. Adjournment There being no further business to discuss, the meeting was adjourned at 11:53 p.m. CITY OF BOYNTON BEACH Mayor - Steven B. Grant Vice Mayor— Ty Penserga Commissioner— Justin Katz Commissioner—Woodrow L. Hay 40 Page 208 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 Commissioner— Christina Romelus ATTEST: Crystal Gibson, MMC City Clerk Tammy L. Stanzione Deputy City Clerk 41 Page 209 of 580 7.A. Consent Bids and Purchases Over $100,000 2/11/2022 City of Boynton Beach Agenda Item Request Form Commission Meeting Date: 2/1/2022 Requested Action by Commission: Approve the one-year extension for RFPs/Bids and/or piggy-backs for the procurement of services and/or commodities over $100,000 as described in the written report for February 1, 2022 - "Request for Extensions and/or Piggybacks." Explanation of Request: As required, the Finance/Procurement Department submits requests for award to the Commission; requests for approval to enter into contracts and agreements as the result of formal solicitations; and to piggy-back governmental contracts. Options to extend or renew are noted in the "Agenda Request Item" presented to Commission as part of the initial approval process. Procurement seeks to provide an accurate and efficient method to keep the Commission informed of pending renewals and the anticipated expenditure by reducing the paperwork of processing each renewal and/or extension individually and summarizing the information in a monthly report(as required). VENDOR(S) DESCRIPTION OF SOLICITATION RENEWAL AMOUNT SOLICITATION NUMBER TERM Annual Truck Rentals for Solid Waste COBB Bid No. March 20, Estimated RDK Truck Sales Division 011-2515-19/IT 2022 - March Expenditure 19, 2023 $100,000 Annual Clean Space, Inc. Janitorial Services for City COBB Bid No. March 1, 2022 Estimated formerly Kelly Janitorial Municipal Buildings and Facilities 010-2511-19/IT - February 28, Expenditure Systems, I nc. (REBID) 2023 $250,000 How will this affect city programs or services? This renewal report will be used for those solicitations, contracts/agreements and piggy-backs that are renewed/extended with the same terms and conditions and pricing as the initial award. Fiscal Impact: Funds have been budgeted under line items as noted on the attached report. Alternatives: Not approve renewals and require new solicitations to be issued. Strategic Plan: Strategic Plan Application: Page 210 of 580 Climate Action Application: Is this a grant? Grant Amount: Attachments: Type Description D Attachment Attachment D Attachment Renewal Interest Letter ® RD K Truck Rentals- 2022-2023 D Attachment Renewal Interest Letter ® Clean Space, Inc.® 2022®2023 Page 211 of 580 CITY OF BOYNTON BEACH REQUESTS FOR BID EXTENSIONS AND PIGGY-BACKS OVER $100,000 February 1, 2022 REQUESTING DEPARTMENT: PUBLIC WORKS - SOLID WASTE DEPARTMENT CONTACT:ADRIANNA GRECO-ARENCIBIA TERM: March 20, 2022, to March 19, 2023 SOURCE FOR PURCHASE: City of Boynton Beach Bid 011-2515-19/IT ACCOUNT NUMBER: 501-5000-595-09-85 VENDOR(S): RDK TRUCK SALES ANNUAL ESTIMATE: $100,000 DESCRIPTION: On March 19, 2019, Commission approved the award of a two-year bid for Truck Rentals for rental of trucks used by the Solid Waste Division on an as-needed basis. RDK was awarded item 1,2,3,5, and 6. GT Supplies was awarded Item 4 as the primary vendor and Petersen Industries was awarded Item 4 as the secondary vendor. Both GT Supplies and Petersen Industries have previously declined renewing since they no longer offer truck rentals. Item 4 was for the rental of a "cherry picker'. The Agreement was for an initial two (2) year period with the option to renew for three (3) additional one-year term. The vendor has agreed to renew the agreement for the 2nd one-year term. REQUESTING DEPARTMENT: FACILITIES DEPARTMENT CONTACT: GAIL MOOTZ TERM: March 1, 2022, to February 28, 2023 SOURCE FOR PURCHASE: City of Boynton Beach Bid 010-2511-19/IT ACCOUNT NUMBER: 001-2511-519-34-10, 001-2612-571-34-10 VENDOR(S): CLEAN SPACE, INC. ANNUAL ESTIMATE: $250,000 DESCRIPTION: On January 14, 2019, Commission approved the award of Janitorial Services Citywide—City Municipal Buildings and Facilities to Clean Space, Inc. formerly known as Kelly Janitorial Systems, Inc. The Agreement was for an initial two (2) year period with the option to renew for three (3) one-year term. The vendor has agreed to renew the agreement for the 1St one-year term. The City of �lfSl:-EJM:k Boynton Beach, FL 334.35 P.O. Box 3101 ,January 12, 2022 BID: TRUCK RENTALS BID No.: 011-2515-1911T Agreement between the CITY OF BOYNTON BEACH and RDK Truck Sales. AGREE ENT RENEWAL TERM: MARCH 20, 2022-MARCH 19i, 2023 he existing agreement under the same terms conditions and ricin for Yes, I agree to renew t g g pricing an additional one-year term, No, I do not wish to renew the bid for the following reason(s) R K TRUCK SALES --- -TY --- NAME OF COMPANY SICNAT E r c Q u NAME OF REPRESENTATIVE TITLE (Tease print) 17,/ qj[ 3- Dlq 1-_0_7 1 CRATE (AREA CODE)TELEPHONE NUMBER CCS i � . Co C E-MAIL America's Gateway to the Gulf Strea n Page 213 of 580 The City of Boynton Beach Finance/Procurement Services 100 F. Ocean Avenue G, Boynton geoch,FC.334.35 } u: P.O. Box 310 s Boynton Beach,Florida 3.3425--0310 Telephone No:(501)742-0310 January 11, 2022 BIDJANITORIAL SERVICES FOR CITY MUNICIPAL BUILDINGS AND FACILITIES (REBID) I BID No.: 010-2511-1911T Agreement between the CITY OF BOYNTON BEACH and CLEAN SPACE, INC. formerly Kelly Janitorial Systems, Inc. i I AGREEMENT RENEWAL TERM: MARCH 1, 21722—EBBRUARY28, 2123 Yes, I agree to renew the existing agreement under the same terms, conditions, and pricing for an j additional one-year term. i i No, I do not wish to renew the bid for the following reason(s) CLEAN SPACE, INC. NAME OF COMPANY SIGNATURE NAME OF REPRESENTATIVE TIT (please print) 1 (' DATE (AREA CODE)TELEPHONE NUMBER E-Mgt Americo's Gateway to the Gulf Stream Page 214 of 580 7.B. Consent Bids and Purchases Over $100,000 2/11/2022 City of Boynton Beach Agenda Item Request Form Commission Meeting Date: 2/1/2022 Requested Action by Commission: Proposed Resolution No. R22-026-Authorize the City Manager to utilize the State of Florida DMS Alternate contract source number 43230000-NASPO-16-ACS for software licensing through Software House International and sign any associated agreement with Microsoft Corporation for a three-year period for an annual amount of$280,927.93. Explanation of Request: Contract Period: February 1, 2020—September 30, 2026 In December 2012, the City of Boynton Beach entered into a three-year Microsoft Enterprise agreement (EA) to provide software and licensing. The Microsoft Enterprise Agreement was renewed for another three years in December 2015 and renewed for another three years in December 2018. The current agreement will expire on December 31, 2021. The I.T.S. Department is requesting another three-year agreement to extend software and licensing. The City is currently licensed to use the following core Microsoft products: • Windows 10 Pro for desktop operating systems • Windows Server 2019 for file, print, and application server services • Office 2019 for word processing, spreadsheets, personal databases, and general office automation • Exchange 2019 and Exchange Online for email server services • SQL Server 2019 for database server services The City has added additional licensing to this Microsoft Enterprise Agreement (EA). Additional Exchange Online licensing for all City employees Azure AD Premium P1 licensing The Microsoft EA allows the I.T.S. Department to upgrade to the latest software versions as they are released. How will this affect city programs or services? The Microsoft Enterprise Agreement(EA) creates value by supporting a business in these fundamental ways: Lower cost of ownership—by standardizing the Enterprise platform and receiving Software Assurance benefits, it is estimated that the City could achieve up to 15% cost savings while increasing workplace productivity. Historically, Microsoft product releases include a 5% - 15% annual cost increase. The EA provides fixed costs over a three-year term for all Microsoft products purchased at the onset of the agreement. Access to the Most Recent Versions of Software—the right to the current and future versions of software products is built in to the price of the agreement. Enhanced Technical Capabilities—the EA enables user agencies to reduce costs and streamline management with the Microsoft Desktop Optimization Pack (MDOP), which offers innovative technologies, application virtualization, asset management, policy control, and device diagnostic and recovery tools. Page 215 of 580 Support and Training—the EA provides help through a 247 phone and web support service. It also provides online and classroom technical training for staff. Deployment Planning Services—the City is entitled to assistance and planning services from Microsoft in order to deploy products, which will be helpful during the initial retro-fit, as well as future version roll-outs. Participating in this agreement will allow the City of Boynton Beach to get the most out of its Microsoft software investment. Fiscal Impact: Funding is budgeted in fiscal year 2021/2022 under the following accounts: I.T.S. 001-1510-513.46-91 $ 157,812.08 Police Dept. 001-2112-521.46-91 $ 90,673.78 Utilities 401-2821-536.46-91 $ 32,442.07 Total $ 280,927.93 Alternatives: The City evaluated other purchasing avenues in 2018 when the 3-year Microsoft EA was approved and the Microsoft EA from Software House International was the lowest priced quote. The alternative could be to issue a formal bid request for the renewal, but that process will cause delays and may not result in a substantially lower cost. Strategic Plan: Building Wealth in the Community Strategic Plan Application: This agenda item helps maintain the 'wealth in the community' by protecting investment in software tools and keeping them up-to-date. Failure to do so would have a negative impact on the use of internal computer servers and systems, and in turn, the services provided to the community. Climate Action Application: This agenda item has a net-zero impact on the climate. Is this a grant? Grant Amount: Attachments: Page 216 of 580 Type Description D Resolution Resolution approving renewing Microsoft Enterprise Agreement for sof re D Quotes SHI Quote D Contract NASO Cloud Solutions- Contract AR2488 D Addendum NASPO/Florida DMS - 43230000-NASPO-16- AC S D Amendment Florida DMS/SHI -Amendment 3 D Other Microsoft Previous Enrollments Form D Other Microsoft Enterprise Enrollment (indirect) D Other Microsoft Product Selection Form D Other Microsoft Signature Form Page 217 of 580 I RESOLUTION NO. R22- 2 3 A RESOLUTION OF THE CITY OF BOYNTON BEACH, FLORIDA, 4 APPROVING AND AUTHORIZING THE CITY MANAGER TO UTILIZE THE 5 STATE OF FLORIDA DMS ALTERNATE CONTRACT SOURCE NUMBER 6 43230000-NASPO-I6-ACS FOR SOFTWARE LICENSING THROUGH 7 SOFTWARE HOUSE INTERNATIONAL AND SIGN ANY ASSOCIATED 8 AGREEMENT WITH MICROSOFT CORPORATION FOR A THREE-YEAR 9 PERIOD FOR AN ANNUAL AMOUNT OF $280,927.93; AND PROVIDING 10 AN EFFECTIVE DATE. 11 12 13 WHEREAS, in December 2012 the City of Boynton Beach entered into a three-year 14 Microsoft Enterprise agreement (EA) to provide certain software and licensing which was 15 renewed for another three years in December 2015 and renewed for another three years in 16 December 2018; and 17 WHEREAS, the ITS Department is recommending renewal of the Microsoft EA with a 18 new three year term which will allow ITS Department to upgrade to the latest software versions 19 as they are released; and 20 WHEREAS, the City Commission of the City of Boynton Beach, upon the 21 recommendation of staff, deems it in the best interest of the citizens and residents of the City 22 of Boynton Beach to approve and authorize the City Manager to utilize the State of Florida 23 DMS Alternate contract source number 43230000-NASPO-16-ACS for software licensing 24 through Software House International and sign any associated agreement with Microsoft 25 Corporation for a three-year period for an annual amount of $280,927.93. 26 NOW, THEREFORE, BE IT RESOLVED BY THE CITY COMMISSION OF THE CITY OF 27 BOYNTON BEACH, FLORIDA, THAT: 28 Section 1.The foregoing "Whereas" clauses are hereby ratified and confirmed as being 29 true and correct and are hereby made a specific part of this Resolution upon adoption hereof. S:\CA\RESO\Agreements\Microsoft Enterprise Agreement for Soffware(2022)-Reso.docx Page 218 of 580 30 Section 2. The City Commission of the City of Boynton Beach hereby approves and 31 authorizes the City Manager to utilize the State of Florida DMS Alternate contract source 32 number 43230000-NASPO-16-ACS for software licensing through Software House 33 International and sign any associated agreement with Microsoft Corporation for a three-year 34 period for an annual amount of $280,927.93. 35 Section 3. That this Resolution shall become effective immediately upon passage. 36 PASSED AND ADOPTED this 1 st day of February, 2022. 37 CITY OF BOYNTON BEACH, FLORIDA 38 39 YES NO 40 41 Mayor— Steven B. Grant 42 43 Vice Mayor—Woodrow L. Hay 44 45 Commissioner—Justin Katz 46 47 Commissioner— Christina L. Romelus 48 49 Commissioner—Ty Penserga 50 51 VOTE 52 ATTEST: 53 54 55 56 Crystal Gibson, MMC 57 City Clerk 58 59 60 (Corporate Seal) S:\CA\RESO\Agreements\Microsoft Enterprise Agreement for Soffware(2022)-Reso.docx Page 219 of 580 Pricing Proposal Quotation#: 21391332 Created On: 12/16/2021 Valid Until: 2/28/2022 City of Boynton Beach Inside Account Executive Charles Stevens Thomas Morrow FL 290 Davidson Ave Somerset, NJ 08873 United States Phone: 732-564-8522 Phone: Fax: 732-564-8224 Fax: Email: Thomas—Morrow@shi.com Email: StevensC@bbfl.us All Prices are in US Dollar(USD) Product Qty Your Price Total 1 CoreCAL ALNG SA MVL Pltfrm UsrCAL 750 $45.64 $34,230.00 Microsoft-Part#:W06-01072 Contract Name: NASPO Cloud Solutions Contract#:AR2488 Subcontract#:43230000-NASPO-16-ACS Coverage Term: 1/1/2022—12/31/2023 Note:(Basic Commitment-Year 1 of 3) 2 ExchgSvrEntALNG SA MVL 2 $713.13 $1,426.26 Microsoft-Part#: 395-02504 Contract Name: NASPO Cloud Solutions Contract#:AR2488 Subcontract#:43230000-NASPO-16-ACS Coverage Term: 1/1/2022—12/31/2023 Note:(Basic Commitment-Year 1 of 3) 3 ExchOnlnP1AddOnGCC ShrdSvr ALNG SubsVL MVL AddOn 875 $23.52 $20,580.00 tousrExchStdCAL/CoreCAL(6NM-00004) Microsoft-Part#:6P3-00002 Contract Name: NASPO Cloud Solutions Contract#:AR2488 Subcontract#:43230000-NASPO-16-ACS Coverage Term: 1/1/2022—12/31/2023 Note:(Basic Commitment-Year 1 of 3) 4 OfficeProPlus ALNG SA MVL Pltfrm 850 $102.69 $87,286.50 Microsoft-Part#: 269-12442 Contract Name: NASPO Cloud Solutions Contract#:AR2488 Subcontract#:43230000-NASPO-16-ACS Coverage Term: 1/1/2022—12/31/2023 Note:(Basic Commitment-Year 1 of 3) 5 OneDrive business P1 GCC Sub Per User(3NM-00004) 7 $45.96 $321.72 Microsoft-Part#: 3NP-00002 Contract Name: NASPO Cloud Solutions Contract#:AR2488 Subcontract#:43230000-NASPO-16-ACS Page 220 of 580 Coverage Term: 1/1/2022—12/31/2023 Note:(Basic Commitment-Year 1 of 3) 6 Prjct Std ALNG SA MVL 60 $125.51 $7,530.60 Microsoft-Part#: 076-01912 Contract Name: NASPO Cloud Solutions Contract#:AR2488 Subcontract#:43230000-NASPO-16-ACS Coverage Term: 1/1/2022—12/31/2023 Note:(Basic Commitment-Year 1 of 3) 7 SharePointSvrALNG SA MVL 1 $1,196.42 $1,196.42 Microsoft-Part#: H04-00268 Contract Name: NASPO Cloud Solutions Contract#:AR2488 Subcontract#:43230000-NASPO-16-ACS Coverage Term: 1/1/2022—12/31/2023 Note:(Basic Commitment-Year 1 of 3) 8 SQLSvrStdCore ALNG SA MVL 21-ic CoreLic 20 $573.76 $11,475.20 Microsoft-Part#:7NQ-00292 Contract Name: NASPO Cloud Solutions Contract#:AR2488 Subcontract#:43230000-NASPO-16-ACS Coverage Term: 1/1/2022—12/31/2023 Note:(Basic Commitment-Year 1 of 3) 9 VisioStd ALNG SA MVL 42 $55.42 $2,327.64 Microsoft-Part#: D86-01253 Contract Name: NASPO Cloud Solutions Contract#:AR2488 Subcontract#:43230000-NASPO-16-ACS Coverage Term: 1/1/2022—12/31/2023 Note:(Basic Commitment-Year 1 of 3) 10 WINENTperDVC ALNG SA MVL Pltfrm 850 $45.64 $38,794.00 Microsoft-Part#: KV3-00353 Contract Name: NASPO Cloud Solutions Contract#:AR2488 Subcontract#:43230000-NASPO-16-ACS Coverage Term: 1/1/2022—12/31/2023 Note:(Basic Commitment-Year 1 of 3) 11 WinRmtDsktpSrvcsCALALNG SA MVL UsrCAL 50 $23.64 $1,182.00 Microsoft-Part#: 6VC-01254 Contract Name: NASPO Cloud Solutions Contract#:AR2488 Subcontract#:43230000-NASPO-16-ACS Coverage Term: 1/1/2022—12/31/2023 Note:(Basic Commitment-Year 1 of 3) 12 WnSvrDCCore ALNG SA MVL 21-ic CoreLic 86 $123.88 $10,653.68 Microsoft-Part#: 9EA-00278 Contract Name: NASPO Cloud Solutions Contract#:AR2488 Subcontract#:43230000-NASPO-16-ACS Coverage Term: 1/1/2022—12/31/2023 Note:(Basic Commitment-Year 1 of 3) 13 WinSvrSTDCore ALNG SA MVL 21-ic CoreLic 136 $19.56 $2,660.16 Microsoft-Part#: 9EM-00270 Contract Name: NASPO Cloud Solutions Page 221 of 580 Contract#:AR2488 Subcontract#:43230000-NASPO-16-ACS Coverage Term: 1/1/2022—12/31/2023 Note:(Basic Commitment-Year 1 of 3) 14 AzureActiveDrctryPremP1GCC ShrdSvrALNG SubsVL MVL PerUsr 875 $58.14 $50,872.50 Microsoft-Part#: MQM-00001 Contract Name: NASPO Cloud Solutions Contract#:AR2488 Subcontract#:43230000-NASPO-16-ACS Coverage Term: 1/1/2022—12/31/2023 15 CoreCAL ALNG LicSAPk MVL PltFrm UsrCAL 125 $83.13 $10,391.25 Microsoft-Part#:W06-01066 Contract Name: NASPO Cloud Solutions Contract#:AR2488 Subcontract#:43230000-NASPO-16-ACS Coverage Term: 1/1/2022—12/31/2023 Total $280,927.93 Additional Comments Hardware items on this quote may be updated to reflect changes due to industry wide constraints and fluctuations. The products offered under this proposal are resold in accordance with the terms and conditions of the Contract referenced under that applicable line item. Page 222 of 580 +'oF T2d�g Contract# AR2488 u.. , S'; STATE OF UTAH COOPERATIVE CONTRACT 1. CONTRACTING PARTIES: This contract is between the Division of Purchasing and the following Contractor: SHI International Coip. LEGAL STATUS OF CONTRACTOR Name Q Sole Proprietor 290 Davidson Avenue [j Non-Profit Corporation Address 0 For-Profit Corporation Somerset NJ 08873 ® Partnership City State Zip n Government Agency Contact Person: Nick Grappone Phone:732-564-8189 Email:Nick_grappone@shi.com Vendor#33386DD Commodity Code#920-05 2. GENERAL PURPOSE OF CONTRACT:Contractor is oermitted to provide the Cloud Solutions identified in Attachment B to Participtrting States once a Participating Addendum has been signed. 3. PROCUREMENT PROCESS:This contract is entered into as a result of the procurement process on Bid#CH16012. 4. CONTRACT PERIOD:Effective Date:09/30/2016 Termination Date:09/15/2026 unless terminated early or extended in accordance with the terms and conditions of this contract. Pursuant to Solicitation#CH 16012,Contractor must re-certify its qualifications each year. 5. Administrative Fee,as described in the Solicitation and Attachment A: The Contractor shall pay to NASPO ValuePoint,or its assignee, a NASPO ValuePoint Administrative Fee of one-quarter of one percent(0.25%or 0.0025)of contract sales no later than 60 days following the end of each calendar quarter.The NASPO ValuePoint Administrative Fee shall be submitted quarterly and is based on sales of the Services. 6. ATTACHMENT A:NASPO ValuePoint Master Terms and Conditions ATTACHMENT B: Scope of Services Awarded to Contractor ATTACHMENT C:Pricing Discounts and Pricing Schedule ATTACHMENT D: Contractor's Response to Solicitation#CH16012 ATTACHMENT E: Service Provider Terms and Conditions Any conflicts between Attachment A and the other Attachments will be resolved in favor of Attachment A. 8. DOCUMENTS INCORPORATED INTO THIS CONTRACT BY REFERENCE BUT NOT ATTACHED: a. All other governmental laws,regulations,or actions applicable to the goods and/or services authorized by this contract. b. Utah State Procurement Code and the Procurement Rules. 9. Each signatory below represents that he or she has the requisite authority to enter into this contract. IN WITNESS WHEREOF,the parties sign and cause this contract to be executed. CONTRACTOR STATE 2/2/17 Contractor's signature Date Direellr,j b is o -of Purchasing Date Natalie Slowik, Director of Response Team Type or Print Name and Title y Spencer Hall 801-538-3307 801-538-3882 spencerh@a,utah.gov Division of Purchasing Contact Person Telephone Number Fax Number Email (Revision 16 June 2016) Page 223 of 580 NASPO ValuePoint Attachment A: NASPO ValuePoint Master Agreement Terms and Conditions 1. Master Agreement Order of Precedence a. Any Order placed under this Master Agreement shall consist of the following documents: (1) A Participating Entity's Participating Addendum' ("PA"); (2) NASPO ValuePoint Master Agreement Terms & Conditions and the cloud service provider service terms; (3) The Solicitation; (4) Contractor's response to the Solicitation, as revised (if permitted) and accepted by the Lead State; and (5) A Service Level Agreement issued against the Participating Addendum. b. These documents shall be read to be consistent and complementary. Any conflict among these documents shall be resolved by giving priority to these documents in the order listed above. Any conflicts between Attachment A and the other Attachments will be resolved in favor of Attachment A, except for conflicts between the Attachment A Exhibits and Attachment E, which in that event, Attachment E will prevail. Contractor terms and conditions that apply to this Master Agreement are only those that are expressly accepted by the Lead State and must be in writing and attached to this Master Agreement as an Exhibit or Attachment. 2. Definitions - Unless otherwise provided in this Master Agreement, capitalized terms will have the meanings given to those terms in this Section. Confidential Information means any and all information of any form that is marked as confidential or would by its nature be deemed confidential obtained by Contractor or its employees or agents in the performance of this Master Agreement, including, but not necessarily limited to (1) any Purchasing Entity's records, (2) personnel records, and (3) information concerning individuals, is confidential information of Purchasing Entity. Contractor means the person or entity providing solutions under the terms and conditions set forth in this Master Agreement. Contractor also includes its employees, subcontractors, agents and affiliates who are providing the services agreed to under the Master Agreement. Data means all information, whether in oral or written (including electronic) form, 1 A Sample Participating Addendum will be published after the contracts have been awarded. z The Exhibits comprise the terms and conditions for the service models: PaaS, IaaS,and PaaS. Page 224 of 580 created by or in any way originating with a Participating Entity or Purchasing Entity, and all information that is the output of any computer processing, or other electronic manipulation, of any information that was created by or in any way originating with a Participating Entity or Purchasing Entity, in the course of using and configuring the Services provided under this Agreement. Data Breach means any actual or reasonably suspected non-authorized access to or acquisition of computerized Non-Public Data or Personal Data that compromises the security, confidentiality, or integrity of the Non-Public Data or Personal Data, or the ability of Purchasing Entity to access the Non-Public Data or Personal Data. Data Categorization means the process of risk assessment of Data. See also "High Risk Data", "Moderate Risk Data" and "Low Risk Data". Disabling Code means computer instructions or programs, subroutines, code, instructions, data or functions, (including but not limited to viruses, worms, date bombs or time bombs), including but not limited to other programs, data storage, computer libraries and programs that self-replicate without manual intervention, instructions programmed to activate at a predetermined time or upon a specified event, and/or programs purporting to do a meaningful function but designed for a different function, that alter, destroy, inhibit, damage, interrupt, interfere with or hinder the operation of the Purchasing Entity's' software, applications and/or its end users processing environment, the system in which it resides, or any other software or data on such system or any other system with which it is capable of communicating. Fulfillment Partner means a third-party contractor qualified and authorized by Contractor, and approved by the Participating State under a Participating Addendum, who may, to the extent authorized by Contractor, fulfill any of the requirements of this Master Agreement including but not limited to providing Services under this Master Agreement and billing Customers directly for such Services. Contractor may, upon written notice to the Participating State, add or delete authorized Fulfillment Partners as necessary at any time during the contract term. Fulfillment Partner has no authority to amend this Master Agreement or to bind Contractor to any additional terms and conditions. High Risk Data is as defined in FIPS PUB 199, Standards for Security Categorization of Federal Information and Information Systems ("High Impact Data"). Infrastructure as a Service (laaS) as used in this Master Agreement is defined the capability provided to the consumer to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications; and possibly limited control of select networking components (e.g., host firewalls). Page 225 of 580 Intellectual Property means any and all patents, copyrights, service marks, trademarks, trade secrets, trade names, patentable inventions, or other similar proprietary rights, in tangible or intangible form, and all rights, title, and interest therein. Lead State means the State centrally administering the solicitation and any resulting Master Agreement(s). Low Risk Data is as defined in FIPS PUB 199, Standards for Security Categorization of Federal Information and Information Systems ("Low Impact Data"). Master Agreement means this agreement executed by and between the Lead State, acting on behalf of NASPO ValuePoint, and the Contractor, as now or hereafter amended. Moderate Risk Data is as defined in FIPS PUB 199, Standards for Security Categorization of Federal Information and Information Systems ("Moderate Impact Data"). NASPO ValuePoint is the NASPO ValuePoint Cooperative Purchasing Program, facilitated by the NASPO Cooperative Purchasing Organization LLC, a 501(c)(3) limited liability company (doing business as NASPO ValuePoint) is a subsidiary organization the National Association of State Procurement Officials (NASPO), the sole member of NASPO ValuePoint. The NASPO ValuePoint Cooperative Purchasing Organization facilitates administration of the cooperative group contracting consortium of state chief procurement officials for the benefit of state departments, institutions, agencies, and political subdivisions and other eligible entities (i.e., colleges, school districts, counties, cities, some nonprofit organizations, etc.) for all states and the District of Columbia. The NASPO ValuePoint Cooperative Development Team is identified in the Master Agreement as the recipient of reports and may be performing contract administration functions as assigned by the Lead State. Non-Public Data means High Risk Data and Moderate Risk Data that is not subject to distribution to the public as public information. It is deemed to be sensitive and confidential by the Purchasing Entity because it contains information that is exempt by statute, ordinance or administrative rule from access by the general public as public information. Participating Addendum means a bilateral agreement executed by a Contractor and a Participating Entity incorporating this Master Agreement and any other additional Participating Entity specific language or other requirements, e.g. ordering procedures specific to the Participating Entity, other terms and conditions. Participating Entity means a state, or other legal entity, properly authorized to enter into a Participating Addendum. Participating State means a state, the District of Columbia, or one of the territories of the United States that is listed in the Request for Proposal as intending to participate. Page 226 of 580 Upon execution of the Participating Addendum, a Participating State becomes a Participating Entity. Personal Data means data alone or in combination that includes information relating to an individual that identifies the individual by name, identifying number, mark or description can be readily associated with a particular individual and which is not a public record. Personal Information may include the following personally identifiable information (PII): government-issued identification numbers (e.g., Social Security, driver's license, passport); financial account information, including account number, credit or debit card numbers; or Protected Health Information (PHI) relating to a person. Platform as a Service (PaaS) as used in this Master Agreement is defined as the capability provided to the consumer to deploy onto the cloud infrastructure consumer- created or -acquired applications created using programming languages and tools supported by the provider. This capability does not necessarily preclude the use of compatible programming languages, libraries, services, and tools from other sources. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment configurations. Product means any deliverable under this Master Agreement, including Services, software, and any incidental tangible goods. Protected Health Information (PHI) means individually identifiable health information transmitted by electronic media, maintained in electronic media, or transmitted or maintained in any other form or medium. PHI excludes education records covered by the Family Educational Rights and Privacy Act (FERPA), as amended, 20 U.S.C. 1232g, records described at 20 U.S.C. 1232g(a)(4)(B)(iv) and employment records held by a covered entity in its role as employer. PHI may also include information that is a subset of health information, including demographic information collected from an individual, and (1) is created or received by a health care provider, health plan, employer or health care clearinghouse; and (2) relates to the past, present or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present or future payment for the provision of health care to an individual; and (a) that identifies the individual; or (b) with respect to which there is a reasonable basis to believe the information can be used to identify the individual. Purchasing Entity means a state, city, county, district, other political subdivision of a State, and a nonprofit organization under the laws of some states if authorized by a Participating Addendum, who issues a Purchase Order against the Master Agreement and becomes financially committed to the purchase. Services mean any of the specifications described in the Scope of Services that are supplied or created by the Contractor pursuant to this Master Agreement. Security Incident means the possible or actual unauthorized access to a Purchasing Page 227 of 580 Entity's Non-Public Data and Personal Data the Contractor believes could reasonably result in the use, disclosure or theft of a Purchasing Entity's Non-Public Data within the possession or control of the Contractor. A Security Incident also includes a major security breach to the Contractor's system, regardless if Contractor is aware of unauthorized access to a Purchasing Entity's Non-Public Data. A Security Incident may or may not turn into a Data Breach. Service Level Agreement (SLA) means a written agreement between both the Purchasing Entity and the Contractor that is subject to the terms and conditions in this Master Agreement and relevant Participating Addendum unless otherwise expressly agreed in writing between the Purchasing Entity and the Contractor. SLAs should include: (1) the technical service level performance promises, (i.e. metrics for performance and intervals for measure), (2) description of service quality, (3) identification of roles and responsibilities, (4) remedies, such as credits, and (5) an explanation of how remedies or credits are calculated and issued. Software as a Service (SaaS) as used in this Master Agreement is defined as the capability provided to the consumer to use the Contractor's applications running on a Contractor's infrastructure (commonly referred to as `cloud infrastructure). The applications are accessible from various client devices through a thin client interface such as a Web browser (e.g., Web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings. Solicitation means the documents used by the State of Utah, as the Lead State, to obtain Contractor's Proposal. Statement of Work means a written statement in a solicitation document or contract that describes the Purchasing Entity's service needs and expectations. 3. Term of the Master Agreement: The initial term of this Master Agreement is for ten (10) years with no renewal options. 4. Amendments: The terms of this Master Agreement shall not be waived, altered, modified, supplemented or amended in any manner whatsoever without prior written approval of the Lead State and Contractor. 5. Assignment/Subcontracts: Contractor shall not assign, sell, transfer, or sublet rights, or delegate responsibilities under this Master Agreement, in whole or in part, without the prior written approval of the Lead State. The Lead State reserves the right to assign any rights or duties, including written assignment of contract administration duties to the NASPO Cooperative Purchasing Organization LLC, doing business as NASPO ValuePoint. 6. Discount Guarantee Period: All discounts must be guaranteed for the entire term of the Master Agreement. Participating Entities and Purchasing Entities shall receive the Page 228 of 580 immediate benefit of price or rate reduction of the services provided under this Master Agreement. A price or rate reduction will apply automatically to the Master Agreement and an amendment is not necessary. 7. Termination: Unless otherwise stated, this Master Agreement may be terminated by either party upon 60 days written notice prior to the effective date of the termination. Further, any Participating Entity may terminate its participation upon 30 days written notice, unless otherwise limited or stated in the Participating Addendum. Termination may be in whole or in part. Any termination under this provision shall not affect the rights and obligations attending orders outstanding at the time of termination, including any right of any Purchasing Entity to indemnification by the Contractor, rights of payment for Services delivered and accepted, data ownership, Contractor obligations regarding Purchasing Entity Data, rights attending default in performance an applicable Service Level of Agreement in association with any Order, Contractor obligations under Termination and Suspension of Service, any responsibilities arising out of a Security Incident or Data Breach, and maintenance, license or service contracts in progress between the Purchasing Entity and service provider. Termination of the Master Agreement due to Contractor default may be immediate if defaults cannot be reasonably cured as allowed per the Default and Remedies provision. 8. Confidentiality, Non-Disclosure, and Injunctive Relief a. Confidentiality. Each party acknowledges that it and its employees or agents may, in the course of providing a Product under this Master Agreement, be exposed to or acquire information that is confidential to the other Party or Purchasing Entity's clients. Any reports or other documents or items (including software) that result from the use of the Confidential Information by the receiving Party shall be treated in the same manner as the Confidential Information. Confidential Information does not include information that (1) is or becomes (other than by disclosure by the receiving Party) publicly known; (2) is furnished by the disclosing Party to others without restrictions similar to those imposed by this Master Agreement; (3) is rightfully in the receiving Party's possession without the obligation of nondisclosure prior to the time of its disclosure under this Master Agreement; (4) is obtained from a source other than the disclosing Party without the obligation of confidentiality, (5) is disclosed with the written consent of the disclosing Party or; (6) is independently developed by employees, agents or subcontractors of the receiving Party who can be shown to have had no access to the Confidential Information. b. Non-Disclosure. Each Party shall hold Confidential Information in confidence, using at least the industry standard of confidentiality, and shall not copy, reproduce, sell, assign, license, market, transfer or otherwise dispose of, give, or disclose Confidential Information to third parties or use Confidential Information for any purposes whatsoever other than what is necessary to the performance of Orders placed under this Master Agreement. Contractor shall advise each of its employees and agents of their obligations to keep Confidential Information confidential. Contractor shall use commercially reasonable efforts to assist Purchasing Entity in identifying and preventing any unauthorized use or disclosure of any Confidential Information. Without limiting the generality of the foregoing, Contractor shall advise Purchasing Entity, applicable Participating Entity, and the Lead State immediately if Contractor learns or has reason to believe that any person who has had access to Confidential Information has violated or intends to violate the terms of this Master Agreement, and Contractor shall at its Page 229 of 580 expense cooperate with Purchasing Entity in seeking injunctive or other equitable relief in the name of Purchasing Entity or Contractor against any such person. Except as directed by Purchasing Entity, Contractor will not at any time during or after the term of this Master Agreement disclose, directly or indirectly, any Confidential Information to any person, except in accordance with this Master Agreement, and that upon termination of this Master Agreement or at Purchasing Entity's request, Contractor shall turn over to Purchasing Entity all documents, papers, and other matter in Contractor's possession that embody Confidential Information. Notwithstanding the foregoing, Contractor may keep one copy of such Confidential Information necessary for quality assurance, audits and evidence of the performance of this Master Agreement. c. Injunctive Relief. Contractor acknowledges that breach of this section, including disclosure of any Confidential Information, will cause irreparable injury to Purchasing Entity that is inadequately compensable in damages. Accordingly, Purchasing Entity may seek and obtain injunctive relief against the breach or threatened breach of the foregoing undertakings, in addition to any other legal remedies that may be available. Contractor acknowledges and agrees that the covenants contained herein are necessary for the protection of the legitimate business interests of Purchasing Entity and are reasonable in scope and content. d. Purchasing Entity Law. These provisions shall be applicable only to extent they are not in conflict with the applicable public disclosure laws of any Purchasing Entity. 9. Right to Publish: Throughout the duration of this Master Agreement, Contractor must secure prior approval from the Lead State or Participating Entity for the release of any information that pertains to the potential work or activities covered by the Master Agreement , including but not limited to reference to or use of the Lead State or a Participating Entity's name, Great Seal of the State, Coat of Arms, any Agency or other subunits of the State government, or any State official or employee, for commercial promotion which is strictly prohibited. News releases or release of broadcast e-mails pertaining to this Master Agreement or Participating Addendum shall not be made without prior written approval of the Lead State or a Participating Entity. The Contractor shall not make any representations of NASPO ValuePoint's opinion or position as to the quality or effectiveness of the services that are the subject of this Master Agreement without prior written consent. Failure to adhere to this requirement may result in termination of the Master Agreement for cause. 10. Defaults and Remedies a. The occurrence of any of the following events shall be an event of default under this Master Agreement: (1) Nonperformance of contractual requirements; or (2) A material breach of any term or condition of this Master Agreement; or (3) Any certification, representation or warranty by Contractor in response to the solicitation or in this Master Agreement that proves to be untrue or materially misleading; or Page 230 of 580 (4) Institution of proceedings under any bankruptcy, insolvency, reorganization or similar law, by or against Contractor, or the appointment of a receiver or similar officer for Contractor or any of its property, which is not vacated or fully stayed within thirty (30) calendar days after the institution or occurrence thereof; or (5) Any default specified in another section of this Master Agreement. b. Upon the occurrence of an event of default, the party claiming default shall issue a written notice of default, identifying the nature of the default, and providing a period of 30 calendar days in which the party in default shall have an opportunity to cure the default. The Lead State shall not be required to provide advance written notice or a cure period and may immediately terminate this Master Agreement in whole or in part if the Lead State, in its sole discretion, determines that it is reasonably necessary to preserve public safety or prevent immediate public crisis. Time allowed for cure shall not diminish or eliminate Contractor's liability for damages. c. If the party in default is afforded an opportunity to cure and fails to cure the default within the period specified in the written notice of default, the party in default shall be in breach of its obligations under this Master Agreement and Lead State shall have the right to exercise any or all of the following remedies: (1) Exercise any remedy provided by law; and (2) Terminate this Master Agreement; and (3) Suspend Contractor from being able to respond to future NASPO ValuePoint solicitations; and (4) Suspend Contractor's performance; and (5)Withhold payment for the portion of the nonconforming Service at issue until the default is remedied. d. Unless otherwise specified in the Participating Addendum, in the event of a default under a Participating Addendum, a Participating Entity shall provide a written notice of default as described in this section and have all of the rights and remedies under this paragraph regarding its participation in the Master Agreement, in addition to those set forth in its Participating Addendum. 11. Changes in Contractor Representation: The Contractor must notify the Lead State of changes in the Contractor's key administrative personnel, in writing within 10 calendar days of the change. The Lead State reserves the right to approve changes in key personnel, as identified in the Contractor's proposal. The Contractor agrees to propose replacement key personnel having substantially equal or better education, training, and experience as was possessed by the key person proposed and evaluated in the Contractor's proposal. 12. Force Majeure: Neither party shall be in default by reason of any failure in performance of this Contract in accordance with reasonable control and without fault or negligence on their part. Such causes may include, but are not restricted to, acts of nature or the public enemy, acts of the government in either its sovereign or contractual Page 231 of 580 capacity, fires, floods, epidemics, quarantine restrictions, strikes, freight embargoes and unusually severe weather, but in every case the failure to perform such must be beyond the reasonable control and without the fault or negligence of the party. 13. Indemnification a. The Contractor shall defend, indemnify and hold harmless NASPO, NASPO ValuePoint, the Lead State, Participating Entities, and Purchasing Entities, along with their officers, agents, and employees as well as any person or entity for which they may be liable, from and against claims, damages or causes of action including reasonable attorneys' fees and related costs for any death, injury, or damage to property arising directly from act(s), error(s), or omission(s) of the Contractor, its employees or subcontractors or volunteers, at any tier, relating to the performance under the Master Agreement. Contractor's duties under this provision are dependent on the indemnified party giving Contractor (1) prompt written notice of such third party claim and (2) sole authority to defend or settle the claim. b. Indemnification — Intellectual Property. The Contractor shall defend, indemnify and hold harmless NASPO, NASPO ValuePoint, the Lead State, Participating Entities, Purchasing Entities, along with their officers, agents, and employees as well as any person or entity for which they may be liable ("Indemnified Party"), from and against claims, damages or causes of action including reasonable attorneys' fees and related costs arising out of the claim that the Service or its use, infringes Intellectual Property rights ("Intellectual Property Claim") of another person or entity. (1) The Contractor's obligations under this section shall not extend to any claim based on: (a) Contractor's compliance with Participating Entity/Purchasing Entity's designs, specifications or instructions; or (b) Contractor's use of technical information or technology provided by the Participating Entity/Purchasing Entity; or (c) non-Contractor software, modifications a Participating Entity/Purchasing Entity makes to, or any specifications or materials a Participating Entity/Purchasing Entity provides or makes available for a Service; or (d) Participating Entity/Purchasing Entity's combination of the Service with a non-Contractor product, data or business process; or damages based on the use of a non- Contractor product, data or business Process; or (e) Participating Entity/Purchasing Entity's use of either Contractor's trademark. (2) The Indemnified Party shall notify the Contractor within a reasonable time after receiving notice of an Intellectual Property Claim. Even if the Indemnified Party Page 232 of 580 fails to provide reasonable notice, the Contractor shall not be relieved from its obligations unless the Contractor can demonstrate that it was prejudiced in defending the Intellectual Property Claim resulting in increased expenses or loss to the Contractor and then only to the extent of the prejudice or expenses. If the Contractor promptly and reasonably investigates and defends any Intellectual Property Claim, it shall have control over the defense and settlement of it. However, the Indemnified Party must consent in writing for any money damages or obligations for which it may be responsible. The Indemnified Party shall furnish, at the Contractor's reasonable request and expense, information and assistance necessary for such defense. If Contractor reasonably believes that a Service may infringe or misappropriate a third party's intellectual property rights, Contractor will seek to (i) procure for Participating Entity/Purchasing Entity the rights to continue to use the Service or (ii) modify or replace it with a functional equivalent to make it non-infringing and notify Participating Entity/Purchasing Entity to discontinue use of the prior version, which Participating Entity/Purchasing Entity must do immediately. If the foregoing options are not commercially reasonable for Contractor, or if required by a valid judicial or government order, Contractor may terminate Participating Entity/Purchasing Entity's license or access rights in the Service. 14. Independent Contractor: The Contractor shall be an independent contractor. Contractor shall have no authorization, express or implied, to bind the Lead State, Participating States, other Participating Entities, or Purchasing Entities to any agreements, settlements, liability or understanding whatsoever, and agrees not to hold itself out as agent except as expressly set forth herein or as expressly agreed in any Participating Addendum. 15. Individual Customers: Except to the extent modified by a Participating Addendum, each Purchasing Entity shall follow the terms and conditions of the Master Agreement and applicable Participating Addendum and will have the same rights and responsibilities for their purchases as the Lead State has in the Master Agreement, including but not limited to, any indemnity or right to recover any costs as such right is defined in the Master Agreement and applicable Participating Addendum for their purchases. Each Purchasing Entity will be responsible for its own charges, fees, and liabilities. The Contractor will apply the charges and invoice each Purchasing Entity individually. 16. Insurance a. Unless otherwise agreed in a Participating Addendum, Contractor shall, during the term of this Master Agreement, maintain in full force and effect, the insurance described in this section. Contractor shall acquire such insurance from an insurance carrier or carriers licensed to conduct business in each Participating Entity's state and having a rating of A-, Class VII or better, in the most recently published edition of Best's Reports. Failure to buy and maintain the required insurance may result in this Master Agreement's termination or, at a Participating Entity's option, result in termination of its Participating Addendum. b. Coverage shall be written on an occurrence basis. The minimum acceptable limits shall be as indicated below, with no deductible for each of the following categories: (1) Commercial General Liability covering premises operations, independent contractors, products and completed operations, blanket contractual liability, personal injury (including death), advertising liability, and property damage, Page 233 of 580 with a limit of not less than $1 million per occurrence/$3 million general aggregate; (2) CLOUD MINIMUM INSURANCE COVERAGE, if Contractor hosts this kind of data: Data Breach and Privacy/Cyber Liability including Technology Errors and Omissions Level of Risk Minimum Insurance Coverage Low Risk Data $270007000 Moderate Risk Data $570007000 High Risk Data $1070007000 (3) Contractor must comply with any applicable State Workers Compensation or Employers Liability Insurance requirements. (4) Professional Liability. As applicable, Professional Liability Insurance Policy in the minimum amount of$1,000,000 per occurrence and $1,000,000 in the aggregate, written on an occurrence form that provides coverage for its work undertaken pursuant to each Participating Addendum. c. Contractor shall pay premiums on all insurance policies. Such policies shall also reference this Master Agreement and shall have a condition that they not be revoked by the insurer until thirty (30) calendar days after notice of intended revocation thereof shall have been given to Purchasing Entity and Participating Entity by the Contractor. d. Prior to commencement of performance, Contractor shall provide to the Lead State a written endorsement to the Contractor's general liability insurance policy or other documentary evidence acceptable to the Lead State that (1) names the Participating States identified in the Request for Proposal as additional insureds, (2) provides that no material alteration, cancellation, non-renewal, or expiration of the coverage contained in such policy shall have effect unless the named Participating State has been given at least thirty (30) days prior written notice, and (3) provides that the Contractor's liability insurance policy shall be primary, with any liability insurance of any Participating State as secondary and noncontributory. Unless otherwise agreed in any Participating Addendum, the Participating Entity's rights and Contractor's obligations are the same as those specified in the first sentence of this subsection. Before performance of any Purchase Order issued after execution of a Participating Addendum authorizing it, the Contractor shall provide to a Purchasing Entity or Participating Entity who requests it the same information described in this subsection. e. Contractor shall furnish to the Lead State, Participating Entity, and, on request, the Purchasing Entity copies of certificates of all required insurance within thirty (30) calendar days of the execution of this Master Agreement, the execution of a Participating Addendum, or the Purchase Order's effective date and prior to performing any work. The insurance certificate shall provide the following information: the name and address of the insured; name, address, telephone number and signature of the authorized agent; name of the insurance company (authorized to operate in all states); a description of coverage in detailed standard terminology (including policy period, policy number, limits of liability, exclusions and endorsements); and an acknowledgment Page 234 of 580 of the requirement for notice of cancellation. Copies of renewal certificates of all required insurance shall be furnished within thirty (30) days after any renewal date. These certificates of insurance must expressly indicate compliance with each and every insurance requirement specified in this section. Failure to provide evidence of coverage may, at sole option of the Lead State, or any Participating Entity, result in this Master Agreement's termination or the termination of any Participating Addendum. f. Coverage and limits shall not limit Contractor's liability and obligations under this Master Agreement, any Participating Addendum, or any Purchase Order. 17. Laws and Regulations: Any and all Services offered and furnished shall comply fully with all applicable Federal and State laws and regulations. 18. No Waiver of Sovereign Immunity: In no event shall this Master Agreement, any Participating Addendum or any contract or any Purchase Order issued thereunder, or any act of a Lead State, a Participating Entity, or a Purchasing Entity be a waiver of any form of defense or immunity, whether sovereign immunity, governmental immunity, immunity based on the Eleventh Amendment to the Constitution of the United States or otherwise, from any claim or from the jurisdiction of any court. This section applies to a claim brought against the Participating State only to the extent Congress has appropriately abrogated the Participating State's sovereign immunity and is not consent by the Participating State to be sued in federal court. This section is also not a waiver by the Participating State of any form of immunity, including but not limited to sovereign immunity and immunity based on the Eleventh Amendment to the Constitution of the United States. 19. Ordering a. Master Agreement order and purchase order numbers shall be clearly shown on all acknowledgments, shipping labels, packing slips, invoices, and on all correspondence. b. This Master Agreement permits Purchasing Entities to define project-specific requirements and informally compete the requirement among other firms having a Master Agreement on an "as needed" basis. This procedure may also be used when requirements are aggregated or other firm commitments may be made to achieve reductions in pricing. This procedure may be modified in Participating Addenda and adapted to Purchasing Entity rules and policies. The Purchasing Entity may in its sole discretion determine which firms should be solicited for a quote. The Purchasing Entity may select the quote that it considers most advantageous, cost and other factors considered. c. Each Purchasing Entity will identify and utilize its own appropriate purchasing procedure and documentation. Contractor is expected to become familiar with the Purchasing Entities' rules, policies, and procedures regarding the ordering of supplies and/or services contemplated by this Master Agreement. d. Contractor shall not begin providing Services without a valid Service Level Page 235 of 580 Agreement or other appropriate commitment document compliant with the law of the Purchasing Entity. e. Orders may be placed consistent with the terms of this Master Agreement during the term of the Master Agreement. f. All Orders pursuant to this Master Agreement, at a minimum, shall include: (1) The services or supplies being delivered; (2) The place and requested time of delivery; (3) A billing address; (4) The name, phone number, and address of the Purchasing Entity representative; (5) The price per unit or other pricing elements consistent with this Master Agreement and the contractor's proposal; (6) A ceiling amount of the order for services being ordered; and (7) The Master Agreement identifier and the Participating State contract identifier. g. All communications concerning administration of Orders placed shall be furnished solely to the authorized purchasing agent within the Purchasing Entity's purchasing office, or to such other individual identified in writing in the Order. h. Orders must be placed pursuant to this Master Agreement prior to the termination date of this Master Agreement. Contractor is reminded that financial obligations of Purchasing Entities payable after the current applicable fiscal year are contingent upon agency funds for that purpose being appropriated, budgeted, and otherwise made available. i. Notwithstanding the expiration or termination of this Master Agreement, Contractor agrees to perform in accordance with the terms of any Orders then outstanding at the time of such expiration or termination. Contractor shall not honor any Orders placed after the expiration or termination of this Master Agreement. Orders from any separate indefinite quantity, task orders, or other form of indefinite delivery order arrangement priced against this Master Agreement may not be placed after the expiration or termination of this Master Agreement, notwithstanding the term of any such indefinite delivery order agreement. 20. Participants and Scope a. Contractor may not deliver Services under this Master Agreement until a Participating Addendum acceptable to the Participating Entity and Contractor is executed. The NASPO ValuePoint Master Agreement Terms and Conditions are applicable to any Order by a Participating Entity (and other Purchasing Entities covered by their Participating Addendum), except to the extent altered, modified, supplemented or amended by a Participating Addendum. By way of illustration and not limitation, this authority may apply to unique delivery and invoicing requirements, confidentiality requirements, defaults on Orders, governing law and venue relating to Orders by a Page 236 of 580 Participating Entity, indemnification, and insurance requirements. Statutory or constitutional requirements relating to availability of funds may require specific language in some Participating Addenda in order to comply with applicable law. The expectation is that these alterations, modifications, supplements, or amendments will be addressed in the Participating Addendum or, with the consent of the Purchasing Entity and Contractor, may be included in the ordering document (e.g. purchase order or contract) used by the Purchasing Entity to place the Order. b. Subject to subsection 20c and a Participating Entity's Participating Addendum, the use of specific NASPO ValuePoint cooperative Master Agreements by state agencies, political subdivisions and other Participating Entities (including cooperatives) authorized by individual state's statutes to use state contracts is subject to the approval of the respective State Chief Procurement Official. c. Unless otherwise stipulated in a Participating Entity's Participating Addendum, specific services accessed through the NASPO ValuePoint cooperative Master Agreements for Cloud Services by state executive branch agencies, as required by a Participating Entity's statutes, are subject to the authority and approval of the Participating Entity's Chief Information Officer's Office3. Cl. Obligations under this Master Agreement are limited to those Participating Entities who have signed a Participating Addendum and Purchasing Entities within the scope of those Participating Addenda. Financial obligations of Participating States are limited to the orders placed by the departments or other state agencies and institutions having available funds. Participating States incur no financial obligations on behalf of political subdivisions. e. NASPO ValuePoint is not a party to the Master Agreement. It is a nonprofit cooperative purchasing organization assisting states in administering the NASPO ValuePoint cooperative purchasing program for state government departments, institutions, agencies and political subdivisions (e.g., colleges, school districts, counties, cities, etc.) for all 50 states, the District of Columbia and the territories of the United States. f. Participating Addenda shall not be construed to amend the terms of this Master Agreement between the Lead State and Contractor. g. Participating Entities who are not states may under some circumstances sign their own Participating Addendum, subject to the approval of participation by the Chief Procurement Official of the state where the Participating Entity is located. Coordinate requests for such participation through NASPO ValuePoint. Any permission to participate through execution of a Participating Addendum is not a determination that procurement authority exists in the Participating Entity; they must ensure that they have the requisite procurement authority to execute a Participating Addendum. s Chief Information Officer means the individual designated by the Governor with Executive Branch,enterprise- wide responsibility for the leadership and management of information technology resources of a state. Page 237 of 580 h. Resale. Subject to any explicit permission in a Participating Addendum, Purchasing Entities may not resell goods, software, or Services obtained under this Master Agreement. This limitation does not prohibit: payments by employees of a Purchasing Entity as explicitly permitted under this agreement; sales of goods to the general public as surplus property; and fees associated with inventory transactions with other governmental or nonprofit entities under cooperative agreements and consistent with a Purchasing Entity's laws and regulations. Any sale or transfer permitted by this subsection must be consistent with license rights granted for use of intellectual property. 21. Payment: Unless otherwise stipulated in the Participating Addendum, Payment is normally made within 30 days following the date of a correct invoice is received. Purchasing Entities reserve the right to withhold payment of a portion (including all if applicable) of disputed amount of an invoice. After 45 days the Contractor may assess overdue account charges up to a maximum rate of one percent per month on the outstanding balance. Payments will be remitted by mail. Payments may be made via a State or political subdivision "Purchasing Card" with no additional charge. 22. Data Access Controls: Unless otherwise provided for in the service provider terms, Contractor will provide access to Purchasing Entity's Data only to those Contractor employees, contractors and subcontractors ("Contractor Staff') who need to access the Data to fulfill Contractor's obligations under this Agreement. Contractor shall not access a Purchasing Entity's user accounts or Data, except on the course of data center operations, response to service or technical issues, as required by the express terms of this Master Agreement, or at a Purchasing Entity's written request. Contractor may not share a Purchasing Entity's Data with its parent corporation, other affiliates, or any other third party without the Purchasing Entity's express written consent. Contractor will ensure that, prior to being granted access to the Data, Contractor Staff who perform work under this Agreement have successfully completed annual instruction of a nature sufficient to enable them to effectively comply with all Data protection provisions of this Agreement; and possess all qualifications appropriate to the nature of the employees' duties and the sensitivity of the Data they will be handling. 23. Operations Management: Unless otherwise provided in the service provider terms, Contractor shall maintain the administrative, physical, technical, and procedural infrastructure associated with the provision of the Product in a manner that is, at all times during the term of this Master Agreement, at a level equal to or more stringent than those specified in the Solicitation. 24. Public Information: This Master Agreement and all related documents are subject to disclosure pursuant to the Purchasing Entity's public information laws. 25. Purchasing Entity Data: Purchasing Entity retains full right and title to Data provided by it and any Data derived therefrom, including metadata. Contractor shall not collect, access, or use user-specific Purchasing Entity Data except as strictly necessary to provide Service to the Purchasing Entity. No information regarding Purchasing Entity's use of the Service may be disclosed, provided, rented or Page 238 of 580 sold to any third party for any reason unless required by law or regulation or by an order of a court of competent jurisdiction. The obligation shall extend beyond the term of this Master Agreement in perpetuity. Unless otherwise provided for in the service provider terms, Contractor shall not use any information collected in connection with this Master Agreement, including Purchasing Entity Data, for any purpose other than fulfilling its obligations under this Master Agreement. 26. Records Administration and Audit. a. The Contractor shall maintain books, records, documents, and other evidence pertaining to this Master Agreement and orders placed by Purchasing Entities under it to the extent and in such detail as shall adequately reflect performance and administration of payments and fees. Contractor shall permit the Lead State, a Participating Entity, a Purchasing Entity, the federal government (including its grant awarding entities and the U.S. Comptroller General), and any other duly authorized agent of a governmental agency, to audit, inspect, examine, copy and/or transcribe Contractor's books, documents, papers and records directly pertinent to this Master Agreement or orders placed by a Purchasing Entity under it for the purpose of making audits, examinations, excerpts, and transcriptions. This right shall survive for a period of six (6) years following termination of this Agreement or final payment for any order placed by a Purchasing Entity against this Agreement, whichever is later, to assure compliance with the terms hereof or to evaluate performance hereunder. b. Without limiting any other remedy available to any governmental entity, the Contractor shall reimburse the applicable Lead State, Participating Entity, or Purchasing Entity for any overpayments inconsistent with the terms of the Master Agreement or orders or underpayment of fees found as a result of the examination of the Contractor's records. c. The rights and obligations herein exist in addition to any quality assurance obligation in the Master Agreement requiring the Contractor to self-audit contract obligations and that permits the Lead State to review compliance with those obligations. d. The Contractor shall allow the Purchasing Entity to audit conformance to the Master Agreement and applicable Participating Addendum terms. The purchasing entity may perform this audit or contract with a third party at its discretion and at the purchasing entity's expense. 27. Administrative Fees: The Contractor shall pay to NASPO ValuePoint, or its assignee, a NASPO ValuePoint Administrative Fee of one-quarter of one percent (0.25% or 0.0025) no later than 60 days following the end of each calendar quarter. The NASPO ValuePoint Administrative Fee shall be submitted quarterly and is based on sales of the Services. The NASPO ValuePoint Administrative Fee is not negotiable. This fee is to be included as part of the pricing submitted with proposal. Additionally, some states may require an additional administrative fee be paid directly to Page 239 of 580 the state on purchases made by Purchasing Entities within that state. For all such requests, the fee level, payment method and schedule for such reports and payments will be incorporated into the Participating Addendum that is made a part of the Master Agreement. The Contractor may adjust the Master Agreement pricing accordingly for purchases made by Purchasing Entities within the jurisdiction of the state. All such agreements shall not affect the NASPO ValuePoint Administrative Fee percentage or the prices paid by the Purchasing Entities outside the jurisdiction of the state requesting the additional fee. The NASPO ValuePoint Administrative Fee shall be based on the gross amount of all sales at the adjusted prices (if any) in Participating Addenda. 28. System Failure or Damage: RESERVED 29. Title to License: If access to the Product requires an application program interface (API), Contractor shall convey to Purchasing Entity an irrevocable and perpetual license to use the API. 30. Data Privacy: The service provider must comply with all applicable laws related to data privacy and security, including IRS Pub 1075. Prior to entering into a SLA with a Purchasing Entity, the Contractor and Purchasing Entity must cooperate and hold a meeting to determine the Data Categorization to determine whether the Contractor will hold, store, or process High Risk Data, Moderate Risk Data and Low Risk Data. The Contractor must document the Data Categorization in the SLA or Statement of Work. 31. Warranty: At a minimum the Contractor must warrant the following: a. Contractor has acquired any and all rights, grants, assignments, conveyances, licenses, permissions, and authorization for the Contractor to provide the Services described in this Master Agreement. b. Contractor will perform materially as described in this Master Agreement, SLA, Statement of Work, including any performance representations contained in the Contractor's response to the Solicitation by the Lead State. c. Contractor represents and warrants that the representations contained in its response to the Solicitation by the Lead State. d. Unless otherwise provided for in the services terms in Attachment E, the Contractor will not interfere with a Purchasing Entity's access to and use of the Services it acquires from this Master Agreement. e. The Services provided by the Contractor are compatible with and will operate successfully with any environment (including web browser and operating system) specified by the Contractor in its response to the Solicitation by the Lead State. f. The Contractor must use industry-leading technology to detect and remove worms, Trojans, rootkits, rogues, dialers, spyware, etc. 32. Transition Assistance: a. The Contractor shall reasonably cooperate with other parties in connection with all Page 240 of 580 Services to be delivered under this Master Agreement, including without limitation any successor service provider to whom a Purchasing Entity's Data is transferred in connection with the termination or expiration of this Master Agreement. The Contractor shall assist a Purchasing Entity in exporting and extracting a Purchasing Entity's Data, in a format usable without the use of the Services and as agreed by a Purchasing Entity, at no additional cost to the Purchasing Entity. Any transition services requested by a Purchasing Entity involving additional knowledge transfer and support may be subject to a separate transition Statement of Work. b. A Purchasing Entity and the Contractor shall, when reasonable, create a Transition Plan Document identifying the transition services to be provided and including a Statement of Work if applicable. c. The Contractor must maintain the confidentiality and security of a Purchasing Entity's Data during the transition services and thereafter as required by the Purchasing Entity. 33. Waiver of Breach: Failure of the Lead State, Participating Entity, or Purchasing Entity to declare a default or enforce any rights and remedies shall not operate as a waiver under this Master Agreement or Participating Addendum. Any waiver by the Lead State, Participating Entity, or Purchasing Entity must be in writing. Waiver by the Lead State or Participating Entity of any default, right or remedy under this Master Agreement or Participating Addendum, or by Purchasing Entity with respect to any Purchase Order, or breach of any terms or requirements of this Master Agreement, a Participating Addendum, or Purchase Order shall not be construed or operate as a waiver of any subsequent default or breach of such term or requirement, or of any other term or requirement under this Master Agreement, Participating Addendum, or Purchase Order. 34. Assignment of Antitrust Rights: Contractor irrevocably assigns to a Participating Entity who is a state any claim for relief or cause of action which the Contractor now has or which may accrue to the Contractor in the future by reason of any violation of state or federal antitrust laws (15 U.S.C. § 1-15 or a Participating Entity's state antitrust provisions), as now in effect and as may be amended from time to time, in connection with any goods or services provided to the Contractor for the purpose of carrying out the Contractor's obligations under this Master Agreement or Participating Addendum, including, at a Participating Entity's option, the right to control any such litigation on such claim for relief or cause of action. 35. Debarment : The Contractor certifies, to the best of its knowledge, that neither it nor its principals are presently debarred, suspended, proposed for debarment, declared ineligible, or voluntarily excluded from participation in this transaction (contract) by any governmental department or agency. This certification represents a recurring certification made at the time any Order is placed under this Master Agreement. If the Contractor cannot certify this statement, attach a written explanation for review by the Lead State. 36. Performance and Payment Time Frames that Exceed Contract Duration: All maintenance or other agreements for services entered into during the duration of an SLA and whose performance and payment time frames extend beyond the duration of this Master Agreement shall remain in effect for performance and payment purposes (limited to the time frame and services established per each written agreement). No new Page 241 of 580 leases, maintenance or other agreements for services may be executed after the Master Agreement has expired. For the purposes of this section, renewals of maintenance, subscriptions, SaaS subscriptions and agreements, and other service agreements, shall not be considered as "new." 37. Governing Law and Venue a. The procurement, evaluation, and award of the Master Agreement shall be governed by and construed in accordance with the laws of the Lead State sponsoring and administering the procurement. The construction and effect of the Master Agreement after award shall be governed by the law of the state serving as Lead State (in most cases also the Lead State). The construction and effect of any Participating Addendum or Order against the Master Agreement shall be governed by and construed in accordance with the laws of the Participating Entity's or Purchasing Entity's State. b. Unless otherwise specified in the RFP, the venue for any protest, claim, dispute or action relating to the procurement, evaluation, and award is in the Lead State. Venue for any claim, dispute or action concerning the terms of the Master Agreement shall be in the state serving as Lead State. Venue for any claim, dispute, or action concerning any Order placed against the Master Agreement or the effect of a Participating Addendum shall be in the Purchasing Entity's State. c. If a claim is brought in a federal forum, then it must be brought and adjudicated solely and exclusively within the United States District Court for (in decreasing order of priority): the Lead State for claims relating to the procurement, evaluation, award, or contract performance or administration if the Lead State is a party; the Participating State if a named party; the Participating Entity state if a named party; or the Purchasing Entity state if a named party. d. This section is also not a waiver by the Participating State of any form of immunity, including but not limited to sovereign immunity and immunity based on the Eleventh Amendment to the Constitution of the United States. 38. No Guarantee of Service Volumes: The Contractor acknowledges and agrees that the Lead State and NASPO ValuePoint makes no representation, warranty or condition as to the nature, timing, quality, quantity or volume of business for the Services or any other products and services that the Contractor may realize from this Master Agreement, or the compensation that may be earned by the Contractor by offering the Services. The Contractor acknowledges and agrees that it has conducted its own due diligence prior to entering into this Master Agreement as to all the foregoing matters. 39. NASPO ValuePoint eMarket Center: In July 2011, NASPO ValuePoint entered into a multi-year agreement with SciQuest, Inc. whereby SciQuest will provide certain electronic catalog hosting and management services to enable eligible NASPO ValuePoint's customers to access a central online website to view and/or shop the goods and services available from existing NASPO ValuePoint Cooperative Contracts. The central online website is referred to as the NASPO ValuePoint eMarket Center. The Contractor will have visibility in the eMarket Center through Ordering Instructions. These Ordering Instructions are available at no cost to the Contractor and provided customers information regarding the Contractors website and ordering information. Page 242 of 580 At a minimum, the Contractor agrees to the following timeline: NASPO ValuePoint eMarket Center Site Admin shall provide a written request to the Contractor to begin Ordering Instruction process. The Contractor shall have thirty (30) days from receipt of written request to work with NASPO ValuePoint to provide any unique information and ordering instructions that the Contractor would like the customer to have. 40. Contract Provisions for Orders Utilizing Federal Funds: Pursuant to Appendix II to 2 Code of Federal Regulations (CFR) Part 200, Contract Provisions for Non-Federal Entity Contracts Under Federal Awards, Orders funded with federal funds may have additional contractual requirements or certifications that must be satisfied at the time the Order is placed or upon delivery. These federal requirements may be proposed by Participating Entities in Participating Addenda and Purchasing Entities for incorporation in Orders placed under this master agreement. 41. Government Support: No support, facility space, materials, special access, personnel or other obligations on behalf of the states or other Participating Entities, other than payment, are required under the Master Agreement. 42. NASPO ValuePoint Summary and Detailed Usage Reports: In addition to other reports that may be required by this solicitation, the Contractor shall provide the following NASPO ValuePoint reports. a. Summary Sales Data. The Contractor shall submit quarterly sales reports directly to NASPO ValuePoint using the NASPO ValuePoint Quarterly Sales/Administrative Fee Reporting Tool found at http-//www.naspo.org/WNCPO/Calculator.aspx. Any/all sales made under the contract shall be reported as cumulative totals by state. Even if Contractor experiences zero sales during a calendar quarter, a report is still required. Reports shall be due no later than 30 day following the end of the calendar quarter (as specified in the reporting tool). b. Detailed Sales Data. Contractor shall also report detailed sales data by: (1) state; (2) entity/customer type, e.g. local government, higher education, K12, non-profit; (3) Purchasing Entity name; (4) Purchasing Entity bill-to and ship-to locations; (4) Purchasing Entity and Contractor Purchase Order identifier/number(s); (5) Purchase Order Type (e.g. sales order, credit, return, upgrade, determined by industry practices); (6) Purchase Order date; (7) and line item description, including product number if used. The report shall be submitted in any form required by the solicitation. Reports are due on a quarterly basis and must be received by the Lead State and NASPO ValuePoint Cooperative Development Team no later than thirty (30) days after the end of the reporting period. Reports shall be delivered to the Lead State and to the NASPO ValuePoint Cooperative Development Team electronically through a designated portal, email, CD-Rom, flash drive or other method as determined by the Lead State and NASPO ValuePoint. Detailed sales data reports shall include sales information for all sales under Participating Addenda executed under this Master Agreement. The format for the detailed sales data report is in shown in Attachment F. c. Reportable sales for the summary sales data report and detailed sales data report includes sales to employees for personal use where authorized by the solicitation and the Participating Addendum. Report data for employees should be limited to ONLY the state and entity they are participating under the authority of (state and agency, city, county, school district, etc.) and the amount of sales. No personal identification numbers, e.g. names, addresses, social security numbers or any other numerical Page 243 of 580 identifier, may be submitted with any report. d. Contractor shall provide the NASPO ValuePoint Cooperative Development Coordinator with an executive summary each quarter that includes, at a minimum, a list of states with an active Participating Addendum, states that Contractor is in negotiations with and any PA roll out or implementation activities and issues. NASPO ValuePoint Cooperative Development Coordinator and Contractor will determine the format and content of the executive summary. The executive summary is due 30 days after the conclusion of each calendar quarter. e. Timely submission of these reports is a material requirement of the Master Agreement. The recipient of the reports shall have exclusive ownership of the media containing the reports. The Lead State and NASPO ValuePoint shall have a perpetual, irrevocable, non-exclusive, royalty free, transferable right to display, modify, copy, and otherwise use reports, data and information provided under this section. f. If requested by a Participating Entity, the Contractor must provide detailed sales data within the Participating State. 43. Entire Agreement: This Master Agreement, along with any attachment, contains the entire understanding of the parties hereto with respect to the Master Agreement unless a term is modified in a Participating Addendum with a Participating Entity. 44. Limitation of Liability: Except as otherwise set forth in the Indemnification paragraphs above, the limit of liability shall be as follows: a. Contractor's liability for any claim, loss or liability arising out of, or connected with the Services provided, and whether based upon default or other liability such as breach of contract, warranty Negligence, misrepresentation or otherwise, shall in no case exceed direct damages in: (i) an amount equal to two (2) times the charges specified in the purchase order for the Services, or parts therof forming the basis of the Purchasing Entity's claim, (said amount not to exceed a total of twelve (12) months charges payable under the applicable Purchase order) or (ii) five million dollars ($5, 000,000), whichever is greater. b. The Purchasing Entity may retain such monies from any amount due Contractor as may be necessary to satisfy any claim for damages, costs and the like asserted against the Purchasing Entity unless Contractor at the time of the presentation of claim shall demonstrate to the Purchasing Entity's satisfaction that sufficient monies are set aside by the Contractor in the form of a bond or through insurance coverage to cover associated damages and other costs. The limitation of liability in Section 44 will not apply to claims for bodily injury or death. Page 244 of 580 State of Utah Bid CH16012 Exhibit 1 to the Master Agreement: Software-as-a-Service 1. Data Ownership:The Purchasing Entity will own all right,title and interest in its data that is related to the Services provided by this Master Agreement.The Contractor shall not access Purchasing Entity user accounts or Purchasing Entity data, except (1) in the course of data center operations, (2) in response to service or technical issues, (3) as required by the express terms of this Master Agreement, Participating Addendum, SLA, and/or other contract documents, or(4) at the Purchasing Entity's written request. Contractor shall not collect, access, or use user-specific Purchasing Entity Data except as strictly necessary to provide Service to the Purchasing Entity. No information regarding a Purchasing Entity's use of the Service may be disclosed, provided, rented or sold to any third party for any reason unless required by law or regulation or by an order of a court of competent jurisdiction.This obligation shall survive and extend beyond the term of this Master Agreement. 2. Data Protection: Protection of personal privacy and data shall be an integral part of the business activities of the Contractor to ensure there is no inappropriate or unauthorized use of Purchasing Entity information at any time.To this end,the Contractor shall safeguard the confidentiality, integrity and availability of Purchasing Entity information and comply with the following conditions: a.The Contractor shall implement and maintain appropriate administrative, technical and organizational security measures to safeguard against unauthorized access, disclosure or theft of Personal Data and Non-Public Data. Such security measures shall be in accordance with recognized industry practice and not less stringent than the measures the Contractor applies to its own Personal Data and Non-Public Data of similar kind. b. All data obtained by the Contractor in the performance of the Master Agreement shall become and remain the property of the Purchasing Entity. c. All Personal Data shall be encrypted at rest and in transit with controlled access. Unless otherwise stipulated,the Contractor is responsible for encryption of the Personal Data. Any stipulation of responsibilities will identify specific roles and responsibilities and shall be included in the service level agreement (SLA), or otherwise made a part of the Master Agreement. d. Unless otherwise stipulated, the Contractor shall encrypt all Non-Public Data at rest and in transit.The Purchasing Entity shall identify data it deems as Non-Public Data to the Contractor. The level of protection and encryption for all Non-Public Data shall be identified in the SLA. e. At no time shall any data or processes —that either belong to or are intended for the use of a Purchasing Entity or its officers, agents or employees — be copied, disclosed or retained by the Contractor or any party related to the Contractor for subsequent use in any transaction that does not include the Purchasing Entity. f.The Contractor shall not use any information collected in connection with the Services issued from this Master Agreement for any purpose other than fulfilling the Services. Page 245 of 580 State of Utah Bid CH16012 3. Data Location:The Contractor shall provide its services to the Purchasing Entity and its end users solely from data centers in the U.S. Storage of Purchasing Entity data at rest shall be located solely in data centers in the U.S.The Contractor shall not allow its personnel or contractors to store Purchasing Entity data on portable devices, including personal computers, except for devices that are used and kept only at its U.S. data centers.The Contractor shall permit its personnel and contractors to access Purchasing Entity data remotely only as required to provide technical support.The Contractor may provide technical user support on a 24/7 basis using a Follow the Sun model, unless otherwise prohibited in a Participating Addendum. 4. Security Incident or Data Breach Notification: a. Incident Response: Contractor may need to communicate with outside parties regarding a security incident,which may include contacting law enforcement,fielding media inquiries and seeking external expertise as mutually agreed upon, defined by law or contained in the contract. Discussing security incidents with the Purchasing Entity should be handled on an urgent as- needed basis, as part of Contractor's communication and mitigation processes as mutually agreed upon, defined by law or contained in the Master Agreement. b. Security Incident Reporting Requirements:The Contractor shall report a security incident to the Purchasing Entity identified contact immediately as soon as possible or promptly without out reasonable delay, or as defined in the SLA. c. Breach Reporting Requirements: If the Contractor has actual knowledge of a confirmed data breach that affects the security of any purchasing entity's content that is subject to applicable data breach notification law, the Contractor shall (1)as soon as possible or promptly without out reasonable delay notify the Purchasing Entity, unless shorter time is required by applicable law, and (2)take commercially reasonable measures to address the data breach in a timely manner. 5. Personal Data Breach Responsibilities:This section only applies when a Data Breach occurs with respect to Personal Data within the possession or control of the Contractor. a.The Contractor, unless stipulated otherwise, shall immediately notify the appropriate Purchasing Entity identified contact by telephone in accordance with the agreed upon security plan or security procedures if it reasonably believes there has been a security incident. b.The Contractor, unless stipulated otherwise, shall promptly notify the appropriate Purchasing Entity identified contact within 24 hours or sooner by telephone, unless shorter time is required by applicable law, if it has confirmed that there is, or reasonably believes that there has been a Data Breach.The Contractor shall (1) cooperate with the Purchasing Entity as reasonably requested by the Purchasing Entity to investigate and resolve the Data Breach, (2) promptly implement necessary remedial measures, if necessary, and (3) document responsive actions taken related to the Data Breach, including any post-incident review of events and actions taken to make changes in business practices in providing the services, if necessary. Page 246 of 580 State of Utah Bid CH16012 c. Unless otherwise stipulated, if a data breach is a direct result of Contractor's breach of its contractual obligation to encrypt personal data or otherwise prevent its release as reasonably determined by the Purchasing Entity,the Contractor shall bear the costs associated with (1)the investigation and resolution of the data breach; (2) notifications to individuals, regulators or others required by federal and state laws or as otherwise agreed to; (3) a credit monitoring service required by state (or federal) law or as otherwise agreed to; (4) a website or a toll-free number and call center for affected individuals required by federal and state laws — all not to exceed the average per record per person cost calculated for data breaches in the United States (currently$217 per record/person) in the most recent Cost of Data Breach Study: Global Analysis published by the Ponemon Institute at the time of the data breach; and (5) complete all corrective actions as reasonably determined by Contractor based on root cause. 6. Notification of Legal Requests:The Contractor shall contact the Purchasing Entity upon receipt of any electronic discovery, litigation holds, discovery searches and expert testimonies related to the Purchasing Entity's data under the Master Agreement, or which in any way might reasonably require access to the data of the Purchasing Entity.The Contractor shall not respond to subpoenas, service of process and other legal requests related to the Purchasing Entity without first notifying and obtaining the approval of the Purchasing Entity, unless prohibited by law from providing such notice. 7.Termination and Suspension of Service: a. In the event of a termination of the Master Agreement or applicable Participating Addendum, the Contractor shall implement an orderly return of purchasing entity's data in a CSV or another mutually agreeable format at a time agreed to by the parties or allow the Purchasing Entity to extract it's data and the subsequent secure disposal of purchasing entity's data. b. During any period of service suspension,the Contractor shall not take any action to intentionally erase or otherwise dispose of any of the Purchasing Entity's data. c. In the event of termination of any services or agreement in entirety, the Contractor shall not take any action to intentionally erase purchasing entity's data for a period of: • 10 days after the effective date of termination, if the termination is in accordance with the contract period • 30 days after the effective date of termination, if the termination is for convenience • 60 days after the effective date of termination, if the termination is for cause After such period, the Contractor shall have no obligation to maintain or provide any purchasing entity's data and shall thereafter, unless legally prohibited, delete all purchasing entity's data in its systems or otherwise in its possession or under its control. Page 247 of 580 State of Utah Bid CH16012 d. The purchasing entity shall be entitled to any post termination assistance generally made available with respect to the services, unless a unique data retrieval arrangement has been established as part of an SLA. e. Upon termination of the Services or the Agreement in its entirety, Contractor shall securely dispose of all Purchasing Entity's data in all of its forms, such as disk, CD/ DVD, backup tape and paper, unless stipulated otherwise by the Purchasing Entity. Data shall be permanently deleted and shall not be recoverable, according to National Institute of Standards and Technology (NIST)-approved methods. Certificates of destruction shall be provided to the Purchasing Entity. 8. Background Checks: Upon the request of the Purchasing Entity,the Contractor shall conduct criminal background checks and not utilize any staff, including subcontractors, to fulfill the obligations of the Master Agreement who have been convicted of any crime of dishonesty, including but not limited to criminal fraud, or otherwise convicted of any felony or misdemeanor offense for which incarceration for up to 1 year is an authorized penalty.The Contractor shall promote and maintain an awareness of the importance of securing the Purchasing Entity's information among the Contractor's employees and agents. If any of the stated personnel providing services under a Participating Addendum is not acceptable to the Purchasing Entity in its sole opinion as a result of the background or criminal history investigation,the Purchasing Entity, in its' sole option shall have the right to either (1) request immediate replacement of the person, or(2) immediately terminate the Participating Addendum and any related service agreement. 9.Access to Security Logs and Reports:The Contractor shall provide reports on a schedule specified in the SLA to the Purchasing Entity in a format as specified in the SLA agreed to by both the Contractor and the Purchasing Entity. Reports shall include latency statistics, user access, user access IP address, user access history and security logs for all public jurisdiction files related to this Master Agreement and applicable Participating Addendum. 10. Contract Audit:The Contractor shall allow the Purchasing Entity to audit conformance to the Master Agreement terms.The Purchasing Entity may perform this audit or contract with a third party at its discretion and at the Purchasing Entity's expense. 11. Data Center Audit:The Contractor shall perform an independent audit of its data centers at least annually at its expense, and provide an unredacted version of the audit report upon request to a Purchasing Entity.The Contractor may remove its proprietary information from the unredacted version. A Service Organization Control (SOC) 2 audit report or approved equivalent sets the minimum level of a third-party audit. 12. Change Control and Advance Notice:The Contractor shall give a minimum forty eight(48) hour advance notice (or as determined by a Purchasing Entity and included in the SLA)to the Purchasing Entity of any upgrades (e.g., major upgrades, minor upgrades, system changes)that may impact service availability and performance. A major upgrade is a replacement of hardware, software or firmware with a newer or better version in order to bring the system up to date or to improve its characteristics. It usually includes a new version number. Page 248 of 580 State of Utah Bid CH16012 Contractor will make updates and upgrades available to Purchasing Entity at no additional costs when Contractor makes such updates and upgrades generally available to its users. No update, upgrade or other charge to the Service may decrease the Service's functionality, adversely affect Purchasing Entity's use of or access to the Service, or increase the cost of the Service to the Purchasing Entity. Contractor will notify the Purchasing Entity at least sixty(60) days in advance prior to any major update or upgrade. 13. Security:As requested by a Purchasing Entity,the Contractor shall disclose its non-proprietary system security plans (SSP)or security processes and technical limitations to the Purchasing Entity such that adequate protection and flexibility can be attained between the Purchasing Entity and the Contractor. For example: virus checking and port sniffing — the Purchasing Entity and the Contractor shall understand each other's roles and responsibilities. 14. Non-disclosure and Separation of Duties:The Contractor shall enforce separation of job duties, require commercially reasonable non-disclosure agreements, and limit staff knowledge of Purchasing Entity data to that which is absolutely necessary to perform job duties. 15. Import and Export of Data:The Purchasing Entity shall have the ability to import or export data in piecemeal or in entirety at its discretion without interference from the Contractor at any time during the term of Contractor's contract with the Purchasing Entity.This includes the ability for the Purchasing Entity to import or export data to/from other Contractors. Contractor shall specify if Purchasing Entity is required to provide its' own tools for this purpose, including the optional purchase of Contractors tools if Contractors applications are not able to provide this functionality directly. 16. Responsibilities and Uptime Guarantee:The Contractor shall be responsible for the acquisition and operation of all hardware, software and network support related to the services being provided.The technical and professional activities required for establishing, managing and maintaining the environments are the responsibilities of the Contractor.The system shall be available 24/7/365 (with agreed-upon maintenance downtime), and provide service to customers as defined in the SLA. 17. Subcontractor Disclosure: Contractor shall identify all of its strategic business partners related to services provided under this Master Agreement, including but not limited to all subcontractors or other entities or individuals who may be a party to a joint venture or similar agreement with the Contractor, and who shall be involved in any application development and/or operations. 18. Right to Remove Individuals:The Purchasing Entity shall have the right at any time to require that the Contractor remove from interaction with Purchasing Entity any Contractor representative who the Purchasing Entity believes is detrimental to its working relationship with the Contractor.The Purchasing Entity shall provide the Contractor with notice of its determination, and the reasons it requests the removal. If the Purchasing Entity signifies that a potential security violation exists with respect to the request,the Contractor shall immediately remove such individual.The Contractor shall not assign the Page 249 of 580 State of Utah Bid CH16012 person to any aspect of the Master Agreement or future work orders without the Purchasing Entity's consent. 19. Business Continuity and Disaster Recovery:The Contractor shall provide a business continuity and disaster recovery plan upon request and ensure that the Purchasing Entity's recovery time objective (RTO)of XXX hours/days is met. (XXX hour/days shall be provided to Contractor by the Purchasing Entity.) Contractor must work with the Purchasing Entity to perform an annual Disaster Recovery test and take action to correct any issues detected during the test in a time frame mutually agreed between the Contractor and the Purchasing Entity. 20. Compliance with Accessibility Standards:The Contractor shall comply with and adhere to Accessibility Standards of Section 508 Amendment to the Rehabilitation Act of 1973, or any other state laws or administrative regulations identified by the Participating Entity. 21.Web Services:The Contractor shall use Web services exclusively to interface with the Purchasing Entity's data in near real time. 22. Encryption of Data at Rest:The Contractor shall ensure hard drive encryption consistent with validated cryptography standards as referenced in FIPS 140-2, Security Requirements for Cryptographic Modules for all Personal Data, unless the Purchasing Entity approves in writing for the storage of Personal Data on a Contractor portable device in order to accomplish work as defined in the statement of work. 23. Subscription Terms: Contractor grants to a Purchasing Entity a license to: (i) access and use the Service for its business purposes; (ii)for SaaS, use underlying software as embodied or used in the Service; and (iii)view, copy, upload and download (where applicable), and use Contractor's documentation. No Contractor terms, including standard click through license or website terms or use of privacy policy, shall apply to Purchasing Entities unless such terms are included in this Master Agreement. Page 250 of 580 State of Utah Bid CH16012 Exhibit 2 to the Master Agreement: Platform-as-a-Service 1. Data Ownership:The Purchasing Entity will own all right,title and interest in its data that is related to the Services provided by this Master Agreement.The Contractor shall not access Purchasing Entity user accounts or Purchasing Entity data, except(1) in the course of data center operations, (2) in response to service or technical issues, (3) as required by the express terms of this Master Agreement, Participating Addendum, SLA, and/or other contract documents, or(4) at the Purchasing Entity's written request. Contractor shall not collect, access, or use user-specific Purchasing Entity Data except as strictly necessary to provide Service to the Purchasing Entity. No information regarding a Purchasing Entity's use of the Service may be disclosed, provided, rented or sold to any third party for any reason unless required by law or regulation or by an order of a court of competent jurisdiction.This obligation shall survive and extend beyond the term of this Master Agreement. 2. Data Protection: Protection of personal privacy and data shall be an integral part of the business activities of the Contractor to ensure there is no inappropriate or unauthorized use of Purchasing Entity information at any time.To this end, the Contractor shall safeguard the confidentiality, integrity and availability of Purchasing Entity information and comply with the following conditions: a.The Contractor shall implement and maintain appropriate administrative, technical and organizational security measures to safeguard against unauthorized access, disclosure or theft of Personal Data and Non-Public Data. Such security measures shall be in accordance with recognized industry practice and not less stringent than the measures the Contractor applies to its own Personal Data and Non-Public Data of similar kind. b. All data obtained by the Contractor in the performance of the Master Agreement shall become and remain the property of the Purchasing Entity. c. All Personal Data shall be encrypted at rest and in transit with controlled access. Unless otherwise stipulated, the Contractor is responsible for encryption of the Personal Data. Any stipulation of responsibilities will identify specific roles and responsibilities and shall be included in the service level agreement (SLA), or otherwise made a part of the Master Agreement. d. Unless otherwise stipulated, the Contractor shall encrypt all Non-Public Data at rest and in transit.The Purchasing Entity shall identify data it deems as Non-Public Data to the Contractor. The level of protection and encryption for all Non-Public Data shall be identified in the SLA. e. At no time shall any data or processes —that either belong to or are intended for the use of a Purchasing Entity or its officers, agents or employees — be copied, disclosed or retained by the Contractor or any party related to the Contractor for subsequent use in any transaction that does not include the Purchasing Entity. f.The Contractor shall not use any information collected in connection with the Services issued from this Master Agreement for any purpose other than fulfilling the Services. Page 251 of 580 State of Utah Bid CH16012 3. Data Location:The Contractor shall provide its services to the Purchasing Entity and its end users solely from data centers in the U.S. Storage of Purchasing Entity data at rest shall be located solely in data centers in the U.S.The Contractor shall not allow its personnel or contractors to store Purchasing Entity data on portable devices, including personal computers, except for devices that are used and kept only at its U.S. data centers.The Contractor shall permit its personnel and contractors to access Purchasing Entity data remotely only as required to provide technical support.The Contractor may provide technical user support on a 24/7 basis using a Follow the Sun model, unless otherwise prohibited in a Participating Addendum. 4. Security Incident or Data Breach Notification:The Contractor shall inform the Purchasing Entity of any security incident or data breach within the possession and control of the Contractor and related to the service provided under the Master Agreement, Participating Addendum, or SLA. Such notice shall include,to the best of Contractor's knowledge at that time, the persons affected,their identities, and the Confidential Information and Data disclosed, or shall include if this information is unknown. a. Incident Response:The Contractor may need to communicate with outside parties regarding a security incident,which may include contacting law enforcement,fielding media inquiries and seeking external expertise as mutually agreed upon, defined by law or contained in the Master Agreement, Participating Addendum, or SLA. Discussing security incidents with the Purchasing Entity should be handled on an urgent as-needed basis, as part of Contractor's communication and mitigation processes as mutually agreed, defined by law or contained in the Master Agreement, Participating Addendum, or SLA. b. Security Incident Reporting Requirements: Unless otherwise stipulated, the Contractor shall immediately report a security incident related to its service under the Master Agreement, Participating Addendum, or SLA to the appropriate Purchasing Entity. c. Breach Reporting Requirements: If the Contractor has actual knowledge of a confirmed data breach that affects the security of any Purchasing Entity data that is subject to applicable data breach notification law,the Contractor shall (1) promptly notify the appropriate Purchasing Entity within 24 hours or sooner, unless shorter time is required by applicable law, and (2)take commercially reasonable measures to address the data breach in a timely manner 5. Breach Responsibilities:This section only applies when a Data Breach occurs with respect to Personal Data within the possession or control of the Contractor. a.The Contractor, unless stipulated otherwise, shall immediately notify the appropriate Purchasing Entity identified contact by telephone in accordance with the agreed upon security plan or security procedures if it reasonably believes there has been a security incident. b.The Contractor, unless stipulated otherwise, shall promptly notify the appropriate Purchasing Entity identified contact within 24 hours or sooner by telephone, unless shorter time is required by applicable law, if it has confirmed that there is, or reasonably believes that there has been a data breach.The Contractor shall (1) cooperate with the Purchasing Entity as reasonably Page 252 of 580 State of Utah Bid CH16012 requested by the Purchasing Entity to investigate and resolve the data breach, (2) promptly implement necessary remedial measures, if necessary, and (3) document responsive actions taken related to the data breach, including any post-incident review of events and actions taken to make changes in business practices in providing the services, if necessary. c. Unless otherwise stipulated, if a Data Breach is a direct result of Contractor's breach of its contractual obligation to encrypt Personal Data or otherwise prevent its release, the Contractor shall bear the costs associated with (1)the investigation and resolution of the data breach; (2) notifications to individuals, regulators or others required by federal and state laws or as otherwise agreed to; (3) a credit monitoring service required by state (or federal) law or as otherwise agreed to; (4) a website or a toll-free number and call center for affected individuals required by federal and state laws — all not to exceed the average per record per person cost calculated for data breaches in the United States (currently$217 per record/person) in the most recent Cost of Data Breach Study: Global Analysis published by the Ponemon Institute at the time of the data breach; and (5) complete all corrective actions as reasonably determined by Contractor based on root cause. 6. Notification of Legal Requests:The Contractor shall contact the Purchasing Entity upon receipt of any electronic discovery, litigation holds, discovery searches and expert testimonies related to the Purchasing Entity's data under the Master Agreement, or which in any way might reasonably require access to the data of the Purchasing Entity.The Contractor shall not respond to subpoenas, service of process and other legal requests related to the Purchasing Entity without first notifying and obtaining the approval of the Purchasing Entity, unless prohibited by law from providing such notice. 7.Termination and Suspension of Service: a. In the event of an early termination of the Master Agreement, Participating or SLA, Contractor shall allow for the Purchasing Entity to retrieve its digital content and provide for the subsequent secure disposal of the Purchasing Entity's digital content. b. During any period of service suspension, the Contractor shall not take any action to intentionally erase or otherwise dispose of any of the Purchasing Entity's data. c. In the event of early termination of any Services or agreement in entirety,the Contractor shall not take any action to intentionally erase any Purchasing Entity's data for a period of 1)45 days after the effective date of termination, if the termination is for convenience; or 2)60 days after the effective date of termination, if the termination is for cause.After such day period,the Contractor shall have no obligation to maintain or provide any Purchasing Entity data and shall thereafter, unless legally prohibited, delete all Purchasing Entity data in its systems or otherwise in its possession or under its control. In the event of either termination for cause,the Contractor will impose no fees for access and retrieval of digital content to the Purchasing Entity. Page 253 of 580 State of Utah Bid CH16012 d. The Purchasing Entity shall be entitled to any post termination assistance generally made available with respect to the services, unless a unique data retrieval arrangement has been established as part of an SLA. e. Upon termination of the Services or the Agreement in its entirety, Contractor shall securely dispose of all Purchasing Entity's data in all of its forms, such as disk, CD/ DVD, backup tape and paper, unless stipulated otherwise by the Purchasing Entity. Data shall be permanently deleted and shall not be recoverable, according to National Institute of Standards and Technology (NIST)-approved methods. Certificates of destruction shall be provided to the Purchasing Entity. 8. Background Checks: a. Upon the request of the Purchasing Entity, the Contractor shall conduct criminal background checks and not utilize any staff, including subcontractors, to fulfill the obligations of the Master Agreement who have been convicted of any crime of dishonesty, including but not limited to criminal fraud, or otherwise convicted of any felony or misdemeanor offense for which incarceration for up to 1 year is an authorized penalty.The Contractor shall promote and maintain an awareness of the importance of securing the Purchasing Entity's information among the Contractor's employees and agents. b.The Contractor and the Purchasing Entity recognize that security responsibilities are shared. The Contractor is responsible for providing a secure infrastructure.The Purchasing Entity is responsible for its secure guest operating system, firewalls and other logs captured within the guest operating system. Specific shared responsibilities are identified within the SLA. c. If any of the stated personnel providing services under a Participating Addendum is not acceptable to the Purchasing Entity in its sole opinion as a result of the background or criminal history investigation, the Purchasing Entity, in its' sole option shall have the right to either(1) request immediate replacement of the person, or(2) immediately terminate the Participating Addendum and any related service agreement. 9.Access to Security Logs and Reports: a.The Contractor shall provide reports on a schedule specified in the SLA to the Purchasing Entity in a format as specified in the SLA and agreed to by both the Contractor and the Purchasing Entity. Reports will include latency statistics, user access, user access IP address, user access history and security logs for all Purchasing Entity files related to the Master Agreement, Participating Addendum, or SLA. b.The Contractor and the Purchasing Entity recognize that security responsibilities are shared. The Contractor is responsible for providing a secure infrastructure.The Purchasing Entity is responsible for its secure guest operating system,firewalls and other logs captured within the guest operating system. Specific shared responsibilities are identified within the SLA. Page 254 of 580 State of Utah Bid CH16012 10. Contract Audit:The Contractor shall allow the Purchasing Entity to audit conformance to the Master Agreement terms.The Purchasing Entity may perform this audit or contract with a third party at its discretion and at the Purchasing Entity's expense. 11. Data Center Audit:The Contractor shall perform an independent audit of its data centers at least annually at its expense, and provide an unredacted version of the audit report upon request to a Purchasing Entity.The Contractor may remove its proprietary information from the unredacted version. A Service Organization Control (SOC) 2 audit report or approved equivalent sets the minimum level of a third-party audit. 12. Change Control and Advance Notice:The Contractor shall give a minimum forty eight(48) hour advance notice (or as determined by a Purchasing Entity and included in the SLA)to the Purchasing Entity of any upgrades (e.g., major upgrades, minor upgrades, system changes)that may impact service availability and performance. A major upgrade is a replacement of hardware, software or firmware with a newer or better version in order to bring the system up to date or to improve its characteristics. It usually includes a new version number. Contractor will make updates and upgrades available to Purchasing Entity at no additional costs when Contractor makes such updates and upgrades generally available to its users. No update, upgrade or other charge to the Service may decrease the Service's functionality, adversely affect Purchasing Entity's use of or access to the Service, or increase the cost of the Service to the Purchasing Entity. Contractor will notify the Purchasing Entity at least sixty(60) days in advance prior to any major update or upgrade. 13. Security:As requested by a Purchasing Entity,the Contractor shall disclose its non-proprietary system security plans (SSP)or security processes and technical limitations to the Purchasing Entity such that adequate protection and flexibility can be attained between the Purchasing Entity and the Contractor. For example: virus checking and port sniffing — the Purchasing Entity and the Contractor shall understand each other's roles and responsibilities. 14. Non-disclosure and Separation of Duties:The Contractor shall enforce separation of job duties, require commercially reasonable non-disclosure agreements, and limit staff knowledge of Purchasing Entity data to that which is absolutely necessary to perform job duties. 15. Import and Export of Data:The Purchasing Entity shall have the ability to import or export data in piecemeal or in entirety at its discretion without interference from the Contractor at any time during the term of Contractor's contract with the Purchasing Entity.This includes the ability for the Purchasing Entity to import or export data to/from other Contractors. Contractor shall specify if Purchasing Entity is required to provide its' own tools for this purpose, including the optional purchase of Contractors tools if Contractors applications are not able to provide this functionality directly. Page 255 of 580 State of Utah Bid CH16012 16. Responsibilities and Uptime Guarantee:The Contractor shall be responsible for the acquisition and operation of all hardware, software and network support related to the services being provided.The technical and professional activities required for establishing, managing and maintaining the environments are the responsibilities of the Contractor.The system shall be available 24/7/365 (with agreed-upon maintenance downtime), and provide service to customers as defined in the SLA. 17. Subcontractor Disclosure: Contractor shall identify all of its strategic business partners related to services provided under this Master Agreement, including but not limited to all subcontractors or other entities or individuals who may be a party to a joint venture or similar agreement with the Contractor, and who shall be involved in any application development and/or operations. 18. Business Continuity and Disaster Recovery:The Contractor shall provide a business continuity and disaster recovery plan upon request and ensure that the Purchasing Entity's recovery time objective (RTO)of XXX hours/days is met. (XXX hour/days shall be provided to Contractor by the Purchasing Entity.) Contractor must work with the Purchasing Entity to perform an annual Disaster Recovery test and take action to correct any issues detected during the test in a time frame mutually agreed between the Contractor and the Purchasing Entity. 19. Compliance with Accessibility Standards:The Contractor shall comply with and adhere to Accessibility Standards of Section 508 Amendment to the Rehabilitation Act of 1973 or any other state laws or administrative regulations identified by the Participating Entity.. 20.Web Services:The Contractor shall use Web services exclusively to interface with the Purchasing Entity's data in near real time. 21. Encryption of Data at Rest:The Contractor shall ensure hard drive encryption consistent with validated cryptography standards as referenced in FIPS 140-2, Security Requirements for Cryptographic Modules for all Personal Data as identified in the SLA, unless the Contractor presents a justifiable position that is approved by the Purchasing Entity that Personal Data, is required to be stored on a Contractor portable device in order to accomplish work as defined in the scope of work. 22. Subscription Terms: Contractor grants to a Purchasing Entity a license to: (i) access and use the Service for its business purposes; (ii)for PaaS, use underlying software as embodied or used in the Service; and (iii)view, copy, upload and download (where applicable), and use Contractor's documentation. No Contractor terms, including standard click through license or website terms or use of privacy policy, shall apply to Purchasing Entities unless such terms are included in this Master Agreement. Page 256 of 580 State of Utah Bid CH16012 Exhibit 3 to the Master Agreement: Infrastructure-as-a-Service 1. Data Ownership:The Purchasing Entity will own all right,title and interest in its data that is related to the Services provided by this Master Agreement.The Contractor shall not access Purchasing Entity user accounts or Purchasing Entity data, except(1) in the course of data center operations, (2) in response to service or technical issues, (3) as required by the express terms of this Master Agreement, Participating Addendum, SLA, and/or other contract documents, or(4) at the Purchasing Entity's written request. Contractor shall not collect, access, or use user-specific Purchasing Entity Data except as strictly necessary to provide Service to the Purchasing Entity. No information regarding a Purchasing Entity's use of the Service may be disclosed, provided, rented or sold to any third party for any reason unless required by law or regulation or by an order of a court of competent jurisdiction.This obligation shall survive and extend beyond the term of this Master Agreement. 2. Data Protection: Protection of personal privacy and data shall be an integral part of the business activities of the Contractor to ensure there is no inappropriate or unauthorized use of Purchasing Entity information at any time.To this end, the Contractor shall safeguard the confidentiality, integrity and availability of Purchasing Entity information and comply with the following conditions: a.The Contractor shall implement and maintain appropriate administrative, technical and organizational security measures to safeguard against unauthorized access, disclosure or theft of Personal Data and Non-Public Data. Such security measures shall be in accordance with recognized industry practice and not less stringent than the measures the Contractor applies to its own Personal Data and Non-Public Data of similar kind. b. All data obtained by the Contractor in the performance of the Master Agreement shall become and remain the property of the Purchasing Entity. c. All Personal Data shall be encrypted at rest and in transit with controlled access. Unless otherwise stipulated,the Contractor is responsible for encryption of the Personal Data. Any stipulation of responsibilities will identify specific roles and responsibilities and shall be included in the service level agreement (SLA), or otherwise made a part of the Master Agreement. d. Unless otherwise stipulated, the Contractor shall encrypt all Non-Public Data at rest and in transit.The Purchasing Entity shall identify data it deems as Non-Public Data to the Contractor. The level of protection and encryption for all Non-Public Data shall be identified in the SLA. e. At no time shall any data or processes —that either belong to or are intended for the use of a Purchasing Entity or its officers, agents or employees — be copied, disclosed or retained by the Contractor or any party related to the Contractor for subsequent use in any transaction that does not include the Purchasing Entity. f.The Contractor shall not use any information collected in connection with the Services issued from this Master Agreement for any purpose other than fulfilling the Services. Page 257 of 580 State of Utah Bid CH16012 3. Data Location:The Contractor shall provide its services to the Purchasing Entity and its end users solely from data centers in the U.S. Storage of Purchasing Entity data at rest shall be located solely in data centers in the U.S.The Contractor shall not allow its personnel or contractors to store Purchasing Entity data on portable devices, including personal computers, except for devices that are used and kept only at its U.S. data centers.The Contractor shall permit its personnel and contractors to access Purchasing Entity data remotely only as required to provide technical support.The Contractor may provide technical user support on a 24/7 basis using a Follow the Sun model, unless otherwise prohibited in a Participating Addendum. 4. Security Incident or Data Breach Notification:The Contractor shall inform the Purchasing Entity of any security incident or data breach related to Purchasing Entity's Data within the possession or control of the Contractor and related to the service provided under the Master Agreement, Participating Addendum, or SLA. Such notice shall include, to the best of Contractor's knowledge at that time,the persons affected,their identities, and the Confidential Information and Data disclosed, or shall include if this information is unknown. a. Security Incident Reporting Requirements:The Contractor shall report a security incident to the Purchasing Entity identified contact immediately as soon as possible or promptly without out reasonable delay, or as defined in the SLA. b. Breach Reporting Requirements: If the Contractor has actual knowledge of a confirmed data breach that affects the security of any purchasing entity's content that is subject to applicable data breach notification law, the Contractor shall (1)as soon as possible or promptly without out reasonable delay notify the Purchasing Entity, unless shorter time is required by applicable law, and (2)take commercially reasonable measures to address the data breach in a timely manner. 5. Breach Responsibilities:This section only applies when a Data Breach occurs with respect to Personal Data within the possession or control of the Contractor and related to the service provided under the Master Agreement, Participating Addendum, or SLA. a.The Contractor, unless stipulated otherwise, shall immediately notify the appropriate Purchasing Entity identified contact by telephone in accordance with the agreed upon security plan or security procedures if it reasonably believes there has been a security incident. b.The Contractor, unless stipulated otherwise, shall promptly notify the appropriate Purchasing Entity identified contact within 24 hours or sooner by telephone, unless shorter time is required by applicable law, if it has confirmed that there is, or reasonably believes that there has been a data breach.The Contractor shall (1) cooperate with the Purchasing Entity as reasonably requested by the Purchasing Entity to investigate and resolve the Data Breach, (2) promptly implement necessary remedial measures, if necessary, and (3) document responsive actions taken related to the Data Breach, including any post-incident review of events and actions taken to make changes in business practices in providing the services, if necessary. Page 258 of 580 State of Utah Bid CH16012 c. Unless otherwise stipulated, if a Data Breach is a direct result of Contractor's breach of its contractual obligation to encrypt Personal Data or otherwise prevent its release, the Contractor shall bear the costs associated with (1)the investigation and resolution of the data breach; (2) notifications to individuals, regulators or others required by federal and state laws or as otherwise agreed to; (3) a credit monitoring service required by state (or federal) law or as otherwise agreed to; (4) a website or a toll-free number and call center for affected individuals required by federal and state laws — all not to exceed the average per record per person cost calculated for data breaches in the United States (currently$217 per record/person) in the most recent Cost of Data Breach Study: Global Analysis published by the Ponemon Institute at the time of the data breach; and (5) complete all corrective actions as reasonably determined by Contractor based on root cause. 6. Notification of Legal Requests:The Contractor shall contact the Purchasing Entity upon receipt of any electronic discovery, litigation holds, discovery searches and expert testimonies related to the Purchasing Entity's data under the Master Agreement, or which in any way might reasonably require access to the data of the Purchasing Entity.The Contractor shall not respond to subpoenas, service of process and other legal requests related to the Purchasing Entity without first notifying and obtaining the approval of the Purchasing Entity, unless prohibited by law from providing such notice. 7.Termination and Suspension of Service: a. In the event of an early termination of the Master Agreement, Participating or SLA, Contractor shall allow for the Purchasing Entity to retrieve its digital content and provide for the subsequent secure disposal of the Purchasing Entity's digital content. b. During any period of service suspension,the Contractor shall not take any action to intentionally erase or otherwise dispose of any of the Purchasing Entity's data. c. In the event of early termination of any Services or agreement in entirety, the Contractor shall not take any action to intentionally erase any Purchasing Entity's data for a period of 1)45 days after the effective date of termination, if the termination is for convenience; or 2)60 days after the effective date of termination, if the termination is for cause.After such day period,the Contractor shall have no obligation to maintain or provide any Purchasing Entity data and shall thereafter, unless legally prohibited, delete all Purchasing Entity data in its systems or otherwise in its possession or under its control. In the event of either termination for cause,the Contractor will impose no fees for access and retrieval of digital content to the Purchasing Entity. d. The Purchasing Entity shall be entitled to any post termination assistance generally made available with respect to the services, unless a unique data retrieval arrangement has been established as part of an SLA. e. Upon termination of the Services or the Agreement in its entirety, Contractor shall securely dispose of all Purchasing Entity's data in all of its forms, such as disk, CD/ DVD, backup tape and paper, unless stipulated otherwise by the Purchasing Entity. Data shall be permanently deleted Page 259 of 580 State of Utah Bid CH16012 and shall not be recoverable, according to National Institute of Standards and Technology (NIST)-approved methods. Certificates of destruction shall be provided to the Purchasing Entity. 8. Background Checks: a. Upon the request of the Purchasing Entity, the Contractor shall conduct criminal background checks and not utilize any staff, including subcontractors, to fulfill the obligations of the Master Agreement who have been convicted of any crime of dishonesty, including but not limited to criminal fraud, or otherwise convicted of any felony or misdemeanor offense for which incarceration for up to 1 year is an authorized penalty.The Contractor shall promote and maintain an awareness of the importance of securing the Purchasing Entity's information among the Contractor's employees and agents. b.The Contractor and the Purchasing Entity recognize that security responsibilities are shared. The Contractor is responsible for providing a secure infrastructure.The Purchasing Entity is responsible for its secure guest operating system,firewalls and other logs captured within the guest operating system. Specific shared responsibilities are identified within the SLA. c. If any of the stated personnel providing services under a Participating Addendum is not acceptable to the Purchasing Entity in its sole opinion as a result of the background or criminal history investigation, the Purchasing Entity, in its' sole option shall have the right to either(1) request immediate replacement of the person, or(2) immediately terminate the Participating Addendum and any related service agreement. 9.Access to Security Logs and Reports: a.The Contractor shall provide reports on a schedule specified in the SLA to the Contractor directly related to the infrastructure that the Contractor controls upon which the Purchasing Entity's account resides. Unless otherwise agreed to in the SLA,the Contractor shall provide the public jurisdiction a history or all API calls for the Purchasing Entity account that includes the identity of the API caller,the time of the API call,the source IP address of the API caller, the request parameters and the response elements returned by the Contractor.The report will be sufficient to enable the Purchasing Entity to perform security analysis, resource change tracking and compliance auditing b.The Contractor and the Purchasing Entity recognize that security responsibilities are shared. The Contractor is responsible for providing a secure infrastructure.The Purchasing Entity is responsible for its secure guest operating system,firewalls and other logs captured within the guest operating system. Specific shared responsibilities are identified within the SLA. 10. Contract Audit:The Contractor shall allow the Purchasing Entity to audit conformance to the Master Agreement terms.The Purchasing Entity may perform this audit or contract with a third party at its discretion and at the Purchasing Entity's expense. Page 260 of 580 State of Utah Bid CH16012 11. Data Center Audit:The Contractor shall perform an independent audit of its data centers at least annually and at its own expense, and provide an unredacted version of the audit report upon request. The Contractor may remove its proprietary information from the unredacted version. For example, a Service Organization Control (SOC) 2 audit report would be sufficient. 12. Change Control and Advance Notice:The Contractor shall give a minimum forty eight(48) hour advance notice (or as determined by a Purchasing Entity and included in the SLA)to the Purchasing Entity of any upgrades (e.g., major upgrades, minor upgrades, system changes) that may impact service availability and performance. A major upgrade is a replacement of hardware, software or firmware with a newer or better version in order to bring the system up to date or to improve its characteristics. It usually includes a new version number. Contractor will make updates and upgrades available to Purchasing Entity at no additional costs when Contractor makes such updates and upgrades generally available to its users. No update, upgrade or other charge to the Service may decrease the Service's functionality, adversely affect Purchasing Entity's use of or access to the Service, or increase the cost of the Service to the Purchasing Entity. Contractor will notify the Purchasing Entity at least sixty(60) days in advance prior to any major update or upgrade. 13. Security:As requested by a Purchasing Entity,the Contractor shall disclose its non-proprietary system security plans (SSP)or security processes and technical limitations to the Purchasing Entity such that adequate protection and flexibility can be attained between the Purchasing Entity and the Contractor. For example: virus checking and port sniffing — the Purchasing Entity and the Contractor shall understand each other's roles and responsibilities. 14. Non-disclosure and Separation of Duties:The Contractor shall enforce separation of job duties, require commercially reasonable non-disclosure agreements, and limit staff knowledge of Purchasing Entity data to that which is absolutely necessary to perform job duties. 15. Import and Export of Data:The Purchasing Entity shall have the ability to import or export data in piecemeal or in entirety at its discretion without interference from the Contractor at any time during the term of Contractor's contract with the Purchasing Entity.This includes the ability for the Purchasing Entity to import or export data to/from other Contractors. Contractor shall specify if Purchasing Entity is required to provide its' own tools for this purpose, including the optional purchase of Contractors tools if Contractors applications are not able to provide this functionality directly. 16. Responsibilities and Uptime Guarantee:The Contractor shall be responsible for the acquisition and operation of all hardware, software and network support related to the services being provided.The technical and professional activities required for establishing, managing and maintaining the environments are the responsibilities of the Contractor.The system shall be available 24/7/365 (with agreed-upon maintenance downtime), and provide service to customers as defined in the SLA. Page 261 of 580 State of Utah Bid CH16012 17. Subcontractor Disclosure: Contractor shall identify all of its strategic business partners related to services provided under this Master Agreement, including but not limited to all subcontractors or other entities or individuals who may be a party to a joint venture or similar agreement with the Contractor, and who shall be involved in any application development and/or operations. 18. Business Continuity and Disaster Recovery:The Contractor shall provide a business continuity and disaster recovery plan upon request and ensure that the Purchasing Entity's recovery time objective (RTO)of XXX hours/days is met. (XXX hour/days shall be provided to Contractor by the Purchasing Entity.) Contractor must work with the Purchasing Entity to perform an annual Disaster Recovery test and take action to correct any issues detected during the test in a time frame mutually agreed between the Contractor and the Purchasing Entity. 19. Subscription Terms: Contractor grants to a Purchasing Entity a license to: (i) access and use the Service for its business purposes; (ii)for IaaS, use underlying software as embodied or used in the Service; and (iii)view, copy, upload and download (where applicable), and use Contractor's documentation. No Contractor terms, including standard click through license or website terms or use of privacy policy, shall apply to Purchasing Entities unless such terms are included in this Master Agreement. Page 262 of 580 (�6 C N CL to N C N i N N s a L O Q U U cao `n .us0o � U Q cL 0 0 .� c 4, 0 '- c6 bio tjo 0 c a cn vi O O N � > O (1) a) C O N N O C V (6 (�6 C +� C O N O U O s O 'U (�6 C s (6 >- CL N Q CA U M U +� Q cn O U m _ C i (6 Q -� +� a� u E c m c C c U u a� . Ln °ApH o � •a) L O +gig E � }� > _ Q >, c i C +� Ln C U N N N N L d T O Q L O _ i L) 0C i U U 'a_ N O N O O a C - C a a N Q > c6 E > U O N Q O > U N U a Ln >0 CL d Q Q" L f6 O '� a > i C to C to Q- O CCA a Q vi (6 'a Q E 0 CL E o '^ '� O O •C O •C CL U .C: N O O O > `n ~ O r C Ln 4' C j c�6 O c�6 O N i� C > 'j + >N co 't � N N O E . N U U — U +� 3 c O i v > LO +' 4- N 3 U C .� Q C Q C 0 N O U N a O Q) o 0 0 0 o a U s 3 o o ~ a��i N a a Q Q Q o M a W N o c� 3 N v a� E s o a cfl O a a� °� N V U N U H H Q O 'C Q +� C C • • • • • N N C E c a� a� O > ori c N i D U U s 4O U O CL OU M N a 'a Mu (� R a G/ 'a R O ar M D G/ Y v •i � N � O 2 X O ++ M 4a t a � Y 'a OC I � m m � N E O t � X v m a 0 o� 3 � X G/ O v j �n � to G/ Nn N O ` : o +' s N U_ 4- O Q cn U O c6 NC ' -� > C CA O E CO NO L M U a+ O O C U sU CC Q- N 4- Q O ' M +CO, +O� 0 0 O -0 M U +, Q 'a 'a O f6 L 4, 4' to -O N C N L m f6 Q O O 7 C +� O to m C U O > N N E ,U (6 � C Q O 'a 0 M O U N 'U E 76 CL L O O 3 :tA N Q CA -0 0 0 (C6 p 6 'a 4. 4� v O o C ,n -a > d L _ U U U O > o o f6 s ~ > a Q ' v w L 4 -a > oo Q E O o = o c } }' C7 E -a c o w �; s p m u .L � += U 3 N O ate' O N 7 v s7 i s7 vUi i1 N N U > 3 0 V N L V N 0 •L V �j L, 0 co oLO � u aEi o cL6 6ci Q O N N Q > o v>>' p O s L U O N 3 `� Q �, Q L L' L p O > O U +� U D t6 E U L d .E 0 2 E M CL N 0 " U Q Q N • • • i L NC Q N • N -a (j) > gyri C -a (1) ? N c� a X X X X X X (6 � (6 � a ± C § .\ � / E \ z / 0 § � / ) = 0 . / ./ 0 m M > % _ _ � _ _E o o = E ° ° a : ° � u \ / § u to ƒ / § / § / > f - 2 \ _ ® .g u s B e = E o 76 !--L L 0 & o e E e -0 o \ = E o » \ \ / / § I ® % . 2 $ § \ $ \ Cl 2 o $ R 'E $ ° ) \ 2 u u ° % ® u � / e e ,u .> � e O ° u E / a) P4 0 u ( \ kb m a $ E o E e o _ o u o m E u / a \ o _ E \ k ( \ § / \ o 0 CLU = m - - § E $ \ � / k N _ > Ln _ -a e ¢ k \ ƒ $E § 3 9 � Attachment C — Cost Schedule Cloud Solutions By Category. Specify Discount Percent % Offered for products in each category. Highest discount will apply for products referenced in detail listings for multiple categories. Provide a detailed product offering for each category. Software as a Service Discount % 1 Infrastructure as a Service Discount % 1 Platform as a Services Discount % 1 Value Added Services Discount % 1 -------------------------------------------------------------------------------------------------------------------------- Additional Value Added Services: Maintenance Services 9Q 300 Onsite Hourly Rate $ Remote Hourly Rate$ 90-300 Professional Services • Deployment Services Onsite Hourly Rate $ 90-300 Remote Hourly Rate$ -3nn • Consulting/Advisory Services Onsite Hourly Rate$ 90-300 Remote Hourly Rate$ • Architectural Design Services Onsite Hourly Rate$ 90-300 Remote Hourly Rate$ go-1100 • Statement of Work Services Onsite Hourly Rate $ 90-300 Remote Hourly Rate$90-300 Partner Services Onsite Hourly Rate $ 90-300 Remote Hourly Rate $90-300 Training Deployment Services Onsite Hourly Rate $ 90-300 Online Hourly Rate$ Qn-gnn Please see the next page for additional information regarding S I's proposed pricing to NASPO VluePoint. Page 266 of 580 SaaSAaaS/PaaS are all rapidly emerging technologies. As such, pricing products offered and pricing structure for those products can change rapidly. Currently SH| discounts for OEM's that provide this technology range greatly. In addition, in most cases these solutions are customized on a case by case basis and depend greatly on the current infrastructure,the workloads being considered for migration and the amount ofexpected growth. SH| isalways trying tostay competitive and vvewill continually work toprovide 0ASPOParticipating Entities the highest discounts vve are able toprovide. On the attached spreadsheet vveprovide anexample ofpricing for Microsoft O365 and Azure aswell as Amazon Web Services. SH| can agree toaminimum discount oflist minus 196onall ofthe delivery models but inmany cases may often be able togive more extensive discounts. Asitrelates toAdditional Value Added Services the same istrue. The cloud environment isevolving and as it does the type and scope of service engagements and offerings change as well. The categories listed on the Cost Schedule can vary widely depending on the specific engagement as many of the solutions that will be procured through this contract will be usage based, meaning, 0ASPO Entities will be billed only for what they use inaspecific month orquarter. Each partner has a different strategy for usage based billing. The Participating Entities dedicated SH| account teams will work with them to review and understand the various billing strategies associated with the solutions. SHI has provided a range of hourly fees based on typical engagements that we deliver today. As service models develop vvewill work with 0ASPOtocreate apricing structure that benefits the 0ASPO Participating entities. Please see below for standard levels of service provider and actual hourly rates SHI would charge today. Service NASPO Price/Hour Associate Consultant $110 Consultant $162 Solution Architect $225 Sr. Solution Architect $285 Program Engagement Manager $93 Project Leader $98 Project Manager $135 Sr. Project Manager $199 SHI would welcome the opportunity to discuss our price offering for NASPO in more detail. VVeare also open to other pricing models, should NASPO determine that another pricing model would best meet the need of your Participating Entities. Page 267Of580 The State of Utah and NASPO ValuePoint Cloud Solutions RFP #CH16012 TM Page 268 of 580 SHI Intemadonal Corp 290 Da vrdson Av nup 8carraers t.NJ 06873*888.76x9-8888 H).com March 10, 2016 NASPO ValuePoint State of Utah Division of Purchasing 3150 State Office Building, Capitol Hill Salt Lake City, Utah 84114-1061 Dear NASPO ValuePoint and the State of Utah SHI is pleased to provide the following response to your recent request for proposal. Per the bid request, our cover letter includes the following required statements. G .. is ,r .a I;', ,f_' �J .a raU ! tx'� .,� ft6�6 .7 t`a SHI Response: SHI acknowledges that negotiations of additional terms and administrative fees may be required by Participating Entities. u f, SHI Response: SHI is responsible for writing this proposal led by Senior Director Public Sector- Denise Verdicchio, Director of West Region Public Sector-Alison Turner, Senior Contract Manager—Natalie Slowik, and Public Program Manager Meghan Flisakowski. In addition to the SHI team, we used resources available to us from the partners we are presenting as part of our response. ft`+bra ft C'{;( .a SHI Response: SHI is currently in good standing with Federal and State procurement and non-procurement programs. SHI Response: SHI acknowledges the 0.25%Administrative Fee for total sales under the Master Agreement associated with this NASPO ValuePoint RFP as well as any fees from the Participating Entities. 1 Page 269 of 580 290 Da vrdson Av nup 8carraers t.NJ 06873 $88.76x9-8888 H).com ,<<< ,tX "N"!!" ,r ,ta - ""'R""", e ,{)�'y, )ft vu.. ix x „f SHIResponse: SHI will partner with OEM's who provide each of the service/deployment models NASPO is requesting. Our proposed service models are IaaS and PaaS, each deployed in either Community, Public or Hybrid models. As the technology and customer's needs in these categories are constantly emerging, it is SHI's intention to continually review and identify new partners and solutions that may be appropriate for the NASPO ValuePoint Cloud contract. tX X .a SHIResponse: Our proposed IaaS and PaaS cloud offers have the ability to store and secure Low, Moderate and High Risk data in conformance with FIPS designations. 2 Page 270 of 580 Table of Contents 5 Mandatory Minimum Requirements ................................................................................................... 5 5.1 Signature Page ......................................................................................................................5 5.2 Cover Letter...........................................................................................................................5 5.3 Acknowledgement of Amendments..................................................................................... 5 5.4 Executive Summary...............................................................................................................6 5.5 General Requirements..........................................................................................................8 5.7 Recertification Of Mandatory Minimums And Technical Specifications ..............................9 6 Business Information.......................................................................................................................... 10 6.1 Business Profile................................................................................................................... 10 6.2 Scope of Experience............................................................................................................ 12 6.3 Financials............................................................................................................................. 13 6.4 General Information ........................................................................................................... 13 6.5 Billing And Pricing Practices................................................................................................ 23 6.6 Scope And Variety Of Cloud Solutions................................................................................ 25 6.7 Best Practices......................................................................................................................34 7 ORGANIZATION AND STAFFING .........................................................................................................43 7.1 Contract Manager...............................................................................................................43 8 Technical Requirements.....................................................................................................................48 8.1 Technical Requirements...................................................................................................... 48 8.2 SUBCONTRACTORS..............................................................................................................62 8.3 WORKING WITH PURCHASING ENTITIES.............................................................................64 8.4 CUSTOMER SERVICE............................................................................................................71 8.5 SECURITY OF INFORMATION............................................................................................... 81 8.6 PRIVACY AND SECURITY...................................................................................................... 86 8.7 MIGRATION AND REDEPLOYMENT PLAN.......................................................................... 100 8.8 SERVICE OR DATA RECOVERY............................................................................................ 102 8.9 DATA PROTECTION............................................................................................................110 8.10 SERVICE LEVEL AGREEMENTS ........................................................................................... 113 8.11 DATA DISPOSAL................................................................................................................. 138 8.12 PERFORMANCE MEASURES AND REPORTING ..................................................................140 8.13 Cloud Security Alliance...................................................................................................... 146 3 AX271 of 580 8.14 SERVICE PROVISIONING.................................................................................................... 147 8.15 BACK UP AND DISASTER PLAN .......................................................................................... 148 8.16 SOLUTION ADMINISTRATION............................................................................................ 151 8.17 HOSTING AND PROVISIONING.......................................................................................... 153 8.18 Trial And Testing Periods (Pre-And Post- Purchase)........................................................156 8.19 Integration And Customization......................................................................................... 158 8.20 Marketing Plan.................................................................................................................. 160 8.21 Related Value-Added Services To Cloud Solutions...........................................................161 8.22 Supporting Infrastructure................................................................................................. 166 8.23 Alignment Of Cloud Computing Reference Architecture.................................................. 167 9 Confidential, Protected or Proprietary Information ........................................................................ 169 10 Exceptions and/or Additions to the Standard Terms and Conditions.............................................. 170 11 Cost Proposal....................................................................................................................................171 12 Additional Information..................................................................................................................... 172 4 AX272 of 580 5 MANDATORY MINIMUM REQUIREMENTS 5.1 SIGNATURE PAGE The signature page has been completed online per bid instructions. 5.2 COVER LETTER Per bid requirements the information requested can be found in SHI's cover letter found previously in this RFP response document. 5.3 ACKNOWLEDGEMENT OF AMENDMENTS Per bid requirement, SHI has acknowledged the amendments associated with this RFP. 5 4k,273 of 580 5.4 EXECUTIVE SUMMARY SHI International Corp. is pleased to submit our response to the NASPO ValuePoint Solicitation CH16012 for Cloud Solutions. SHI has been in business for over 26 years as an IT Solutions provider. We appreciate our strong partnership with NASPO ValuePoint, and we look forward to driving even more benefits to NASPO ValuePoint Participating Entities through this Cloud Solutions agreement. Our response intends to establish the basis for an initial Cloud Solutions contract and create a path by which we will continue to meet NASPO ValuePoint's evolving needs in this rapidly changing marketplace. As with the NASPO ValuePoint Software Value Added Reseller contract, SHI intends to approach the Cloud Solutions contract with the same degree of dedication and commitment.This commitment starts with the dedicated account teams for State and Local Government and Education as we realize that it is important for these teams to focus your unique needs and requirements.This commitment is evident not only by the tenure of our sales teams but also our desire to grow our account team so we can continue to bring more dedicated support to our the SLED customers. We realize though that it takes more than just a great account team. SHI's e-Procurement systems are highly advanced and customized for our customers. Our quoting, ordering, tracking, and reporting capabilities are all customizable to help simplify our customers' processes. In addition, SHI's pricing methodology is competitive and stands the test of time. We understand that government entities need to identify cost savings wherever possible. SHI's proposal not only offers a competitive price point, but also provides additional opportunities to assist customers with real savings and help you to achieve best value in your procurements. Why SHI for Cloud Solutions? At SHI, we understand that one size does not fit all; each customer has different objectives and procurement requirements. The processes requirements, system workflow and options, and the information to be collected with a requisition all vary widely from customer to customer. In fact, we have found they often vary within a customer, as different business units and organizations may have differences in product selection or preferred systems solutions. SHI has the ability to assess what the client is trying to accomplish and map the best technology to that environment. In a market where technology is rapidly changing, we bring further value by offering the ability to add partners and solutions as they emerge. Our goal will be to work in partnership with NASPO ValuePoint and expand this contract to include all of these offerings so we can provide end to end solutions for the member community. NASPO ValuePoint customer will have access to our broad product offering including cloud products such as: • Microsoft Office 365 • Box • Adobe Creative Cloud • AWS • CA Technologies Rather than attempt to force multiple customers into a single support model, SHI provides systems and services that adapt and scale to the customer's varying needs. Our Public Sector Account Executives 6 AX274 of 580 provide customized and specialized support for their local customers, ensuring SHI is meeting their requirements, while upholding the terms of the NASPO ValuePoint agreement. SHI understands that our customers need to become faster and more agile as their "customers" demand more capabilities and speed to completion from their internal IT organizations. When deciding upon a cloud based solution it is also important that organizations understand the true cost associated with subscribing to a service over traditional on premise procurements. Lastly, evaluating customer workloads and how that should factor into the decision making process for cloud services is imperative. The SHI sales team works in concert with SHI product specialists and with our cloud partners to help our clients procure, configure, migrate, and make-ready all the components needed to deploy. We then stay proactively involved to maintain our clients' environment. As hybrid and cloud based environments become the norm, NASPO ValuePoint customers will gain valuable perspective when they align with a partner that was not born in the cloud. SHI brings the unique ability to consult and execute across cloud and traditional on-premise environments. SHI has helped our customers acquire over$113 of cloud based services and technology. We have helped these customers recognize savings by selecting and right sizing the right cloud service platform. We look forward to doing the same for NASPO ValuePoint customers. SHI has demonstrated that we are a top partner for NASPO ValuePoint Participating States. We are confident in our ability to meet and exceed your expectations and requirements under this contract. Per bid requirements we have provided a separate section regarding the Master Agreement Terms and Conditions of this RFP. Our partners have provided additional comments and SHI agrees to work with NASPO ValuePoint in the review and discussion of these terms. SHI would welcome the opportunity to discuss our proposal with you in more detail. We hope you find our proposal compelling, based upon the elements of this offer and also based upon the strong relationship that SHI has developed with NASPO ValuePoint. We are confident in our ability to provide excellent support to NASPO ValuePoint and each Participating State under the Cloud Solutions contract, and we look forward to working with you! 7 AX275 of 580 5.5 GENERAL REQUIREMENTS 5.5.1 0 7„'V it" i" y' 5 "LHX( Mfla' SHI Response: SHI acknowledges and will provide a Usage Report Administrator who is responsible for the quarterly sales reporting as agreed to in the Master Agreement Terms and Conditions and any agreed to Participating Addenclums. 5,5,2 h h LN'�,f f X I "Y "I x x C"� 1� I I 1�i 0 py C i 'I I SHI Response: SHI acknowledges and agrees to work with SciQuest (and any authorized agent or successor entity to SciQuest). 5.5.3 011 S 7, 5, 1, i'n�1, 0 r',C".'Y X X X ...............t I 'S i, x I SHI Response: The scope and requirements of this RFP are such that it would be impossible to include all of the cloud based offerings that SHI has in its catalog today. For this response we have included three partners, AWS, CA Technologies, and Microsoft Azure/0365. Each of these partners have reviewed the requirements associated with this RFP and provided the information they believe is applicable and necessary. 'CSA STAR Self-Assessment documents the security controls provided by an Offeror's offerings,thereby helping Purchasing Entities assess the security of an Offeror, if awarded a Master Agreement,they currently use or are considering using. 8 AW,276 of 580 5..5.E j VC 0 tofu:' jnr ^�n"J'✓ 'J%"""' 17, S v r,"c"�' SHI Response: SHI understands the importance of clearly defined SLAB to NASPO Participating Entities. We have included SLA examples for the partners that we are responding with and will continue to provide NASPO this information as we add partners/products over the life of the contract. Additional information regarding SLAB of the proposed solutions can be found in our response to 8.10.2. 5.7 RECERTIFICATION OF MANDATORY MINimums AND TECHNICAL SPECIFICATIONS 011 �7"'""i y 0 ............ 'J%"" SHI Response: SHI acknowledges this request and agrees to annually certify with the Lead State the technical capabilities identified in this response. 2 SLAB can vary depending on the cloud service being procured as well as the individual ordering activity,and the Lead State does not expect to require a single SLA to all cloud solutions being proposed under the RFP. Additionally, by submitting a sample the Lead State does not agree to its terms and you understand that a Purchasing Entity may revise the SLA to conform to the requirements of its laws. 9 AP,277 of 580 �� 0�� N�� N�� ~�mw�m~~�~� INFORMATION 6°1 BUSINESS PROFILE P P�� e �ro 0 (3 v("'! W"S ��x�e��f .e� �n��n��n��mn��n��me� SH| Response: Founded in 1989, SHI International Corp. is a global provider of technology products and services. Over thepast2UyearsSH| hastransfnrmeditse|ffrnma $1mi||inn ^snftvvare'nn|y^ re0inna| rese||erintna global, full lifecycle provider nftechnology, services and solutions. Our ability tnadjust astechnology does allows us to keep pace with what is relevant and important tnour customers including cloud and nn'premisesn|utinns. SH| is ranked 15th among CRN'sSolution Provider SUUlist nfNorth American IT solution providers. With over 3,SUUemployees worldwide, SH| is the largest Minority and Woman Owned Business Enterprise (MVVBE) inthe U.S. SH| does not provide retention rate per individual teams but asacompany vvehave anaverage 7O% retention rate. Driven by the industry's most experienced and stable sales force and backed by software volume licensing experts, hardware procurement specialists, and certified IT services professionals, SH| delivers custom |Tsolutions tn Corporate, Enterprise, Public Sector, and Academic customers. Providing world class support tn more than 14,000 customers, SH| continues tngrow our customer base and maintain our customer loyalty with 9996retention. SH| International Corp., headquartered in Somerset, New Jersey and has 30+offices across the United States, Canada, United Kingdom, Germany, France and Hong Kong. SHI has a team of 3,500, with more than 900 employees in Texas, and more than 1,500 in New Jersey.Within the Public Sector, we currently have 95 dedicated field representatives and intend to continue growing the team. We have remained under the same ownership since 1989 and most Vice Presidents and Managers have been with SH I for more than 1Syears. VVevalue our relationships with publishing and manufacturing partners who create products and solutions for you. Across a majority of product specific entities, we have forged longstanding alliances with their top manufacturers (in the spirit of our vendor agnostic approach) and their management and support teams, snthat vvemight better serve the needs nfour customers. Our sales and support teams also attend seminars,training, and customer facing events in support of new technology solutions and customer goals. SHI has been supporting customers in their acquisition of cloud technology since its emergence on the market when traditional software partners began offering SaaS versions of their products. SHI immediately began to support this emerging technology for our customers.This has grown to include PaaSand |aas. We have hired dedicated support teams internally to help address the specific needs of 10 AW,278 of 58 0 our customers when looking at any type of cloud based technology as these can vary greatly from on premise solutions. We help analyze their current environment and infrastructure, address their business needs and desired outcomes and the help to develop a cloud ready strategy that not only accounts for now but will also scale to meet future needs. SHI has helped our customers acquire over $113 of cloud based services and technology. We have helped these customers recognize savings by selecting and right sizing the right cloud service platform. Additional information on customers who have worked with SHI on similar solutions can be found in our response to question, 6.2. For 2015 SHI reported earnings of$6.813, which demonstrates 14%growth over 2014. SHI has a financially strong and stable business model that has proven itself over time. Providing a compelling value to our entire customer base, SHI is able to offer the lowest gross margin of our top 4 competitors, while at the same time maintaining our profitability with the lowest overhead cost structure in the industry. SHI has remained a privately-held company under the same owner since 1989. As privately held company we do not release all financial information but would be happy to discuss in more detail with NASPO ValuePoint if needed. Sri HAHon Udiftpo 4 BMV r _a iluon St ffiftion A11 X279 of 580 6.2 SCOPE OF ExPERIENCE n .......... SHI Response: SHI has been supporting customers in their acquisition of cloud technology since its emergence on the market when traditional software partners began offering SaaS versions of their products. SHI immediately began to support this emerging technology for our customers. A few examples of these customers include: State of Florida Microsoft, Symantec, VMware Contracts Approximately$45 million in cloud sales in the last 2 years State of Alabama Microsoft, Symantec, VMware Contracts Approximately$15 million in cloud sales in the last 2 years City of Baltimore IVID AWS Approximately$12 thousand in cloud sales in the last 2 years Commonwealth of Kentucky Office of Technology Microsoft Azure Quarterly Billing: $31,648 Office 365 Users: 29000 Commonwealth of Kentucky Department of Education (KETS) Microsoft Azure Quarterly Billing: $32,751 Office 365 Users: 1,250,000 12 AP,280 of 580 6.3 FINANCIALS '11 S I I "x "1"4?V11"')t M1'1'1'1t,"S MiOiMr„M .....UO j "Y j i r) i r� J% 5 'S C, 'XI, "X I(," U I I I I II U I ...... SHI Response: SHI remains an operationally and financially stable company. We have remained under the same ownership since 1989 and most Vice Presidents and Managers have been with SHI more than 15 years. SHI D&B Number is: 61-142-9481 CREDIT RATING: SHI's D&B Rating: 5A3 (Credit Score) 6.4 GENERAL INFORMATION 6A.1 i,h I U I "I tX ........ SHI Response: SHI understands that in order to bring the right solution to the customer, we need to first understand their vision. Once we understand what they are trying to accomplish, our pre-sales engineers help design a strategy that is suitable to their environment today, and that will scale to meet their future needs. This approach might include conducting assessments of the customer's current environment or proof of concept for a potential solution. When the customer is ready to move forward, SHI will help to ensure that the customer is procuring those products using the most advantageous pricing programs and at the most aggressive possible cost. We then follow through with deployment services and support to ensure that the solution the customer procured is working as expected. 13 AW,281 of 580 SOME SUPPORT STRATEGY heel!h 1.Io:F.s� c4iarlkir, �.aVd 5 iia*ra°°atanV, riem,H€orr ztaaa°nuloi+a No"1T Lar.:aa t i r n:ar,sc-wrw n Aer4rvM maruiprwr.. SUPPORT - SIRATEGY RN_idn%aarpa i'a Val", a' DEPLOYMENTimc � I ` CUSTOMER � SOLUTION DESIGNS LII Gdrru��r� f.9 dYs"� � F 9F TJUY,'d'5 Bd'§d 5�'"p $"n T�*l,ers51Y5 Nrtv,k, x,nr,o6:r, he,Nvo non"A onvTo DEMY HSW PS rcat alrr 2a r'u VISION 1 TRANSACTION PROCESS PRODUCT SELECTION azw rtxrYi�� arrrs�r'rt�r�rtsds � �rraa �+dIrP�" Panara r e,'o,�t�g TRAfJSACT P P og oa,mrrrarrg rNnT Q'h,,T,ns&Iinvc vtraaage'rTIC'm a Cl (,raadrnrnko r m kin As cloud offerings continue to transition from IT marketing buzzwords to viable IT solutions, SHI continues to adjust our value-added solutions to support customers at every stage of cloud adoption. Whether you're still assessing how the cloud fits into your environment, are split between some already deployed cloud applications/infrastructure and some legacy IT solutions, or are already 100% in the cloud, SHI can help. Utilizing cloud solutions requires coordinating both business and technical resources across multiple business units. Since each business owner has different goals, SHI provides the tools, processes, and expertise to ensure your organization's usage of cloud computing is available, compliant, secure, makes good business sense and is seamless to end-users. To support your cloud efforts, SHI offers: • Assess—We offer both vendor-agnostic and manufacturer-specific assessments to guide you through every step of moving to the cloud. • Deploy—We help you get your cloud up and running with an array of SaaS (Software-as-a- Service), IaaS (Infrastructure-as-a-Service), and PaaS(Platform-as-a-Service) solutions. • Maintain—We make managing your cloud easy and predictable by assisting with reporting, billing, support contract management, and more. The scope and requirements of this RFP are such that it would be impossible to include all of the cloud based offerings that SHI has in its catalog today. We will work to add products and solutions over the course of this contract as new technologies emerge or as customer needs arise. 14 AX282 of 580 SHI is responding today with offerings from Amazon Web Services (AWS), Microsoft Azure and 0365, and CA Technologies as well additional service offerings from our partner Ascent Innovations. SResponse: AWS Differentiators: Below are some features and benefits of AWS that set our cloud infrastructure services apart: • Pace of Innovation:AWS's pace of innovation is funded and sustained through our economies of scale and commitment to delivering the products and services that matter most to our customers. Our approach to product development and delivery is fundamentally different than that of other Cloud Service Providers (CSPs). We have decentralized, autonomous development teams that work directly with customers.They are empowered to autonomously develop and launch new features based on what they learn from interactions with both commercial and public sector customers. AWS's continual innovation ensures that customers maintain state-of- the-art IT infrastructure without having to make recapitalization investments. As of January 1, 2016, AWS has launched a total of 1,896 new services or major features since inception in 2006 (including 516 in 2014 and 722 in 2015). According to the Gartner, Inc. 2015 Magic Quadrant for Cloud Infrastructure as a Service (laaS), Worldwide, "AWS is a thought leader; it is extraordinarily innovative, exceptionally agile, and very responsive to the market." • Service Breadth and Depth:AWS offers the broadest set of global compute, storage, networking, database, analytics, application, deployment, management, and mobile services that help organizations move faster, lower IT costs, and scale applications. AWS has been continually expanding its services to support virtually any cloud workload, and it now has more than 50 services that serve over one million active customers in more than 190 countries through our 12 regions, 32 Availability Zones, and 54 Edge Locations. Gartner Inc. reported in its 2015 Magic Quadrant for Cloud Infrastructure as a Service (IaaS), Worldwide report that AWS "has the richest array of IaaS features," "continues to rapidly expand its service offerings and offer higher-level solutions," and has "over 10 times more cloud IaaS compute capacity in use than the aggregate total of the other 14 providers in this Magic Quadrant." • Partner and Software Ecosystem:According to the Gartner, Inc. 2015 Magic Quadrant for Cloud Infrastructure as a Service (IaaS), Worldwide report,AWS has attracted "a very large technology partner ecosystem that includes software vendors that have licensed and packaged their software to run on AWS, as well as many vendors that have integrated their software with AWS capabilities. It also has an extensive network of partners that provide application development expertise, managed services, and professional services such as data center migration." AWS has thousands of organizations in the AWS Partner Network(APN) including system integrators, consulting firms, and independent software vendors (ISVs). AWS Marketplace, an online software store, helps customers search over 2,300 listings to buy and immediately start using software that runs on AWS. • AWS Cloud Security Authorizations and Experience:AWS offers customers a powerful cloud security capability based on cutting-edge security experience and backed by an extensive repertoire of accreditations and authorizations. In The Forrester Wave T"°: Public Cloud Platform Service Providers' Security, Q4 2014 report, Forrester Research named AWS as the only provider in the Leader category. Forrester stated, "AWS leads the pack.AWS demonstrated not only a broad set of security capabilities in data center security, certifications, and network security, but also excelled in customer satisfaction, security services partnerships, and a large installed base." AWS has achieved two Provisional Authorizations to Operate (P-ATOS)for mission systems 15 AX283 of 580 designated by DISA as Cloud Computing Security Requirements Guide (SRG) level 2 (covering all AWS regions in the contiguous United States [CONUS]) and SRG level 4 (covering only the AWS GovCloud (US) Region). • AWS Pricing:As AWS's cloud computing infrastructure grows, it gains efficiency and economies of scale, which we pass on to our customers in the form of lower prices.The Gartner, Inc. 2015 Magic Quadrant for Cloud Infrastructure as a Service (laaS), Worldwide report states that AWS has "over 10 times more cloud IaaS compute capacity in use than the aggregate total of the other 14 providers," demonstrating how AWS's massive economies of scale make it possible to lead the cloud market in lowering prices.The AWS strategy of pricing each service independently gives customers tremendous flexibility to choose the services they need for each project and to pay only for resources used.The economies of scale available with the cloud, and the massive scale at which we operate, allows AWS to constantly purchase and refresh large volumes of infrastructure at very low cost. Consequently, AWS customers reap the benefits of decreased IT costs such as better performance through improved quality and availability of IT infrastructure and enhanced functionality through system-wide innovation in the AWS IaaS platform. Business iServices There are additional business benefits that AWS cloud services can help customers realize. A few of these are listed here: • Almost Zero Upfront Infrastructure Investment: If a customer wants to build a large-scale system, it may cost a fortune to invest in real estate, physical security, hardware (racks, servers, routers, backup power supplies), hardware management(power management, cooling), and operations personnel. Because of the high upfront costs,the project would typically require several rounds of management approvals before the project could even get started.With AWS's utility-style cloud computing,there is no fixed cost or startup cost. • Just-In-Time Infrastructure: In the past, if an application became popular and a business' systems or infrastructure did not scale, it became a victim of its own success. Conversely, if a developer invested heavily and did not get popular, it became a victim of failure. By deploying applications in the AWS cloud with just-in-time self-provisioning, customers do not have to worry about pre-procuring capacity for large-scale systems. AWS's cloud increases agility, lowers risk, and lowers operational cost, because customers can scale cloud resources as they grow and only pay for what they use. • More Efficient Resource Utilization: System administrators usually worry about procuring hardware (when they run out of capacity) and higher infrastructure utilization (when they have excess and idle capacity). With AWS,they can manage resources more effectively and efficiently by having the applications request and relinquish resources on-demand. • Usage-Based Costing:With utility-style pricing, AWS customers are billed only for the infrastructure that has been used. AWS customers do not pay for allocated but unused infrastructure.This adds a new dimension to cost savings, allowing customers to see immediate cost savings when they deploy an optimization patch to update their cloud application. For example, if a caching layer can reduce data requests by 70%,the savings begin to accrue immediately. Moreover, if customers build platforms on the cloud, they can pass on the same flexible, variable usage-based cost structure to their own customers. • Reduced Time to Market: Parallelization is the one of the great ways to speed up processing. If one compute-intensive or data-intensive job that can be run in parallel takes 500 hours to process on one machine, with cloud architectures, it would be possible to spawn and launch 500 16 AX284 of 580 instances and process the same job in 1 hour. Having available an elastic infrastructure provides the application with the ability to exploit parallelization in a cost-effective manner reducing time to market. Technical iServices • Automation—"Scriptable Infrastructure": AWS customers can create repeatable build and deployment systems by leveraging programmable (API-driven) infrastructure. • Auto Scaling: AWS customers can scale their applications up and down to match unexpected demand without any human intervention. Auto Scaling encourages automation and drives more efficiency. • Proactive Scaling: Customers can scale applications up and down to meet anticipated demand with proper planning of traffic patterns so that costs remain low while scaling. • More Efficient Development Lifecycle: Production systems may be easily cloned for use as development and test environments. Staging environments may be easily promoted to production. • Improved Testability: Never run out of hardware for testing. Inject and automate testing at every stage during the development process. AWS customers can spin up an "instant test lab" with pre-configured environments only for the duration of testing phase. • Disaster Recovery and Business Continuity:The cloud provides a lower cost option for maintaining a fleet of disaster recovery servers and data storage.With the cloud, customers can take advantage of geo-distribution and replicate the environment in other locations within minutes. • Overflow Traffic to the Cloud: With a few clicks and effective load balancing tactics, customers can create a complete overflow-proof application by routing excess traffic to the cloud. Analyst Reports: Gartner, Inc., a leading information technology research company, reported in its 2015 Magic Quadrant for Cloud Infrastructure as a Service (IaaS), Worldwide report that "AWS is a thought leader; it is extraordinarily innovative, exceptionally agile, and very responsive to the market. It has the richest array of IaaS features and PaaS-like capabilities. It continues to rapidly expand its service offerings and offer higher-level solutions." The Gartner Magic Quadrant for May 2015 (Figure 4) depicts AWS in the Leaders Quadrant. 17 AX285 of 580 :0 wmwe Dilmnim Data be rqtW NTT Cammu6wgmn Wo COMOLUMSS OF V15WN A,,V May P015 Z01SGartner Magic QuodnantfovCloud Infrastructure asoService Additionally, Gartner positions AWS inthe Leaders Quadrant nfthe new Magic Quadrant for Public Cloud Stor . Gartner defines leaders asoffering innovative storage offerings built nna hardened platform, with global data centers and established credibility as a business. ATZI IBM 2015 Gartner Magic QuodmntfovPublic Cloud Storage Services IO AW,286 of 580 The Forrester Wave: Public Cloud Platform Service Providers' Security, Q4 2014 report evaluated four of the leading public clouds along 15 key security criteria, detailing the findings about how well each vendor fulfilled their criteria and where they stand in relation to each other. Forrester's evaluation states "AWS leads the pack. AWS demonstrated not only a broad set of security capabilities in data center security, certifications, and network security, but also excelled in customer satisfaction, security services partnerships, and a large installed base. AWS led with the size of its development and technical support staff as well." Rsky smnq Bets Contenders pert"a"rs Leaders S ng C.-Wrerrt CefduqUnk offering Markot presence uvea 'Weak Strategy sirong Forrester Wave-:Public Cloud Service Providers'Security,Q4'14 More analyst reports can be found at ttp:/Jaws.amazon.comJresourcesJanalyst-reports) CA Response: CA Technologies is a leader in IT Management Solutions in the industry. CA has be steadily moving its premier on premise management solutions to the cloud. CA Clarity Project and Portfolio Management (PPM) is one of the leading solutions used by State governments today. MicrosoftResponse: Supported by a winning combination of SHI's Licensing Team and Professional Services, SHI offers the following servers to compliment Microsoft Azure consumption: • Azure Jumpstart (Onboarding) • Cloud Assessment& Migration • Design Planning • Virtual Network Connectivity • Virtual Machine Configuration/Migrations • Cloud Service Architecture • Azure Storage/StorSimple Migrations • Azure Website Migrations & HA Architecture 19 AX287 of 580 * Azure Application Services * Azure Active Directory * Identity Management(SSO, MFA) 6A2 ��emm�mm��e��e�� c� ��e��mec�m��o�� i �� c��I ��. SH| Response: SH| is |S09000certified. Based nnthe solutions vveprovide, vvecurrently dn not use SAS 7U. Asvveadd partners to support this contract vvewill review this requirement with them and provide updates to NASPO. AWS Response: The AWS cloud infrastructure has been designed and is managed in alignment with regulations, standards, and best practices, including: * Federal Risk and Authorization Management Program (FedRAMP) * Service Organization Controls (SOC) 1/American Institute of Certified Public Accountants (AICPA): AT 801 (formerly Statement on Standards for Attestation Engagements [SSAE] No. 16)/International Standard on Assurance Engagements (ISAE) 3402 (formerly Statement on Auditing Standards [SAS] No. 70) * SOC2 * SOC3 * Payment Card Industry Data Security Standard (PCI DSS) * International Organization for Standardization (ISO) 27001 * |S027017 * |S027018 * |S09001 * Department of Defense (DoD) Security Requirements Guide (SRG) security impact levels 2 and 4 * Federal Information Security Management Act (F|SMA) * US Health Insurance Portability and Accountability Act (H|PAA) * FBI Criminal Justice Information Services (CJ|S) * National Institute ofStandards and Technology (N|ST) 800'171 * International Traffic inArms Regulations (|TAR) * Federal Information Processing Standard (F|PS) 140'2 * Family Educational Rights and Privacy Act (FERPA) * Information Security Registered Assessors Program (|RAP) (Australia) * |T'Grundochutz (Germany) For information on all of the security regulations and standards with which AWS complies, visit the AWS Compliance page. 20 AW,288 of 58 0 CA Response: CA SaaS environment is compliant with SSAE16 for services where infrastructure and application are managed and maintained by CA; certifications can be found here: http://www.ca.com/us/lpg/saas- summary-audit-report.aspx. CA Agile Management currently does not hold SSAE16 certification. For SaaS offerings where infrastructure is managed by a third party, provider's SSAE16 reports are available upon request. MicrosoftResponse: Please see Microsoft Azure CCM Document for complete details. Azure meets a broad set of international as well as regional and industry-specific compliance standards, such as ISO 27001, FedRAMP, SOC 1 and SOC 2. Azure's adherence to the strict security controls contained in these standards is verified by rigorous third-party audits that demonstrate Azure services work with and meet world-class industry standards, certifications, attestations, and authorizations. • FedRAMP. Azure has been granted a Provisional Authority to Operate (P-ATO)from the Federal Risk and Authorization Management Program (FedRAMP)Joint Authorization Board (JAB) at a Moderate impact level based upon the FIPS 199 classification. FedRAMP is a US government program that provides a standard approach to security assessment, authorization, and monitoring for cloud services used by federal agencies and thereby saves the taxpayer and individual organizations the time and cost of conducting their own independent reviews. • FERPA.The Family Educational Rights and Privacy Act(FERPA) is a US federal law that protects the privacy of student educational records. Microsoft agrees to use and disclosure restrictions imposed by FERPA. • FIPS 140-2.Azure complies with the Federal Information Processing Standard (FIPS) Publication 140-2, a US government standard that defines a minimum set of security requirements for products and systems that implement cryptography. • Comprehensive, independently verified compliance.Azure is designed with a compliance strategy that helps customers address business objectives and industry standards and regulations.The security compliance framework includes test and audit phases, security analytics, risk management best practices, and security benchmark analysis to achieve certificates and attestations. Microsoft Azure offers the following certifications for all in-scope services. • CDSA.The Content Delivery and Security Association (CDSA) provides a Content Protection and Security(CPS) standard for compliance with anti-piracy procedures governing digital media. Azure passed the CDSA audit, enabling secure workflows for content development and distribution. • CJIS.Any US state or local agency that wants to access the FBI's Criminal Justice Information Services (CJIS) database is required to adhere to the CJIS Security Policy.Azure is the only major cloud provider that contractually commits to conformance with the CJIS Security Policy, which commits Microsoft to adhere to the same requirements that law enforcement and public safety entities must meet. • CSA CCM.The Cloud Security Alliance (CSA) is a nonprofit, member-driven organization with a mission to promote the use of best practices for providing security assurance within the cloud. The CSA Cloud Controls Matrix (CCM) provides detailed information about how Azure fulfills the security, privacy, compliance, and risk management requirements defined in the CCM version 1.2, and is published in the CSA's Security Trust and Assurance Registry(STAR). 21 AX289 of 580 • EU Model Clauses. Microsoft offers customers EU Standard Contractual Clauses that provide contractual guarantees around transfers of personal data outside of the EU. Microsoft is the first company to receive joint approval from the EU's Article 29 Working Party that the contractual privacy protections Azure delivers to its enterprise cloud customers meet current EU standards for international transfers of data.This ensures that Azure customers can use Microsoft services to move data freely through our cloud from Europe to the rest of the world. • FDA 21 CFR Part 11.The US Food and Drug Administration (FDA) Code of Federal Regulations (CFR)Title 21 Part 11 lists requirements for the security of electronic records of companies that sell food and drugs manufactured or consumed in the United States.The compliance reports produced by Azure's independent third party SSAE and ISO auditors identify the procedural and technical controls established at Microsoft and can be used to satisfy the requirements of CFR Title 21 Part 11. Microsoft is able to show how relevant controls within these reports have an impact on compliance with the FDA 21 CFR 11 regulations. • HIPAA.The Health Insurance Portability and Accountability Act(HIPAA) is a US federal law that regulates patient Protected Health Information (PHI). Azure offers customers a HIPAA Business Associate Agreement (BAA), stipulating adherence to certain security and privacy provisions in HIPAA and the HITECH Act.To assist customers in their individual compliance efforts, Microsoft offers a BAA to Azure customers as a contract addendum. • IRAP.Azure has been assessed against the Australian Government Information Security Registered Assessors Program (IRAP), which provides assurance for public sector customers that Microsoft has appropriate and effective security controls. • ISO/IEC 27018. Microsoft is the first cloud provider to have adopted the ISO/IEC 27018 code of practice, covering the processing of personal information by cloud service providers. • ISO/IEC 27001/27002:2013.Azure complies with this standard,which defines the security controls required of an information security management system. • MLPS. Multi-Level Protection Scheme (MLPS) is based on the Chinese state standard issued by the Ministry of Public Security. Azure operated by 21Vianet adheres to this standard, which provides assurance for both the management and technical security of cloud systems. • MTCS.Azure has achieved Level-1 certification with the Multi-Tier Cloud Security Standard for Singapore (MTCS SS), a cloud security standard covering areas such as data security, confidentiality, business impact, and operational transparency, developed under the Singapore Information Technology Standards Committee. • PCI DSS. Azure is Level 1 compliant with Payment Card Industry(PCI) Data Security Standards (DSS)version 3.0,the global certification standard for organizations that accept most payments cards, as well store, process, or transmit cardholder data. • SOC 1 and SOC 2.Azure has been audited against the Service Organization Control (SOC) reporting framework for both SOC 1 Type 2 and SOC 2 Type 2. Both reports are available to customers to meet a wide range of US and international auditing requirements.The SOC 1 Type 2 audit report attests to the design and operating effectiveness of Azure controls.The SOC 2 Type 2 audit included a further examination of Azure controls related to security, availability, and confidentiality. Azure is audited annually to ensure that security controls are maintained. • TCS CCCPPF. Azure operated by 21Vianet is among the first cloud providers in China to pass the Trusted Cloud Service certification developed by the China Cloud Computing Promotion and Policy Forum (CCCPPF). • UK G-Cloud.The UK Government G-Cloud is a cloud computing certification for services used by government entities in the United Kingdom. Azure has received OFFICIAL accreditation from the UK Government Pan Government Accreditor. 22 AX290 of 580 6°5 B�� AND PRICING PRACTICES � Ui"', ',",I "in, ��. 6.5A P P P Y��c�c��me ��me�� SH| Response: Many of the solutions that will be procured through this contract will be usage based, meaning, NASPO Entities will be billed only for what they use in a specific month or quarter. Each partner has a different strategy for usage based billing. SH| works to normalize these practices to our customers. In cases such as these SHI will work upfront with both the customer and the partner to make sure that the billing practices meet the customers' needs. Regardless nfthe solution, vvewill supply atransparent usage report tnthe customer snthey can easily determine the accuracy. |fawarded, SH| will adhere tnthe contracted discount structure agreed tn and make this transparent nn our quotes and invoices tnthe customer. |fatany time there is a question or concern with an invoice, a Participating State can contact their Account Executive or Inside Sales Representative for assistance. 6.5'2 ��... �mm��e��&�� &emme�� SH| Response: SH| works closely with each of our customers during the "Address" phase as identified in 6.4.1 to ensure they understand the financial impacts they will incur when moving to the cloud. |tisimportant not only to look atthe immediate cost but also tn analyze the cost over time snthe customer can budget correctly. Some Cloud solutions will be one-time fee nra licensing program, while others may use a utility-style pricing model, only paying for the resources consumed. Whatever the model, SH| has a team dedicated tnsupport customers. While some Participating Entities may have a clear understanding of the solution they want to use others are just beginning to explore their options. SHI helps to educate our customers on the importance of analyzing current infrastructure before migrating to the cloud. The dedicated account teams will have pre'sa|es, vendor neutral discussions covering topics such as: * The people, processes, and technology that will be affected by a move to the cloud * Understanding the risks and create compliance plans * Identity and access management * Security aoafoundational component ofcloud deployment * Categorizing Data and determining what data is a good candidate for migration * Analyzing workloads 23 AW,291 of 58 0 When these critical issues are addressed before customers choose and deploy cloud solutions NASPO Participating Entities will realize significant cost savings. Your SHI team will work with you every day to help analyze your spending, your current and future projects, and buying alternatives. The savings that States realize when working with SHI to plan and negotiate their Cloud Solutions direction can be in the thousands, hundreds of thousands, or even millions of dollars. 65.5.3 SHI Response: While SHI does not manufacturer or offer our own products and solutions, we do work with the top partners in the industry. The products that we are responding with today all comply with NIST. As we work to add partners and solutions we will ensure that they NIST compliant. SResponse: AWS's industry-leading security strength benefits you in many ways, one of which is by using a platform that is audited extensively by independent third-party assessors. At times,these audits confirm we can meet new requirements, even as they are issued, and this is the case for the National Institute of Standards and Technology(NisT) guidelines 800-171, which were released in June 2015.This guidance is applicable to the protection of Controlled Unclassified Information (CUI) on nonfederal systems. AWS is already compliant with these guidelines, and customers can effectively comply with NIST 800- 171 immediately. NIST 800-171 outlines a subset of the NIST 800-53 requirements, a guideline under which we have already been audited under our FedRAMP program.The FedRAMP Moderate security control baseline is more rigorous than the recommended requirements established in Chapter 3 of 800- 171 and includes a significant number of security controls above and beyond those required of FISMA Moderate systems that protect CUI data. A detailed mapping is available in the NIST Special Publication 800-171, starting on page D2 (which is page 37 in the PDF). Microsoft esponse® Both Azure and the underlying Microsoft Cloud and Infrastructure Operations (MCIO) physical environments employ security frameworks that span multiple standards, including the ISO 27000 family of standards, NIST 800, and others. Please see Microsoft Azure CCM document for additional information. 24 AX292 of 580 6.6 SCOPE AND VARIETY OF CLOUD SOLUTIONS h I X I I I SHI Response: The scope and requirements of this RFP are such that it would be impossible to include all of the cloud based offerings that SHI has in its catalog today. We will work to add products and solutions over the course of this contract as new technologies emerge or as customer needs arise. SHI is responding today with offerings from AWS, Microsoft, and CA as well additional service offerings from our partner Ascent Innovations. AWS Response: AWS offers a Public Cloud as the customer decides how, when, and how they are using. AWS has additional tools and features. TECHNICAL& BUSINESS AWS MANAGEMENT PLATFORM ENTERPRISE HYBRfDCLOUD SUPPORT MARKETPLACE TOOLS SERVICES APPS MANAGEMENT 'App SuPPCIE 1z 544 jj N� I&h I E Dg 10 1-1 Data qj ;,}Iii , F�cn-end wa,.hir N.dik.ti— Sr-.,wa dartil, C ld.rtj-,� APPE 1. ""'T' Err.iIG g kild Cal.rdRdr- 1 daruty sec"Ity Naificatin, T.d! ya Data 'd, Di—wri- 92:Lp iD .tB -a Pipell—a ja Carng& N, tf Etinn —a P-r i ,or Mobile E-0 M "" - I R.211ine RE n 'a' BEE—d CaT.E-V Maragen,t LE2 Ar Dn'Lip SECURITY MANAGEMENT ' 'ta"F'wace de rtity& E C'yptior Cc,fig—ti-, M 11 SciLduc N.t- eye INFRASTRUCTURE "RV"" rig N.mirriting CDN prta - S er "'a...'1& i' P 25 AW,293 of 580 CA Response: CA Technologies provides SaaS solutions that help agencies from planning to development to software development to enabling online business with security. CA Technologies help jump start the IT process so that agencies can become more agile and manage their IT operations with more efficiency and lower cost. CA Technologies offers a portfolio of five different SaaS Applications to enable agencies to be thrive in the application economy. CA Project Portfolio Management(C ) CA PPM represents a single platform that enables you to manage your entire innovation lifecycle and make more informed strategic investments. CA PPM helps you track and prioritize market and customer requirements and make better decisions on how to invest limited resources, so you can optimize your enterprise, IT, service and product portfolio, delivering initiatives on time and on budget. CA Agile Central Agile is a mindset that changes how you deliver value to your customers—one that transforms market strategy into marketable innovation. When you're agile, the right people will always get access to the right information, faster than ever before. You'll remove the barriers that separate your teams. CA Agile Central provides the tools and training to make your teams more agile. CA Application rpt etic Monitoring(C ) CA Application Synthetic Monitoring in unique application for Website Performance Monitoring. CA App Synthetic Monitor has the ability to provide true end user experience and performance monitoring by conducting checks from an external sites to replicate an actual, real-time user experience and provides your business with hard data about your website's performance and availability. CA App Synthetic Monitor can be setup up immediately to start reporting with analysis and alerting, using pre-built scripts. CA App Synthetic Monitor also has a powerful API that integrates seamlessly with your enterprise APM solution. CA Application or rocMonitoring(CA APIM) APIs are the building blocks of digital transformation. States have the unique opportunity to open of the troves of data and transform society by providing citizens access to high-quality digital information right on their mobile devices, when and where they want it. CA API Management provides the tools to both accelerate and secure this digital transformation. CA Mobile lytics(C ) With more mobile devices than people, the secret to a successful mobile app?A great user experience. CA Mobile App Analytics provides developers and tests with the tools to get your app firing on all cylinders. It provides the ability to monitor, analyze and fix your app on the fly. CA Mobile App Analytics stimulates collaboration between business analysts, developers, operations and support in order to accelerate mobile app delivery and improve end-user experience. By emulating and fixing problems before you go live, you dramatically improve your customer experience. 26 AX294 of 580 MicrosoftResponse: Azure civ irecto° C Azure Active Directory,the cloud service with the proven ability to handle billions of authentications per day, extends its capabilities to manage consumer identities with a new service: Azure Active Directory 132C, now in public preview. Azure Active Directory 132C is a comprehensive, identity management solution for your consumer-facing applications that can be easily integrated to any platform, and accessible from any device.The service will be free during the public preview period. Azure civ irecto° Azure Active Directory provides identity management and access control for your cloud applications. To simply user access to cloud applications, you can synchronize on-premises identities, and enable single sign-on. Azure Active Directory comes in 3 editions: Free, Basic, and Premium. Azure civ irecto° 1n Services Azure Active Directory Domain Services provide scalable, high-performance, managed domain services such as domain-join, LDAP, Kerberos, Windows Integrated Authentication and Group Policy support. With the click of a button, administrators can enable managed domain services for virtual machines and directory-aware applications deployed in Azure Infrastructure Services. Built on the same underlying technology as Windows Server Active Directory,Azure Active Directory Domain Services provide an easy way to migrate traditional on-premises applications to the cloud. 1 Management Azure API Management lets you publish APIs to developers, partners, and employees securely and at scale. Application Azure Application Gateway is an Azure-managed layer-7 solution providing HTTP load balancing, SSL termination, and session-based cookie affinity to Internet-facing or internal web applications. Visual Studio AppikationInsights Visual Studio Application Insights (in preview) is an all-in-one telemetry solution that can help you detect issues, triage impact and solve problems in your web apps and services. It provides deep diagnostics and real-time insights while being a seamless part of your ALM processes through Visual Studio, Visual Studio Team Services, and Azure Diagnostics integrations. It supports ASP.NET,J2EE and most of the popular web technologies for web apps on Azure or on your own servers. App Service Azure App Service lets you create apps faster with a one-of-a kind cloud service to quickly and easily create enterprise-ready web and mobile apps for any platform or device and deploy them on a scalable and reliable cloud infrastructure. Automation Azure Automation lets you create, deploy, monitor, and maintain resources in your Azure environment automatically by using a highly scalable and reliable workflow execution engine. 27 4k,295 of 580 Backup On your corporate laptops, Azure Backup protects Windows client data and shared files and folders. In your datacenter, integrated with System Center Data Protection Manager(DPM), Backup protects Microsoft SharePoint, Exchange, SQL Server, Hyper-V virtual machines, and other applications. Batch Azure Batch makes it easy to run large-scale parallel and high-performance computing (HPC)workloads in Azure. Use Batch to scale out parallel workloads, manage the execution of tasks in a queue, and cloud-enable applications to offload compute jobs to the cloud. BizTalk Services Azure BizTalk Services is a powerful and extensible cloud-based integration service. It provides 13213 and EAI capabilities for delivering cloud and hybrid integration solutions. CDN Azure Content Delivery Network lets you deliver high-bandwidth content to users around the world with low latency and high availability via a robust network of global data centers. Cloud Services Azure Cloud Services removes the need to manage server infrastructure. With web and worker roles, it lets you quickly build, deploy, and manage modern applications. Azure Container Service Azure Container Service is a container hosting environment optimized for Azure that lets you deploy, scale, and orchestrate container-based applications using Docker Swarm and Apache Mesos—popular, open source tools you're already familiar with. Data Catalog Azure Data Catalog is a fully managed service that serves as a system of registration and system of discovery for enterprise data sources. It lets users—from analysts to data scientists to developers— register, discover, understand, and consume data sources. Use crowdsourced annotations and metadata to capture tribal knowledge within your organization, shine light on hidden data, and get more value from your enterprise data sources. Data Factory Azure Data Factory is a managed service that lets you produce trusted information from raw data in cloud or on-premises sources. Easily create, orchestrate, and schedule highly-available, fault-tolerant work flows of data movement and transformation activities. Monitor service health and all of your data pipelines at a glance with a rich visual experience offered through the Azure portal. Data Lake Analytics The Data Lake analytics service is a new distributed analytics service built on Apache YARN that dynamically scales so you can focus on your business goals, not on distributed infrastructure. Instead of deploying, configuring and tuning hardware, you write queries to transform your data and extract valuable insights. The analytics service can handle jobs of any scale instantly by simply setting the dial for how much power you need. You only pay for your job when it is running making it cost-effective.The 28 4k,296 of 580 analytics service supports Azure Active Directory letting you simply manage access and roles, integrated with your on-premises identity system. It also includes U-SQL, a language that unifies the benefits of SQL with the expressive power of user code. U-SQL's scalable distributed runtime enables you to efficiently analyze data in the store and across SQL Servers in Azure, Azure SQL Database and Azure SQL Data Warehouse. Data tare The Data Lake store provides a single repository where you can capture data of any size type and speed simply without forcing changes to your application as the data scales. In the store, data can be shared for collaboration with enterprise-grade security. It is also designed for high-performance processing and analytics from HDFS applications (ie. Azure HDlnsight, Data Lake analytics service, Hortonworks, Cloudera, MapR) and tools, including support for low latency workloads. For example, data can be ingested in real-time from sensors and devices for IoT solutions, or from online shopping websites into the store without the restriction of fixed limits on account or file size unlike current offerings in the market. Azure DevTest Labs Azure DevTest Labs makes it easy to quickly create environments to deploy and test applications. Use reusable templates and artifacts to build Windows and Linux environments while minimalizing waste and controlling costs. Azure DNS Azure DNS lets you host your DNS domains alongside your Azure apps and manage DNS records by using your existing Azure subscription. Microsoft's global network of name servers has the reach, scale, and redundancy to ensure ultra-fast DNS responses and ultra-high availability for your domains. With Azure DNS, you can be sure your DNS will always be fast and available. DocurnentDB Azure DocumentDB is a fully-managed NoSQL document database service that offers querying and transaction-processing over schema-free data, predictable and reliable performance, and rapid development. Event s Azure Event Hubs enables elastic-scale telemetry and event ingestion with durable buffering and sub- second end-to-end latency for millions of devices and events. ExpressRoute Azure ExpressRoute lets you create private connections between Azure datacenters and infrastructure that's on your premises or in a colocation environment. HDInsight Azure HDlnsight is a Hadoop-based service that brings an Apache Hadoop solution to the cloud. Gain the full value of big data with a cloud-based data platform that manages data of any type and size. 29 AX297 of 580 Azure lo T Hub Jumpstart your Internet of Things project with Microsoft Azure IoT Hub. Connect, monitor, and control millions of IoT assets running on a broad set of operating systems and protocols. Establish reliable, bi- directional communication with these assets, even if they're intermittently connected, and analyze— and act on—incoming telemetry data. Enhance the security of your IoT solutions by using per-device authentication to communicate with devices that have the appropriate credentials. Revoke access rights to specific devices to maintain the integrity of your system. Key Vault Azure Key Vault offers an easy, cost-effective way to safeguard keys and other secrets in the cloud by using hardware security modules (HSMs). Protect cryptographic keys and small secrets like passwords with keys stored in HSMs. For added assurance, import or generate your keys in HSMs that are certified to FIPS 140-2 level 2 and Common Criteria EAL4+ standards, so that your keys stay within the HSM boundary. Key Vault is designed so that Microsoft does not see or extract your keys. Create new keys for Dev-Test in minutes and migrate seamlessly to production keys managed by security operations. Key Vault scales to meet the demands of your cloud applications without the hassle required to provision, deploy, and manage HSMs and key management software. Load Balancer Azure Load Balancer distributes Internet and private network traffic among healthy service instances in cloud services or virtual machines. It lets you achieve greater reliability and seamlessly add more capacity to your applications. Machine Learning Azure Machine Learning lets you easily design, test, operationalize, and manage predictive analytics solutions in the cloud. Managed ervlc Azure Managed Cache Service is a distributed, in-memory, scalable solution that lets you build highly scalable and responsive applications by providing super-fast access to data. Mediaervlc s Azure Media Services offers cloud-based media solutions, including ingest, encoding, format conversion, content protection, and both on-demand and live-streaming capabilities. Mobile Engagernent Azure Mobile Engagement lets you maximize mobile app usage and revenue. It's an SaaS-delivered, data-driven user-engagement platform that enables real-time,fine-grained user segmentation, app user analytics, and contextually-aware smart-push notifications and in-app messaging across all connected devices. It closes the marketing loop for app developers and marketers, letting them get directly in touch with all of their customers in a personal, contextually-aware, and non-intrusive way, and at the right time. 30 4k,298 of 580 Mobile Services Azure Mobile Services is a scalable cloud backend for building Windows Store, Windows Phone, Apple iOS, Android, and HTML/JavaScript applications. Store data in the cloud, authenticate users, and send push notifications to your application within minutes. Multi-Factor Authentication Azure Multi-Factor Authentication helps prevent unauthorized access to on-premises and cloud applications by providing an additional layer of authentication. Follow organizational security and compliance standards while also addressing user demand for convenient access. Notification s Azure Notification Hubs is a highly scalable, cross-platform push notification infrastructure that lets you either broadcast push notifications to millions of users at once or tailor notifications to individual users. Operational Insights Azure Operational Insights lets you collect, correlate and visualize all your machine data, such as event logs, network logs, performance data, and much more, from both your on-premises and cloud assets. Redis Cache Azure Redis Cache—based on the popular open source Redis cache—gives you access to a secure, dedicated cache for your Azure applications. RernoteApp Azure RemoteApp helps employees stay productive anywhere, on a variety of devices—Windows, Mac OS X, iOS, or Android. Scheduler Azure Scheduler lets you invoke actions that call HTTP/S endpoints or post messages to a storage queue on any schedule. Create jobs that reliably call services either inside or outside of Azure and run those jobs right away, on a regular or irregular schedule, or at a future date. Search Azure Search is a fully-managed service for adding sophisticated search capabilities to web and mobile applications without the typical complexities of full-text search. Security Center Azure Security Center helps you prevent, detect, and respond to threats with increased visibility and control over the security of all of your Azure resources. It provides a central view of security across your subscriptions and lets you set policies and monitor security configurations. Policy-driven recommendations guide resource owners through the process of implementing security controls and enable the rapid deployment of integrated Microsoft and partner solutions. Using Microsoft global threat intelligence, security-related events from across your Azure deployments are automatically collected and analyzed to identify actual threats and reduce false alarms.The resulting alerts offer insights into the attack and suggest ways to remediate issues. 31 4k,299 of 580 Service s Azure Service Bus is a messaging infrastructure that sits between applications allowing them to exchange messages for improved scale and resiliency. Service is Service Fabric is a microservices platform used to build scalable, reliable, and easily managed applications for the cloud. Addressing the significant challenges in developing and managing cloud applications, Service Fabric allows developers and administrators to avoid solving complex infrastructure problems and focus instead on implementing mission-critical, demanding workloads. Site Recovery Azure Site Recovery helps you protect important applications by coordinating the replication and recovery of private clouds for simple, cost-effective disaster recovery. SQL Database Azure SQL Database is a relational database service that lets you rapidly create, extend, and scale relational applications into the cloud. SQL Data r use Azure SQL Data Warehouse is an elastic data warehouse as a service with enterprise-grade features based on the massively parallel SQL Server processing architecture. It lets you scale data, either on- premises or in our cloud. It's the first cloud data warehouse that can dynamically grow or shrink, so you pay only for the query performance that you need, when you need it, up to petabyte-scale. SQL Data Warehouse lets you use your existing Transact-SQL(T-SQL) skills to integrate queries across structured and unstructured data. SQL Data Warehouse integrates with our data platform tools, including Azure HDlnsight, Machine Learning, and Data Factory and Microsoft Power BI for a complete data- warehousing and business-intelligence solution in the cloud. With SQL Data Warehouse, you choose where to keep your data, either in the cloud or on-premises, based on your performance, security, and scale requirements. SQL ery ► Stretch Database With SQL Server Stretch Database, you can dynamically stretch warm and cold transactional data from Microsoft SQL Server to Azure. Unlike typical cold data storage, your data is always at hand. Stretch Database lets you provide longer data retention times than typical enterprise storage without breaking the bank. Depending on how often you'll access the data, choose the appropriate level of service, then scale up or down as needed. Using Stretch Database doesn't require any application changes. And you can use Stretch Database with new Always Encrypted technology, which helps protect your data at rest and in motion—extending data in a more secured manner for greater peace of mind. Storage Azure Storage offers non-relational data storage including Blob Storage,Table Storage, Queue Storage, and Files. 32 AX300 of 580 StorSimple Azure StorSimple is a unique hybrid cloud storage solution for primary storage, archiving, and disaster recovery. StorSimple optimizes total storage costs and data protection. Note that the StorSimple 8000 Series is licensed separately from Azure services. Stream lytics Azure Stream Analytics is an event-processing engine that helps you gain insights from devices, sensors, cloud infrastructure, and existing data properties in real-time. It's integrated out of the box with Event Hubs, and the combined solution can both ingest millions of events and do analytics to help you better understand patterns, power a dashboard, detect anomalies, or kick off an action while data is being streamed in real time. Traffic Manager Azure Traffic Manager lets you route incoming traffic across multiple hosted Azure services,whether they're running in the same datacenter or in different datacenters around the world. Virtual Machines Azure Virtual Machines lets you deploy a Windows Server or Linux image in the cloud. You can select images from a marketplace or use your own customized images. Virtual Network Azure Virtual Network lets you create private networks in the cloud with full control over IP addresses, DNS servers, security rules, and traffic flows. Securely connect a virtual network to on-premises networks by using a VPN tunnel, or connect privately by using the ExpressRoute service. Visual Studio Team Services Visual Studio Team Services is a cloud-based application lifecycle management (ALM) solution for everything from hosted-code repositories and issue-tracking to load-testing and automated builds. It's accessible from nearly anywhere, and you can create an account for free. Visual Studio Team Services is licensed separately from Azure services. VPN Gateway Azure VPN Gateway lets you establish secure, cross-premises connections between your virtual network within Azure and on-premises IT infrastructure. 33 4k,301 of 580 � � PRACTICES BEST � e�� SH| Response: SH| doesn't develop cloud solutions but vveare partnering with several cloud partners to respond to this RFP and will continue to add products and solutions over the course of this contract as new technologies emerge nras customer needs arise.Asvveadd partners, we will ensure that vvecan provide their best practices regarding policies and procedures asrequested byNASPO. AWS Response: The AWS virtual infrastructure has been designed to provide optimum availability while ensuring complete customer privacy and segregation. AWS's highly secure data centers use state-of-the-art electronic surveillance and multi-factor access control systems and maintain strict, least-privileged- based access authorizations. Our environmental systems are designed to minimize the impact of east'privi|e0edbasedaccessauthnrizatinns. Ourenvirnnmenta| systemsaredesi0nedtnminimizetheimpactnf disruptions tnoperations, and our multiple geographic regions and Availability Zones allow customers tn remain resilient in the face of most failure modes, including natural disasters or system failures. AWS manages over 1,800 security controls to provide an optimally secure environment for all of our customers. In addition, network traffic between AWS regions, Availability Zones, and individual data centers travels over private network segments by default.These private network segments are fully isolated from the public Internet and not rnutab|e externally.AWS resources can be configured to reside only on isolated AWS network segments and to avoid utilizing any public IP addresses or routing over the public Internet. AWS security engineers and solution architects have developed whitepapers and operational checklists to help customers select the best options for their needs and to recommend security best practices, such asstoring secret keys and passwords in a secure manner and rotating nrchanging them frequently. Built-in Security Features Not only are applications and data protected byhighly secure facilities and infrastructure, they are also protected by extensive network and security monitoring systems. AWS and its partners offer over 700 tools and features to help customers meet their security objectives concerning visibility, auditabi|ity, controllability, and agility.These tools and features provide basic but important security measures such as Distributed Denial of Service (DDnS) protection and password brute-force detection on AWS accounts. AWS-provided security features include: * Secure Access–Customer access points, also called Application Programming Interface (API) endpoints, allow secure HTTP access (HTTPS) so that customers can establish secure communication sessions with their AWS cloud services using Secure Socket Layer (SSL)/TranoportLayer Security(TSL). * Built-in FirevvmUs–Cuotomero can control how accessible their instances are by configuring built-in firewall rules—from totally public to completely private or somewhere in between. And 34 AW,302 of 580 when instances reside within an Amazon Virtual Private Cloud (Amazon VPC) subnet, customers can control egress as well as ingress. • Unique Users—The AWS Identity and Access Management(IAM)tool allows AWS customers to control the level of access their own users have to AWS infrastructure services.With AWS IAM, each user can have unique security credentials, eliminating the need for shared passwords or keys and allowing the security best practices of role separation and least privilege. • Multi-Factor Authentication (MFA)—AWS provides built-in support for MFA for use with AWS accounts as well as individual AWS IAM user accounts. • Private Subnets—The Amazon VPC service allows customers to add another layer of network security to instances by creating private subnets and even adding an Internet Protocol Security (IPsec)Virtual Private Network(VPN)tunnel between a home network and Amazon VPC. • Encrypted Data Storage—Customers can have the data and objects they store in Amazon Elastic Block Store (Amazon EBS), Amazon Simple Storage Service (Amazon S3),Amazon Glacier, Amazon Redshift, and Amazon Relational Database Service (Amazon RDS) on Oracle and SQL Server encrypted automatically using Advanced Encryption Standard (AES) 256, a secure symmetric-key encryption standard using 256-bit encryption keys. • Dedicated Connection Option—The AWS Direct Connect service allows customers to establish a dedicated network connection from their premises to AWS. Using industry-standard 802.1q VLANs,this dedicated connection can be partitioned into multiple logical connections to enable access to both public and private IP environments within the AWS cloud. • Isolated GovCloud—For customers who require additional measures in order to comply with US International Traffic in Arms Regulations (ITAR),AWS offers an entirely separate region called AWS GovCloud (US).This isolated region provides an environment where customers can run ITAR-compliant applications and provides special endpoints that utilize only Federal Information Processing Standard (FIPS) 140-2 encryption. • Dedicated, Hardware-Based Crypto Key Storage Option—For customers who must use Hardware Security Module (HSM) appliances for cryptographic key storage, AWS CloudHSM provides a highly secure and convenient way to store and manage keys. • Centralized Key Management—For customers who use encryption extensively and require strict control of their keys,the AWS Key Management Service (KMS) provides a convenient management option for creating and administering the keys used to encrypt data at rest. • Perfect Forward Secrecy—For even greater communication privacy, several AWS cloud services such as Elastic Load Balancing and Amazon ClouclFront offer newer, stronger cipher suites. These cipher suites allow SSL/TLS clients to use Perfect Forward Secrecy, a technique that uses session keys that are ephemeral and not stored anywhere.This prevents the decoding of captured data, even if the secret long-term key itself is compromised. Several of AWS's built-in cloud security features focus on providing visibility into data, performance, and resource usage.The tools listed below help customers gain more insight into their cloud operations, giving them the means to better control their security and providing information for data-driven decisions. • AWS Trusted Advisor—Provided automatically when AWS customers sign up for premium support,the AWS Trusted Advisor service is a convenient way for customers to see where they could use a little more security. It monitors AWS resources and alerts customers to security configuration gaps such as overly permissive access to certain Amazon Elastic Compute Cloud (Amazon EC2) instance ports and Amazon S3 storage buckets, minimal use of role segregation using AWS IAM, and weak password policies. 35 AX303 of 580 • Amazon CloudWatch—Amazon CloudWatch enables customers to collect and track metrics, collect and monitor log files, and set alarms. Amazon ClouclWatch can monitor AWS resources such as Amazon EC2 instances, Amazon DynamoDB tables, and Amazon RDS DB instances, as well as custom metrics generated by a customer's applications and services and any log files their applications generate. Customers can use Amazon ClouclWatch to gain system-wide visibility into resource utilization, application performance, and operational health, using these insights to react intelligently and keep applications running smoothly. • AWS CloudTrail—AWS ClouclTrail provides logs of all user activity within an AWS account.The recorded information includes the identity of the API caller,the time of the API call, the source IP address of the API caller,the request parameters, and the response elements returned by the AWS cloud service.The AWS API call history produced by AWS ClouclTrail enables security analysis, resource change tracking, and compliance auditing. • AWS Config—With the AWS Config service, customers can immediately discover all of their AWS resources and view the configuration of each. Customers can receive notifications each time a configuration changes as well as dig into the configuration history to perform incident analysis. More information on these and other features is available atttp:JJaws.amazon.comZsecurityjaws- security-features. Third-Party Sec We also offer additional third-party security tools to complement and enhance our customers' operations in the AWS cloud. AWS Partner Network lAPNI partners offer hundreds of familiar and industry-leading products that are equivalent to, identical to, or integrate with existing controls in a customer's on-premises environments. Customers can browse and purchase APN partner products on the AWS Marketplace.These products complement existing AWS cloud services to enable customers to deploy a comprehensive security architecture and a more seamless experience across their cloud and on-premises environments.The APN partner security products cover multiple areas of security, including application security, policy management, identity management, security monitoring, vulnerability management, and endpoint protection. Error! Reference source not found. is a snapshot of the APN partners and categories of products available under the security category in the AWS Marketplace. tO aws marketplace Advanced Application identity and Burger& Network Encryption & Vulnerability Threat Security Access Endpoint Security Key Mgrnt &Pen Analytics Mg mt Protection 'besting TREND' tenabl i=m:.i=iTir'iE"i „a. M 1 C O O o o 0 scr�URmr��,uTr� .. Na qn�Point Vormebft h'-PIP7sso oalo1 o networks, QXRUST 36 AX304 of 580 Several of the security products that AWS offers are provided only by APN partners that are prequalified by the APN Partner Competency Program, which confirms their technical proficiency and proven customer success in specialized solution areas. AWS's Security Competency Partners can also provide demos and consulting services that are not always available through the AWS Marketplace. CA Response: This is addressed throughout all of our policies and procedures. CA SaaS Operations and Delivery runs an Information Security Management Framework(ISMS), which includes security organization, documentation, monitoring, and continuous improvement cycle. The security documentation comprises of CA SaaS Operations information security policies, procedures, guidelines and checklists. ISMS documentation is reviewed along with applicable controls annually. CA offers a variety of SaaS solutions, details for each offering has been provided in Exhibit 1 and 2 of this proposal. Microsoft esponse® Below are diagrams that illustrate the policies and procedures in ensuring visibility, compliance, data security and threat protection for cloud-delivered services with Microsoft. Azure Conceptual Design Phase highly available,scalable,multi-tenant storage service in the cloud Self managing capability to provision data services with built-in fault tolerance Creation,prototyping,and deployment of applications that integrate data across the organization Users Azure Phase i Partners Une-of-business Relational data model in the cloud that provides connectivity with existing on-premises storage Applications Secure connectivity between loosely coupled services and applications over the Internet across firewall,domain,and network boundaries Enabling services to navigate firewalls or network boundaries 37 AX305 of 580 Azure Conceptual Design Phase On-demand compute and storage on the Internet Cloud-based development,service hosting,and service management environment Bidirectional data synchronization between on-premises and cloud storage Bidirectional communication in an interoperable manner through composite applications,custom Web applications,and packaged line-of-business applications Users r Unified provisioning and billing framework Azure y Phase 2 Partners Line-of-Business Applications Ability to publish and subscribe for multicasting Creation,prototyping,and deployment of applications that integrate data across the organization Secure connectivity between loosely coupled services and applications over the Internet across firewall,domain,and network boundaries Enabling services to navigate firewalls or network boundaries 38 AX306 of 580 Azure Conceptual Design Phase Simple,reliable,flexible,and powerful cloud platform Web applications and services that supports multiple languages and standards Business data hubs in the cloud Applications that integrate with existing on-premises environment Users r f Ss Federated identity and access control to secure applications Azure Phase 3 S1 Partners Line-of-Business Applications Rule-based authorization for services and applications Flexible,standards-based service to support multiple credentials and relying parties Cloud-based development,service hosting,and service management environment Bidirectional communication in an interoperable manner through composite applications,custom Web applications,and packaged line-of-business applications 39 AX307 of 580 Azure Physical Design Phase w � r 1' I. IC9.5_. •. r tt.,.,sxxi s,euiri en n r � �� Se vi,� _J z n1 k W,u,w,Nnv uiJ+� s W frn� �• I' NI Aupn Rk'SBt�`.ta9 RY y @ .-< Jma6 ,=idLu lWv na,3,.s ------------------------------ Yjdnd�envg'shR4�fa-$h'k'1 I rti 1 h 5:, Mn9 rl.Jrzi L 1 � fy K.r i. Na a,x xkil r3e , 191;•. C 1 s4 i. 1'Ith-OCP vlapa y t( ti"»„�,i "•i� Wl `lt 9CPoM ,Am+w.t419, vdi9�� W J �3-rs� full it xI. i wvi J,m nnlre-.F6a ehcrd syr u'.� 'r k1 "'. Tgei v .�ra,kvt.es )rxvv{s za:cis 4i,�atdt "'... 5 t3 A ,. t 3 Y 2(Na5 x3 O12�f9 s c441 i nt,nJe:s ••". �14L ttru h �a y,`1 .urv9eeairun 5 S Ywt..sc IM t.ev ry �rtual�Y$iie�l aNefAo4�la4w ap xecW.ersamre --------------------------------- ----------- -.___ zure Physical Design Phase A� vx e A.614 M s� ........... I A.ifra q t rt srn 44 b@ it t SYJ 2I 1 �Pl'�9 ,9dus 2"®fJ6gp Rn hn uc C I }, ... 4F � L .amvv2 MtesdywA "� ,i d A AV i(( 2r„VJh - i sP2 he • e wi` rAe p H 5PV[e�l� ,^i i i tAnV m� wl f � S r+bx 9tl 1 x,ewr �Mitlz ( i d � r 1 `xI W x i i i p �tOf tr,• L f 20. 5 N [_ c?rsu�9�.rrn�is 3 e.le N uk F.rri [. 811IM§V,21y,19C sYwP+Ca2 __ ___..__. .__._ WlelWWspi$mq auptlleGlu lar e'tlU aahquX 40 AX308 of 580 Azure Physical Design Phase .. e v� pH 51 s �r �s,• } n, EA xtt t 4A IL t lrn , —Old 35 2W P {( dq,t"c S. 7'x i.£Y5 P MIN2 @1 rr. 5 APl 9du - J uaau4 i�a eWe nuc I r 5var,I r f Vnr,M o� 2 ...., �r tat to ,.lip t v - a f _c -u Ma n:•w .M}he FI,®s�7fs .. ,xry n F�xr aw.e 01 M 41.7 1 I I IS R �r•a of w,e r K 7 [ } 'v K - S; 6 rrc e+CaP ry' l2iYC91Y9 WlelWWspi$mq aupJlefelulare'tlU ahquX N14tu Xl9 4' I NA»�p,•V z �x ras.. i.9A1 Azure Logical Design Phase 1 FP�a.o n m kj ', ]di,i s f 4nn sc Ti aTZFs ' s lueiaT9 N[ _ — _ i Cen ier o9n ni4 tion ', .irenu IeslO t en zross r, a a t }4U Ilkkkccc .�sxmtm — �� J�.onnk11 nz —R2 w ,k ',, Vrtuabzafien axa31ab4e for all seerers above 3,�r� sNnJ 2mnaoonx.r rw v ',, 41 AX309 of 580 Azure Logical Design Phase m kj ', ]di.i s f 4nn sc aTZFs ' s lueiaT9 N[ _ — _ i Cen ier ogn ni4 tion ', .irenu IeslO t �� zross r, a a t }4U Ilkkkccc 0000: 1 $ R2 w ,k ',, VrtxaLzafien axarlab4e for all seerers above 3�r� sNnJ 2mnaoonx.r rw v ',, Azure Logical Design Phase.3 II I I Id �zr , 42 AP,310 of 580 7 ORGANIZATION AND STAFFING 7.1 CONTRACT MANAGER 1%",, ""711 Y,i'fi"l SHI Response: Required Information Offeror's Response Name Denise Verclicchio Phone Number 908-884-1389 Email Address Denise Verdiccio@SHI.com Position/Title Senior Director, Public Sector Years of industry experience 20 years in industry, 20 years with SHI Work Hours Standard Business work hours 7A.2 ix "U 91 ..... ... SHI Response: Dense Verclicchio has spent 20 years in the industry, and that entire time at SHL Denise has held positions at SHI in Sales, Sales Management, and most recently, Denise was promoted to Senior Director for SHI's Public Sector field sales team across the country. As such, Denise has responsibility for all SHI Public Sector contracts. She has had experience managing many contracts of similar size and scope, and she is dedicated to excellence and continuous improvements in offerings and customer service. Denise's resume follows: 43 AP,311 of 580 Denise Verdicchio 908.884.1389 202 Gregory Lane denise—verdicchio@SHI.com Branchburg, NJ 08876 Senior Sales Professional i Account Manager Offering 20 years of experience and achievement in the sale of/T software, hardware, and professional services to diverse business, healthcare, and government entities ■ Top sales performer with remarkable talent for connecting with customers, influencing key decision makers, and matching buyer needs with the right products to ensure ongoing satisfaction and repeat business. ■ Assertive and resolute in pursuing opportunities, closing deals, resolving issues, and collaborating with vendors and other partners on seamless, timely implementation of world-class solutions. ■ Knowledgeable and articulate in interfacing with clients and in delivering high-impact presentations that drive audiences to desired action. Accustomed to communicating with CEOs, G Os, CTOs and other senior staff. ■ Inspirational, empowering leader able to guide sales teams to unprecedented results; exceptionally organized in multitasking, keeping accounts up to date, and giving proper attention to multiple, concurrent deals. ■ Passionate, enthusiastic, and hardworking. Driven each day to advance company goals, grow market share, surpass revenue targets, and boost bottom line profits while consistently exceeding client expectations. 10 7-time President's Club recipient, 3-time Chairwoman's Gub designation, and Bali Award winner. Career History SHI INTERNATIONAL, Somerset, NJ, 1995 to Present /n a series of increasingly responsible roles, develop new business, exceed sales targets, and provide outstanding service to customers of this$6B global provider of innovative/T products and services. Senior Director Public Sector, 7/ 1/2015-Present SENT OR SALES EXECUTI VE WI TH 20 YEAR ACCOMPLI SHED CAREER KNOWN FOR DELI VERT NG AND SUSTAI NI NG REVENUE AND PROFIT GAINS WITHIN HIGHLY COMPETITIVE MARKET. LEAD$1.313 BUSINESS UNIT INCLUDING TEAM OF 6 REGIONAL DIRECTORS AND 100 ACCOUNT EXECUTIVES IN ALL ASPECTS OF SALES, SERVICE, BUSINESS 44 AX312 of 580 DEVELOPMENT, ACCOUNT MANAGEMENT, SOLUTI ONS I MPLEMENTATI ON, AND I SSUE RESOLUTI ON ACROSS NORTH AMERICA. COLLABORATIVE LEADERSHIP STYLE I NCLUDI NG ONGOING PERSONALIZED COACHI NG TO OTHER TEAM MEMBERS, OPEN I NFORMATI ON SHARI NG, AND NURTURI NG CULTURE RESULTI NG I N CREATI VE AND I NNOVATI VE ENVI RONMENT. ExcEPTI ONAL COMMUNI CATOR WI TH CONSULTATI VE SALES STYLE, STRONG NEGOTIATI ON SI4 LLS, EXCEPTI ONAL, EXCEPTI ONAL PROBLEM SOLVI NG ABI LI TI ES, AND A KEEN CLI ENT NEEDS ASSESSMENT APTI TUDE. • SKI LLED I N SENI OR LEVEL PRESENTATI ONS, NEGOTI ATI ONS, AND RELATI ONSHI P BUI LDI NG • MAINTAIN KNOWLEDGE AND EXPERTISE OF TECHNOLOGIES INCLUDING END USER COMPUTING, DATACENTER, AND SECURITY • DEVELOP AND I MPLEMENT SHORT AND LONG TERM SALES AND BUSI NESS PLANS • PROVI DE LEADERSHI P AND I NNOVATI ON I N KEY ACCOUNT DEVELOPMENT AND MANAGEMENT • ACKNOWLEDGED FOR EXCEPTIONAL STAFF DEVELOPMENT, MOTIVATION, AND TEAM BUILDING Director– East Region SLED, 8/ 2013 to 6/ 30/2015 Lead team of 17 Account Executives in all aspects of sales, service, business development, account management, solutions implementation, and issue resolution for 8-state territory, SHI's largest region representing over $200M in annual revenue. Oversee daily operations in assisting customers with software and hardware procurement and implementation, system configuration, data center optimization, cloud computing, IT asset management, and various other computing solutions— ultimately helping clients maximize their IT investments and run successful businesses. Aggressively pursue new business through cold calling and other strategies. Travel extensively to client sites to provide in-person client support or drive new business opportunities. Partner with IT vendors and strategic partners on solutions implementation and in planning strategies to increase business. ■ Excel in delivery of informative, insightful sales presentations to CEOs, G Os, CTOs, CFOs, and other IT and procurement staff to update on current business and / or explain what SHI can do for them. • Consistently demonstrate tremendous organization in keeping accounts current, overseeing all deals from 12 Account Executives, and responding to up to 400 customer emails daily. ■ Motivate teams each day to work to their full potential. Provide ongoing coaching and support. ■ Promoted to Director after highly successful tenure as Account Executive. SHI INTERNATIONAL, Somerset, NJ Account Executive – NJ State and Local Government, 2010 to Present Develop new business, service customer needs, and oversee daily account management for public sector clients in NJ State and Local Government. Interface daily with customers in providing information, resolving issues, communicating SHI offerings, and enabling them to secure quotes through their own procurement systems. Negotiate deals, support customer contracts, and deliver sales presentations. Onboard new vendors, enabling them to procure software on the NJ state contract. Collaborate with vendors on delivery of comprehensive IT solutions. • Grew this new line of business from $0 to $40M in three years, establishing all new clients-- including 19 NJ counties, more than 100 individual townships, and all state agencies. ■ Delivered more than $2M in cost savings to clients through successful price negotiations with vendors. ■ Regularly exceed quarterly / annual sales targets. SHI INTERNATIONAL, Somerset, NJ Account Executive – North Carolina Commercial Accounts, 1998 to 2010 45 AX313 of 580 Orchestrated customized, total IT solutions for Duke Energy (30K employees), SAS Institute, Wake Forest University, and other commercial accounts throughout North Carolina. Aggressively pursued and developed new business through cold calling, networking, and other forms of outreach. ■ Fostered and fortified strong, mutually beneficial relationships with Microsoft, Adobe, Symantec, McAfee, HP, VMware, Amazon Web Service, EMC, Lenovo, and other strategic partners. ■ Demonstrated tremendous energy and unyielding commitment to being in front of customers as often as possible to create and expand relationships. Earlier SHI experience as Human Resources Assistant (1997 to 1998), hiring employees to all SHI divisions; and as I nside Account Manager (1995 to 1997), answering customer calls, quoting product, placing orders, and providing support to North Carolina accounts. Education Bachelor of Arts Degree in Psychology and Sociology RUTGERS COLLEGE, New Brunswick, NJ Double Major,- Honor's aaduate Professional Development: Microsoft Sales Professional Certification • VMWare Sales Specialist McAFee Certified Sales Professional 7,13. n`$� t„{)! `_.a +�5,�: ft..':1 ,r�izf l- ,t `fug �t t ✓+ {X( FX fir t,)!a' - ft.r 1Q� SHI Response: As SHI's Senior Director for Public Sector, Denise not only will take personal responsibility for the management of this contract, she also has access to and control over a wide variety of resources within SHI to ensure the success of this contract. Denise understands the intracacies of implementing and maintaining a contract of this nature, supporting multiple state agencies and municipalities. When SHI enters into an agreement of this magnitude, we take great care to implement support and service plans to meet the needs of each State, while also supporting each indivual agency, city, county, township, school district and higher education institution. While Denise will act as the Contract Manager and Single Point of Contact for this contract, she is certainly not alone in the support of this contract. Denise will coordinate the efforts of SHI's contracts team, our Solutions specialists, our Public Sector Marketing team, and of course our Public Sector sales team across the country. To give you an idea of our scope of coverage from a sales perspective, SHI is proud to support our Public Sector customers with the following team members who work exclusively with Public Sector: 46 AX314 of 580 • 88 Field Account Executives supporting State& Local Government and Education • 150 Inside Account Executives supporting Small/Medium Local Government and Education customers • 94 Inside Account Managers who partner with our Field Account Executives and assist customers with their day to day quoting and ordering needs • 7 Public Sector Marketing Managers who are dedicated to support the success of our sales team In short, SHI has many representatives who will support the NASPO ValuePoint SVAR contract both within our Headquarters office and across the country. Denise looks forward to coordinating all of these resources to the maximum benefit of NASPO ValuePoint and each Participating State. 47 AX315 of 580 8 TECHNICAL REQUIREMENTS "' AX, 'J%"""'r) 'J%"" r 'l 'J%"""'�') 'J%"" ............�, C, SHI Response: The scope and requirements of this RFP are such that it would be impossible to include all of the cloud based offerings that SHI has in its catalog today. We will work to add products and solutions over the course of this contract as new technologies emerge or as customer needs arise. SHI is responding today with offerings from AWS, Microsoft, and CA as well additional service offerings from our partner Ascent Innovations. For Section 8 we have provided the response from each of these partners. 8.1 TECHNICAL REQUIREMENTS 8J.1 Su AWS Response: Our proposed service models are laaS and PaaS, each deployed in either Community, Public or Hybrid models. Our proposed laaS and PaaS cloud offers have the ability to store and secure Low, Moderate and High Risk data in conformance with FIPS designations. Amazon Web Services, Inc. (AWS) provides customers of all sizes with on-demand access to a wide range of cloud infrastructure services, charging you only for the resources you actually use. AWS enables you to eliminate the need for costly hardware and the administrative pain that goes along with owning and operating it. Instead of the weeks and months it takes to plan, budget, procure, set up, deploy, operate, and hire for a new project, our customers can simply sign up for AWS and immediately begin deployment in the cloud with the equivalent of 1, 10, 100, or 1,000 servers.Whether an organization needs to prototype an application or host a production solution, AWS makes it simple for customers to get started and be productive. Broad Network Access AWS provides a simple way to access servers, storage, databases, and a broad set of application services over the Internet. Cloud computing providers such as AWS own and maintain the network-connected hardware required for these application services,while you provision and use what you need via a web 48 AP,316 of 580 application. All AWS cloud services are driven by robust APIs that allow for a wide variety of monitoring and management tools to integrate easily with AWS cloud resources. Common tools from vendors such as Microsoft, VMware, BMC Software, Okta, RightScale, Eucalyptus, CA, Xceedium, Symantec, Racemi, and Dell already support AWS, to name just a few.This flexibility allows AWS customers to easily provision, manage, and monitor all of their IT resources through a "single pane of glass"with the tool that best fits their unique needs.This also means a full inventory of those resources is only a few clicks away. • Management Console:The AWS Management Console is a single destination for managing all AWS resources,from Amazon Elastic Compute Cloud (Amazon EC2) instances to Amazon DynamoDB tables. Use the AWS Management Console to perform any number of tasks,from deploying new applications to monitoring the health of applications. The AWS Management Console also enables customers to manage all aspects of their AWS account, including accessing monthly spending by service, managing security credentials, or even setting up new AWS Identity and Access Management(AWS IAM) users.The AWS Management Console supports all AWS regions and lets customers provision resources across multiple regions. • Command Line Interface:The AWS Command Line Interface (CLI) is a unified tool used to manage AWS cloud services.With just one tool to download and configure, customers can control multiple AWS resources from the command line and automate them through scripts. The AWS CLI introduces a new set of simple file commands for efficient file transfers to and from Amazon Simple Storage Service (Amazon S3). Many of the tools that organizations use to manage on-premises environments can be integrated with AWS as well. Integrating an AWS environment can provide a simpler and quicker path for cloud adoption, because a customer's operations team does not need to learn new tools or develop completely new processes. For example: • AWS Management Portal for vCenter enables customers to manage their AWS resources using VMware vCenter.The portal installs as a vCenter plug-in within the existing vCenter environment. Once installed, it enables customers to migrate VMware VMs to Amazon EC2 and manage AWS resources from within vCenter.The AWS resources that customers create using the portal can be located in their AWS account, even though those resources have been created using vCenter. For experienced VMware administrators, AWS Management Portal for vCenter provides a familiar look and feel that can make it easy to start using AWS. AWS Management Portal for vCenter is available at no additional charge. • The Amazon EC2 VM Import Connector extends the capabilities of VMware vCenter to provide a familiar graphical user interface customers can use to import their preexisting Virtual Machines (VMs)to Amazon EC2. Using the connector, importing a VM is as simple as selecting a VM from the vSphere infrastructure, and specifying the AWS region, Availability Zone, operating system, instance size, security group, and Amazon Virtual Private Cloud (Amazon VPC) details (if desired) into which the VM should be imported. Once the VM has been imported, customers can launch it as an instance from the AWS Management Console and immediately take advantage of all the features of Amazon EC2. • AWS Management Pack for Microsoft System Center enables customers to view and monitor their AWS resources directly in the Operations Manager console.This way, customers can use a single,familiar console to monitor all of their resources, whether they are on-premises or in the AWS cloud.You get a consolidated view of all AWS resources across regions and Availability Zones. It also has built-in integration with Amazon CloudWatch so that the metrics and alarms defined in Amazon ClouclWatch surface as performance counters and alerts in the Operations 49 AX317 of 580 Manager console. Information on AWS Management Pack for Microsoft System Center can be found here. Rapid ici AWS provides a massive global cloud infrastructure that allows you to quickly innovate, experiment, and iterate. Instead of waiting weeks or months for hardware, you can instantly deploy new applications, instantly scale up as your workload grows, and instantly scale down based on demand. Customers need to be confident that their existing infrastructure can handle a spike in traffic and that the spike will not interfere with normal business operations. Elastic Load Balancing and Auto Scaling can automatically scale a customer's AWS resources up to meet unexpected demand and then scale those resources down as demand decreases. Resource Pooling The AWS environment is a virtualized, multi-tenant environment. AWS has implemented security management processes, PCI controls, and other security controls designed to isolate each customer from other customers. AWS systems are designed to prevent customers from accessing physical hosts or instances not assigned to them by filtering through the virtualization software.This architecture has been validated by an independent PCI Qualified Security Assessor (QSA) and was found to be in compliance with all requirements of PCI DSS version 2.0 published in October 2010. Measured Service AWS utilizes automated monitoring systems to provide a high level of service performance and availability. Proactive monitoring is available through a variety of online tools both for internal and external use. Systems within AWS are extensively instrumented to monitor key operational metrics. Alarms are configured to notify operations and management personnel when early warning thresholds are crossed on key operational metrics. An on-call schedule is used such that personnel are always available to respond to operational issues.This includes a pager system so alarms are quickly and reliably communicated to operations personnel. Billing Options:With AWS, customers can generate detailed billing reports that break down costs by the hour, day, or month; or by each account in your organization; or by product or product resource, or by tags that you define yourself. You might choose to receive detailed billing reports in order to do any of the following: • Bring your billing data into an application that can read a CSV file. • Build an application that uses your billing data. • Monitor your month-to-date charges. • Forecast your monthly charges. • Share your data with a partner. • Import your billing data into your accounting system. • Retrieve your bill for multiple accounts. You can customize these reports to list the AWS resources that generate the included charges, and create tags for your AWS resources to add your own labels to nearly every line item in your reports. You can view these reports in applications that can read CSV files, such as Microsoft Excel, or you can write custom applications that import the billing data from the file for analysis. 50 AX318 of 580 AWS publishes these reports up to several times a day in comma-separated value (CSV) format to an Amazon S3 bucket that you specify. After you set up your account to receive detailed billing reports in an Amazon S3 bucket, AWS starts to write reports to the bucket several times each day. You can get these reports using the Amazon S3 console, application programming interface (API), and command line interface (CLI).The file contains charges for the account, broken down by AWS product and individual type of usage. Consolidated Billing:You can also use the Consolidated Billing feature to consolidate payment for multiple AWS accounts within your organization by designating one of them to be the payer account. With Consolidated Billing, you can see a combined view of AWS charges incurred by all accounts, as well as get a detailed cost report for each individual AWS accounts associated with your payer account. Consolidated Billing is offered at no additional charge. AWS Budgets:You can define a monthly budget for your AWS costs—whether at an aggregate cost level (i.e., "all costs") or further refined to include only those costs relating to specific cost dimensions or groups of cost dimensions, including Linked Account, Service,Tag, Availability Zone ("AZ"), Purchase Option (e.g., Reserved), and/or API Operation. Further, you can attach email notifications to these budgets that are triggered when your actual or forecasted costs exceed a threshold—that you define—relative to your budgeted costs. For example, you could create a monthly budget titled "Monthly Marketing Budget– EC2" and include within it only those costs relating to EC2 that you have tagged "Department:Marketing."You could then elect to receive email notifications when your actual costs exceed 80%of your budgeted costs or when your forecasted costs exceed 100%of your budgeted costs. All of your budgets are available for viewing within the Budgets Dashboard—complete with detailed data (e.g., budget dimensions and time range) and variance analyses—and within Cost Explorer. Full information on AWS billing can be found on the AWS website: ttp://docs.aws.amazon.com/awsaccountbilIin /latest/aboutv2/DetailedBllIin Reports.htm1. Hybrid IT rigs A hybrid cloud environment allows organizations to address immediate IT needs though utilizing the benefits of cloud computing, while also retaining on-premises infrastructure. A hybrid model is a prudent approach to cloud adoption for organizations that require the immediate use of scalable cloud services, but are not ready to fully migrate all application and workloads to the cloud. AWS provides the tools and solutions to integrate existing on-premises resources with the AWS cloud. By using AWS to enhance and extend your capabilities, without giving up the investments you have already made, you can accelerate your adoption of cloud computing. General Hybrid Cloud Requirements and Issues: Some of the common requirements and issues associated with hybrid cloud are: • On-demand, scalable compute resources. • Flexible, secure, and reliable network connectivity. • Automated backup and recovery. • A highly secure and controlled platform, with a wide array of additional security features. • Integrated access control. • Easy-to-use management tools that integrate with on-premises management resources. 51 AX319 of 580 AWS Capabilities for Hybrid Cloud Solutions:AWS provides all of the capabilities required for a dynamic, reliable, and secure hybrid cloud solution: • Extend Network Configuration: Flexible network connectivity is a cornerstone of integrating distributed environments, including AWS and your existing on-premises equipment. With Amazon VPC,you can extend your on-premises network configuration into your virtual private networks on the AWS cloud. AWS resources can operate as if they are part of your existing corporate network. Amazon VPC lets you provision a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define.You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. • Integrated Cloud Backups:AWS helps simplify the backup and recovery environment for the enterprise.You can leverage the on-demand nature of the cloud and automate your backup and recovery processes so they are not only less complex and lightweight, but also easy to manage and maintain. Storage services with AWS are designed to provide 99.999999999%durability, so you can feel confident your backups are protected. • Integrated Network Connection: On-premises connection with AWS is best accomplished with AWS Storage Gateway, a software appliance installed in your data center with cloud-based storage to provide seamless and secure integration between an organization's existing IT environment and the AWS storage infrastructure. Using industry-standard storage protocols, the service allows you to store data in the AWS cloud for scalable and cost-effective storage. It provides low-latency performance by maintaining frequently accessed data on-premises while securely storing all of your data encrypted in the Amazon Simple Storage Service (Amazon S3) or Amazon Glacier. • Integrated Resource Management and Workload Migration:All AWS cloud services are driven by robust APIs that allow for a wide variety of monitoring and management tools that integrate easily with your AWS cloud resources. It's likely that many of the tools that your organization is using to manage your on-premises environments can be extended to include AWS as well. Integrating your AWS environment can provide a simpler and quicker path for cloud adoption, because your operations team does not need to learn new tools or develop completely new processes. Solution Use Cases: Use cases for AWS hybrid solutions include: • Migrating workloads and data that are "cloud ready" (i.e., applications that do not need significant re-architecting for a cloud migration). • Retaining data on-premises to meet regulatory and compliance needs. Hybrid Cloud Resources:AWS provides the tools, information, and guidance to build a hybrid cloud environment that can offer an immediate impact to customers. Visit our hybrid cloud webpage for information on how to get started: ttp:ZJaws.amazon.comJenterpriseJybrid� CA Response: Agile-CA Agile Central is a SaaS offering that is generally used to document and manage work within the SDLC. 52 AX320 of 580 APIM—CA APIM SaaS offering helps accelerate, secure and manage APIs. CA is responsible for development and management of application. AWS provides IaaS services to CA for management of the underlying cloud infrastructure. ASM -CA App Synthetic Monitor (ASM) provides end-to-end transaction response-time visibility into cloud, mobile and Web applications. Application utilizes Rack Space IaaS services. MAA—CA Mobile App Analytics stimulates collaboration between business analysts, developers, operations and support in order to accelerate mobile app delivery and improve end-user experience. This service is hosted at CenturyLink Data center and the infrastructure is managed and maintained by CA SaaS Ops and Delivery team. PPM—Project Portfolio Management represents a single platform that enables you to manage your entire innovation lifecycle and make more informed strategic investments. CA PPM helps you track and prioritize market and customer requirements and make better decisions on how to invest limited resources. MicrosoftResponse: See the response to question 6.7. 8.1,2 � t �X��, ,� ,. ' , f {{ LU x.1.2.1 NIST Characteristk- On-DService "'t 6',` ` t";i`6 ,rt ,),t IM S esponse® Amazon Web Services, Inc. (AWS) provides customers of all sizes with on-demand access to a wide range of cloud infrastructure services, charging you only for the resources you actually use. AWS enables you to eliminate the need for costly hardware and the administrative pain that goes along with owning and operating it. Instead of the weeks and months it takes to plan, budget, procure, set up, deploy, operate, and hire for a new project, our customers can simply sign up for AWS and immediately begin deployment in the cloud with the equivalent of 1, 10, 100, or 1,000 servers.Whether an organization needs to prototype an application or host a production solution, AWS makes it simple for customers to get started and be productive. CA Response: Agile-CA Agile Central is a SaaS offering that is generally used to document and manage work within the SDLC. 53 AX321 of 580 APIM–N/A.This is a SaaS service and clients do not have direct access to the underlying infrastructure in order to provision computing capabilities. CA is responsible for the management and maintenance of the infrastructure and will make any necessary adjustments as part of providing this service to its clients. ASM –This does not apply as this is a SaaS service. ASM customers are able to manage all aspects of their accounts, create sub-accounts, and make any configuration changes necessary for their monitors. MAA–This is a SaaS offering and On-Demand service is not available, however, MAA customers are enabled to manage their accounts and carry out configuration changes required to manage mobile applications. PPM–Each PPM SaaS instance is provisioned to support the users subscribed to it. Additional storage and compute resources are provided as required without client action. Clients have the capability to provision users and define access in a self-service model Microsoft esponse® Microsoft Azure is a growing collection of integrated cloud services—analytics, computing, database, mobile, networking, storage, and web—for moving faster, achieving more, and saving money. Azure serves as a development, service hosting, and service management environment, providing customers with on-demand compute, storage, networking, and content delivery capabilities to host, scale, and manage applications on the Internet. &1.2.2 NISTCharacteristk-Broad of r cress: ., t'f� ` t";(�t ,r ,t! ,)ft x"s,( �fe: ,lr trt„ Kdt tzt t,ruis f u3',r ft< tC to , to.r.a AWS Response: AWS provides a simple way to access servers, storage, databases, and a broad set of application services over the Internet. Cloud computing providers such as AWS own and maintain the network-connected hardware required for these application services,while you provision and use what you need via a web application, mobile client, or programmatically through published and well documented APIs. CA Response: Agile-All access to the application is through a browser. APIM–The APIM service is accessed via HTTPS on a supported browser with no requirements for a workstation client install; mobile friendly and optimized for use with iOS and Android tablets ASM–The ASM dashboard and API are accessible from any host connected to the public Internet. The API and dashboard require authentication, and each account is only accessible by the account owner (customer). MAA–Upon native authentication, MAA dashboard is accessible by any host over public internet. Also, mobile devices connect to the service using REST API. PPM–The PPM service is accessed via HTTPS on a supported browser with no requirements for a workstation client install. 54 A322 of 580 Microsoft esponse® An Azure virtual network(VNet) is a representation of your own network in the cloud. It is a logical isolation of the Azure cloud dedicated to your subscription. You can fully control the IP address blocks, DNS settings, security policies, and route tables within this network.You can also further segment your VNet into subnets and launch Azure IaaS virtual machines (VMs) and/or Cloud services �PaaS role instances .Additionally you can connect the virtual network to your on-premises network using one of the connectivity options available in Azure. In essence, you can expand your network to Azure, with complete control on IP address blocks with the benefit of enterprise scale Azure provides. &1.2.3 NISTCharacteristic-Resource Pooling: "'t t'f� ` AWS Response: The AWS environment is a virtualized, multi-tenant environment. AWS has implemented security management processes, PCI controls, and other security controls designed to isolate each customer from other customers. AWS systems are designed to prevent customers from accessing physical hosts or instances not assigned to them by filtering through the virtualization software.This architecture has been validated by an independent PCI Qualified Security Assessor (QSA) and was found to be in compliance with all requirements of PCI DSS version 2.0 published in October 2010. CA Response: Agile-We monitor all system resources and have alerting mechanisms when resource constraints have reached a defined threshold. We can easily scale our systems to accommodate any additional capacity. If we determine a single user is using a significant amount of resources we will proactively reach out to them to understand what they are trying to accomplish and help them to formulate more performant queries. APIM—CA API Management SaaS (SaaS APIM) has been built from the ground up to be a multi- tenanted, SaaS-based offering that leverages Amazon's infrastructure to scale appropriately; utilize a continuous integration model to provide for frequent updates; and fail over across multiple availability zones. ASM—All ASM core servers are dedicated physical servers. ASM Public Status Pages are served from dedicated web servers (used only by CA ASM) in the Amazon Cloud, on shared tenancy virtualization. Amazon Cloud virtual machines used by ASM are managed by and provisioned by CA ASM systems administrators. MAA—MAA core service utilizes dedicated infrastructure layered with virtualization capabilities. It doesn't share computing resources with other services.Tenants are segregated using application containerization capabilities. 55 AX323 of 580 PPM—For US based clients a scalable service is provided based solely within the US. Clients are provided with dedicated compute resources and pooled network/ISP which are monitored and adjusted to insure performance. Microsoft esponse® Azure Resource Manager enables you to deploy and manage your solutions through resource groups. Typically, a resource group contains resources related to a specific application. For example, a group may contain a web app that hosts your public website, a SQL Database that stores relational data used by the site, and a Storage account that stores non-relational assets. Every resource in a resource group should share the same lifecycle. For more information about Resource Manager, see Resource Manager overview. Currently, not every service supports the portal or Resource Manager. For those services, you will need to use the classic portal. For the status of each service, see Azure portal availability chart. You can also manage resources through Azure PowerShell and Azure CLI. For more information about using those interfaces, see Using Azure PowerShell with Azure Resource Manager and Use the Azure CLI for Mac, Linux, and Windows with Azure Resource Manager. M.2.4 NISTCharacteristk- "'t C'f� �?.a.�r„`1,.".,� t,� .�l' 6 ,`t1,„t";i6 .t .�u` f�,t 3;a�,�'f t,� 6 .:a ,,`s,`"P,ta ,t,��;J.,..... AWS Response: AWS provides a massive global cloud infrastructure that allows you to quickly innovate, experiment, and iterate. Instead of waiting weeks or months for hardware, you can instantly deploy new applications, instantly scale up as your workload grows, and instantly scale down based on demand. Customers need to be confident that their existing infrastructure can handle a spike in traffic and that the spike will not interfere with normal business operations. Elastic Load Balancing and Auto Scaling can automatically scale a customer's AWS resources up to meet unexpected demand and then scale those resources down as demand decreases. CA Response: Agile-This is a SaaS service,therefore, CA monitors all system resources and have alerting mechanisms when resource constraints have reached a defined threshold. Data storage and network capacity are monitored and scaled to meet current client demands. Compute resources are scaled to meet client processing requirements APIM—CA API Management SaaS (SaaS APIM) has been built from the ground up to be a multi- tenanted, SaaS-based offering that leverages Amazon's infrastructure to scale appropriately; utilize a continuous integration model to provide for frequent updates; and fail over across multiple availability zones. 56 A324 of 580 ASM —All ASM core servers are dedicated physical servers;there is no elasticity. The ASM Public Status Pages are served from web servers in the Amazon Cloud, and the pool of web servers can be grown or shrunk if necessary. Any changes to the size of the pool would be transparent to end-users and customers, and would only be done by CA ASM systems administrators. Since this is a SaaS environment the CA SaaS Operations and delivery along with RackSpace are responsible for management of the capacity and monitoring. MAA—The pool of web and application servers can be grown or shrunk when necessary. Any changes to the size of the pool remains transparent to end-users and customers, and would only be done by CA MAA systems administrators. PPM—Data storage and network capacity are monitored and scaled to meet current client demands. Compute resources are scaled to meet client processing requirements. MicrosoftResponse: Azure provide the ability to manually scale your application or set parameters to automatically scale it. Azure offers the ability to scale applications that are running Web Roles, Worker Roles, or Virtual Machines.To scale an application that is running instances of Web Roles or Worker Roles, you add or remove role instances to accommodate the work load. When scaling an application up or down that is running Virtual Machines, new machines are not created or deleted, but are turned on or turned off from an availability set of previously created machines. Scaling can be based on average percentage of CPU usage or based on the number of messages in a queue. Please consider the following information before you configure scaling for your application: • You must add Virtual Machines that you create to an availability set to scale an application that uses them.The Virtual Machines that you add can be initially turned on or turned off, but they will be turned on in a scale-up action and turned off in a scale-down action. For more information about Virtual Machines and availability sets, see Manage the Availability of Virtual Machines. • Scaling is affected by core usage. Larger role instances or Virtual Machines use more cores.You can only scale an application within the limit of cores for your subscription. For example, if your subscription has a limit of twenty cores and you run an application with two medium sized Virtual Machines (a total of four cores), you can only scale up other cloud service deployments in your subscription by sixteen cores. All Virtual Machines in an availability set that are used in scaling an application must be the same size. For more information about core usage and machine sizes, see Virtual Machine and Cloud Service Sizes for Azure. • You must create a queue and associate it with a role or availability set before you can scale an application based on a message threshold. For more information, see How to use the Queue Storage Service. • You can scale resources that are linked to your cloud service. For more information about linking resources, see How to: Link a resource to a cloud service. • To enable high availability of your application, you should ensure that it is deployed with two or more role instances or Virtual Machines. For more information, see Service Level Agreements. 57 AX325 of 580 &1~2.5 NIST —Measured Service: AWS Response: AWS utilizes automated monitoring systems to provide a high level of service performance and availability. Proactive monitoring is available through a variety of online tools both for internal and external use. Systems within AWS are extensively instrumented tn monitor key operational metrics. Alarms are configured to notify operations and management personnel when early warning thresholds are crossed on key operational metrics. An on-call schedule is used such that personnel are always available to respond to operational issues.This includes a pager system so alarms are quickly and reliably communicated tnoperations personnel. CA Response: Agile Continuous monitoring of all service components (infrastructure and application) is deployed to proactively identify any component or service trending towards failure or approaching capacity CA's best-of-breed monitoring solutions are deployed and supplemented with vendor specific diagnostic tools where appropriate 240 staffed network operation center (NOC)tn analyze and respond tnautomated monitoring alerts APIM—Continuous monitoring of all service components (infrastructure and application) is deployed to proactively identify any component or service trending towards failure or approaching capacity.This portion is handled for the underlying cloud infrastructure by AWS with active participation by CA including escalations nfissues. ASM—CA ASM systems administrators track the resource consumption of each virtual machine in the cloud. Since this is SaaS service, ASM customers do not need this information in order to use the service, nor dnthey have access tnview it. MAA—CA MAA systems administrators track the resource consumption of each virtual machine in use. |T|Lf|nvvs are utilized to ensure service delivery. MAA customers do not need this information in order tnuse the service, nor dnthey have access tnview it. PPM—Continuous monitoring of all service components (infrastructure and application) is deployed to proactively identify any component or service trending towards failure or approaching capacity CA's best-of-breed monitoring solutions are deployed and supplemented with vendor specific diagnostic tools where appropriate 24x7staffed network operation center(NOC) tnanalyze and respond to automated monitoring alerts Microsoft Response: By default, minimal monitoring is provided for a new cloud service using performance counters gathered from the host operating system for the roles instances (virtual machines).The minimal metrics are limited to CPU Percentage, Data In, Data Out, Disk Read Throughput, and Disk Write Throughput. By configuring verbose monitoring, you can receive additional metrics based on performance data within SO AW,326 of 58 0 the virtual machines (role instances).The verbose metrics enable closer analysis of issues that occur during application operations. By default performance counter data from role instances is sampled and transferred from the role instance at 3-minute intervals. When you enable verbose monitoring, the raw performance counter data is aggregated for each role instance and across role instances for each role at intervals of 5 minutes, 1 hour, and 12 hours.The aggregated data is purged after 10 days. After you enable verbose monitoring, the aggregated monitoring data is stored in tables in your storage account.To enable verbose monitoring for a role, you must configure a diagnostics connection string that links to the storage account. You can use different storage accounts for different roles. Note that enabling verbose monitoring will increase your storage costs related to data storage, data transfer, and storage transactions. Minimal monitoring does not require a storage account.The data for the metrics that are exposed at the minimal monitoring level are not stored in your storage account, even if you set the monitoring level to verbose. 8,1.E ii pl, k SII tiHi I' i �ii"l i"(, "� �, 'lei' i I, H SHIResponse: Our IaaS service model offers the following subcategories: • Computer/Infrastructure Services o Operating systems ■ Windows ■ Linux ■ BSD o Dedicated Hosts o Xen Hypervisor • Storage o File o Block o Object o Archive o Cache o Content Delivery Network(CDN) • Network o Virtual network o Load balancer o DNS o Gateways via VPNs o Firewall o Traffic manager o Direct link • PC/Desktop "aaS" 59 4k,327 of 580 • Security o Identity&Access Management o Encryption o Network Security o Intrusion Management o DDOS Monitoring/ Management The following IaaS subcategories are supported if designed and provisioned by users: • Disaster Recovery o Business Continuity o High Availability/ Failover • Security subcategories listed below are in addition to the native IaaS subcategories listed above: o Data Loss Prevention (DLP) o Web Security o Email Security o Security Information and Event Management (SIEM) Our PaaS service model offers the following subcategories: • Analytics o Hadoop o Business Intelligence o Data Warehouse • Database o Relational o NoSQL • Development,Testing and Deployment o Containers o Services and APIs o Mobile o Internet of Things o Tools o Runtime environments • Open Source CA Response: Agile-We provide a SaaS offering that is generally used to document and manage work within the SDLC. In addition to the CA Agile offering CA Technologies also offers educational services and consultancy services. APIM—In addition to the APIM SaaS offering CA Technologies also offers educational services and consultancy services. CA provides education and training services to its clients. ASM—An ASM is a SaaS offering that provides customers with the ability to monitor the availability, health, and performance of network services (web sites, email servers, etc.). MAA—CA MAA helps app developers visualize, investigate, manage, and support user interactions with their mobile apps. It provides deep insights into the performance, user experience, crash, and log 60 AX328 of 580 analytics of mobile apps. CA MAA is aimed to help enterprises understand the experience of mobile app users across the DevOps application lifecycle. Enterprises can accelerate the delivery of user-experience- focused mobile applications and can achieve faster time to market by continuous application delivery while ensuring robust security. PPM—In addition to the PPM SaaS offering CA Technologies also offers educational services and consultancy services. Microsoft esponse® Microsoft Azure offers IaaS, Saas and PaaS offerings for Commercial, Education and Government entities. 8.x.4 n`£ n%"" SHI Response: SResponse: Please see response to question 6.5.3 and 8.6.2. CA Response: Please see response to question 6.5.3 and 8.6.2. MicrosoftResponse: Please see response to question 6.5.3 and 8.6.2. 8.x.5 S':0 zu` ,),t vu SHI Response: The IaaS and PaaS services offered are designed to strictly support the NIST cloud definitions and functional delineations for each respective service model. The IaaS and PaaS implementations are audited to comply with numerous oversight entities, so that users are able to build architectures suitable for storing, processing and appropriate handling of Low, Moderate and High Risk data. SHI is taking a flexible approach to this response in order to provide NASPO and NASPO Participating entities with the broadest offering of products over the life of this contract. AWS SHI has the flexibility to offer AWS Services directly to the customer or through a certified partner such as Day 1 Solutions. We will work with each customer on a case by case basis to determine which is the most cost effective and efficient method. 61 AX329 of 580 Microsoft SHI will be reselling Microsoft products and services to NASPO Participating Entities. SHI will handle all of the logistics for NASPO Entities—scoping, quoting, PO placement, licensing agreements, usage reports, and billing. SHI is Microsoft's number 1 partner in the Public Sector space and vast experience specifically with 0365 and Azure as well as other cloud based offerings. CA SHI will be reselling CA products and solutions to NASPO participating entities. SHI will work with each customer on a case by case basis to determine which is the most cost effective and efficient solution based on their needs. 8.2 SUBCONTRACTORS {a I It", It`R th ,IIf fa „ r<J' f) ¢)l, ,Yt,7 t') ., sa + itr ,)ft n`ftTF f�ti i,h X t a {,m, ,r ,<<< ,{fit �a a,1! r �,F`;t ,r`,{)AL ,r I „( <<a t �a_ to f,� t ft.X hI �'I t'z��,) tat, irnt �a t:",ir� yr�a r ft`b)t' Cyt f), {a .) 7i:u ,< a� ,)t ft.a „� t �'t tzt�,) {a t� tats .a t .,.a $�,� ., .�.iw f ,r�.�.� ,tt{)t"_,a ,It,7; r." e,tr a ,Yt'ta t ,'ti Su tt` ii 3, SHI Response: SHI is taking a flexible approach to this response in order to provide NASPO and NASPO Participating entities with the broadest offering of products over the life of this contract. AWS SHI has the flexibility to offer AWS Services directly to the customer or through a certified partner such as Day 1 Solutions. We will work with each customer on a case by case basis to determine which is the most cost effective and efficient method. Microsoft SHI will be reselling Microsoft products and services to NASPO Participating Entities. SHI will handle all of the logistics for NASPO Entities—scoping, quoting, PO placement, licensing agreements, usage reports, and billing. SHI is Microsoft's number 1 partner in the Public Sector space and vast experience specifically with 0365 and Azure as well as other cloud based offerings. CA SHI will be reselling CA products and solutions to NASPO participating entities. SHI will work with each customer on a case by case basis to determine which is the most cost effective and efficient solution based on their needs. CA Technologies may use sub-contractors and will ensure that any such usage meets the security and other contractual requirements for the service being provided. CA Technologies retains responsibility for any activities performed by a subcontractor. 62 4k,330 of 580 &2^1 �.... �� e�� me��mme��. SH| Response: SHI will work hand in hand with each of the partners represented on this NASPO RFP response as well as any partners added inthe future tnmeet the requirements nfthis RFP. The partners are acritical piece of this process as many of these products are usage based and the OEM holds that information. For Microsoft Azure, SH| may work with our elite partners that can offer additional services regarding Azure and specific tnthe customer requirements. Elite partners undergo an intensive vetting process tnensure that any work performed is on par with the standards SH| uses for their internal employees responsible for service delivery. Elite partners are required tnfulfill statement nfwork requirements. Any implementation or support services will also be delivered by the respective partner. SH| vvi|| vvnrk with our customers and partners to determine what the best path tnthese services are in each case. Most often we pass these through directly to the partner so the customer has immediate access to support when needed. SH| can offer Project Management to our customers tn ensure that migrations tnthe cloud happen efficiently and nntime. SH| is always available to our customers and can assist in directing our customers tnthe correct place for support. For CAAgile, currently co-location data center operations aresub'cnntracted' however, all infrastructure is managed and maintained byCAaswell as application development.Therefore, subcontractors dnnot have access tnthe Data. For CA APIM, AWS is the laaS provider, managing all aspects of the underlying cloud infrastructure. For CA ASM, Rackspace provides |aaS services to provision processing, storage, networks, and other fundamental computing resources. CA manages the operating systems and all aspects of ASM applications. For CA MAA and PPM Current|ycn'|ncatinn data center operations are sub'cnntracted, however, all infrastructure is managed and maintained byCAaswell as application development.Therefore, subcontractors dnnot have access tnthe Data. 63 AW,331 of 58 0 &2.2 ............ ... ....... fu. .ru.. P"S"s- i,h SHI Response: All of the partners that SHI has included in this RFP Response are known. Below you will find qualifications that demonstrate how they will meet the experience requirements of the RFP. SHI has created a partner package that includes all of the requirements set forth by NASPO. Each time we engage a new partner or subcontractor we will have that partner review and fill out the partner package to demonstrate that they meet or exceed NASPO requirements. For CA Products, all subcontractors are vetted to meet the same or higher compliance standards as CA Technologies. All subcontractors are subjected to the annual SSAE16 audit and covered in the related report. 8.3 WORKING WITH PURCHASING ENTITIES SHI Response: The scope and requirements of this RFP are such that it would be impossible to include all of the cloud based offerings that SHI has in its catalog today. We will work to add products and solutions over the course of this contract as new technologies emerge or as customer needs arise. SHI is responding today with offerings from AWS, Microsoft, and CA as well additional service offerings from our partner Ascent Innovations. For this Section each partner has provide a specific response. . k . Mu"�' {J d I I it,i, I i o S� ..<...... .<.... AWS Response: Data Breaches and other security vulnerabilities, either reported, actual incidents, or other events, are evaluated using CVSS v2. Impacted clients are notified directly via non-automated email within 24 hours, and at least every 5 days afterwards until resolved. 64 W,332 of 580 In addition to direct communication, security bulletins are disclosed publicly ttp://aws.amazon.com/security/security-bulletins/ AWS has implemented a formal, documented incident response policy and program.The policy addresses purpose, scope, roles, responsibilities, and management commitment and has been developed in alignment with the ISO 27001 standards, system utilities are appropriately restricted and monitored. Below is an outline of the three-phased approach AWS has implemented to manage incidents: 1) Activation and Notification Phase: Incidents for AWS begin with the detection of an event.This can come from several sources including: a) Metrics and alarms-AWS maintains an exceptional situational awareness capability, most issues are rapidly detected from 24x7x365 monitoring and alarming of real time metrics and service dashboards.The majority of incidents are detected in this manner. AWS utilizes early indicator alarms to proactively identify issues that may ultimately impact Customers. b) Trouble ticket entered by an AWS employee c) Calls to the 24X7X365 technical support hotline. If the event meets incident criteria,then the relevant on -call support engineer will start an engagement utilizing AWS Event Management Tool system to start the engagement and page relevant program resolvers (e.g. Security team). The resolvers will perform an analysis of the incident to determine if additional resolvers should be engaged and to determine the approximate root cause. 2) Recovery Phase -the relevant resolvers will perform break fix to address the incident. Once troubleshooting, break fix and affected components are addressed, the call leader will assign next steps in terms of follow-up documentation and follow- up actions and end the call engagement. 3) Reconstitution Phase-Once the relevant fix activities are complete the call leader will declare that the recovery phase is complete. Post mortem and deep root cause analysis of the incident will be assigned to the relevant team.The results of the post mortem will be reviewed by relevant senior management and relevant actions such as design changes etc. will be captured in a Correction of Errors (COE) document and tracked to completion. In addition to the internal communication mechanisms detailed above, AWS has also implemented various methods of external communication to support its customer base and community. Mechanisms are in place to allow the customer support team to be notified of operational issues that impact the customer experience.A "Service Health Dashboard" ( ttp://status.aws.amazon.com/) is available and maintained by the customer support team to alert customers to any issues that may be of broad impact. The AWS incident management program is reviewed by independent external auditors during audits for our SOC, PCI DSS, ISO 27001 and Fed RAMP compliance. Additionally, the AWS incident response playbooks are maintained and updated to reflect emerging risks and lessons learned from past incidents. Plans are tested and updated through the due course of business (at least monthly). CA Response: CA Technologies abides to contractual requirements for notification, in addition to working with legal to ensure compliance with regulatory requirements.There may be cases where incident analysis completion is a requirement for confirming the breach, and/or its impact and data leakage boundary. 65 AX333 of 580 Prior to completion of this activity, CA may not have the needed conclusions for customer communication. Once subscriber data has been identified as part of the investigation, said subscribers will be notified as soon as possible and not longer than 5 days. A report of the incident will be available and distributed to clients within 30 days. MicrosoftResponse: The Microsoft Azure trustworthy foundation concept ensures application security through a process of continuous security improvement with its Security Development Lifecycle (SDL) and Operational Security Assurance (OSA) programs using both Prevent Breach and Assume Breach security postures. Prevent Breach works through the use of ongoing threat modeling, code review and security testing; Assume Breach employs Red-Team/ Blue-Team exercises, live site penetration testing and centralized security logging and monitoring to identify and address potential gaps, test security response plans, reduce exposure to attack and reduce access from a compromised system, periodic post-breach assessment and clean state. Azure validates services using third party penetration testing based upon the OWASP (Open Web Application Security Project)top ten and CREST-certified testers.The outputs of testing are tracked through the risk register, which is audited and reviewed on a regular basis to ensure compliance to Microsoft security practices. Azure services staff suspected of committing breaches of security and/or violating the Information Security Policy equivalent to a Microsoft Code of Conduct violation are subject to an investigation process and appropriate disciplinary action up to and including termination. Contracting staff suspected of committing breaches of security and/or violations of the Information Security Policy are subject to formal investigation and action appropriate to the associated contract, which may include termination of such contracts. Logging of service, user and security events (web server logs, FTP server logs, etc.) is enabled and retained centrally. MCIO restricts access to audit logs to authorized personnel based on job responsibilities. Event logs are archived on secure infrastructure and are retained for 180 days. Microsoft Identity Manager and intrusion detection system tools are implemented within the Azure environment. Azure uses an early warning system to support real-time analysis of security events within its operational environment. Monitoring agents and the alert and incident management system generate near real-time alerts about events that could potentially compromise the system. Microsoft Azure has developed robust processes to facilitate a coordinated response to incidents if one was to occur. A security event may include, among other things, unauthorized access resulting in loss, disclosure or alteration of data. The Azure Incident Response process follows five main phases: • Identification—System and security alerts may be harvested, correlated, and analyzed. Events are investigated by Microsoft operational and security organizations. If an event indicates a 66 AX334 of 580 security issue,the incident is assigned a severity classification and appropriately escalated within Microsoft.This escalation will include product, security, and engineering specialists. • Containment—The escalation team evaluates the scope and impact of an incident. The immediate priority of the escalation team is to ensure the incident is contained and data is safe. The escalation team forms the response, performs appropriate testing, and implements changes. In the case where in-depth investigation is required, content is collected from the subject systems using best-of-breed forensic software and industry best practices. • Eradication—After the situation is contained,the escalation team moves toward eradicating any damage caused by the security breach, and identifies the root cause for why the security issue occurred. If a vulnerability is determined,the escalation team reports the issue to product engineering. • Recovery—During recovery, software or configuration updates are applied to the system and services are returned to a full working capacity. • Lessons Learned—Each security incident is analyzed to ensure the appropriate mitigations applied to protect against future reoccurrence. In the event a follow-up action concerning a person or organization after an information security incident requires legal action, proper forensic procedures including chain of custody shall be required for preservation and presentation of evidence to support potential legal action subject to the relevant jurisdiction. Upon notification, impacted customers (tenants) and/or other external business relationships of a security breach shall be given the opportunity to participate as is legally permissible in the forensic investigation. Security incident response plans and collection of evidence adheres to ISO 27001 standards. MCIO has established processes for evidence collection and preservation for troubleshooting an incident and analyzing the root cause. In case a security incident involves legal action such as subpoena form, the guidelines described in the TSG are followed. „ . . `t'IF'�ru ) _ 0, P AWS Response: AWS services are provisioned on-demand by the customer;this is the passive nature of IaaS. The customer controls how it uses its account and what content moves onto and off of its account. AWS SOC reports (available under AWS NDA) provide additional details on the specific control activities executed by AWS to prevent unauthorized access to AWS resources. Neither SHI nor AWS are agents of or otherwise engaged in advertising via advertising networks, adware, procured software or other such marketing entities. CA Response: CA Technologies hosts all of its SaaS Offerings in a secure private data center, and does not allow third- party marketing or content providers to inject any content into the customer's session. No Advertising, software or any additional content of any type is allowed by CA policies and controls. 67 AX335 of 580 Microsoft esponse® Microsoft Azure does not provide e-commerce solutions. Note that Customer Data will be used only to provide customer the Microsoft Azure service.This may include troubleshooting aimed at preventing, detecting and repairing problems affecting the operation of the services and the improvement of features that involve the detection of, and protection against, emerging and evolving threats to the user(such as malware or spam). More information on Microsoft's commitment around use of customer data can be found in the Privacy Statement and Online Services Use Rights 3 it �z if��£zt AWS Response: You can get started quickly, with processes that are easy to repeat, through the ability to create a custom Amazon Machine Image (AMI) in Amazon Web Services.This makes sure that every developer and tester can be working with the same configuration. In addition, you can use AWS CloudFormer to take an image of your entire cloud infrastructure and create a template so you can start up exact replicas of that infrastructure for development and test. ttps://aws.amazon.com/dev-test/ CA Response: CA has the ability to provide its customers with a test/staging environment that is identical to production with the possible exception of capacity. CA works with its clients on a case-by-case basis to provide the appropriate level of testing/staging environment based on needs and requirements. MicrosoftResponse: Azure has the capability of both staging and production environments for the services offered. Environments can be created via Azure credits provided through all MSDN subscriptions in addition to the Azure DevTest Labs feature which is now in preview. . . !f_ft`C"a )t r) tr{.r {at .r� r. u` x`'£ £�?`"b)t `t't '. r `,{)!F'✓£zt,< rizf ,t,r ,(! r .a_ {a 'C3` .r .rFa C .�u" .a „< .r r . r C ��` cru ,t£•z�u 'rs {a ,ria. f u a {a ! q,a ,{)!F';'£zr1„tr il! 7 U,p I,i "Ph""0 F} U:..� .2.I s J! .fid r.I r(f AFS=, AWS Response: In 1998,The Congress of the United States of America amended the Rehabilitation Act to require Federal agencies to make their electronic and information technology accessible to people with disabilities. Inaccessible technology interferes with an individual's ability to obtain and use information quickly and easily. Section 508 was enacted to eliminate barriers in information technology, to make available new opportunities for people with disabilities, and to encourage development of technologies that will help achieve these goals. 68 4k,336 of 580 The law applies to all Federal agencies when they develop, procure, maintain, or use electronic and information technology. Under Section 508 (29 U.S.C. ' 794d), agencies must give disabled employees and members of the public access to information that is comparable to the access available to others. AWS offers the Voluntary Product Accessibility Template (VPAT) upon request. AWS provides API-based cloud computing services with multiple interfaces to those services, including SDKs IDE Toolkits and Command Line Tools for developing and managing AWS resources. In addition, AWS provides two graphical user interfaces, the AWS Management Console and the AWS ElasticWolf Client Console.The AWS ElasticWolf Client Console has incorporated Section 508 requirements and AWS has prepared a Voluntary Product Accessibility Template (VPAT) for the Console, which outlines the Console's accessibility features. CA Response: A CA licensed program that has been evaluated by us for Section 508 purposes will have a Voluntary Product Accessibility Template ("VPAT'). CA evaluates such licensed programs consistent with the standards of the Information Technology Industry Council ("ITIC"). CA's evaluation of each such licensed program is recorded on the standardized VPAT template developed by ITIC. The VPAT identifies how each evaluated licensed program does or does not meet the Section 508 requirements, or provides functional equivalence ("Functional Equivalence"), as set forth in the Section 508 regulations. As part of the post-contract maintenance and support to be provided to its licensees under any agreement, CA will provide Section 508 upgrades and enhancements, Section 508 Functional Equivalence or other Section 508 deliverables referenced in any VPAT("Section 508 Upgrades and Enhancements") on a when and if-available basis, comprised of error-corrections, patches, work- arounds, and additional features and functionality which are within the domain of, and which will not replace, the underlying CA licensed program. CA is not aware of any requirement under Section 508 that governs professional IT services beyond traditional software support. CA Services does not make any representation or warranty regarding whether any work it performs under this agreement will affect the accessibility of any generally available CA Software product. Should the Government require CA Services to develop, modify and/or deliver code or other work product in the course of performing under this agreement, CA does not represent or warrant that such code or work product will be independently compliant with Section 508. A copy(CA PPM only) can be requested by calling 1-800-225-5224. MicrosoftResponse: The Microsoft Product Support Services Help Desk is familiar with such features as keyboard access and other options important to people with disabilities. Microsoft offers a teletypewriter (TTY) service for customers who are deaf or hard of hearing. For assistance in the United States, contact Microsoft Technical Support on a TTY at 1-800-892-5234.This service is available Monday through Friday 6:00 A.M. to 6:00 P.M. PST. For information on additional support services,visit the Microsoft Accessibility Web site at ttp://www.microsoft.com/enable 69 AX337 of 580 8.3.5 m��fmm� �&e�mm��e�� i h X��e�f��&mme� AWS Response: SHI's content delivered through Web browsers is accessible through current released versions of Internet Explorer, Chrome, FireFnx, and Safari. CA Response: CASaaS applications are all delivered through the current releases of all major browsers, Internet Explorer, Chrome ata minimum. Microsoft Response: Azure supports several hardware platforms and browsers in order to perform tasks within the cloud platform. As Azure is computer based, using a mobile device or computer using a current browser is required. The latest mobile devices are supported: * All current mobile OSand one version back * Blackberry OS(Excluding Blackberry Priv which operates on Android OS) The latest versions of the fn||nvvin0 browsers are supported: * Edge (latest) * Internet Explorer(11and up) * Safari (7and up) * Chrome (latest) * Firefox(|atest * Safari 6 and lower are not supported. If you're using OS X, you can either use Chrome, Firefox or upgrade to OS Mavericks to get Safari 7. 70 AW,338 of 58 0 8.16 � �� w� � � ��......... ��& �eiv0..�e��m�� me��mm��^c��X�� e��me��X�� ....... �J/ ��. SH| Response: SHI conducts one or more onboarding meetings with the Purchasing Entity and designees to define requirements and procedures needed for the purpose of account setup, provisioning of resources, access management, procurement and retirement of subcategory functionality offered under our laaS and PaaSservice models. SHI does not require access to nor does it grant itself read,write, administrative or any other type of access to the subcategory resources used to store, process and transfer the data owned by the Purchasing Entity. � �� N��`�� N�� w�°~� ��~� m ��m�mm�mm ~�m�mm� ��m� 8'/1^1 � h X I I X i,h hme�� 'J f X f X��mm��n��c�ax�� S��m��ne��. SH| Response: SH| provides a comprehensive customer support plan to ensure vveare meeting each customer's needs. SHI's Account Executives are empowered to make decisions around the support of their customers, and they have the autonomy tnresolve issues asthey arise. Because our Account Executives are accountable and responsible for ensuring customer satisfaction, SH| is able to provide high quality customer service and ensure efficient and effective response to questions and issues. |naddition, the SHI Regional Directors are engaged with the account teams to provide executive level support and to meet with customers asneeded. SH| believes inregular communication with our customers. SH| Account Executives meet with the Participating States and individual contract users to review their business with SHI. During these review meetings,we discuss purchase history, as well as the customer's future plans. With open discussions, SH| can provide tremendous value in supporting future initiatives and will engage the support teams as needed tnmeet the customer's goals and objectives. SH| encourages and actively solicits customer feedback. Our Director nfQuality collects customer comments and concerns to ensure they are addressed and resolved as quickly as possible. SH| sends an 71 AW,339 of 58 0 annual customer satisfaction survey to request feedback on our performance and the services we provide. By soliciting feedback, we remain in touch with our customers' needs. SHI remains nimble in our approach to supporting our customers' IT needs, allowing us to address each customer on an individual basis. We understand that"one size does not fit all" and that philosophy is apparent in our service structure. We believe our commitment to meeting our customers' needs is demonstrated in our level of success under the current NASPO ValuePoint SVAR agreement. SHI holds the most Participating Addenda and has achieved the most volume under the contract. We have met and exceeded service levels for NASPO ValuePoint and for each State during the contract term, and we have been an active participant in helping NASPO ValuePoint and the States to explore new avenues to achieve additional benefits under the contract. Here is what one SHI customer has to say about SHI's ability to meet his organization's needs under the current SVAR contract: "/am writing this letter to recommend SHI as a value added reseller of Software for the State of Arizona. 1 worked as an IT infrastructure manager for the Department of Corrections for six years and have been working at the City of Phoenix the past three years. 1 can attest that during my career in Information Technology 1 have never worked with a vendor that was more responsive and provided better customer service than SHI. When a quote was needed for software,SHI always provided timely service and never left us waiting. In addition SHI would contact and meet with our teams to make sure the needs of our organization were being met. When help was needed reconciling licensing SHI was accommodating and quick to help by providing useful reports.SHI is a great resource and truly an exceptional partner. /wholeheartedly recommend their services." -John Ryan, City of Phoenix Information Technology Services SResponse: • Quality assurance measures: o Average contacts to resolution o Average response time • Escalation plan: o Dedicated resource escalates to SE immediately upon receipt of case, if requested by user, or if SLA is missed. o Support Engineer (SE) resource escalates to Sr. Support Engineer immediately upon receipt of case, if requested by user, or if second SLA is missed. o Sr. Support Engineer escalates to AWS engineering if SLA is missed. o Dedicated resource and highest Engineer resources is engaged on the case until completed and closed by the user. • SLA=<12 hour response time CA Response: Metrics are developed and monitored independently within each business unit.These metrics and performance are reviewed during both our internal and external audits. High level metrics are reported and reviewed during the Management Reviews. CA Technologies Quality Assurance: 72 A340 of 580 CA's SMART methodology for governance encompasses 2 Milestones: Build Commit and Go-to-Market Commit. These Milestones provide project level inspection to evaluate a projects plan and the execution of that plan before going to market. CA's Agile@CA methodology for software development defines how CA designs, develops and tests software.Together, both SMART and Agile@CA provide a comprehensive framework for developing and delivering quality products. QA processes are built into Agile@CA development process and with special emphasis within the Pre-Go to Market phase, which consists of develop, build, code, and test the product;for each build created, unit testing and build verification testing. Customer validation of the product occurs as alpha/beta test cycles or earlier in the development with Agile end of sprint reviews. The validation plan is created as part of the pre-build commit activities and validated before completion of the Go to Market Commit. Agile@CA process ensures QA involvement from the earliest start of the project. QA gains an understanding of the requirements. With a focus on Non-functional Requirements, testing such as performance and scalability are highlighted as elements for a testing plan. The cross functional nature of the Agile Core Teams ensures that all aspects of the project are reviewed and ready to go to market. QA develops detailed test cases based on the project test strategy and test coverage requirements.Test cases are reviewed with Development.Test automation is also completed where planned. Testing is executed in accordance with the QA Plan during Sprints or cycles. Defects are identified and triaged during these cycles. CA provides its teams with enterprise level test management, defect management, and test automation tools and practices to help assure high levels of quality. Quality for CA PPM is achieved by a combination of manual, automation and performance testing. Since we practice Agile development process,we utilize continuous integration (CI) build approach that executes a battery of unit tests for every build to ascertain the health of the build. In addition, we continuously execute automated QA test cases twice a day(also called Continuous Regression Testing (CRT) on a passed Cl build. We use a combination of JUnit,Testing, Selenium and home-grown testing tools to subject our application to 5000+automated test cases and scripts. Performance testing is done using Load Runner and SilkPerformer periodically. We perform various configuration testing with application deployed on architectural stack supported by CA PPM. Data-scrubbed versions of customer dataset are used to perform upgrade and end to end customer scenario testing. QA test cases are manually executed on fresh install and QA dataset upgrade as well. Customer validation of the product occurs as alpha/beta test cycles or earlier in the development with Agile end of sprint reviews. The validation plan is created as part of the pre-build commit activities and validated before completion of the Go to Market Commit. Customers can escalate any issue within the system. In addition, if incident resolution objectives are not met, CA Technologies follows a defined escalation process. Escalations are assessed by the CA Support management team and are assigned to escalation manager that "owns" the escalation to resolution. The escalation manager will provide regular updates to the customer and CA Technologies management so that appropriate CA Technologies resources are brought into the resolution effort. The escalation 73 AX341 of 580 manager will also be the central point of contact for the customer until the escalation is considered resolved. CA SaaS production environments have an SLA at 99.8% uptime calculated arrear monthly. MicrosoftResponse: For complete details regarding Microsoft product SLAB, visit www.microsoftvolumelicensing.com Azure civ irecto° We guarantee at least 99.9%availability of the Azure Active Directory Basic and Premium services.The services are considered available in the following scenarios: • Users are able to login to the service, login to the Access Panel, access applications on the Access Panel and reset passwords. • IT administrators are able to create, read,write and delete entries in the directory or provision or de-provision users to applications in the directory. No SLA is provided for the Free tier of Azure Active Directory. 1 Management • We guarantee that API Management Service instances running in the Standard tier will respond to requests to perform operations at least 99.9%of the time. • We guarantee that API Management Service instances running in the Premium tier deployed across two or more regions will respond to requests to perform operations at least 99.95%of the time. No SLA is provided for the Developer tier of the API Management Service. View full details App Service We guarantee that Web Apps running in a customer subscription will be available 99.95%of the time. No SLA is provided for Mobile Apps, Logic Apps, or API Apps while such services are still in Preview or for Apps under either the Free or Shared tiers. Application We guarantee that each Application Gateway Cloud Service having two or more medium or larger instances will be available at least 99.9%of the time. Automation We guarantee that at least 99.9%of runbook jobs will start within 30 minutes of their planned start times. We guarantee at least 99.9%availability of the Azure Automation DSC agent service. No SLA is provided for the Free tier of Azure Automation. 74 A342 of 580 Backup We guarantee at least 99.9%availability of the backup and restore functionality of the Azure Backup service. BizTalk ervlc s We guarantee that at least 99.9%of the time customers will have connectivity between their BizTalk Service Environments in the Basic, Standard and Premium tiers and our Internet gateway. We do not offer an SLA for the BizTalk Services Developer tier. Cache We guarantee at least 99.9%of the time that customers will have connectivity between the Cache endpoints and our Internet gateway. CDN We guarantee that at least 99.9%of the time CDN will respond to client requests and deliver the requested content without error. We will review and accept data from any commercially reasonable independent measurement system that you choose to monitor your content. You must select a set of agents from the measurement system's list of standard agents that are generally available and represent at least five geographically diverse locations in major worldwide metropolitan areas (excluding PR of China). Cloud Services and Virtual Machines • For Cloud Services, we guarantee that when you deploy two or more role instances in different fault and upgrade domains, your Internet facing roles will have external connectivity at least 99.95%of the time. • For all Internet facing Virtual Machines that have two or more instances deployed in the same Availability Set, we guarantee you will have external connectivity at least 99.95%of the time. DocurnentDB We guarantee at least 99.95%of the time we will successfully process requests to perform operations against DocumentDB Resources. ExpressRoute We guarantee a minimum of 99.9% ExpressRoute dedicated circuit availability. HDinsight For HDlnsight, we guarantee that any HDlnsight Cluster that you deploy will have external connectivity at least 99.9%of the time over a monthly billing cycle. loTHub • For IoT Hub, we promise that at least 99.9%of the time deployed IoT hubs will be able to send messages to and receive messages from registered devices and the Service will able to perform create, read, update, and delete operations on IoT hubs. • No SLA is provided for the Free Tier of IoT Hub. Key Vault We guarantee that we will process Key Vault transactions within 5 seconds at least 99.9%of the time. 75 A343 of 580 Machine ►nin • For the Request Response Service (RRS), we guarantee 99.95%availability of API transactions. • For the Batch Execution Service (BES) and management APIs, we guarantee 99.9%availability of API transactions. No SLA is provided for the free tier of Machine Learning. Mediaervlc s • For Media Services Encoding, we guarantee 99.9%availability of REST API transactions. • For Streaming, we will successfully service requests with a 99.9%availability guarantee for existing media content when at least one Streaming Unit is purchased. • For Live Channels, we guarantee that running Channels will have external connectivity at least 99.9%of the time. • For Content Protection, we guarantee that we will successfully fulfill key requests at least 99.9% of the time. • For Indexer,we will successfully service Indexer Task requests processed with an Encoding Reserved Unit 99.9%of the time. Mobile Engagement We guarantee at least 99.9%availability of REST API calls to the Azure Mobile Engagement Service. No SLA is provided for the free tier. Mobile Services We guarantee 99.9%availability of REST API calls to all provisioned Azure Mobile Services running in Standard and Premium tiers in a customer subscription. No SLA is provided for the free tier of Mobile Services. Multi-Factor Authentication We guarantee 99.9%availability of Azure Multi-Factor Authentication.The service is considered unavailable when it is unable to receive or process authentication requests for the Multi-Factor authentication provider deployed in a customer subscription. OperationalInsi is We guarantee that at least 99.9%of the time, log data will be indexed within six hours of the data being queued for indexing by the Operational Insights Service. No SLA is provided for the free tier of Azure Operational Insights. RemoteApp We guarantee at least 99.9%of the time users will have connectivity to their applications through the RemoteApp service. No SLA is provided for the free tier of RemoteApp. Scheduler We guarantee that at least 99.9%of the time all scheduled jobs will initiate within 30 minutes of their planned execution times. 76 A344 of 580 Search We guarantee at least 99.9%availability for index query requests when an Azure Search Service Instance is configured with two or more replicas, and index update requests when an Azure Search Service Instance is configured with three or more replicas. No SLA is provided for the free tier. Service s • For Service Bus Relays, we guarantee that at least 99.9%of the time, properly configured applications will be able to establish a connection to a deployed Relay. • For Service Bus Queues and Topics, we guarantee that at least 99.9%of the time, properly configured applications will be able to send or receive messages or perform other operations on a deployed Queue or Topic. • For Service Bus Basic and Standard Notification Hub tiers,we guarantee that at least 99.9%of the time, properly configured applications will be able to send notifications or perform registration management operations with respect to a Notification Hub. • For Event Hubs Basic and Standard tiers,we guarantee that at least 99.9%of the time, properly configured applications will be able to send or receive messages or perform other operations on the Event Hub. Site Recovery • For each Protected Instance configured for On-Premises-to-On-Premises Failover,we guarantee at least 99.9%availability of the Site Recovery service. • For each Protected Instance configured for On-Premises-to-Azure planned and unplanned Failover,we guarantee a four-hour Recovery Time Objective for unencrypted Protected Instances, and a six-hour Recovery Time Objective for encrypted Protected Instance, depending on the size of the Protected Instance. SQL Database Web and Business Tiers We guarantee at least 99.9%of the time customers will have connectivity between their Web or Business Microsoft Azure SQL Database and our Internet gateway. Basic, Standard, and Premium Tiers We guarantee at least 99.99%of the time customers will have connectivity between their Basic, Standard, or Premium Microsoft Azure SQL Database and our Internet gateway. Storage • We guarantee that at least 99.99%of the time, we will successfully process requests to read data from Read Access-Geo Redundant Storage (RA-GRS)Accounts, provided that failed attempts to read data from the primary region are retried on the secondary region. • We guarantee that at least 99.9%of the time, we will successfully process requests to read data from Locally Redundant Storage (LRS), Zone Redundant Storage (ZRS), and Geo Redundant Storage (GRS)Accounts. • We guarantee that at least 99.9%of the time, we will successfully process requests to write data to Locally Redundant Storage (LRS), Zone Redundant Storage (ZRS), and Geo Redundant Storage (GRS)Accounts and Read Access-Geo Redundant Storage (RA-GRS)Accounts. 77 A345 of 580 StorSimple We guarantee at least 99.9%availability of the backup, cloud tiering, and restore functionality of the Azure StorSimple service. Stream lytics • We guarantee at least 99.9%availability of the Stream Analytics API. • We guarantee that 99.9%of the time, deployed Stream Analytics jobs will be either processing data or available to process data. Traffic Manager We guarantee that DNS queries will receive a valid response from at least one of our Azure Traffic Manager name server clusters at least 99.99%of the time. Visual Studio Team Services • We guarantee at least 99.9%availability of Visual Studio Team Services for paid Visual Studio Team Services users to access the associated Visual Studio Team Services account. • We guarantee at least 99.9%availability to execute build operations using the paid Visual Studio Team Services Build Service. • We guarantee at least 99.9%availability to execute load testing operations using the paid Visual Studio Team Services Load Testing Service. • We guarantee at least 99.9%availability to execute build and deployment operations using the paid Visual Studio Team Services Build & Deployment Service. VPN Gateway We guarantee 99.9%availability for each VPN Gateway. Microsoft will provide at least 90 days' notice for adverse material changes to any of the SLAB listed above. Availability for all Azure services is calculated over a monthly billing cycle. Incidents can be reported through the Azure Management Portal as well. Security incidents are provided through the Azure Management portal in addition to being placed on the Azure Health Dashboard. Azure Support options are available as an additional cost. • Free: No phone support • Developer: No phone support. Email or Instant Messaging Support only • Standard: 3 support calls per month • Professional Direct: Unlimited support calls per month per and escalation line • Premier: Unlimited support calls per month per an escalation line and onsite services 78 A346 of 580 8/4.2 �....... S, � � U � mm �� m��me�e��me�e��c��w�c��'�� S��e��m��n��e�m��e��n��n��mn��ax i,h N'l��e��&c��mne��me�. � axe��e��m� nw��m�� nJ'no � �h,", to s o S6� 6� 0 5, SH| Response: AtSH|, our people remain our greatest asset. All members nfthe SH| Account Team are dedicated tn providing high quality customer service and support. Our success has stemmed from outstanding customer support through dedicated Account Teams, constant development of procurement and Internet solutions, strong partnerships with top manufacturers, and a company-wide determination to bethe best. SH| has OO Public Sector dedicated, field based Account Executives across the country today. We continue tnexpand our footprint rapidly. SH| can comply with the requirement of having a lead representative for Participating Entity. We are happy to publish a current list contact information for our Account Executive team on a regular basis to NASPO. SH| has representative's available Monday through Friday from 7'6AM to support our customers. As needed SHI will adjust hours to respond to emergencies or other high priority needs. SHI has an SLA of 4 hours from inquiry and then our team will follow up with 24 hours or as needed until the request iscompleted. The dedicated SHI Account Team will help the Participating Entity contact our cloud partners for scoping and services surrounding all nfour partners. SH| will work jointly with our partners tnprovide Design Services for all categories aswell Installation Services for all categories. Specifically for AWS solutions, SH| currently provides: * <12hour response SLA * 8am'7pmET * Mon-Fri * Design Services * Installation Services are available as part of defined statement of work(SOW) Upon award a dedicated resource responsible for emergency notifications and weekend coverage will be provided. 79 4k,347 of 58 0 CA Response: A service delivery manager will be assigned to each SaaS subscriber. CA provides 24x7x365 support for Severity 1 cases. All severity 1 cases must be submitted via telephone. Access to CA Support Online is available 24x7x365 for online technical support and access to CA software product and documentation downloads, fixes, service packs, patch downloads, communities, beta testing, FAQs, samples, webcast recordings and demos, usage tips, technical updates and HYPER notifications, as such are made available by CA. CA will use reasonable efforts to meet the service level objectives stated below with regard to remedial software support and will provide ongoing efforts to resolve Severity 1 support cases.All cases can be submitted to CA on a 24 hours per day, 7 days per week, 365 days per year basis. Due to the complexities of technical environments, the model represents an estimate of response times only and actual response times may vary. Response Level Objectives: • 1 hour for Severity 1 cases (240) • 2 business hours for Severity 2 cases (During normal business hours, as published on CA Support Online, based on the time a case is initially submitted online or telephonically.) • 4 business hours for Severity 3 cases (During normal business hours, as published on CA Support Online, based on the time a case is initially submitted online or telephonically.) • 1 business day for Severity 4 cases (During normal business hours, as published on CA Support Online, based on the time a case is initially submitted online or telephonically.) CA Services are available for configuration and design of the service. No installation is necessary to consume the stock service. MicrosoftResponse: Phone Support will be offered on a 24/7 basis There are five levels of support available: • Free: No supported email or phone support available. However there are forums headed by Microsoft MVP associates and employees. • Developer: 8 hour response time • Standard: 2 hour response time • Professional Direct: 1 hour response time • Premier: 15 minute response time 80 A348 of 580 8.5 SECURITY OF INFORMATION SHIResponse: The scope and requirements of this RFP are such that it would be impossible to include all of the cloud based offerings that SHI has in its catalog today. We will work to add products and solutions over the course of this contract as new technologies emerge or as customer needs arise. SHI is responding today with offerings from AWS, Microsoft, and CA as well additional service offerings from our partner Ascent Innovations. For this Section each partner has provide a specific response. .51 fsf,Y {, ,�i f,) ,� 3{� {� frti'i ru f,)ft {k ,� .R fif,)M"I AWS Response: It is important that customers understand some important basics regarding data ownership and management in the cloud shared responsibility model: • Customers continue to own their data. • Customers choose the geographic location(s) in which to store their data—it does not move unless the customer decides to move it. • Customers can download or delete their data whenever they like. • Customers should consider the sensitivity of their data, and decide if and how to encrypt the data while it is in transit and at rest. AWS provides customers with the ability to delete their data. However,AWS customers retain control and ownership of their data, and it is the customer's responsibility to manage their data. Data Recovery/Transfer AWS allows customers to move data as needed on and off AWS storage using the public Internet or AWS Direct Connect (which lets customers establish a dedicated network connection between their network and AWS). AWS Import/Export accelerates moving large amounts of data into and out of AWS using portable storage devices for transport. AWS transfers customer data directly onto and off of storage devices using Amazon's high-speed internal network and bypassing the Internet. For significant data sets, AWS Import/Export is often faster than Internet transfer and more cost effective than customers upgrading their connectivity. With Import/Export encryption is mandatory, and AWS will encrypt customer data using the password they specified and transfer it onto the device Deleting Data Customers can use Multi-Object Delete to delete large numbers of objects from Amazon S3.This feature allows customers to send multiple object keys in a single request to speed up their deletes. Amazon does not charge customers for using Multi-Object Delete. 81 A349 of 580 Customers can use the Object Expiration feature to remove objects from their buckets after a specified number of days. With Object Expiration customers can define the expiration rules for a set of objects in their bucket through the Lifecycle Configuration policy that they apply to the bucket. Each Object Expiration rule allows customers to specify a prefix and an expiration period. Archiving Data With Amazon S3's lifecycle policies, customers can configure their objects to be archived to Amazon Glacier or deleted after a specific period of time. Customers can use this policy-driven automation to quickly and easily reduce storage costs as well as save time. In each rule customers can specify a prefix, a time period, a transition to Amazon Glacier, and/or an expiration. For example, customers could create a rule that archives all objects with the common prefix "logs/" 30 days from creation, and expires these objects after 365 days from creation. Customers can also create a separate rule that only expires all objects with the prefix "backups/" 90 days from creation. Lifecycle policies apply to both existing and new S3 objects, ensuring that customers can optimize storage and maximize cost savings for all current data and any new data placed in S3 without time-consuming manual data review and migration. AWS Storage Device Decommissioning When a storage device has reached the end of its useful life, AWS procedures include a decommissioning process that is designed to prevent customer data from being exposed to unauthorized individuals. AWS uses the techniques detailed in DoD 5220.22-M ("National Industrial Security Program Operating Manual ") or NIST 800-88 ("Guidelines for Media Sanitization") to destroy data as part of the decommissioning process. All decommissioned magnetic storage devices are degaussed and physically destroyed in accordance with industry-standard practices. CA Response: CA Technologies has a comprehensive Data Protection Program in place which is designed to respect the privacy of its employees, customers, vendors, partners and all third parties with whom CA Technologies interacts. CA Technologies is committed to complying with all applicable laws relating to privacy and data protection worldwide. As part of CA Technologies' efforts in this area, it has certified to the US-EU and US-Swiss Safe Harbor Frameworks and applies those principles on a worldwide basis. Employees are made aware of their obligations with respect to privacy by means of corporate policy and procedure, employee communications and training. CA Technologies has privacy officers who address data protection issues that arise in their respective geographies. CA Technologies external privacy notice describes how CA Technologies handles personal information and it can be found at www.ca.com/us/privacy. Microsoft esponse® Microsoft datacenters receive SSAE16/ISAE 3402 Attestation and are ISO 27001 Certified. Microsoft datacenters are located in non-descript buildings that are physically constructed, managed, and monitored 24-hours a day to protect data and services from unauthorized access as well as environmental threats. Datacenters are surrounded by a fence with access restricted through badge controlled gates. Pre-approved deliveries are received in a secure loading bay and are monitored by authorized personnel. Loading bays are physically isolated from information processing facilities. 82 AX350 of 580 CCTV is used to monitor physical access to datacenters and the information systems. Cameras are positioned to monitor perimeter doors, facility entrances and exits, interior aisles, caged areas, high- security areas, shipping and receiving, facility external areas such as parking lots and other areas of the facilities. Data destruction techniques vary depending on the type of data object being destroyed, whether it be subscriptions, storage,virtual machines, or databases. In Azure's multi-tenant environment, careful attention is taken to ensure that one customer's data is not allowed to either"leak" into another customer's data, or when a customer deletes data, no other customer(including, in most cases,the customer who once owned the data) can gain access to that deleted data. Azure follows NIST 800-88 Guidelines on Media Sanitization, which address the principal concern of ensuring that data is not unintentionally released.These guidelines encompass both electronic and physical sanitization. .5.2 �ft�fi`C'i' )t P) tr{.r {at .r� . 0 +`f,�" {a'r .=�7 ,{)!F''>fti �� .,�,,,��zf ,ta. .% .a .r •.a {, C'+.a {a DI { .a -z� .a`,ti° SHIResponse: SHI does not have access to any stored, processed or transferred data running in the IaaS and/or PaaS services and subcategory functionality. SResponse: AWS does not access any stored, processed of transferred data running in its IaaS and/or PaaS services unless expressly as described in it Terms of Use. CA Response: See response to 8.5.1 MicrosoftResponse: Microsoft Azure has implemented a formal policy that requires assets (the definition of asset includes data and hardware) used to provide Microsoft Azure services to be accounted for and have a designated asset owner. Azure asset owners are responsible for maintaining up-to-date information regarding their assets. Microsoft datacenters receive SSAE16/ISAE 3402 Attestation and are ISO 27001 Certified. Microsoft datacenters are located in non-descript buildings that are physically constructed, managed, and monitored 24-hours a day to protect data and services from unauthorized access as well as environmental threats. Datacenters are surrounded by a fence with access restricted through badge controlled gates. Pre-approved deliveries are received in a secure loading bay and are monitored by authorized personnel. Loading bays are physically isolated from information processing facilities. 83 AX351 of 580 CCTV is used to monitor physical access to datacenters and the information systems. Cameras are positioned to monitor perimeter doors, facility entrances and exits, interior aisles, caged areas, high- security areas, shipping and receiving, facility external areas such as parking lots and other areas of the facilities. MCIO, and consequently Azure, maintains a current, documented and audited inventory of equipment and network components for which it is responsible. MCIO employs automated mechanisms to detect discrepancies in device configuration by comparing them against the defined policies. MCIO turns off unused ports by default to prevent unauthorized access. Microsoft Azure Fabric Controlled Hardware Device Authentication maintains a set of credentials (keys and/or passwords) used to authenticate itself to various Microsoft Azure hardware devices under its control.The system used for transporting, persisting, and using these credentials is designed to make it unnecessary for Microsoft Azure developers, administrators, and backup services/personnel to be exposed to secret information. Microsoft asset and data protection procedures provide prescriptive guidance around the protection of logical and physical data and include instructions addressing relocation. Customers control where their data is stored while using Azure services such as Site Recovery and Backup. Data destruction techniques vary depending on the type of data object being destroyed,whether it be subscriptions, storage,virtual machines, or databases. In Azure's multi-tenant environment, careful attention is taken to ensure that one customer's data is not allowed to either"leak" into another customer's data, or when a customer deletes data, no other customer (including, in most cases,the customer who once owned the data) can gain access to that deleted data. Azure follows NIST 800-88 Guidelines on Media Sanitization, which address the principal concern of ensuring that data is not unintentionally released.These guidelines encompass both electronic and physical sanitization. Microsoft Information Security policy defines and establishes controls for maintaining a safe and secure working environment in offices, rooms, facilities, and secure areas storing sensitive information. Access to media storage areas is restricted and audited. Access to Microsoft buildings is controlled, and access is restricted to those with card reader(swiping the card reader with an authorized ID badge) or biometrics for entry into Datacenters. Front desk personnel are required to positively identify Full-Time Employees (FTEs) or authorized Contractors without ID cards. Staff must wear identity badges at all times, and are required to challenge or report individuals without badges. Guests are required to wear guest badges and be escorted by authorized Microsoft personnel. Datacenter entrances are guarded 24x7x365 by security personnel and access is controlled through security personnel, authorized badges, locked doors and CCTV monitoring. 84 AX352 of 580 &5.3 �...... �� c�� e S� rm, � AWS Response: We will not have any access tna Purchasing Entity's data because it does not need such access to deliver laaS and PaaS services, and because it cannot grant itself such access to the users' resources. CA Response: See response tnO.S.1 Microsoft Response: Microsoft will not disclose Customer Data outside nfMicrosoft nr its controlled subsidiaries and affiliates except (1) as you direct, (2)with permission from an end user, (3) as described here nrinyour agreement(s), nr(4) as required by law. Microsoft will not disclose Customer Data to law enforcement unless required by law. Should |avv enforcement contact Microsoft with a demand for Customer Data, Microsoft will attempt to redirect the law enforcement agency to request that data directly from you. If compelled to disclose Customer Data to law enforcement, then Microsoft will promptly notify you and provide you a copy of the demand unless legally prohibited from doing so. Upon receipt nfany other third party request for Customer Data (such as requests from customer's end users), Microsoft will promptly notify you unless prohibited by law. If Microsoft is not required by law tn disclose the Customer Data, Microsoft will reject the request. |fthe request isvalid and Microsoft could be compelled to disclose the requested information, Microsoft will attempt to redirect the third party to request the Customer Data from you. Except as customer directs, Microsoft will not provide any third party: (1) direct, indirect, blanket or unfettered access tnCustomer Data; (2)the platform encryption keys used to secure Customer Data or the ability to break such encryption; or (3) any kind nfaccess tn Customer Data if Microsoft is aware that such data is used for purposes other than those stated in the request. In support of the above, Microsoft may provide your basic contact information to the third party. We will not disclose Administrator Data, Payment Data or Support Data outside nfMicrosoft nrits controlled subsidiaries and affiliates except (1) asyou direct, (2) with permission from an end user, (3) as described here or in your agreement(s), or (4) as required by law. We may share Administrator Data or Payment Data with third parties for purposes of fraud prevention or to process payment transactions. The Online Services may enable you to purchase, subscribe to, or use services, software, and content from companies other than Microsoft ("Third Party Offerings"). If you choose to purchase, subscribe to, or use a Third Party Offering,we may provide the third party with your Administrator Data or Payment Data. Subject to your contact preferences,the third party may use your Administrator Data to send you OS AW,353 of 58 0 promotional communications. Use of that information and your use of a Third Party Offering will be governed by the third party's privacy statement and policies. 8.6 PRIVACY AND SECURITY SHI esponse® The scope and requirements of this RFP are such that it would be impossible to include all of the cloud based offerings that SHI has in its catalog today. We will work to add products and solutions over the course of this contract as new technologies emerge or as customer needs arise. SHI is responding today with offerings from AWS, Microsoft, and CA as well additional service offerings from our partner Ascent Innovations. For this Section each partner has provide a specific response. 8..6..1. t`�!e ! "'N FS7, ,irt ,s Iii e :atzu �,) ' vu {at ,r� .�u {, t. .a� frl ,-r` `,fit„{a .) j„ „��tt It .) r•f�r { t,it�.r6 {,v.a .a f.,x AWS Response: The AWS solution does not require and does not accept access to any Procurement Entity users' data in order to provide IaaS and PaaS services and subcategory service functionality. Users are entirely able to retain full responsibility for encrypting, safeguarding and appropriately handling their Low, Moderate and High Risk data in compliance with any oversight guidelines. The offered IaaS and PaaS services are audited and certified to meet the needs of various data handling standards as listed in section 8.6.2. CA Response: CA Technologies understands that security is a top concern when evaluating cloud-based applications, which is why CA technologies operations worldwide conform to rigorous certification, compliance and security programs and processes. In addition, we contract with independent auditors to regularly evaluate and validate the security of our service. High risks are identified, validated and remediated before production systems are made available. Medium risks are evaluated and resolved on a priority basis. We use CIS and NIST standards as baselines for hardening our systems. We are currently working towards a NIST 800-53r4 certification however this is not yet complete. We are continuously reviewing our compliance with these standards. We perform monthly scans against our Production Infrastructure based on CIS standards. We scan for both vulnerabilities and compliance best practices bases on NIST 800-53v4 standards.Vulnerabilities are tracked and remediated based on severity and risk. MicrosoftResponse: Both Azure and the underlying Microsoft Cloud and Infrastructure Operations (MCIO) physical environments employ security frameworks that span multiple standards, including the ISO 27000 family of standards, NIST 800, and others. Please see Microsoft Azure CCM document for additional 86 4k,354 of 580 &6.2 'Je��mm��m�� nw�� m�e��c��xe�f��e. sp'��c��c��o��, ��Is S� �""'Ii'icv """""v S� v�� 1 ""3 "'NIS7, S/",,' S��e��. AWS Response: The AWS cloud infrastructure has been designed and is managed in alignment with regulations, standards, and best practices, including: * Federal Risk and Authorization Management Program (FedRAMP) * Service Organization Controls (SOC) 1/American Institute of Certified Public Accountants (AICPA): AT 801 (formerly Statement on Standards for Attestation Engagements [SSAE] No. 16)/International Standard on Assurance Engagements (ISAE) 3402 (formerly Statement on Auditing Standards [SAS] No. 70) * SOC2 * SOC3 * Payment Card Industry Data Security Standard (PCI DSS) * International Organization for Standardization (ISO) 27001 * |S027017 * |S027018 * |S09001 * Department of Defense (DoD) Security Requirements Guide (SRG) security impact levels 2 and 4 * Federal Information Security Management Act (F|SMA) * US Health Insurance Portability and Accountability Act (H|PAA) * FBI Criminal Justice Information Services (CJ|S) * National Institute ofStandards and Technology (N|ST) 800'171 * International Traffic inArms Regulations (|TAR) * Federal Information Processing Standard (F|PS) 140'2 * Family Educational Rights and Privacy Act (FERPA) * Information Security Registered Assessors Program (|RAP) (Australia) * |T'Grundochutz (Germany) For information on all of the security regulations and standards with which AWS complies, visit the AWS Compliance page. CA Response: Agile Our data center provider has a SOC 2 audit report that can be provided upon request. Our application does not currently have such certifications. AP|M The clatacenters used by CA Technologies annually undergo SOC 3 audits. A copy of the latest SOC 3report can befound here: http://dU.avvsstatic.cnm/whitepapers/cnmp|iance/snc3_amaznn_vveb_services.pdf ASM Rackspace clatacenters annually undergo various certification including SOC 3 audits. All certifications are listed here: https://vvvvvv.rackspace.cnm/en'us/security/mana0ement The application currently does not hold aSOC 2certification. 87 AW,355 of 58 0 MAA [AMAA iscertified for SOC 2Type 1Security Audit. PPM SSAE'16Type || SOC 2and Snc1; FedRAMP—(in progress for 2U16) 8.63 I(,,,"X ...�... AWS Response: AWS monitoring tools are designed to detect unusual or unauthorized activities and conditions at ingress and egress communication points.These tools monitor server and network usage, port scanning activities' application usage, and unauthorized intrusion attempts.The tools have the ability to set custom performance metrics thresholds for unusual activity. Systems within AWS are extensively instrumented tn monitor key operational metrics. Alarms are configured to automatically notify operations and management personnel when early warning thresholds are crossed on key operational metrics. An on-call schedule is used so personnel are always available to respond to operational issues.This includes a pager system so alarms are quickly and reliably communicated tnoperations personnel. Documentation is maintained to aid and inform operations personnel in handling incidents or issues. If the resolution of an issue requires collaboration, a conferencing system is used which supports communication and logging capabilities. Trained call leaders facilitate communication and progress during the handling of operational issues that require collaboration. Post-mortems are convened after any significant operational issue, regardless of external impact, and Cause of Error(COE) documents are drafted so the root cause is captured and preventative actions are taken inthe future. Implementation of the preventative measures is tracked during weekly operations meetings. AWS security monitoring tools help identify several types of denial of service (DnS) attacks, including distributed, flooding, and software/logic attacks.When DnSattacks are identified, the AWS incident response process is initiated. In addition to the DoS prevention tools, redundant telecommunication providers at each region as well as additional capacity protect against the possibility nfDnS attacks. The AWS network provides significant protection against traditional network security issues, and you can implement further protection.The following are a few examples: * Distributed Denial Of Service(DDoS)Attacks.AWS API endpoints are hosted on large, Internet- scale, vvor|d'daoo infrastructure that benefits from the same engineering expertise that has built Amazon into the world's largest online retailer. Proprietary DDoSmitigation techniques are used.Additionally, AVVS'o networks are multi-homed across a number ofproviders to achieve Internet access diversity. * Man in the Middle(MITM)Attacks. All of the AWS APIs are available via SSL-protected endpoints which provide server authentication. Amazon EC2AM|o automatically generate new SSH host certificates on first boot and log them to the instance's console. You can then use the secure APIs to call the console and access the host certificates before logging into the instance for the first time. We encourage you to use SSL for all of your interactions with AWS. * IP Spoofing.Amazon EC2 instances cannot send spoofed network traffic.The AWS-controlled, host-based firewall infrastructure will not permit an instance to send traffic with a source |P or MAC address other than its own. OO AW,356 of 58 0 • Port Scanning. Unauthorized port scans by Amazon EC2 customers are a violation of the AWS Acceptable Use Policy.Violations of the AWS Acceptable Use Policy are taken seriously, and every reported violation is investigated. Customers can report suspected abuse via the contacts available on our website at: http://aws.amazon.com/contact-us/report-abuse/. When unauthorized port scanning is detected by AWS, it is stopped and blocked. Port scans of Amazon EC2 instances are generally ineffective because, by default, all inbound ports on Amazon EC2 instances are closed and are only opened by you.Your strict management of security groups can further mitigate the threat of port scans. If you configure the security group to allow traffic from any source to a specific port,then that specific port will be vulnerable to a port scan. In these cases, you must use appropriate security measures to protect listening services that may be essential to their application from being discovered by an unauthorized port scan. For example, a web server must clearly have port 80 (HTTP) open to the world, and the administrator of this server is responsible for the security of the HTTP server software, such as Apache.You may request permission to conduct vulnerability scans as required to meet your specific compliance requirements.These scans must be limited to your own instances and must not violate the AWS Acceptable Use Policy.Advanced approval for these types of scans can be initiated by submitting a request via the website at: https://aws-portal.amazon.com/gp/aws/html-forms- controller/contactus/AWSSecu rityPenTest Req uest Packet sniffing by other tenants. It is not possible for a virtual instance running in promiscuous mode to receive or "sniff' traffic that is intended for a different virtual instance. While you can place your interfaces into promiscuous mode, the hypervisor will not deliver any traffic to them that is not addressed to them. Even two virtual instances that are owned by the same customer located on the same physical host cannot listen to each other's traffic.Attacks such as ARP cache poisoning do not work within Amazon EC2 and Amazon VPC. While Amazon EC2 does provide ample protection against one customer inadvertently or maliciously attempting to view another's data, as a standard practice you should encrypt sensitive traffic. CA Response: Agile/APIM -CA Technologies operations worldwide conform to rigorous certification, compliance and security programs and processes. We also contract with independent auditors to regularly evaluate and validate the security of our service. High risks are identified, validated and remediated before production systems are made available. Medium risks are evaluated and resolved on a priority basis. We use a co-located data center provider and within that environment we have a dedicated cage to which only our Operations Team has access. We also monitor all traffic across our systems using HIDS (OSSEC) and NIDS (Snort)to notify of any suspicious activity. As a SaaS application it can be accesses anywhere in the world. Customers have the ability to implement subscription level IP restrictions for restricting access to their subscription. ASM -All ASM core servers are behind firewalls; only systems administrators have access to the servers; all data is encrypted when transmitted between data centers. The ASM dashboard and API are protected with HTTPS/TLS encryption, and users are required to use a username and password to login to their accounts. MAA-All MAA core servers are behind firewalls; only systems administrators have access to the servers; all data is encrypted when transmitted between data centers. The MAA dashboard and API are protected with HTTPS/TLS encryption, and users are required to authenticate in order to access these. 89 AX357 of 580 PPM -CA Technologies contracts with an independent, third party vendor to evaluate and validate the security of our service on an ongoing basis. Critical and high risks are identified, validated, and remediated before production systems are made available. Medium risks are evaluated and resolved on a priority basis. Ongoing scans are performed to ensure that no new risks have been introduced.Two types of scans are performed: • Vulnerability Scans:Vulnerability tests are performed weekly • Penetration Scans: Penetration tests are performed as each new release of the Service is being made available and no less than annually MicrosoftResponse: In addition to the information below, please see the response to question 8.5.2. Azure Employees and contractors must have a business need to enter a Microsoft datacenter and have received prior approval. Doors between areas of differing security require authorized badge access, are monitored through logs and cameras, and audited on a regular basis. Failure to abide by the Microsoft Datacenter security policies means instant dismissal for the employee. Access to Microsoft buildings is controlled, and access is restricted to those with card reader(swiping the card reader with an authorized ID badge) or biometrics for entry into Datacenters. Front desk personnel are required to positively identify Full-Time Employees (FTEs) or authorized Contractors without ID cards. Staff must wear identity badges at all times, and are required to challenge or report individuals without badges. Guests must be escorted by authorized Microsoft personnel. , 6.4 " ;,I! f {,i t,, i1,° {.. ,� Ali , stt ...� f„V"t' "Ct f.a {�.T .a C art It u i U`2 LI ',,I AWS Response: AWS does not access customer data, and customers are given the choice as to how they store, manage and protect their data. CA Response: Agile/APIM -All customer data is treated as confidential and as a policy we do not access customer data without explicit written consent. Access to systems containing customer data is restricted to our Operations Team according to our Elevated Permissions Policy. All personnel with access to client data undergo annual, mandatory security training and are covered under the CA Technologies NDA. Violations of security policies are grounds for termination. All access to data and other resources used to deliver the service are granted under the least principle. ASM -Customer accounts are password protected, and users can only access their data in their accounts. System administrators have access to ASM servers, and database administrators have access 90 AX358 of 580 to database servers. Account access is reviewed periodically. All data on CA laptops are encrypted and a PIN is required to boot. MAA-Customer accounts are password protected, and users can only access their data in their accounts. System administrators have access to MAA servers, and database administrators have access to database servers. Account access is reviewed periodically. PPM -All personnel with access to client data undergo annual, mandatory security training and are covered under the CA Technologies NDA.Violations of security policies are grounds for termination. All access to data and other resources used to deliver the service are granted under the least principle. Microsoft esponse® Please see response to 8.5.3 x.6.5 VVIV X'S .S AWS Response: Please see the response to question 8.6.2 CA Response: Please see the response to question 8.6.2 MicrosoftResponse: Please see the response to question 8.6.2. Additional information can also be found in the Microsoft Azure CCM document and online at the Azure Trust Center x.6,6 !0 i0';' )t a il AWS Response: The logging and monitoring of Application Program Interface (API) calls are key components in security and operational best practices, as well as requirements for industry and regulatory compliance. AWS customers can leverage multiple AWS features and capabilities, along with third-party tools, to monitor their instances and manage/analyze log files. AWS it AWS CloudTrail is a web service that records API calls to supported AWS services in an AWS account, delivering a log file to an Amazon Simple Storage Service (Amazon S3) bucket. AWS ClouclTrail alleviates common challenges experienced in an on-premise environment by making it easier for customers to enhance security and operational processes while demonstrating compliance with policies or regulatory standards. 91 AX359 of 580 With AWS ClouclTrail, customers can get a history of AWS API calls for their account, including API calls made via the AWS Management Console, AWS SDKs, command line tools, and higher-level AWS services (such as AWS Cloud Formation). The AWS API call history produced by AWS ClouclTrail enables security analysis, resource change tracking, and compliance auditing. • For information on the services and features supported by AWS ClouclTrail, visit the AWS ClouclTrail FAQs on the AWS website. • The AWS whitepaper Security at Scale:Logging/n AWS provides an overview of common compliance requirements related to logging, detailing how AWS ClouclTrail features can help satisfy these requirements. • The AWS whitepaper Auditing Security Checklist for Use of AWS provides customers with a checklist to assist in evaluating AWS for the purposes of an internal review or external audit. A WS CloudTrail Features and Benefits Some of the many features of AWS ClouclTrail include: • Increased Visibility:AWS ClouclTrail provides increased visibility into user activity by recording AWS API calls. Customers can answer questions such as, what actions did a given user take over a given time period? For a given resource, which user has taken actions on it over a given time period?What is the source IP address of a given activity?Which activities failed due to inadequate permissions? • Durable and Inexpensive Log File Storage:AWS ClouclTrail uses Amazon S3 for log file storage and delivery, so log files are stored durably and inexpensively. Customers can use Amazon S3 lifecycle configuration rules to further reduce storage costs. For example, customers can define rules to automatically delete old log files or archive them to Amazon Glacier for additional savings. • Easy Administration:AWS ClouclTrail is a fully managed service; customers simply turn on AWS ClouclTrail for their account using the AWS Management Console, the Command Line Interface, or the AWS ClouclTrail SDK and start receiving AWS ClouclTrail log files in the specified Amazon S3 bucket. • Notifications for Log File Delivery:AWS ClouclTrail can be configured to publish a notification for each log file delivered,thus enabling customers to automatically take action upon log file delivery. AWS ClouclTrail uses the Amazon Simple Notification Service (Amazon SNS)for notifications. • Choice of Partner Solutions: Multiple partners including Alert Logic, Boundary, Loggly, Splunk, and Sumologic offer integrated solutions to analyze AWS ClouclTrail log files.These solutions include features like change tracking,troubleshooting, and security analysis. For more information, see the AWS ClouclTrail partners section. • Log File Aggregation:AWS ClouclTrail can be configured to aggregate log files across multiple accounts and regions so that log files are delivered to a single bucket. For detailed instructions, refer to the Aggregating ClouclTrail Log Files to a Single Amazon S3 Bucket section of the user guide. Amazon ClouclWatch Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications run on AWS. Customers can use Amazon ClouclWatch to collect and track metrics, collect and monitor log files, and set alarms. Amazon ClouclWatch can monitor AWS resources such as Amazon EC2 instances, Amazon DynamoDB tables, and Amazon RDS DB instances, as well as custom metrics generated by customer 92 A360 of 580 applications and services, and any log files that applications generate. Customers can use Amazon ClouclWatch to gain system-wide visibility into resource utilization, application performance, and operational health, using these insights to react and keep their application running smoothly. Customer can use ClouclWatch Logs to monitor and troubleshoot systems and applications using their existing system, application, and custom log files. Customers can send thier existing system, application, and custom log files to ClouclWatch Logs and monitor these logs in near real-time.This helps customers better understand and operate their systems and applications, and they can store their logs using highly durable, low-cost storage for later access. LogAnalyzer for Amazon CloudFront LogAnalyzer allows customers to analyze their Amazon ClouclFront Logs using Amazon Elastic MapReduce (Amazon EMR). Using Amazon EMR and the LogAnalyzer application customers can generate usage reports containing total traffic volume, object popularity, a break down of traffic by client IPs, and edge location. Reports are formatted as tab delimited text files, and delivered to the Amazon S3 bucket that customers specify. Amazon ClouclFront's Access Logs provide detailed information about requests made for content delivered through Amazon ClouclFront, AWS's content delivery service.The LogAnalyzer for Amazon ClouclFront analyzes the service's raw log files to produce a series of reports that answer business questions commonly asked by content owners. Reports Generated This LogAnalyzer application produces four sets of reports based on Amazon ClouclFront access logs.The Overall Volume Report displays total amount of traffic delivered by ClouclFront over the course of whatever period specified.The Object Popularity Report shows how many times each customer object is requested.The Client IP report shows the traffic from each different Client IP that made a request for content.The Edge Location Report shows the total number of traffic delivered through each edge location. Each report measures traffic in three ways: the total number of requests, the total number of bytes transferred, and the number of request broken down by HTTP response code.The LogAnalyzer is implemented using Cascading ( ttp:ZZwww.cascadig .or ) and is an example of how to construct an Amazon Elastic MapReduce application. Customers can also customize reports generated by the LogAnalyzer. Third r Many third-party log monitoring and analysis tools are available on AWS Marketplace. S Identity and Access Management(IAM): AWS Identity and Access Management(IAM) is a web service that enables AWS customers to manage users and user permissions in AWS.The service is targeted at organizations with multiple users or systems that use AWS products such as Amazon EC2, Amazon SimpleDB, and the AWS Management Console. With AWS IAM, you can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users can access. Permissions let you specify who has access to AWS resources and which actions they can perform on those resources. Every AWS Identity and Access Management (IAM) user starts with no permissions. In 93 AX361 of 580 other words, by default, users can do nothing, not even view their own access keys.To give a user permission to do something, you can add the permission to the user(that is, attach a policy to the user), or add the user to a group that has the desired permission. CA Response: Agile and APIM -CA has various log monitoring tools that help us keep track of live production systems in order to understand load vs. resource utilization vs. performance. CA along with AWS monitors the service and provides real time alerting when systems suddenly die, or when system loads or response times approach critical thresholds. Logs are kept for forensic examination and identification of trends in order to proactively ensure stability. All systems are required to send logs to a centralized log server. At a minimum log data must contain timestamps, usernames, IP Addresses, and query parameters. ASM -ASM servers log all activity, and data retention is anywhere from 30 days to 1 year depending on the application and volume of logs generated. MAA-CA MAA servers log all activity, and data retention is anywhere from 14 to 180 days depending on the component and volume of logs generated. PPM -systems are monitored 24 x 7 by an enterprise network intrusion protection solution. Audit logs are sent to a centralized CA Audit system and are reviewed daily to ensure that there is no unusual activity. MicrosoftResponse: Logging of service, user and security events (web server logs, FTP server logs, etc.) is enabled and retained centrally. MCIO restricts access to audit logs to authorized personnel based on job responsibilities. Event logs are archived on secure infrastructure and are retained for 180 days. Microsoft Identity Manager and intrusion detection system tools are implemented within the Azure environment. Azure uses an early warning system to support real-time analysis of security events within its operational environment. Monitoring agents and the alert and incident management system generate near real-time alerts about events that could potentially compromise the system. MCIO has established procedures to receive, generate and disseminate security alerts from external organizations as necessary. MCIO coordinates with external agencies regarding the implementing of security directives. The Azure logging and monitoring infrastructure encompasses the entire Azure platform and does not vary by tenant. Detected incidents are isolated or contained in the most effective way depending on the nature of the event. The Azure platform is specifically designed and architected to prevent the possibility of production data being moved or replicated outside of the Azure cloud environment.These controls include: • Physical and logical network boundaries with strictly enforced change control policies • Segregation of duties requiring a business need to access an environment • Highly restricted physical and logical access to the cloud environment 94 A362 of 580 • Strict controls based on SDL and OSA that define coding practices, quality testing and code promotion • Ongoing security, privacy and secure coding practices awareness and training • Continuous logging and audit of system access • Regular compliance audits to ensure control effectiveness Microsoft Azure customers are responsible for defining policies and establishing controls for how their production data is maintained with regard to replication or high-availability and the demarcation of their production environment. Azure Employees and contractors must have a business need to enter a Microsoft datacenter and have received prior approval. Doors between areas of differing security require authorized badge access, are monitored through logs and cameras, and audited on a regular basis. Failure to abide by the Microsoft Datacenter security policies means instant dismissal for the employee. Log and monitor access is highly restricted to only authorized staff with a business need to access such systems. Microsoft Azure platform components (including OS, Virtual Network, Fabric, etc.) are configured to log and collect security events. Microsoft Azure uses Active Directory(AD)to manage and provision user accounts. Security group membership must be approved by the designated security group owners within Microsoft Azure. Automated procedures are in place to disable AD accounts upon the user's leave date. Domain-level user accounts are disabled after 90 days of inactivity. Strong authentication, including the use of multi-factor authentication, helps limit access to customer data to authorized personnel only. Sample audits are performed by both Microsoft and third parties to attest that access is only for appropriate business purposes. When access is granted, it is carefully controlled and logged, and revoked as soon as it is no longer needed. The operational processes and controls that govern access and use of customer data in Azure are rigorously maintained and regularly verified by accredited audit firms. Designated security group owners within Microsoft Azure are responsible for reviewing appropriateness of employee access to applications and data on a periodic basis. Regular access review audits occur to validate appropriate access provisioning has taken place. Access is modified based on the results of this review. Membership in security groups must be approved by security group owners. Automated procedures are in place to disable AD accounts upon the user's leave-date. Physical access to infrastructure systems is restricted to Microsoft operations personnel or designated and authorized third-party contractors at datacenter locations. Access is logged and reviewed by security managers. Within the Microsoft Azure environment, customers are responsible for managing access to the applications customers host on Microsoft Azure. 95 A363 of 580 8,6.7 �....... i,h f X 'f 'f ,,'f ��c��xe�� c�y �........ 'Sm��mm��. AWS Response: AWS Identity and Access Management(IAM) isaweb service that enables AWS customers tnmanage users and user permissions in AWS.The service is targeted at organizations with multiple users or systems that use AWS products such as Amazon EC2, Amazon Simp|eDB, and the AWS Management Console. With AWS IAM, you can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users can access. Permissions let you specify who has access to AWS resources and which actions they can perform on those resources. Every AWS Identity and Access Management (IAM) user starts with no permissions. In other words, by default, users can do nothing, not even view their own access keys.Tngive a user permission to do something, you can add the permission to the user(that is, attach a policy to the user), or add the user tna group that has the desired permission. CA Response: Agile Our databases are shared but logically segregated. VVeensure logical security nfaccess tn customer data by implementing access restrictions between subscriptions and roles within those subscriptions to assure adequate segregation of data.There is a plugin available in the unlimited edition that allows the administrator tn limit access tnthe application based on IP address. APIM— Users of the Portal are divided into two types: Internal users (for publishers of the API) and External users (for deve|npers).There area number nfpre-defined roles for both Internal and External users that inherit functionality in a hierarchical manner. Portal has RBACbui|t inthat allows you tngrant access to different functionality for different users. For example, you can assign a user to role that only allows them access to update content, or access apps but not create them. ASM —On|y Public Status Page (PSP) data is stored in the cloud, and PSP web pages are accessible by anyone. PSP data is only sent to the cloud if the customer enables this feature, and they can decide which data ismade public. MAA—CA utilizes laaS vendor to host the service with strict access controls in place. CA SaaS InfoSec team manages users and their associations with groups within LDAP Directory and conducts periodic access reviews tnconform tngovernance requirements. PPM—VVithin the CA PPM SaaS application, over 150 individual rights/roles/groups can be used to secure application functionality and data records. Additionally, standard audit trail functionality can be configured for most objects and attributes to capture creation, edits, and deletions of selected data records nrattributes. 96 AW,364 of 580 Microsoft Response: Visibility for Azure can be restricted through the use of Role Based Access Controls.This feature can limit what users have access into and functionality. 8.E8 Y �� C "x i �C, �� "l, �x �'l "X AWS Response: AWS has implemented various methods of external communication to support its customer base and the community. Mechanisms are in place to allow the customer support team to be notified of operational issues that impact the customer experience. A"Service Health Dashboard" is available and maintained by the customer support team to alert customers to any issues that may be of broad impact. The "AWS Security Center" is available to provide you with security and compliance details about AWS. You can also subscribe to AWS Support offerings that include direct communication with the customer support team and proactive alerts tnany customer impacting issues. CA Response: CA Technologies documents a plan and associated procedures in case of an information security incident. The incident response plan clearly articulates the responsibilities of personnel and identifies relevant parties for notification. All security incidents will be investigated and triaged to understand where the vulnerability exists. Software vulnerabilities will be investigated byCAengineering teams; other vulnerabilities will be addressed bythe SaaS Ops team in conjunction with AWS. Affected customers will be notified and given a remediation plan. Clients are notified via email of any security incident that resulted in a data breach for that client promptly and no later than 5 days. A root cause analysis is then sent within 30 days. A meeting to review and discuss can be setup upon request. Microsoft Response: Microsoft Azure Incident Severity Table Microsoft Azure Broad Commercial Cloud Support Incidents Severity Customer's situation Expected Microsoft Response Expected Customer Response Critical business impact: Initial response: 0 Allocation of appropriate • Customer's business has o I hour or less for resources to sustain continuous A significant loss or Professional effort all day, every day degradation of services Direct 0 Accurate contact information on • Needs immediate attention o 2 hours or less for case owner Standard 97 AW,365 of 58 0 Severity A support is only Continuous effort all day, available for the Microsoft every day Azure Standard and the Microsoft Azure Professional Direct support offerings. If you are a Premier customer, please login to your Premier portal to submit your issue. Moderate business impact: Initial response: • Customer's business has o 2 hours or less for moderate loss orProfessional • Allocation of appropriate degradation of services but Direct resources to sustain continuous work can reasonably effort unless customer requests B continue in an impaired o 4 hours or less for to opt-out of 240 manner. Standard . Accurate contact information on • Needs attention within 2 • 240 continuous effort case owner business hours (review unless customer requests note 1) to opt-out • Initial response: Minimum business impact: o 4 hours or less for • Customer's business is Professional substantially functioning Direct C with minor or no o 8 hours or less for Accurate contact information on impediments of services. Standard case owner • Needs attention within 4 o Developer business hours (review (business hours note 1) only; 8 hours or less 1. Business Hours are defined as 6:00 A.M. to 6:00 P.M. Pacific Time, Monday through Friday excluding holidays for North America. Local hours of operation and business hours can be found at http:/Isupport.microsoft.co Microsoft may downgrade the severity level if the customer is not able to provide adequate resources or responses to enable Microsoft to continue with problem resolution efforts. 98 A366 of 580 8.&9 �.......e��mm�� nw�e��e�m��ec��' ��c�� AWS Response: Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the Amazon Web Services (AWS) Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can easily customize the network configuration for your Amazon Virtual Private Cloud. For example, you can create public-facing subnetfor your vvebserversthat has access tnthe Internet, and place your backend systems such as databases or application servers in a private-facing subnetwith no Internet access. You can leverage multiple layers of security, including security groups and network access control lists, to help control access tnAmazon EC2 instances in each subnet. CA Response: Physical access mechanisms (e.g., access cards, biometric devices, mantraps and portals) have been implemented and are administered by local operations staff to help ensure that only authorized individuals have the ability tnaccess the data centers. Portals and mantraps have been installed asanti- tailgating measuresinmnstnfdatacenter |nbbies. Entry tnand exit from the data centers isthrough either portal nrmantrap where present. In data centers without portals nrmantraps, the security officer monitors the entrance to prevent tailgating. Where present,the portal/mantrap bypass doors are only used in the event an individual is unable to use the portal or mantrap in case of emergency. Examples include handicap, phobia, nrother restrictions on a case-by-case basis.Tours and emergency data center security operations crews will be permitted to use the portal bypass door, when necessary. The clatacenters used by CA Technologies annually undergo SOC 3 audits. A copy of the latest SOC 3 report can befound here: http://dU.avvsstatic.cnm/whitepapers/cnmp|iance/snc3_amaznn_vveb_services.pdf Microsoft Response: Azure has several datacenters in the United States and abroad.The security controls of said datacenters are detailed inthe Microsoft Azure CCM document. 99 AW,367 of 58 0 MAO Su U"X So AWS Response: The following whitepapers may prove helpful in your formulation of a response to these questions. Architecting for the Cloud AWS Best Practices Feb 2016 https:llaws.amazon.comZwhitepapersZarchitecting- or-the-aws-cloud-best-practicesz Managing Your AWS Infrastructure at Scale Feb 2015 https:ZZdO.awsstatic.comZwhitepapersZmanaging-yo r-aws-infrastructure-at-scale.pd CA esponse® Only SaaS is provided, network diagram can be provided upon signing NIDA. Microsoft esponse® Please see the response for question 6.7 for details. 8.7 MIGRATION AND REDEPLOYMENT PLAN SHI esponse® The scope and requirements of this RFP are such that it would be impossible to include all of the cloud based offerings that SHI has in its catalog today. We will work to add products and solutions over the course of this contract as new technologies emerge or as customer needs arise. SHI is responding today with offerings from AWS, Microsoft, and CA as well additional service offerings from our partner Ascent Innovations. For this Section each partner has provide a specific response. SHI will work closely with our customers and partners in the event that end of life activities take place. We can help to create a plan to deprovision data/services ahead of time and offer project management around the migration to whatever solution the customer has chosen. 8,7.1 �"'l i r'� tat "I U'1(1"1 P111")t I il Y 0 0....... �7 i {X,,, L h S ........... rt rr P P AWS Response: AWS Customers manage the creation and deletion of their data on AWS, as well as maintain control of access permissions. Customers are responsible for maintaining appropriate data retention policies and procedures. Controls in place limit access to systems and data and provide that access to systems or 100 AW,368 of 580 data is restricted and monitored. In addition, customer data is and server instances are logically isolated from other customers by default. Privileged user access control is reviewed by an independent auditor during the AWS SOC 1, ISO 27001, PCI, and Fed RAMP audits. Refer to the AWS SOC 1 audit report (available under AWS NDA)for more information and validation of the control testing related to access permissions and data deletion for AWS S3 Services. Refer to the AWS PCI Compliance Package (available under AWS NDA)for testing performed to confirm data deletion. Both the AWS SOC 1 audit report and the AWS PCI Compliance Package can be requested at http://aws.amazon.com/compliance/coritact/. CA Response: Agile, APIM, ASM -The customer is responsible for the lifecycle of their data. We will retain and protect all data until it has been deleted from our systems. We can remove data from our systems upon written request from the customer at termination of the contract. MAA-Tenant deprovisioning procedures are followed when customers decide to discontinue the service. As part of deprovisioning, any footprints of tenant's configurations and data is decommissioned. PPM - Upon termination of the service a client's PPM SaaS instance is deprovisioned and all client data is programmatically deleted per the stated data retention policies. Data can be delivered per the response in 8.7.2. All security measures remain in place during this phase.The client retains ownership of all data contained in the service both during the term of contract and after it expires Microsoft esponse® Any service can be deleted via PowerShell or the Azure Management Portal. Any data created via the deleted service will be contained in Azure Storage unless this was deleted along with the service. Any created security policies within the storage container will be maintained. All necessary SLA's are covered in 8.10.2. 8,1.2 AWS Response: SHI will work with the Purchasing Entity to prevent any disruption and suspension in IaaS or PaaS services. If a suspension or retrieval effort is required, SHI will petition AWS and will work in good faith to accommodate expedient reinstatement of services, transfer of services and data, or any combination thereof to prevent data stranding. CA Response: All Terminating clients have the option to receive their data, this option will be discussed during termination process. We can provide an export of the data in XML and JSON formats at the end of the contract. For ASM, this solution is currently not available, due to nature of offering. All request will be handled on a case by case basis. 101 A369 of 580 MAA—This solution is currently not available. PPM -Terminating clients have the following options to receive their data: • API data extractions via HTTPS producing XML formatted flat files. See the user guide XOG Developer Guide for technical details. • Oracle data pump generated file containing all tables with client data. • Oracle data pump generated file of the client's entire CA PPM database schema.This option requires a valid, perpetual CA PPM license. MicrosoftResponse: Please see our response to question 8.11. 8.8 SERVICE OR DATA RECOVERY SHIResponse: The scope and requirements of this RFP are such that it would be impossible to include all of the cloud based offerings that SHI has in its catalog today. We will work to add products and solutions over the course of this contract as new technologies emerge or as customer needs arise. SHI is responding today with offerings from AWS, Microsoft, and CA as well additional service offerings from our partner Ascent Innovations. For this Section each partner has provide a specific response. , . n``,t a to C , 0 .d .r P)¢ AWS Response: Our combined view, SHI and AWS, is that the best way to address downtime and data recovery scenarios is to design redundancy and resiliency from the very start. The AWS platform provides the necessary services, subcategories, and functionality needed to design and build high resilience environments: • Extended downtime and System failure —provision standby storage and compute resources, in applicable legal and geographic jurisdictions, so that outages are quickly averted by powering-up these standby resources. Provide appropriate user designees' the access and ability to power- up these standby resources without needing any external assistance. 102 AX370 of 580 • Loss of data—secure data in redundant locations in compliance with applicable legal and regulatory requirements. Enable full use of AWS' eleven-nines of data durability in each region and availability zone to prevent loss. Recovery objectives, and RPO and RTO goals—help users classify and clarify required recovery objectives and applicable RPO/RTO goals, then offer designs suited to support availability requirements, support ongoing audits to ensure goals are consistently met. CA Response: For Agile and APIM - Disaster to the CA Technologies corporate network in New York will not affect customers' service. Secondary services, such as domain name services will be routed through the secondary CA Technologies network in Illinois. CA has a BCP plan in place to direct its services.The SaaS environment is separate from the CA corporate network and a service specific disaster recovery plan is in place. In the event of downtime we would failover to our warm data center in order to restore access to the application as quickly as possible. This is done according to our Disaster Recovery Plan. We have implemented a physical standby database in both hot/Live site as well as warm/standby sites using Oracle Data Guard with real-time apply to achieve the stated recovery objectives. We enable all of our employees with the ability to be able to work remotely and provide remote network access to ensure business functions can continue. All corporate infrastructure has redundant systems that can be utilized in the event of failure. CA provides an SLA of 99.8%uptime, which can result in unforeseen outages of—1.5 hours per month. In the event of a failure to meet a SLA threshold, customer may be entitled to a number of days of credit. Customer data is isolated within dedicated schemas with nightly backups. The maximum data loss would be the previous 24hrs. Recovery Point Objective (RPO): Maximum data loss: 24 hours Data that is uploaded, but not backed up within the 24 hours may have to be re-entered Recovery Time Objective (RTO): 72 hours ASM - If unable to resolve in a timely manner, all customers will be notified via email to the registered admin. Failover from the primary to DR site may be utilized if the extended amount of time warrants declaration of DR. Customer data is isolated within dedicated schemas with nightly backups.The maximum data loss would be the previous 24hrs. Customers would be notified in advance, and given ample time to retrieve their data manually or via the ASM API. Data is replicated from the primary (production) to secondary(DR) continuously. In the event of catastrophic loss of live data a failover to the DR site would be necessary. Recovery Point Objective (RPO): Maximum data loss: 24 hours Data that is uploaded, but not backed up within the 24 hours may have to be re-entered Recovery Time Objective (RTO): 24 hours MAA—Customers are kept abreast with progress during incidents, including outages. CA utilizes best-of- breed notification system which enables customer contacts to self-subscribe to different types of notifications that they would be interested in. A DR plan has been created should the extended down time result in DR declaration. MAA data is backed up fully daily.The maximum data loss would be the 103 AX371 of 580 previous 24hrs. Customers would be notified in advance, and given ample time to retrieve their data. Using DB clustering technologies, multiple copies of data are maintained helping in recovery of the data. Recovery Point Objective (RPO): Maximum data loss: 24 hours Data that is uploaded, but not backed up within the 24 hours may have to be re-entered Recovery Time Objective (RTO): 72 hours PPM - Hardware/software failure: Because of high availability and redundancy there should be zero loss of data in this scenario, but in rare cases, data may be lost up to the last available recovery point. CA Technologies will use all commercially reasonable efforts to recover from any system failure event as follows: Recovery Point Objective: 24 hours or less Recovery Time Objective: 4 hours Customer data is isolated within dedicated schemas with nightly backups. The maximum data loss would be the previous 24hrs. Disaster to the CA Technologies corporate network in New York will not affect customers' service. Secondary services, such as domain name services will be routed through the secondary CA Technologies network in Illinois. Recovery Point Objective (RPO): Maximum data loss: 24 hours Data that is uploaded, but not backed up within the 24 hours may have to be re-entered Recovery Time Objective (RTO): 72 hours MicrosoftResponse: BCPs have been documented and published for critical Azure services, which provide roles and responsibilities and detailed procedures for recovery and reconstitution of systems to a known state per defined Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO). Plans are reviewed on an annual basis, at a minimum. The BCP team conducts testing of the business continuity and disaster recovery plans for critical services, per the defined testing schedule for different loss scenarios. Each loss scenario is tested at least annually. Issues identified during testing are resolved during the exercises and plans are updated accordingly. 8,8.2. t': AWS Response: The AWS platform enables a lightweight approach to backup and recovery due, in part, to the following characteristics: 104 4k,372 of 580 • Computers are now virtual abstract resources instantiated via code rather than being hardware based. • Capacity is available at incremental cost rather than up-front cost. • Resource provisioning takes place in minutes, lending itself to real-time configuration. • Server images are available on demand, can be maintained by an organization, and can be activated immediately. These characteristics offer customers opportunities to recover deleted or corrupted data with less infrastructure overhead. Protecting Coni r i r Than Servers The Amazon Elastic Compute Cloud (Amazon EC2) service enables the backup and recovery of a standard server, such as a web server or application server, so that customers can focus on protecting their configuration and the state of data rather than the server itself.This set of data is much smaller than the aggregate set of server data, which typically includes various application files, operating system files, temporary files, and so on.This change of approach means that regular nightly incremental or weekly full backups can take far less time and consume less storage space. When a compute instance is started in Amazon EC2, it is based upon an Amazon Machine Image LAMI) and can also connect to existing storage volumes—for example, Amazon Elastic Block Store Amazon EBS . In addition, when launching a new instance, it is possible to pass user data to the instance that can be accessed internally as dynamic configuration parameters. A sample workflow is as follows: • Launch a new instance of a web server, passing it the identity of the web server and any security credentials required for initial setup.The instance is based upon a pre-built AMI that contains the operating system and relevant web server application (e.g., Apache or IIS). • Upon startup, a boot script accesses a designated and secured Amazon Simple Storage Service (Amazon S3) bucket that contains the specified configuration file(s). • The configuration file contains various instructions for setting up the server(e.g.,web server parameters, locations of related servers, additional software to install, and patch updates). • The server executes the specified configuration and is ready for service.An open-source tool for performing this process called cloud-init is already installed on Amazon Linux AMIs and is also available for a number of other Linux distributions. 105 AX373 of 580 71 � t rft {tt� ;7 nt -� )7 i^ . } t `;r� s� fill', ,�l r i it y i�ysf i i t - - � t s t ✓7�s t � i�t ih JI L k ' � � �S� �-� 3 � � - r� r i ��1 il/ 11� } tll -7s r� i x Figure—Traditional Backup Approach U. �uiC, II; I', els Servers ksf if6gs tf6gs F ii i zjl { . s tr i �"N ; t y ' s i ri < itl X;I ....... r E 1 r i 1 rtr t !- 1 l{tr {� f Figure—Amazon EC2 Backup Approach In this case, there is no need to back up the server itself.The relevant configuration is contained in the combination of the AMI and the configuration file(s). So, the only components requiring backup and recovery are the AMI and configuration file(s). Amazon Machine I (AMI) AMIs that customers register are automatically stored in their account using Amazon EBS snapshots. These snapshots reside in Amazon S3 and are highly durable.This means that the underlying storage mechanism for the AMIs is protected from multiple failure scenarios. It is also possible to share AMIs between separate AWS accounts. Consequently, customers can create totally independent copies of the AMI by: • Sharing the original AMI to another specified AWS account controlled by the customer. • Starting a new instance based upon the shared AMI. 106 AX374 of 580 • Creating a new AMI from that running instance. The new AMI is then stored in the second account and is an independent copy of the original AMI. Of course, customers can also create multiple copies of the AMI within the same account. Configuration Files Customers use a variety of version management approaches for configuration files, and they can follow the same regime for the files used to configure their Amazon EC2 instances. For example, a customer could store different versions of configuration files in designated locations and securely control them like any other code.That customer could then back up these code repositories using the appropriate backup cycle (e.g., daily,weekly, monthly) and snapshots to protected locations. Furthermore, customers can use Amazon S3 to store their configuration files, taking advantage of the durability of the service in addition to backing up the files to an alternate location on a regular basis. Database and File Servers Backing up data for database and file servers differs from the web and application layers. In general, database and file servers contain larger amounts of business data (tens of GB to multiple TB) that must be retained and protected at all times. In these cases, customers can leverage efficient data movement techniques such as snapshots to create backups that are fast, reliable, and space efficient. For databases that are built upon RAID sets of Amazon EBS volumes (and have total storage less than 1 TB), an alternative backup approach is to asynchronously replicate data to another database instance built using a single Amazon EBS volume. While the destination Amazon EBS volume will have slower performance, it is not being used for data access and can be easily snapshotted to Amazon S3 using the Amazon EBS snapshot capability. Disaster Recovery The AWS cloud supports many popular DR architectures from "pilot light" environments that are ready to scale up at a moment's notice to "hot standby" environments that enable rapid failover. With data centers in 12 regions around the world (4 in the United States), AWS provides a set of cloud-based DR services that enable rapid recovery of IT infrastructure and data. General Disaster Recovery/COOPy/COOP and Backup Requirements and Issues Some of the minimum needs and requirements in a traditional DR approach are: • Facilities to house additional infrastructure, including power and cooling. • Security to ensure the physical protection of assets. • Suitable capacity to scale the environment. • Support for repairing, replacing, and refreshing the infrastructure. • Contractual agreements with an Internet Service Provider(ISP)to provide Internet connectivity that can sustain bandwidth utilization for the environment under a full load. • Network infrastructure such as firewalls, routers, switches, and load balancers. • Enough server capacity to run all mission-critical services, including storage appliances for the supporting data, and servers to run applications and back-end services such as user authentication, Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP), monitoring, and alerting. 107 4k,375 of 580 AWS Capabilities Solutions With AWS, customers can eliminate the need for additional physical infrastructure, off-site data replication, and upkeep of spare capacity. AWS uses distinct and geographically diverse Availability Zones (AZs)that are engineered to be isolated from failures in other AZs.This innovative and unique AWS feature enables customers to protect applications from the failure of a single location, resulting in significant cost savings and increased agility to change and optimize resources during a DR scenario. AWS offers the following high-level DR capabilities: • Fast Performance: Fast, disk-based storage and retrieval of files. • No Tape: Eliminate costs associated with transporting, storing, and retrieving tape media and associated tape backup software. • Compliance: Minimize downtime to avoid breaching Service Level Agreements (SLAB). • Elasticity: Add any amount of data, quickly. Easily expire and delete without handling media. • Security: Secure and durable cloud DR platform with industry-recognized certifications and audits. • Partners:AWS solution providers and system integration partners to help with deployments. Solution s AWS can enable customers to cost-effectively operate multiple DR strategies. Error! Reference source not found. shows a spectrum of scenarios—"backup & restore," "pilot light," "warm standby," and "multi-site"—arranged by how quickly a system can be available to users after a DR event. AWS Mold Region �.,.�., �., .�.�., ,5, Figure—Spectrum of DR Options. Each DR option is discussed in more detail below: • Backup and Restore: In most traditional environments, data Amazon S3 is designed to is backed up to tape and sent off-site regularly. Recovery provide 99.999999999% time will be the longest using this method, and lack of durability of objects over a given automation leads to increased costs. Using Amazon Simple year.This durability level Storage Service (Amazon S3) is ideal for backup data, as it is correspondsra an average designed to provide 99.999999999%durability of objects annual expected loss of over a given year.Transferring data to and from Amazon S3 0.0000 expect of objects. is typically done via the network, and it is therefore accessible from any location. Also, with AWS Storage Gateway, customers can automatically back up on-premises data to Amazon S3. • Pilot Light for Simple Recovery into AWS Warm Standby Solution:The idea of the pilot light is an analogy that comes from the gas heater. In a gas heater, a small idle flame that's always on can quickly ignite the entire furnace to heat up a house as needed.This scenario is analogous to a backup and restore scenario; however, customers must ensure that they have the most critical core elements of their system already configured and running in AWS(the pilot light). When the 108 AX376 of 580 time comes for recovery, customers would rapidly provision a full-scale production environment around the critical core. • Warm Standby Solution in AWS:The term "warm standby" is used to describe a DR scenario in which a scaled-down version of a fully functional environment is always running in the cloud. It further decreases recovery time because, in this case, some services are always running. By identifying business-critical systems, customers could fully duplicate these systems on AWS and have them always on. • Multi-Site Solution Deployed on AWS and On-Site: A multi-site solution runs in AWS as well as on a customer's existing on-premise infrastructure in an active-active configuration. During a disaster situation, an organization can simply send all traffic to AWS servers, which can scale to handle their full production load. DR Resources There are multiple resources to help organizations start using AWS for a DR/COOP and backup solution: • Read the AWS whitepaper Using AWS for Disaster Recovery • Read the Forrester whitepaper File Storage Costs Less in the Cloud than In-House • Review a sample AWS DR architecture Review more information on AWS DR capabilities and approaches CA Response: For Agile and APIM -CA commits to the following data backup and replication during the Subscription Term: Data Backup: All Customers of the Service offering shall have their data backed up on a daily basis. Backups are securely replicated to an alternate location (within the same geographic location) limiting data loss to no more than 24 hours in the event of a primary data location disaster. • Daily backups are retained for 7 days • Removable media are not used for data or backup storage • Restoration of data may require engagement of CA Professional Services for an additional fee In addition, snapshots of database transactions are taken every hour to a disaster recovery site allowing for emergency disaster recovery with maximum of 1.5 hours of data loss due to catastrophic onsite failure (fire in cage, natural disaster, etc. at data center). Backups are tested monthly and a full disaster recovery process to the offsite application cluster is tested semi-annually. We manage systems through Chef and the configuration cookbooks are backed up. Backups are stored in our warm data center. We have a hot/warm data configuration with both data centers located within the US but 1300 miles apart. ASM - Backups are stored on disk only, sync'd between data centers for DR purposes. Automation tools are used to manage the configuration of ASM internal servers, and can be used for recovery. CA has an alternate site approximately 900 miles from our primary site.ASM has a warm standby with near time data replication between the data centers. 109 AX377 of 580 MAA—Backups are stored on disk only, sync'd between data centers for DR purposes. Automation tools are used to manage the configuration of MAA internal servers, and can be used for recovery. Daily differential and full backups reside in the primacy site with weekly data backups residing offsite.The MAA service is currently available from one data center only. PPM - Nightly backups are stored on disk only. Server images are template based and are rebuilt as needed using automation. CA has an alternate site approximately 900 miles from our primary site. Nightly backups are encrypted and synchronized to the alternate data center via a secure tunnel. While CA PPM SaaS has global data centers, the location where data is stored and recovered to is within region as defined in the PPM SaaS Listing. For US based clients this region in within the US. Microsoft esponse® Azure Backup is efficient over the network and on your disk. Once the initial seeding is complete, only incremental changes are sent at a defined frequency. Built-in features, such as compression, encryption, longer retention, and bandwidth throttling, help boost IT efficiency. Azure Site Recovery protects server backups by automating the replication of the virtual machines based on policies that you set and control. Azure Site Recovery can protect Hyper-V, VMware and physical servers and you can use Azure or your secondary datacenter as your recovery site. Site Recovery coordinates and manages the ongoing replication of data by integrating with existing technologies including System Center and SQL Server AlwaysOn. Azure has several datacenters in the United States and abroad.The customer has the ability to select where their data is stored and how many copies of that data are available. 8.9 DATA PROTECTION SHI esponse® The scope and requirements of this RFP are such that it would be impossible to include all of the cloud based offerings that SHI has in its catalog today. We will work to add products and solutions over the course of this contract as new technologies emerge or as customer needs arise. SHI is responding today with offerings from AWS, Microsoft, and CA as well additional service offerings from our partner Ascent Innovations. For this Section each partner has provide a specific response. SHI understands that data encryption requirements may vary and we will work with customers to classify data and decide if it needs to be encrypted and identify the best solutions. . a1. .� d �,a,,z CJI 1 AWS Response: AWS customers retain control and ownership of their data, and all data stored by AWS on behalf of customers has strong tenant isolation security and control capabilities. Customers should consider the 110 AX378 of 580 sensitivity of their data and decide if and how they will encrypt data while it is in transit and while it is at rest. Securing est There are several options for encrypting data at rest, ranging from completely automated AWS encryption solutions to manual, client-side options. Choosing the right solutions depends on which AWS cloud services are being used and customer requirements for key management. Information on protecting data at rest using encryption can be found in the Protecting Data Using Encryption section of the Amazon Simple Storage Service (Amazon S3) Developer Guide. Additionally, the Securing Data at Rest with Encryption w ite a er provides an overview of the options for encrypting data at rest in AWS cloud services. It describes these options in terms of where encryption keys are stored and how access to those keys is controlled. Both server-side and client-side encryption methods are discussed with examples of how each can be accomplished in various AWS cloud services. Securing in Transit Protecting data in transit when running applications in the cloud involves protecting network traffic between clients and servers and network traffic betwen servers. Services from AWS provide support for both Internet Protocol Security(IPSec) and Secure Sockets Layer/Transport Layer Security(SSL/TLS) for protection of data in transit. IPSec is a protocol that extends the IP protocol stack, often in network infrastructure, and allows applications on upper layers to communicate securely without modification. SSL/TLS, on the other hand, operates at the session layer, and while there are third-party SSL/TLS wrappers, it often requires support at the application layer as well. The AWS Security Best Practices whit aper provides greater detail on how to protect data in transit and at rest in the AWS cloud. CA Response: Agile-All data in transit is encrypted.We support TLS 1+. For data at rest we have both database and disk level encryption. DB encryption utilizes Oracle TDE w/AES-256. APIM -All data is encrypted via TLS Mutual Authentication during transit ASM -All data transmitted between data centers is encrypted in-transit. HTTPS/TLS is used by the ASM dashboard and API. MAA- HTTPS/TLS encrypts the data in-transit. Sensitive data rest is encrypted using native encryption of SQL and NoSQL vendors. PPM -All web traffic is protected by SHA256 bit TLS 1.0, 1.1, or 1.2 encryption and 2048 bit RSA public keys.The CA PPM SaaS application encrypts user session data. CA PPM SaaS email services supports TLS encryption. A111 X379 of 580 MicrosoftResponse: Azure offers security via Azure Active Directory, multifactor authentication, encryption and key management for data in transit and at rest, network security(vpn, acl), antimalware, centralized monitoring and penetration testing for all levels of users (Commercial, Government, Enterprise). . 9 2 ,r .) d' ,p" SHIResponse: Upon award and request from a Purchasing Entity, we agree to review, discuss, and if applicable sign any necessary agreements associated with the purchase of products from this contract. 8.9.3 {X"I X ,z+h art„I .�.a {X AWS Response: As part of the SHI/AWS solution, we will comply with terms in the Master Agreement which means we do not have access to any of the Purchasing Entity users' data. CA Response: CA Technologies hosts all customer data in secure multi-tenant or single tenant arrangements. All customer data is maintained in the strictest privacy according to CA Technologies policies, governance, SSAE 16 regulations. CA policies strictly prohibit the resale, redistribution or use by any third party of any and all customer data. CA Technologies has written data security controls in place at CA Technologies to help ensure that Customer Data is appropriately protected and are applicable to SaaS operations. Customer Data provided to CA Technologies is considered "Highly Confidential Information" under our Data Classification Policy and is afforded the highest level of security at the company. CA Technologies has documented and implemented policies and procedures ("Policies and Procedures") that regulate the processing of Customer Data, including its receipt,transmission, storage, distribution, access and deletion. CA Technologies Policies and Procedures are designed to comply with all applicable laws, rules and regulations in the countries in which it conducts business. CA Technologies maintains a comprehensive set of information security Policies and Procedures that are approved by senior management and are reviewed and updated to remain compliant with the law and current industry practices.These Policies and Procedures include: • Organizational security 112 AX380 of 580 • Physical and environmental security • Communications and connectivity • Change control • Data integrity • Incident response • Privacy • Backup and offsite storage • Vulnerability monitoring • Information classification • Data-handling; and • Security configuration standards for networks, operating systems, applications and desktops Microsoft Response: Customer Data will be used only to provide customer the Online Services including purposes compatible with providing those services. For example, we may use Customer Data to provide a personalized experience, improve service reliability, combat spam or other malware, or improve features and functionality of the Online Services. Microsoft will not use Customer Data or derive information from it for any advertising or similar commercial purposes. "Customer Data" means all data, including all text, sound, video, or image files, and software, that are provided to Microsoft by, or on behalf of, you or your end users through use of the Online Service. Customer Data is not Administrator Data, Payment Data, or Support Data. 8.10 SERVICE LEVEL AGREEMENTS SHI Response: The scope and requirements of this RFP are such that it would be impossible to include all of the cloud based offerings that SHI has in its catalog today. We will work to add products and solutions over the course of this contract as new technologies emerge or as customer needs arise. SHI is responding today with offerings from AWS, Microsoft, and CA as well additional service offerings from our partner Ascent Innovations. For this Section each partner has provide a specific response. Please not that each partner included with this response has specific SLAB associated with their solution and oftentimes are non-negotiable. SHI will work with customers to review and understand the SLAB of the solution that best fits their needs. JO ,��t`ft`(,';" ,)t r) trS,r {aL ,r� r,�u` x`.f S �., �,It„ ,ri"�,� I z�u au L't � ., C'C'r}✓u r .,�J 'R.ir f,Yy . u t ,611UVIJ vu AWS Response: Our IaaS and PaaS service offer is continually updated and improved for compliance, performance, security, usability and generally better service. Purchasing Entities will hold on to negotiated SLAB that require lowered service than the IaaS and PaaS offers would provide over time. 113 AX381 of 580 AWS will give customers 6 months if at any time we decide to alter the SLA. It is important to note that in the past 10 years AWS has not deprecated the SLA but instead has improved it. SHI agrees to proactively look at SLA and notify Purchasing Entities of any changes. CA Response: The target availability SLA of 99.8% is standard and not negotiable. MicrosoftResponse: The SLA's provided are nonnegotiable. Per Microsoft if the SLA is not met, they will offer a service credit based on the month of non-compliance. 8.10,2 0.ti, n` o ". ift J 'J%"""' U U AWS Response: AWS currently provides Service Level Agreements (SLAB)for several products. Due to the rapidly evolving nature of AWS's product offerings, SLAB are best reviewed directly on our website via the links below: • Amazon EC2 SLA: http://aws.amazon.com/ec2-sla/ • Amazon S3 SLA: http://aws.amazon.com/s3-sla • Amazon ClouclFront SLA: http://aws.amazon.com/cloudfront/sla/ • Amazon Route 53 SLA: http://aws.amazon.com/route53/sla/ • Amazon RDS SLA: http://aws.amazon.com/rds-sla/ CA Response: The target availability SLA of 99.8% is standard and not negotiable. 114 AX382 of 580 Microsoft Response: Microsoft Azure Services I Management Services Additional Definitions: "Deployment Minutes"is the total number of minutes that a given API Management instance has been deployed in Microsoft Azure during a billing month. "Maximum Available Minutes"is the sum of all Deployment Minutes across all API Management instances deployed by you in a given Microsoft Azure subscription during a billing month. "Proxy"is the component of the API Management Service responsible for receiving API requests and forwarding them to the configured dependent API. Downtime: The total accumulated Deployment Minutes,across all API Management instances deployed by you in a given Microsoft Azure subscription,during which the API Management Service is unavailable. A minute is considered unavailable for a given API Management instance if all continuous attempts to perform operations through the Proxy throughout the minute result in either an Error Code or do not return a Success Code within five minutes. Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: Maximum Available Minutes-Downtime Maximum Available Minutes x 100 Service Credit for Standard Tier: <99.9% 10% <99% 25% Service Credit for Premium Tier deployments scaled across two or more regions: <99.95% 10% <99% 25% App Service Additional Definitions: "App"is a Web App deployed by Customer within the App Service,excluding web apps in the Free and Shared tiers. "Deployment Minutes"is the total number of minutes that a given App has been set to running in Microsoft Azure during a billing month. Deployment Minutes is measured from when the App was created or the Customer initiated an action that would result in running the App to the time the Customer initiated an action that would result in stopping or deleting the Web App. "Maximum Available Minutes"is the sum of all Deployment Minutes across all Apps deployed by Customer in a given Microsoft Azure subscription during a billing month Downtime: is the total accumulated Deployment Minutes,across all Apps deployed by Customer in a given Microsoft Azure subscription,during which the App is unavailable.A minute is considered unavailable for a given App when there is no connectivity between the App and Microsoft's Internet gateway. Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: Maximum Available Minutes-Downtime Maximum Available Minutes x 100 Service Credit: 115 AX383 of 580 <99.95% 10% <99% 25% Additional Terms: Service Credits are applicable only to fees attributable to your use of Apps and not to fees attributable to other types of apps available through the App Service,which are not covered by this SLA. Application Additional Definitions: "Application Gateway Cloud Service"refers to a collection of one or more Application Gateway instances configured to perform HTTP load balancing services. "Maximum Available Minutes"is the total accumulated minutes during a billing month during which an Application Gateway Cloud Service comprising two or more medium or larger Application Gateway instances has been deployed in a Microsoft Azure subscription. Downtime: is the total accumulated Maximum Available Minutes during a billing month for a given Application Gateway Cloud Service during which the Application Gateway Cloud Service is unavailable. A given minute is considered unavailable if all attempts to connect to the Application Gateway Cloud Service throughout the minute are unsuccessful. Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: Maximum Available Minutes-Downtime Maximum Available Minutes x 100 Service Credit: <99.9% 10% <99% 25% Automation r i Additional Definitions: "Delayed Jobs"is the total number of Jobs,for a given Microsoft Azure subscription,that fail to start within thirty(30)minutes of their Planned Start Times. "Job" means the execution of a Runbook. "Planned Start Time"is a time at which a Job is scheduled to begin executing. "Runbook"means a set of actions specified by you to execute within Microsoft Azure. "Total Jobs"is the total number of Jobs scheduled for execution during a given billing month,for a given Microsoft Azure subscription. Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: Total Jobs—Delayed Jobs X 100 Total Jobs Service Credit: <99.9% 10% <99% 25% Backup Service Additional Definitions: "Backup"or"Back Up"is the process of copying computer data from a registered server to a Backup Vault. 116 4k,384 of 580 "Backup Agent"refers to the software installed on a registered server that enables the registered server to Back Up or Restore one or more Protected Items. "Backup Vault"refers to a container in which you may register one or more Protected Items for Backup. "Deployment Minutes"is the total number of minutes during which a Protected Item has been scheduled for Backup to a Backup Vault. "Failure"means that either the Backup Agent or the Service fails to fully complete a properly configured Backup or Recovery operation due to unavailability of the Backup Service. "Maximum Available Minutes"is the sum of all Deployment Minutes across all Protected Items for a given Microsoft Azure subscription during a billing month. "Protected Item" refers to a collection of data,such as a volume,database,or virtual machine that has been scheduled for Backup to the Backup Service such that it is enumerated as a Protected Item in the Protected Items tab in the Recovery Services section of the Management Portal. "Recovery"or"Restore"is the process of restoring computer data from a Backup Vault to a registered server. Downtime: The total accumulated Deployment Minutes across all Protected Items scheduled for Backup by you in a given Microsoft Azure subscription during which the Backup Service is unavailable for the Protected Item.The Backup Service is considered unavailable for a given Protected Item from the first Failure to Back Up or Restore the Protected Item until the initiation of a successful Backup or Recovery of a Protected Item,provided that retries are continually attempted no less frequently than once every thirty minutes. Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: Maximum Available Minutes-Downtime Maximum Available Minutes x 100 Service Credit: <99.9% 10% <99% 25% Batch Service Additional Definitions: "Average Error Rate"for a billing month is the sum of Error Rates for each hour in the billing month divided by the total number of hours in the billing month. "Error Rate"is the total number of Failed Requests divided by Total Requests during a given one-hour interval. If the Total Requests in a given one-hour interval is zero,the Error Rate for that interval is 0%. "Excluded Requests"are requests within Total Requests that result in an HTTP 4xx status code,other than an HTTP 408 status code. "Failed Requests"is the set of all requests within Total Requests that either return an Error Code or an HTTP 408 status code or fail to return a Success Code within 5 seconds. "Total Requests"is the total number of authenticated REST API requests,other than Excluded Requests,to perform operations against Batch accounts attempted within a one-hour interval within a given Azure subscription during a billing month. Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: 100%-Average Error Rate Service Credit: <99.9% 10% <99% 25% 117 AX385 of 580 BizTalk Services Additional Definitions: "BizTalk Service Environment" refers to a deployment of the BizTalk Services created by you,as represented in the Management Portal,to which you may send runtime message requests. "Deployment Minutes"is the total number of minutes that a given BizTalk Service Environment has been deployed in Microsoft Azure during a billing month. "Maximum Available Minutes"is the sum of all Deployment Minutes across all BizTalk Service Environments deployed by you in a given Microsoft Azure subscription during a billing month. "Monitoring Storage Account"refers to the Azure Storage account used by the BizTalk Services to store monitoring information related to the execution of the BizTalk Services. Downtime: The total accumulated Deployment Minutes,across all BizTalk Service Environments deployed by you in a given Microsoft Azure subscription,during which the BizTalk Service Environment is unavailable.A minute is considered unavailable for a given BizTalk Service Environment when there is no connectivity between your BizTalk Service Environment and Microsoft's Internet gateway. Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: Maximum Available Minutes-Downtime Maximum Available Minutes x 100 Service Credit: <99.9% 10% <99% 25% Service Level Exceptions: The Service Levels and Service Credits are applicable to your use of the Basic,Standard,and Premium tiers of the BizTalk Services. The Developer tier of the Microsoft Azure BizTalk Services is not covered by this SLA. Additional Terms: When submitting a claim,you must ensure that complete monitoring data is maintained within the Monitoring Storage Account and is made available to Microsoft. Cache Services Additional Definitions: "Cache"refers to a deployment of the Cache Service created by you,such that its Cache Endpoints are enumerated in the Cache tab in the Management Portal. "Cache Endpoints" refers to endpoints through which a Cache may be accessed. "Deployment Minutes"is the total number of minutes that a given Cache has been deployed in Microsoft Azure during a billing month. "Maximum Available Minutes"is the sum of all Deployment Minutes across all Caches deployed by you in a given Microsoft Azure subscription during a billing month. Downtime: The total accumulated Deployment Minutes,across all Caches deployed by you in a given Microsoft Azure subscription,during which the Cache is unavailable. A minute is considered unavailable for a given Cache when there is no connectivity throughout the minute between one or more Cache Endpoints associated with the Cache and Microsoft's Internet gateway. Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: Maximum Available Minutes-Downtime Maximum Available Minutes x 100 Service Credit: <99.9% 10% 118 AX386 of 580 <99% 25% Service Level Exceptions: The Service Levels and Service Credits are applicable to your use of the Cache Service,which includes the Azure Managed Cache Service or the Standard tier of the Azure Redis Cache Service. The Basic tier of the Azure Redis Cache Service is not covered by this SLA. CDN Service Downtime To assess Downtime,Microsoft will review data from any commercially reasonable independent measurement system used by you. You must select a set of agents from the measurement system's list of standard agents that are generally available and represent at least five geographically diverse locations in major worldwide metropolitan areas(excluding PR of China). Measurement System tests(frequency of at least one test per hour per agent)will be configured to perform one HTTP GET operation according to the model below: 1. A test file will be placed on your origin(e.g.,Azure Storage account). 2. The GET operation will retrieve the file through the CDN Service,by requesting the object from the appropriate Microsoft Azure domain name hostname. 3. The test file will meet the following criteria: i. The test object will allow caching by including explicit"Cache-control:public" headers,or lack of"Cache-Control: private"header. ii. The test object will be a file at least 50KB in size and no larger than 1MB. iii. Raw data will be trimmed to eliminate any measurements that came from an agent experiencing technical problems during the measurement period. Monthly Uptime Percentage: The percentage of HTTP transactions in which the CDN responds to client requests and delivers the requested content without error.Monthly Uptime Percentage of the CDN Service is calculated as the number of times the object was delivered successfully divided by the total number of requests(after removing erroneous data). Service Credit: <99.9% 10% <99.5% 25% Cloudr i Additional Definitions: "Cloud Services"refers to a set of compute resources utilized for Web and Worker Roles. "Maximum Available Minutes"is the total accumulated minutes during a billing month for all Internet facing roles that have two or more instances deployed in different Update Domains.Maximum Available Minutes is measured from when the Tenant has been deployed and its associated roles have been started resultant from action initiated by you to the time you have initiated an action that would result in stopping or deleting the Tenant. "Tenant"represents one or more roles each consisting of one or more role instances that are deployed in a single package. "Update Domain"refers to a set of Microsoft Azure instances to which platform updates are concurrently applied. "Web Role"is a Cloud Services component run in the Azure execution environment that is customized for web application programming as supported by IIS and ASP.NET. "Worker Role"is a Cloud Services component run in the Azure execution environment that is useful for generalized development,and may perform background processing for a Web Role. Downtime: The total accumulated minutes that are part of Maximum Available Minutes that have no External Connectivity. Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: 119 AX387 of 580 Maximum Available Minutes-Downtime Maximum Available Minutes x 100 Service Credit: <99.95% 10% <99% 25% Data Factory—Activity Additional Definitions: Activity Run means the execution or attempted execution of an activity Delayed Activity Runs is the total number of attempted Activity Runs in which an activity fails to begin executing within four(4) minutes after the time at which it is scheduled for execution and all dependencies that are prerequisite to execution have been satisfied. Total Activity Runs is the total number of Activity Runs attempted during in a billing month for a given Microsoft Azure Subscription. Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: Total Activity Runs—Delayed Activty Runs X 100 Total Activity Runs Service Credit: <99.9% 10% <99% 25% Data Factory—API Calls Additional Definitions: Excluded Requests is the set of requests within Total Requests that result in an HTTP 4xx status code,other than an HTTP 408 status code. Failed Requests is the set of all requests within Total Requests that either return an Error Code or an HTTP 408 status code or otherwise fail to return a Success Code within two minutes. Resources means pipelines,data sets,and linked services created within a Data Factory. Total Requests is the set of all requests,other than Excluded Requests,to perform operations against Resources within active pipelines during a billing month for a given Microsoft Azure subscription. Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: Total Requests—Failed Requests X 100 Total Requests Service Credit: <99.9% 10% <99% 25% 120 AX388 of 580 DocumentDB Additional Definitions: "Average Error Rate"for a billing month is the sum of Error Rates for each hour in the billing month divided by the total number of hours in the billing month. "Database Account"is a DocumentDB account containing one or more databases. "Error Rate"is the total number of Failed Requests divided by Total Requests,across all Resources in a given Azure subscription, during a given one-hour interval.If the Total Requests in a given one-hour interval is zero,the Error Rate for that interval is 0%. "Excluded Requests"are requests within Total Requests that result in an HTTP 4xx status code,other than an HTTP 408 status code. "Failed Requests"is the set of all requests within Total Requests that either return an Error Code or an HTTP 408 status code or fail to return a Success Code within 5 seconds. "Resource"is a set of URI addressable entities associated with a Database Account. . "Total Request"is the set of all requests,other than Excluded Requests,to perform operations issued against Resources attempted within a one-hour interval within a given Azure subscription during a billing month. Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: 100%-Average Error Rate Service Credit: <99.95% 10% <99% 25% ExpressRoute Additional Definitions: "Dedicated Circuit"means a logical representation of connectivity offered through the ExpressRoute Service between your premises and Microsoft Azure through an exchange provider or a network service provider,where such connectivity does not traverse the public Internet. "Maximum Available Minutes"is the total number of minutes that a given Dedicated Circuit is linked to one or more Virtual Networks in Microsoft Azure during a billing month in a given Microsoft Azure subscription. "Virtual Network" refers to a virtual private network that includes a collection of user-defined IP addresses and subnets that form a network boundary within Microsoft Azure. "VPN Gateway"refers to a gateway that facilitates cross-premises connectivity between a Virtual Network and a customer on- premises network. Downtime: The total accumulated minutes during a billing month for a given Microsoft Azure subscription during which the Dedicated Circuit is unavailable. A minute is considered unavailable for a given Dedicated Circuit if all attempts by you within the minute to establish IP-level connectivity to the VPN Gateway associated with the Virtual Network fail for longer than thirty seconds. Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: Maximum Available Minutes-Downtime Maximum Available Minutes x 100 Service Credit: <99.9% 10% <99% 25% 121 AX389 of 580 Additional Terms: Monthly Uptime Percentage and Service Credits are calculated for each Dedicated Circuit used by you. HDInsight Additional Definitions: "Cluster Internet Gateway"means a set of virtual machines within an HDlnsight Cluster that proxy all connectivity requests to the Cluster. "Deployment Minutes"is the total number of minutes that a given HDlnsight Cluster has been deployed in Microsoft Azure. "HDlnsight Cluster"or"Cluster"means a collection of virtual machines running a single instance of the HDlnsight Service. "Maximum Available Minutes"is the sum of all Deployment Minutes across all Clusters deployed by you in a given Microsoft Azure subscription during a billing month. Downtime: The total accumulated Deployment Minutes when the HDlnsight Service is unavailable.A minute is considered unavailable for a given Cluster if all continual attempts within the minute to establish a connection to the Cluster Internet Gateway fail. Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: Maximum Available Minutes-Downtime Maximum Available Minutes x 100 Service Credit: <99.9% 10% <99% 25% Key It Additional Definitions: "Deployment Minutes"is the total number of minutes that a given key vault has been deployed in Microsoft Azure during a billing month. "Excluded Transactions"are transactions for creating,updating,or deleting key vaults,keys,or secrets. "Maximum Available Minutes"is the sum of all Deployment Minutes across all Key Vaults deployed by you in a given Microsoft Azure subscription during a billing month. Downtime: is the total accumulated Deployment Minutes,across all key vaults deployed by Customer in a given Microsoft Azure subscription,during which the key vault is unavailable.A minute is considered unavailable for a given key vault if all continuous attempts to perform transactions,other than Excluded Transactions,on the key vault throughout the minute either return an Error Code or do not result in a Success Code within 5 seconds from Microsoft's receipt of the request. Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: Maximum Available Minutes-Downtime Maximum Available Minutes x 100 Service Credit: <99.9% 10% <99% 25% Machine r i i Service Service Additional Definitions: "Failed Transactions"is the set of all requests within Total Transaction Attempts that return an Error Code. 122 AX390 of 580 "Total Transaction Attempts"is the total number of authenticated REST BES and Management API requests by you during a billing month for a given Microsoft Azure subscription. Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: Total Transaction Attempts—Failed Transactions Total Transaction Attempts x 100 Service Credit: <99.9% 10% <99% 25% Service Level Exceptions: Service Levels and Service Credits are applicable to your use of the Machine Learning BES and Management API Service. The Free Machine Learning tier is not covered by this SLA. Machine ring — Request Responserig Additional Definitions: "Failed Transactions"is the set of all requests within Total Transaction Attempts that return an Error Code. "Total Transaction Attempts"is the total number of authenticated REST RRS and Management API requests by you during a billing month for a given Microsoft Azure subscription. Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: Total Transaction Attempts—Failed Transactions Total Transaction Attempts x 100 Service Credit: <99.95% 10% <99% 25% Service Level Exceptions: Service Levels and Service Credits are applicable to your use of the Machine Learning RRS and Management API Service. The Free Machine Learning tier is not covered by this SLA. Media r is s — Content ProtectionService Additional Definitions: "Failed Transactions"are all Valid Key Requests included in Total Transaction Attempts that result in an Error Code or otherwise do not return a Success Code within 30 seconds after receipt by the Content Protection Service. "Total Transaction Attempts"are all Valid Key Requests made by you during a billing month for a given Azure subscription. "Valid Key Requests"are all requests made to the Content Protection Service for existing content keys in a Customer's Media Service. Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: Total Transaction Attempts—Failed Transactions Total Transaction Attempts x 100 Service Credit: <99.9% 10% <99% 25% 123 AX391 of 580 Media rics — " i ric Additional Definitions: "Encoding"means the processing of media files per subscription as configured in the Media Services Tasks. "Failed Transactions"is the set of all requests within Total Transaction Attempts that do not return a Success Code within 30 seconds from Microsoft's receipt of the request. "Media Service"means an Azure Media Services account,created in the Management Portal,associated with your Microsoft Azure subscription.Each Microsoft Azure subscription may have more than one associated Media Service. "Media Services Task" means an individual operation of media processing work as configured by you. Media processing operations involve encoding and converting media files. "Total Transaction Attempts"is the total number of authenticated REST API requests with respect to a Media Service made by you during a billing month for a subscription. Total Transaction Attempts does not include REST API requests that return an Error Code that are continuously repeated within a five-minute window after the first Error Code is received. Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: Total Transaction Attempts—Failed Transactions Total Transaction Attempts x 100 Service Credit: <99.9% 10% <99% 25% Media rics — I r Service Additional Definitions: "Encoding Reserved Unit"means encoding reserved units purchased by the customer in an Azure Media Services account "Failed Transactions"is the set of Indexer Tasks within Total Transaction Attempts that either,a)do not complete within a time period that is 3 times the duration of the input file,or b)do not start processing within 5 minutes of the time that an Encoding Reserved Unit becomes available for use by the Indexer Task. "Indexer Task"means a Media Services Task that is configured to index an MP3 input file with a minimum five-minute duration. "Total Transaction Attempts"is the total number of Indexer Tasks attempted to be executed using an available Encoding Reserved Unit by Customer during a billing month for a subscription. Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: Total Transaction Attempts—Failed Transactions Total Transaction Attempts x 100 Service Credit: <99.9% 10% <99% 25% Media r i s _ Live Channels Additional Definitions: "Channel"means an end point within a Media Service that is configured to receive media data. "Deployment Minutes"is the total number of minutes that a given Channel has been purchased and allocated to a Media Service and is in a running state during a billing month. "Maximum Available Minutes"is the sum of all Deployment Minutes across all Channels purchased and allocated to a Media Service during a billing month. "Media Service"means an Azure Media Services account,created in the Management Portal,associated with your Microsoft Azure subscription.Each Microsoft Azure subscription may have more than one associated Media Service. 124 AX392 of 580 Downtime: The total accumulated Deployment Minutes when the Live Channels Service is unavailable.A minute is considered unavailable for a given Channel if the Channel has no External Connectivity during the minute. Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: Maximum Available Minutes-Downtime Maximum Available Minutes x 100 Service Credit: <99.9% 10% <99% 25% Media r i s — Streaming Service Additional Definitions: "Deployment Minutes"is the total number of minutes that a given Streaming Unit has been purchased and allocated to a Media Service during a billing month. "Maximum Available Minutes"is the sum of all Deployment Minutes across all Streaming Units purchased and allocated to a Media Service during a billing month. "Media Service"means an Azure Media Services account,created in the Management Portal,associated with your Microsoft Azure subscription.Each Microsoft Azure subscription may have more than one associated Media Service. "Media Service Request"means a request issued to your Media Service. "Streaming Unit"means a unit of reserved egress capacity purchased by you for a Media Service. "Valid Media Services Requests"are all qualifying Media Service Requests for existing media content in a customer's Azure Storage account associated with its Media Service when at least one Streaming Unit has been purchased and allocated to that Media Service. Valid Media Services Requests do not include Media Service Requests for which total throughput exceeds 80% of the Allocated Bandwidth. Downtime: The total accumulated Deployment Minutes when the Streaming Service is unavailable.A minute is considered unavailable for a given Streaming Unit if all continuous Valid Media Service Requests made to the Streaming Unit throughout the minute result in an Error Code. Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: Total Transaction Attempts—Failed Transactions Total Transaction Attempts x 100 Service Credit: <99.9% 10% <99% 25% Mobile t Additional Definitions: "Average Error Rate"for a billing month is the sum of Error Rates for each hour in the billing month divided by the total number of hours in the billing month. "Error Rate"is the total number of Failed Requests divided by Total Requests during a given one-hour interval. If the Total Requests in a given one-hour interval is zero,the Error Rate for that interval is 0%. "Excluded Requests"is the set of REST API requests that result in an HTTP 4xx status code,other than an HTTP 408 status code. "Failed Requests"is the set of all requests within Total Requests that either return an Error Code or an HTTP 408 status code or fail to return a Success Code within 30 seconds. "Mobile Engagement Application"is an Azure Mobile Engagement service instance. 125 Ak),393 of 580 "Total Requests"is the total number of authenticated REST API requests,other than Excluded Requests,made to Mobile Engagement Applications within a given Azure subscription during a billing month. Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: 100%—Average Error Rate Service Credit: <99.95% 10% <99% 25% The Free Mobile Engagement tier is not covered by this SLA. Mobile rics Additional Definitions: "Failed Transactions"include any API calls included in Total Transaction Attempts that result in either an Error Code or do not return a Success Code. "Total Transaction Attempts"are the total accumulated API calls made to the Azure Mobile Services during a billing month for a given Microsoft Azure subscription for which the Azure Mobile Services are running. Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: Total Transaction Attempts—Failed Transactions Total Transaction Attempts x 100 Service Credit: <99.9% 10% <99% 25% Service Level Exceptions: The Service Levels and Service Credits are applicable to your use of the Standard and Premium Mobile Services tiers. The Free Mobile Services tier is not covered by this SLA. Multi-Factor Authentication Service Additional Definitions: "Deployment Minutes"is the total number of minutes that a given Multi-Factor Authentication provider has been deployed in Microsoft Azure during a billing month. "Maximum Available Minutes"is the sum of all Deployment Minutes across all Multi-Factor Authentication providers deployed by you in a given Microsoft Azure subscription during a billing month. Downtime: The total accumulated Deployment Minutes,across all Multi-Factor Authentication providers deployed by you in a given Microsoft Azure subscription,during which the Multi-Factor Authentication Service is unable to receive or process authentication requests for the Multi-Factor Authentication provider. Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: Maximum Available Minutes-Downtime Maximum Available Minutes x 100 Service Credit: <99.9% 10% 126 AX394 of 580 <99% 25% Operational I sr is Additional Definitions: "Batch"means a group of Log Data entries that are either uploaded to the Operational Insights Service or read from storage by the Operational Insights Service within a given period of time. Batches queued for indexing are displayed in the usage section of the Management Portal. "Log Data"refers to information regarding a supported event,such as IIS and Windows events,that is logged by a computer and for which the Operational Insights Service has been configured to be processed by the Service index. "Delayed Batches"is the total number of Batches within Total Queued Batches that fail to complete indexing within six hours of the Batch being queued. "Total Queued Batches"is the total number of Batches queued for indexing by the Operational Insights Service during a given billing month. Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: Total Queued Batches—Delayed Batches Total Queued Batches x 100 Service Credit: <99.9% 10% <99% 25% RemoteApp Additional Definitions: "Application"means a software application that is configured for streaming to a device using the RemoteApp Service. "Maximum Available Minutes"is the sum of all User Application Minutes across all Users granted access to one or more Applications in a given Azure subscription during a billing month. "User"means a specific user account that is able to stream an Application using the RemoteApp Service,as enumerated in the Management Portal. "User Application Minutes"is the total number of minutes in a billing month during which you have granted a User access to an Application. Downtime: The total accumulated User Minutes during which the RemoteApp Service is unavailable. A minute is considered unavailable for a given User when the User is unable to establish connectivity to an Application. Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: Maximum Available Minutes-Downtime Maximum Available Minutes x 100 Service Credit: <99.9% 10% <99% 25% Service Level Exceptions: The Service Levels and Service Credits are applicable to your use of the RemoteApp Service. The RemoteApp free trial is not covered by this SLA. 127 AX395 of 580 Scheduler Additional Definitions: "Maximum Available Minutes"is the total number of minutes in a billing month. "Planned Execution Time"is a time at which a Scheduled Job is scheduled to begin executing. "Scheduled Job"means an action specified by you to execute within Microsoft Azure according to a specified schedule. Downtime: The total accumulated minutes in a billing month during which one or more of your Scheduled Jobs is in a state of delayed execution.A given Scheduled Job is in a state of delayed execution if it has not begun executing after a Planned Execution Time,provided that such delayed execution time shall not be considered Downtime if the Scheduled Job begins executing within thirty(30)minutes after a Planned Execution Time. Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: Maximum Available Minutes-Downtime Maximum Available Minutes x 100 Service Credit: <99.9% 10% <99% 25% Search Additional Definitions: "Average Error Rate"for a billing month is the sum of Error Rates for each hour in the billing month divided by the total number of hours in the billing month. "Error Rate"is the total number of Failed Requests divided by Total Requests,across all Search Service Instances in a given Azure subscription,during a given one-hour interval.If the Total Requests in a one-hour interval is zero,the Error Rate for that interval is 0%. "Excluded Requests"are all requests that are throttled due to exhaustion of resources allocated for a Search Service Instance, as indicated by an HTTP 503 status code and a response header indicating the request was throttled. "Failed Requests"is the set of all requests within Total Requests that fail to return either a Success Code or HTTP 4xx response. "Replica"is a copy of a search index within a Search Service Instance. "Search Service Instance"is an Azure Search service instance containing one or more search indexes. "Total Requests"is the set of(i)all requests to update a Search Service Instance having three or more Replicas,plus(ii)all requests to query a Search Service Instance having two or more Replicas,other than Excluded Requests,within a one-hour interval within a given Azure subscription during a billing month. Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: 100%—Average Error Rate Service Credit: <99.9% 10% <99% 25% Service Level Exceptions: The Free Search tier is not covered by this SLA. Service-Bus Service Additional Definitions: "Deployment Minutes"is the total number of minutes that a given Event Hub has been deployed in Microsoft Azure during a billing month. 128 AX396 of 580 "Maximum Available Minutes"is the sum of all Deployment Minutes across all Event Hubs deployed by you in a given Microsoft Azure subscription under the Basic or Standard Event Hubs tiers during a billing month. "Message"refers to any user-defined content sent or received through Service Bus Relays,Queues,Topics,or Notification Hubs,using any protocol supported by Service Bus. Downtime: The total accumulated Deployment Minutes,across all Event Hubs deployed by you in a given Microsoft Azure subscription under the Basic or Standard Event Hubs tiers,during which the Event Hub is unavailable. A minute is considered unavailable for a given Event Hub if all continuous attempts to send or receive Messages or perform other operations on the Event Hub throughout the minute either return an Error Code or do not result in a Success Code within five minutes. Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: Maximum Available Minutes-Downtime X 100 Maximum Available Minutes Service Credit: <99.9% 10% <99% 25% Service Level Exceptions: The Service Levels and Service Credits are applicable to your use of the Basic and Standard Event Hubs tiers. The Free Event Hubs tier is not covered by this SLA. Service-Bus r i _ Notification Additional Definitions: "Deployment Minutes"is the total number of minutes that a given Notification Hub has been deployed in Microsoft Azure during a billing month. "Maximum Available Minutes"is the sum of all Deployment Minutes across all Notification Hubs deployed by you in a given Microsoft Azure subscription under the Basic or Standard Notification Hubs tiers during a billing month. Downtime: The total accumulated Deployment Minutes,across all Notification Hubs deployed by you in a given Microsoft Azure subscription under the Basic or Standard Notification Hubs tiers,during which the Notification Hub is unavailable. A minute is considered unavailable for a given Notification Hub if all continuous attempts to send notifications or perform registration management operations with respect to the Notification Hub throughout the minute either return an Error Code or do not result in a Success Code within five minutes. Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: Maximum Available Minutes-Downtime Maximum Available Minutes x 100 Service Credit: <99.9% 10% <99% 25% Service Level Exceptions: The Service Levels and Service Credits are applicable to your use of the Basic and Standard Notification Hubs tiers. The Free Notification Hubs tier is not covered by this SLA. 129 AX397 of 580 Service-Bus Service — Queues and Topics Additional Definitions: "Deployment Minutes"is the total number of minutes that a given Queue or Topic has been deployed in Microsoft Azure during a billing month. "Maximum Available Minutes"is the sum of all Deployment Minutes across all Queues and Topics deployed by you in a given Microsoft Azure subscription during a billing month. "Message" refers to any user-defined content sent or received through Service Bus Relays,Queues,Topics,or Notification Hubs,using any protocol supported by Service Bus. Downtime: The total accumulated Deployment Minutes,across all Queues and Topics deployed by you in a given Microsoft Azure subscription,during which the Queue or Topic is unavailable.A minute is considered unavailable for a given Queue or Topic if all continuous attempts to send or receive Messages or perform other operations on the Queue or Topic throughout the minute either return an Error Code or do not result in a Success Code within five minutes. Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: Maximum Available Minutes-Downtime Maximum Available Minutes x 100 Service Credit: <99.9% 10% <99% 25% Service-Bus Service — Relays Additional Definitions: "Deployment Minutes"is the total number of minutes that a given Relay has been deployed in Microsoft Azure during a billing month. "Maximum Available Minutes"is the sum of all Deployment Minutes across all Relays deployed by you in a given Microsoft Azure subscription during a billing month. Downtime: The total accumulated Deployment Minutes,across all Relays deployed by you in a given Microsoft Azure subscription,during which the Relay is unavailable.A minute is considered unavailable for a given Relay if all continuous attempts to establish a connection to the Relay throughout the minute either return an Error Code or do not result in a Success Code within five minutes. Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: Maximum Available Minutes-Downtime Maximum Available Minutes x 100 Service Credit: <99.9% 10% <99% 25% Site r Service _ On-Premises-to-Azur Additional Definitions: "Failover"is the process of transferring control,either simulated or actual,of a Protected Instance from a primary site to a secondary site. "On-Premises-to-Azure Failover"is the Failover of a Protected Instance from a non-Azure primary site to an Azure secondary site. You may designate a particular Azure datacenter as a secondary site,provided that if Failover to the designated datacenter is not possible,Microsoft may replicate to a different datacenter in the same region. 130 AX398 of 580 "Protected Instance"refers to a virtual or physical machine configured for replication by the Site Recovery Service from a primary site to a secondary site. Protected Instances are enumerated in the Protected Items tab in the Recovery Services section of the Management Portal. "Recovery Time Objective(RTO)" means the period of time beginning when you initiate a Failover of a Protected Instance experiencing either a planned or unplanned outage for On-Premises-to-Azure replication to the time when the Protected Instance is running as a virtual machine in Microsoft Azure,excluding any time associated with manual action or the execution of your scripts. Monthly Recovery Time Objective: The Monthly Recovery Time Objective for a specific Protected Instance configured for On- Premises-to-Azure replication in a given billing month is four hours for an unencrypted Protected Instance and six hours for an encrypted Protected Instance. One hour will be added to the monthly Recovery Time Objective for each additional 25GB over the initial 100GB Protected Instance size. Service Credit(Assuming Protected Instance of 100GB,or less): Unencrypted >4 hours 100% Encrypted >6 hours 100% Additional Terms: Monthly Recovery Time Objective and Service Credits are calculated for each Protected Instance used by you. Site r Service — On-Premises-to-On-Premises Additional Definitions: "Failover"is the process of transferring control,either simulated or actual,of a Protected Instance from a primary site to a secondary site. "Failover Minutes"is the total number of minutes in a billing month during which a Failover of a Protected Instance configured for On-Premises-to-On-Premises replication has been attempted but not completed. "Maximum Available Minutes"is the total number of minutes that a given Protected Instance has been configured for On- Premises-to-On-Premises replication by the Site Recovery Service during a billing month. "On-Premises-to-On-Premises Failover"is the Failover of a Protected Instance from a non-Azure primary site to a non-Azure secondary site. "Protected Instance"refers to a virtual or physical machine configured for replication by the Site Recovery Service from a primary site to a secondary site. Protected Instances are enumerated in the Protected Items tab in the Recovery Services section of the Management Portal. Downtime: The total accumulated Failover Minutes in which the Failover of a Protected Instance is unsuccessful due to unavailability of the Site Recovery Service,provided that retries are continually attempted no less frequently than once every thirty minutes. Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: Maximum Available Minutes-Downtime Maximum Available Minutes x 100 Service Credit: <99.9% 10% <99% 25% Additional Terms: Monthly Recovery Time Objective and Service Credits are calculated for each Protected Instance used by you. 131 AX399 of 580 SQL Database Service sic, Standard and PremiumTiers) Additional Definitions: "Database"means any Basic,Standard,or Premium Microsoft Azure SQL Database. "Deployment Minutes"is the total number of minutes that a given Basic,Standard,or Premium Database has been deployed in Microsoft Azure during a billing month. "Maximum Available Minutes"is the sum of all Deployment Minutes across all Basic,Standard,and Premium Databases for a given Microsoft Azure subscription during a billing month. Downtime: The total accumulated Deployment Minutes across all Basic,Standard,and Premium Databases deployed by you in a given Microsoft Azure subscription during which the Database is unavailable. A minute is considered unavailable for a given Database if all continuous attempts by you to establish a connection to the Database within the minute fail. Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: Maximum Available Minutes-Downtime X 100 Maximum Available Minutes Service Credit: <99.99% 10% <99% 25% SQL Database Service Business Tiers) Additional Definitions: "Database"means any Web or Business Microsoft Azure SQL Database. "Deployment Minutes"is the total number of minutes that a given Web or Business Database has been deployed in Microsoft Azure during a billing month. "Maximum Available Minutes"is the sum of all Deployment Minutes across all Web and Business Databases for a given Microsoft Azure subscription during a billing month. Downtime: The total accumulated Deployment Minutes across all Web and Business Databases deployed by you in a given Microsoft Azure subscription during which the Database is unavailable. A minute is considered unavailable for a given Database if all continuous attempts by you to establish a connection to the Database within the minute fail. Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: Maximum Available Minutes-Downtime Maximum Available Minutes x 100 Service Credit: <99.9% 10% <99% 25% 132 AX400 of 580 Storage r i Additional Definitions: "Average Error Rate"for a billing month is the sum of Error Rates for each hour in the billing month divided by the total number of hours in the billing month. "Excluded Transactions"are storage transactions that do not count toward either Total Storage Transactions or Failed Storage Transactions. Excluded Transactions include pre-authentication failures;authentication failures;attempted transactions for storage accounts over their prescribed quotas;creation or deletion of containers,tables,or queues;clearing of queues;and copying blobs between storage accounts. "Error Rate"is the total number of Failed Storage Transactions divided by the Total Storage Transactions during a set time interval(currently set at one hour). If the Total Storage Transactions in a given one-hour interval is zero,the error rate for that interval is 0%. "Failed Storage Transactions"is the set of all storage transactions within Total Storage Transactions that are not completed within the Maximum Processing Time associated with their respective transaction type,as specified in the table below. Maximum Processing Time includes only the time spent processing a transaction request within the Storage Service and does not include any time spent transferring the request to or from the Storage Service. PutBlob and GetBlob(includes blocks and pages) Two(2)seconds multiplied by the number of MBs transferred in the Get Valid Page Blob Ranges course of processing the request Copy Blob Ninety(90)seconds(where the source and destination blobs are within the same storage account) PutBlockList Sixty(60)seconds GetBlockList Table Query Ten(10)seconds(to complete processing or return a continuation) List Operations Batch Table Operations Thirty(30)seconds All Single Entity Table Operations Two(2)seconds All other Blob and Message Operations These figures represent maximum processing times.Actual and average times are expected to be much lower. Failed Storage Transactions do not include: 1. Transaction requests that are throttled by the Storage Service due to a failure to obey appropriate back-off principles. 2. Transaction requests having timeouts set lower than the respective Maximum Processing Times specified above. 3. Read transactions requests to RA-GRS Accounts for which you did not attempt to execute the request against Secondary Region associated with the storage account if the request to the Primary Region was not successful. 4. Read transaction requests to RA-GRS Accounts that fail due to Geo-Replication Lag. "Geo Replication Lag"for GRS and RA-GRS Accounts is the time it takes for data stored in the Primary Region of the storage account to replicate to the Secondary Region of the storage account. Because GRS and RA-GRS Accounts are replicated asynchronously to the Secondary Region,data written to the Primary Region of the storage account will not be immediately available in the Secondary Region.You can query the Geo Replication Lag for a storage account,but Microsoft does not provide any guarantees as to the length of any Geo Replication Lag under this SLA. "Geographically Redundant Storage(GRS)Account"is a storage account for which data is replicated synchronously within a Primary Region and then replicated asynchronously to a Secondary Region.You cannot directly read data from or write data to the Secondary Region associated with GRS Accounts. "Locally Redundant Storage(LRS)Account"is a storage account for which data is replicated synchronously only within a Primary Region. "Primary Region"is a geographical region in which data within a storage account is located,as selected by you when creating the storage account.You may execute write requests only against data stored within the Primary Region associated with storage accounts. "Read Access Geographically Redundant Storage(RA-GRS)Account"is a storage account for which data is replicated synchronously within a Primary Region and then replicated asynchronously to a Secondary Region.You can directly read data from,but cannot write data to,the Secondary Region associated with RA-GRS Accounts. "Secondary Region"is a geographical region in which data within a GRS or RA-GRS Account is replicated and stored,as assigned by Microsoft Azure based on the Primary Region associated with the storage account. You cannot specify the Secondary Region associated with storage accounts. 133 ,401 of 580 "Total Storage Transactions"is the set of all storage transactions,other than Excluded Transactions,attempted within a one- hour interval across all storage accounts in the Storage Service in a given subscription. "Zone Redundant Storage(ZRS)Account"is a storage account for which data is replicated across multiple facilities. These facilities may be within the same geographical region or across two geographical regions. Monthly Uptime Percentage: Monthly Uptime Percentage is calculated using the following formula: 100%—Average Error Rate Service Credit—LRS,ZRS,GRS and RA-GRS(write requests)Accounts: <99.9% 10% <99% 25% Service Credit—RA-GRS(read requests)Accounts: <99.99% 10% <99% 25% StorSimple rig Additional Definitions: "Backup"is the process of backing up data stored on a registered StorSimple device to one or more associated cloud storage accounts within Microsoft Azure. "Cloud Tiering"is the process of transferring data from a registered StorSimple device to one or more associated cloud storage accounts within Microsoft Azure. "Deployment Minutes"is the total number of minutes during which a Managed Item has been configured for Backup or Cloud Tiering to a StorSimple storage account in Microsoft Azure. "Failure"means the inability to fully complete a properly configured Backup,Tiering,or Restoring operation due to unavailability of the StorSimple Service. "Managed Item"refers to a volume that has been configured to Backup to the cloud storage accounts using the StorSimple Service. "Maximum Available Minutes"is the sum of all Deployment Minutes across all Managed Items for a given Microsoft Azure subscription during a billing month. "Restoring"is the process of copying data to a registered StorSimple device from its associated cloud storage account(s). Downtime: The total accumulated Deployment Minutes across all Managed Items configured for Backup or Cloud Tiering by you in a given Microsoft Azure subscription during which the StorSimple Service is unavailable for the Managed Item. The StorSimple Service is considered unavailable for a given Managed Item from the first Failure of a Backup,Cloud Tiering,or Restoring operation with respect to the Managed Item until the initiation of a successful Backup,Cloud Tiering,or Restoring operation of the Managed Item,provided that retries are continually attempted no less frequently than once every thirty minutes. Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: Maximum Available Minutes-Downtime Maximum Available Minutes x 100 Service Credit: <99.9% 10% <99% 25% 134 AX402 of 580 Stream I tics —API Calls Additional Definitions: "Total Transaction Attempts"is the total number of authenticated REST API requests to manage a streaming job within the Stream Analytics Service by Customer during a billing month for a given Microsoft Azure subscription. "Failed Transactions"is the set of all requests within Total Transaction Attempts that return an Error Code or otherwise do not return a Success Code within five minutes from Microsoft's receipt of the request. "Monthly Uptime Percentage"for API calls within the Stream Analytics Service is represented by the following formula: Total Transaction Attempts—Failed Transactions Monthly Uptime% = Total Transaction Attempts Service Credit: <99.9% 10% <99% 25% Stream I tics —Jobs Additional Definitions: "Deployment Minutes" is the total number of minutes that a given job has been deployed within the Stream Analytics Service during a billing month. "Maximum Available Minutes"is the sum of all Deployment Minutes across all jobs deployed by Customer in a given Microsoft Azure subscription during a billing month. Downtime is the total accumulated Deployment Minutes, across all jobs deployed by Customer in a given Microsoft Azure subscription, during which the job is unavailable. A minute is considered unavailable for a deployed job if the job is neither processing data nor available to process data throughout the minute. "Monthly Uptime Percentage"for jobs within the Stream Analytics Service is represented by the following formula: Maximum Available Minutes-Downtime Maximum Available Minutes x 100 Service Credit: <99.9% 10% <99% 25% Traffic Manager Service Additional Definitions: "Deployment Minutes"is the total number of minutes that a given Traffic Manager Profile has been deployed in Microsoft Azure during a billing month. "Maximum Available Minutes"is the sum of all Deployment Minutes across all Traffic Manager Profiles deployed by you in a given Microsoft Azure subscription during a billing month. "Traffic Manager Profile"or"Profile"refers to a deployment of the Traffic Manager Service created by you containing a domain name,endpoints,and other configuration settings,as represented in the Management Portal. "Valid DNS Response"means a DNS response,received from at least one of the Traffic Manager Service name server clusters, to a DNS request for the domain name specified for a given Traffic Manager Profile. Downtime: The total accumulated Deployment Minutes,across all Profiles deployed by you in a given Microsoft Azure subscription,during which the Profile is unavailable.A minute is considered unavailable for a given Profile if all continual DNS queries for the DNS name specified in the Profile that are made throughout the minute do not result in a Valid DNS Response within two seconds. 135 AX403 of 580 Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: Maximum Available Minutes-Downtime Maximum Available Minutes x 100 Service Credit: <99.99% 10% <99% 25% Virtual Machines Additional Definitions: "Availability Set"refers to two or more Virtual Machines deployed across different Fault Domains to avoid a single point of failure. "Fault Domain"is a collection of servers that share common resources such as power and network connectivity. "Maximum Available Minutes"is the total accumulated minutes during a billing month for all Internet facing Virtual Machines that have two or more instances deployed in the same Availability Set.Maximum Available Minutes is measured from when at least two Virtual Machines in the same Availability Set have both been started resultant from action initiated by you to the time you have initiated an action that would result in stopping or deleting the Virtual Machines. "Virtual Machine"refers to persistent instance types that can be deployed individually or as part of an Availability Set. Downtime: The total accumulated minutes that are part of Maximum Available Minutes that have no External Connectivity. Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: Maximum Available Minutes-Downtime Maximum Available Minutes x 100 Service Credit: <99.95% 10% <99% 25% VPN Gateway Additional Definitions: "Maximum Available Minutes"is the total accumulated minutes during a billing month which a given VPN Gateway has been deployed in a Microsoft Azure subscription. "Virtual Network" refers to a virtual private network that includes a collection of user-defined IP addresses and subnets that form a network boundary within Microsoft Azure. "VPN Gateway"refers to a gateway that facilitates cross-premises connectivity between a Virtual Network and a customer on- premises network. Downtime: Is the total accumulated VPN Gateway Maximum Available Minutes during which a VPN Gateway is unavailable.A minute is considered unavailable if all attempts to connect to the VPN Gateway within a thirty-second window within the minute are unsuccessful. Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: Maximum Available Minutes-Downtime Maximum Available Minutes x 100 Service Credit: 136 AX404 of 580 <99.9% 10% <99% 25% Visual Studio OnlineitService Additional Definitions: "Build Service"is a feature that allows customers to build their applications in Visual Studio Online. "Maximum Available Minutes"is the total number of minutes for which the paid Build Service has been enabled for a given Microsoft Azure subscription during a billing month. Downtime: The total accumulated minutes for a given Microsoft Azure subscription during which the Build Service is unavailable. A minute is considered unavailable if all continuous HTTP requests to the Build Service to perform operations initiated by you throughout the minute either result in an Error Code or do not return a response. Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: Maximum Available Minutes-Downtime X 100 Maximum Available Minutes Service Credit: <99.9% 10% <99% 25% Visual Studio OnlineiService Additional Definitions: "Load Testing Service"is a feature that allows customers to generate automated tasks to test the performance and scalability of applications. "Maximum Available Minutes"is the total number of minutes for which the paid Load Testing Service has been enabled for a given Microsoft Azure subscription during a billing month. Downtime: The total accumulated minutes for a given Microsoft Azure subscription during which the Load Testing Service is unavailable. A minute is considered unavailable if all continuous HTTP requests to the Load Testing Service to perform operations initiated by you throughout the minute either result in an Error Code or do not return a response. Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: Maximum Available Minutes-Downtime Maximum Available Minutes x 100 Service Credit: <99.9% 10% <99% 25% Visual Studio Online — User Plans Service Additional Definitions: "Build Service"is a feature that allows customers to build their applications in Visual Studio Online. "Deployment Minutes"is the total number of minutes for which a User Plan has been purchased during a billing month. "Load Testing Service"is a feature that allows customers to generate automated tasks to test the performance and scalability of applications. "Maximum Available Minutes"is the sum of all Deployment Minutes across all User Plans for a given Microsoft Azure subscription during a billing month. 137 4k,405 of 580 "User Plan"refers to the set of features and capabilities selected for a user within a Visual Studio Online account in a Customer subscription.User Plan options and the features and capabilities per User Plan are described on the http://www.visualstudio.com website. Downtime: The total accumulated Deployment Minutes,across all User Plans for a given Microsoft Azure subscription,during which the User Plan is unavailable. A minute is considered unavailable for a given User Plan if all continuous HTTP requests to perform operations,other than operations pertaining to the Build Service or the Load Testing Service,throughout the minute either result in an Error Code or do not return a response. Monthly Uptime Percentage: The Monthly Uptime Percentage is calculated using the following formula: Maximum Available Minutes-Downtime Maximum Available Minutes x 100 Service Credit: <99.9% 10% <99% 25% 8.11 DATA DISPOSAL sp,u i) ti�,'tt {,��,� �.�{� ,z�,(.oar ,60',,) ,i {a „I 'l I X SHI Response: SHI has data disposal services available to help customers meet compliance requirements and ensure safety of private data. SHI agrees to work with Purchasing Entities to review all available options related to their request. SResponse: It is important that customers understand some important basics regarding data ownership and management in the cloud shared responsibility model: • Customers continue to own their data. • Customers choose the geographic location(s) in which to store their data—it does not move unless the customer decides to move it. • Customers can download or delete their data whenever they like. • Customers should consider the sensitivity of their data, and decide if and how to encrypt the data while it is in transit and at rest. AWS provides customers with the ability to delete their data. However,AWS customers retain control and ownership of their data, and it is the customer's responsibility to manage their data AWS Storage Device Decommissioning When a storage device has reached the end of its useful life, AWS procedures include a decommissioning process that is designed to prevent customer data from being exposed to unauthorized individuals. AWS uses the techniques detailed in DoD 5220.22-M ("National Industrial Security Program Operating Manual ") or NIST 800-88 ("Guidelines for Media Sanitization") to destroy data as part of the decommissioning process. All decommissioned magnetic storage devices are degaussed and physically destroyed in accordance with industry-standard practices. 138 AX406 of 580 CA Response: Agile-A component of our strategy includes disk encryption for data at rest. This provides an additional safeguard that data is protected in the retirement stage of hardware, but our primary control is to utilize a 3rd party service that certifies destruction according to industry standards. APIM—All Data is held with AWS. Data disposal is outlined in AWS's annual SOC 3 audits. A copy of the latest SOC 3 report can be found here: http://d0.awsstatic.com/whitepapers/compliance/soc3—amazon—web—services.pdf ASM, MAA, and PPM —All electronic media containing CA Technologies or customer sensitive data must be disposed of using approved techniques for proper sanitization. Data storage media is sanitized when hardware breaks, customers ask for sanitization to be performed, or when data storage media leaves data center's premises. Note, customer data is only stored on disk, so there is no process necessary for other media (e.g. USB, CD, and DVD). Secure media sanitization is processed through a vendor provided data destruction program. All CA Technologies staff must ensure that any sensitive data stored on hard disks or other electronic media are properly disposed of using one of the approved techniques: • Overwriting the media using DOD accepted software • Degauss of the media • Physically destroying the media rendering it unusable MicrosoftResponse: Microsoft follows strict standards and specific processes for removing customer data from all systems under our control, overwriting storage resources before reuse, and purging or destroying decommissioned hardware. Customers can retrieve a copy of all customer data at any time and for any reason without any assistance or notification required from Microsoft. Microsoft contractually commits to specific processes when a customer leaves the service or the subscription expires.This includes deleting customer data from all systems under our control. • If you,the customer,terminate your subscription or it expires (except for free trials), Microsoft will store your customer data in a limited-function account for 90 days (the retention period)to give you time to export the data or renew your subscription. During this period, Microsoft provides multiple notices, so you will be amply forewarned of the upcoming deletion of data. • After this 90-day retention period, Microsoft will disable the account and delete all customer data, including any cached or backup copies. For in-scope services and Azure services,that deletion will occur within 90 days of the end of the retention period. (In-scope services are defined in the Data Processing Terms section of our Online Services Terms.) In the multitenant environments of Microsoft enterprise cloud services, we take careful measures to logically separate customer data to help prevent one customer's data from leaking into the data of another customer, as well as to help block any customer from accessing another customer's deleted data. 139 AX407 of 580 When a disk drive used for storage suffers a hardware failure, it is securely erased or destroyed before Microsoft returns it to the manufacturer for replacement or repair. All of the data on the drive is completely overwritten to ensure that the data cannot be recovered by any means. When such devices are decommissioned, they are purged or destroyed according to NIST 800-88 Guidelines for Media Sanitation. 8.12 PERFORMANCE MEASURES AND REPORTING SHI esponse® The scope and requirements of this RFP are such that it would be impossible to include all of the cloud based offerings that SHI has in its catalog today. We will work to add products and solutions over the course of this contract as new technologies emerge or as customer needs arise. SHI is responding today with offerings from AWS, Microsoft, and CA as well additional service offerings from our partner Ascent Innovations. For this Section each partner has provide a specific response. 812.1 ,ip I .a{a AWS Response: SHI's performance and reporting capabilities draw on the repository of metadata retained by AWS' IaaS and PaaS service platform. Although there is currently no direct SLA published for performance and reporting metadata, the metadata is stored in AWS' S3 storage subcategory service which offers eleven- nines of durability. Any missing performance and reporting can be easily reproduced to deliver the desired 99.9%or greater availability. CA Response: Agile- For Rally SaaS Unlimited Edition customers, our goal is to provide 99.9% up-time during each calendar quarter. If in any calendar quarter an up-time of 99.5% is not met and our customers were negatively impacted (for example, were unable to login to Rally), we will provide a service credit equal to one month of fees for use of the Rally Service. APIM, ASM, MAA, and PPM—CA SaaS production environments have an SLA at 99.8% uptime calculated arrear monthly. 1hr response for P1 issues. MicrosoftResponse: Please see the response to 8.10.2 for details. 140 AX408 of 580 8^112 � 4 �� AWS Response: Our support and service detailed above apply to Performance and Reporting: * Quality assurance measures: o Average contacts tnresolution o Average response time Escalation plan: * Dedicated resource escalates to SE immediately upon receipt nfcase, ifrequested by user, or if SLA ismissed. * Support Engineer (SE) resource escalates tn Sr. Support Engineer immediately upon receipt of case, ifrequested byuser, nrifsecond SLA ismissed. * Sr. Support Engineer escalates tnAWS engineering ifSLA ismissed. * Dedicated resource and highest Engineer resources is engaged on the case until completed and closed bythe user. SLA=<12hour response time CA Response: Agile—See response for O.12.1 AP|M, ASM, MAA, and PPM— Uptime SLA target is99.O% CA runs test scripts using application monitoring tools on the Production system to verify that the CA SaaS service is available.Test scripts are run approximately once every ten (10) minutes, twenty-four (24) hours per day, seven days per week, throughout the contracted term of the service. Microsoft Response: Please see the response tnO.4.1for details. 8A73 ........... U�� AWS Response: Our contact mediums for Performance and Reporting are: * Email tnsupport hunt-group * Phone tndesignated contact representative Escalation plan: * Dedicated resource escalates to SE immediately upon receipt nfcase, if requested by user, or if SLA ismissed. * Support Engineer (SE) resource escalates tn Sr. Support Engineer immediately upon receipt of case, ifrequested byuser, nrifsecond SLA ismissed. * Sr. Support Engineer escalates tnAWS engineering ifSLA ismissed. 141 AP,409 of580 • Dedicated resource and highest Engineer resources is engaged on the case until completed and closed by the user. SLA=<12 hour response time CA Response: CA Support can be engaged by telephone or online via CA Support Online at http://www.support.ca.com. CA Support is available 24x7x365.Technical support will be delivered in accordance with customer preference, and will likely include both telephone and email communications. CA Support Online is available 24 hours per day and allows customers to manage their cases (i.e. log, view, set severity level, update and close cases). CA Support Online also provides various other useful features, for example: a knowledge base search; product and documentation downloads; fixes, service pack and patch downloads; support utilities; automated notifications; access to communities, beta programs; subscriptions for hyper notifications, etc. While working with CA Support engineers on cases, email communications and a remote access capability can also be used to deliver support services. Secure File Transfer Protocol (FTP) and a secure FTP web client allow for the protected transfer of case file attachments to CA Support, with the web client additionally providing case file transfer protection from CA Support. Files are encrypted and stored securely while on CA systems. Optionally unsecure FTP transfers also are supported. MicrosoftResponse: Support is provided by Microsoft at an additional cost. Please see the responses to 8.4.1 and 8.4.2 for details. 8.x.2.4 q �t! {at - ` ,� ,r ,t I , it! .< AWS Response: SHI will automatically escalate missed SLA windows, and will work with Purchasing Entity users to accommodate desired resolution for Performance and Reporting functionality. CA Response: In the event that the Service Level Availability committed decreases below the Threshold for Service Availability Default, Minor or Major, Customer may be entitled to take action as outlined in the contract. MicrosoftResponse: SLA remedies are covered in our response to question 8.10.2. Response times are covered in our response to question 8.4.2 142 APA10 of 580 c .11 812.6 AWS Response: Due to the nature of IaaS and PaaS, SHI and AWS seldom require client action for any updates or maintenance to Performance and Reporting functionality. However,we notify of any planned downtime via email within reasonably adequate timeframes, and respond to client users on a case by case basis to minimize any impact. CA Response: Agile- Regularly scheduled maintenance (planned downtime for upgrades and maintenance)where the customer has been given at least eight(8) hours notice does not count as downtime. Unscheduled maintenance, in which the Rally Service is unavailable and advance notice was not provided to customers, will be counted against the up-time SLA. APIM - Planned downtime is scheduled and customers are notified in advance. ASM -Customers are notified at least two weeks in advance for planned downtime. MAA-Customers are notified at least two weeks in advance for planned downtime. PPM - Maintenance falls into three categories: • Monthly: Monthly maintenance windows are scheduled at least 3 months in advance and occur one Saturday each month. Maintenance windows are scheduled during local non-business hours.There is limited client input over these scheduled windows as infrastructure maintenance performed during these windows may impact multiple or all clients. Security patches and other operating system updates are applied during these windows. A reminder notification will be sent 7-10 days prior to these maintenance windows. • Critical Scheduled: Periodically, a critical scheduled maintenance involving security or system stability may be required. A 72 hour notice will be provided to customers for these activities. In many cases this maintenance activities can be more flexibly timed to meet customer business needs. CA will provide reasonable accommodations to these types of maintenance periods where possible. • Unplanned: Unplanned downtime is any loss of production system availability that does not have at least 72 hours advance notice to clients.These downtimes are generally system fault type issues but can also be proactive, emergency maintenance performed to prevent a system failure from occurring. Notices of service interruption will be sent as soon as the maintenance is scheduled or monitoring has determined a client's system is unavailable; a minimum of 24 hour notice is provided when practical.These types of downtime count against the client's uptime SLA and,therefore, are infrequent. MicrosoftResponse: The procedure would be discussed during the support call as outlined in 8.4.2 143 AX411 of 580 8^12.7 �....��e AWS Response: SH| will automatically escalate missed SLA windows, and will work with Purchasing Entity users to accommodate desired resolution for Performance and Reporting functionality. CA Response: Defined monetary penalties are provided inthe SaaSListing document. Microsoft Response: The financial consequences are detailed inour response O.1U.2. 8.12.8 XmX�U��e��Ie ��. �� me AWS Response: Performance reports are available via the Web, and report metrics are available in 5-minute intervals. CA Response: Agile Real-time and historical system status can be viewed at https://status.ra||ydev.cnm APIM—A report of the Service's measured monthly SLA is available to Customer upon request ASM—Reports can begenerated periodically and adhoc. MAA—Reports are generated periodically and ad hoc. Customers can use their support.ca.com credentials to access private trust site which contains SLA details for the subscribed service PPM—Performance data can be generated and reporting on in a self-service manner within the service. Currently no stock reports are available for this data. Real time system status is available at vvvvvv.trust.ca.cnm Microsoft Response: The financial consequences are detailed inour response O.1U.2. 8^12.9 AWS Response: Usage reports and historical performance data can be viewed via the Web, downloaded as text files, and accessed programmatically via API. 144 AP,412 of580 CA Response: Agile and APIM—Reports are available upon customer request ASM and PPM -Customers are sent monthly SLA reports MAA- Reports are generated periodically and ad hoc. Customers can use their support.ca.com credentials to access private trust site which contains SLA details for the subscribed service Microsoft esponse® This information is not available. 8.12,10 +taw ,ar ,a r".s 3x .�� ,<<ut f�fu fi°b)r , 'i " s�,)t� �' a �,�,� � t�� ,.z �, i ) ,. �P,.� rr AWS Response: On-demand IaaS and PaaS service deployment is supported 24x365. CA Response: N/A. CA only offers SaaS solutions and manages all aspects of the service. Clients do not have direct access to the environment. MicrosoftResponse: Access to the Azure Management Portal for deployment is available 24/7/365 from any device with internet access (Desktop, Laptop, Smartphone, and Tablet). 8. . . 11 U 11(" AWS Response: Scale-up and scale-down of IaaS subcategory compute functionality, commonly known as Autoscaling, is available 24x365 via Web portal, CLI or API. Autoscaling is triggered by performance factors, scripting and applicable as either horizontal or vertical. CA Response: N/A. CA only offers SaaS solutions and manages all aspects of the service; monitoring and capacity planning is included as part of the service. MicrosoftResponse: Elasticity in Azure is available 24/7/365 via the Azure Management Portal. 145 AX413 of 580 8°13 CLOUD SECURITY ALLIANCE � �� S� c��.�.� SH| Response: The scope and requirements of this RFP are such that it would be impossible to include all of the cloud based offerings that SH| has in its catalog today. We will work to add products and solutions over the course of this contract as new technologies emerge or as customer needs arise. SH| is responding today with offerings from AWS, Microsoft, and CA as well additional service offerings from our partner Ascent Innovations. For this Section each partner has provide aspecific response. AWS Response: AWS is compliant with Level 1 CSA STAR Re0istrySe|f'Assessment. Please refer tnAWS' self-assessment found within our Risk and Compliance VVhitepaper, page 2S'61. https://dO.awsstatic.comZwhitepapersZcomplianceZ WS Risk and Compliance Whitepa df.This is the latest[A|{l(v3) released by the CSA. Per the CSA definitions, AWS aligns with Level 2 via the determinations in our third party audits for SOC and ISO: * Level 2Attestation iobased onSOC2, which can berequested under NIDA http://aws.amazon.com/compliance/contact/The SOC 2 report audit attests that AWS has been validated by third party auditor to confirm that AWS' control objectives are appropriately designed and operating effectively. * Level 2Certification iobased onISO 27001:200S—the AWS ISO 27001:200Scertification io available onour website: http://d0.avvootaticcom/certifications/ioo_27001_g|oba|_cert�ication.pdf AUnfthe AVVSself-assessed assertions vvithinthe CSA STAR Re0istrySelf-Assessment arebackedby independent, third party audits across multiple compliance programs.We continue to assert we raise the bar nnCSA's ^attestatinn^ and "certification" program. CA Response: We have not performed a CSA assessment, however, CA has completed the CCM and CAIQ as part of Exhibit 1and Exhibit 2nfthis response. Microsoft Response: Please see Microsoft Azure CCM document for details nnCSA compliance. 146 AW,414 of 58 0 8°14 SERVICE PROVISIONING &t4'1 �� Vi"'U, i Vil t �� SH| Response: Should an emergency arise, each Purchasing Entity has access to a dedicated account team that will assist the customer to understand the emergency and assist in getting the best possible solution in a timely manner. AWS Response: SH|'s |aaS and PaaS users will self-service their needs for implementation, and escalate to SH| for any issues. In response to escalations, SH| handles requests for |aaSand PaaS implementation with the same service SL4sdescribed above. Depending nnthe extent nfthe implementation required, SH| will engage internal resources, AWS nrother qualified subcontractors to meet the desired timeline. CA Response: Standard lead times for requests can bewaived for requests that have critical business need such as data recovery effort. Microsoft Response: The customer has complete access to a majority of the features via the Azure Management Portal. For any additional features not covered the customer will work with the SHI Account Management Team and nrMicrosoft Account Team tnexpedite implementation requests. 8,14.7 1 I 111�111e11", ��"U��e��xe��mm��/��. AWS Response: We help clients implement against any desired timelines with best'effnrtapprnach, and regularly see implementations requiring 2-6 week lead times for provisioning depending on complexity. CA Response: Services do not generally require client action for provisioning. General Service catalog requests, such as adata refresh, have astandard 4O hour lead time. Microsoft Response: The timeframe for provisioning of all services varies on the speed of the customers ISP and overall network access. 147 AW,415 of 58 0 8°15 BACK UP AND DISASTER PLAN 8.15'2 V "I �x,� AWS Response: Please see response tnO.1S3. CA Response: Agile and AP|M The customer isresponsible for the lifecycle nftheir data. We will retain all data until it has been deleted from our systems. We can remove data from our systems upon written request from the customer attermination nfthe contract. ASM—Nntavai|ab|e MAA—Nntavai|ab|e PPM Data and configurations can be retained indefinitely upon notification of a hold Microsoft Response: Azure Backup offers retention periods that are scheduled within the Azure Management Portal.The retention can bescheduled for uptn99years. �� mmm�' ��mm��. AWS Response: Amazon's infrastructure has a high level nfavailability and provides customers the features to deploy resilient IT architecture. AWS has designed its systems tntolerate system nrhardware failures with minimal customer impact. Data center Business Continuity Management atAWS is under the direction nfthe Amazon Infrastructure Group. Availability Data centers are built in dusters in various global regions. All data centers are online and serving customers; no data center is "cold." In case of failure, automated processes move customer data traffic away from the affected area. Core applications are deployed in an N+1 configuration, so that in the event of a data center failure, there is sufficient capacity to enable traffic to be load-balanced to the remaining sites. AWS provides you with the flexibility tn place instances and store data within multiple geographic regions aswell as across multiple availability zones within each region. Each availability zone is designed as an independent failure zone.This means that availability zones are physically separated within a typical metropolitan region and are located in |nvver risk flood plains (specific flood zone categorization varies by Region). In addition to discrete uninterruptab|e power supply(UPS) and onsite backup 148 4k,416 of 58 0 generation facilities, they are each fed via different grids from independent utilities to further reduce single points of failure. Availability zones are all redundantly connected to multiple tier-1 transit providers. You should architect your AWS usage to take advantage of multiple regions and availability zones. Distributing applications across multiple availability zones provides the ability to remain resilient in the face of most failure modes, including natural disasters or system failures. Fault-Tolerant Design Amazon's infrastructure has a high level of availability and provides you with the capability to deploy a resilient IT architecture. AWS has designed its systems to tolerate system or hardware failures with minimal customer impact. Data centers are built in clusters in various global regions. All data centers are online and serving customers; no data center is "cold." In case of failure, automated processes move customer data traffic away from the affected area. Core applications are deployed in an N+1 configuration, so that in the event of a data center failure, there is sufficient capacity to enable traffic to be load-balanced to the remaining sites. AWS provides you with the flexibility to place instances and store data within multiple geographic regions as well as across multiple availability zones within each region. Each availability zone is designed as an independent failure zone.This means that availability zones are physically separated within a typical metropolitan region and are located in lower risk flood plains (specific flood zone categorization varies by region). In addition to utilizing discrete uninterruptable power supply (UPS) and onsite backup generators,they are each fed via different grids from independent utilities to further reduce single points of failure. Availability zones are all redundantly connected to multiple tier-1 transit providers. You should architect your AWS usage to take advantage of multiple regions and availability zones. Distributing applications across multiple availability zones provides the ability to remain resilient in the face of most failure scenarios, including natural disasters or system failures. However, you should be aware of location-dependent privacy and compliance requirements, such as the EU Data Privacy Directive. Data is not replicated between regions unless proactively done so by the customer,thus allowing customers with these types of data placement and privacy requirements the ability to establish compliant environments. It should be noted that all communications between regions is across public Internet infrastructure; therefore, appropriate encryption methods should be used to protect sensitive data. As of this writing, there are twelve regions: US East (Northern Virginia), US West (Oregon), US West (Northern California), AWS GovCloud (US), EU (Ireland), EU (Frankfurt), Asia Pacific (Singapore), Asia Pacific (Tokyo), Asia Pacific (Sydney), Asia Pacific (Seoul), South America (Sao Paulo), and China (Beijing). AWS GovCloud (US) is an isolated AWS Region designed to allow US government agencies and customers to move workloads into the cloud by helping them meet certain regulatory and compliance requirements.The AWS GovCloud (US)framework allows US government agencies and their contractors to comply with U.S. International Traffic in Arms Regulations (ITAR) regulations as well as the Federal Risk and Authorization Management Program (Fed RAMP) requirements. AWS GovCloud (US) has received an Agency Authorization to Operate (ATO)from the US Department of Health and Human 149 AX417 of 580 Services (HHS) utilizing a FedRAMP accredited Third Party Assessment Organization (3PAO)for several AWS services. The AWS GovCloud (US) Region provides the same fault-tolerant design as other regions,with two Availability Zones. In addition, the AWS GovCloud (US) region is a mandatory AWS Virtual Private Cloud (VPC) service by default to create an isolated portion of the AWS cloud and launch Amazon EC2 instances that have private (RFC 1918) addresses. More information about GovCloud is available on the AWS website: ttp://aws.amazon.com/govcloud-_usl CA Response: CA Agile Central (Formerly Rally) - None-our DR plan is tested at a minimum semi-annually. CA APIM - DR is provided only in a single geography at this point. Professional Services would need to be engaged to provide multi-geo DR CA ASM— None CA MAA—N/A CA PPM - Risk of up to 24 hours of data loss MicrosoftResponse: Any potential issues are on a case by case basis. Solutions to any issues are offered via Azure MSDN Forums and Stack Overflow, both are manned by Microsoft MVP's. 8,15A .ar „ r�I I ft X �,( L'+ ">t a�,,,a�a<<r ti a �d fu �.��,�r ti' e�d ,� 'S .,u .r 't'X a .S�„a�zx < AWS Response: See answer to 8.15.3 CA Response: Agile Central (Formerly Rally) -We run a hot/warm data center configuration and have the ability to quickly failover if required. Our data centers are 1300 miles apart to ensure redundancy. We perform full system planned switch over testing at a minimum semi-annually. APIM -AWS datacenters provide redundancy and failover within a single AWS EC2 zone (i.e., a single geographic location). Professional Services would need to be engaged to provide multi-geo DR ASM -ASM core services run in one primary data center, and can fail over to the DR site if there is a catastrophic failure. MAA- MAA service is currently available from one data center only. PPM - Business continuity plans are in place to restore production services from the nightly recovery point. Recovery is accomplished by deploying the service into the alternate data center within 72 hours 150 AX418 of 580 Microsoft esponse® All Azure Datacenters in the United States supports all of the stated features to run large scale applications. The Azure Status Site details each services available throughout all Azure Datacenters globally. 8.16 SOLUTION ADMINISTRATION 1 "ii,i 1 �,)ft` Ffu 7 ,� f.a ti' t ft tt I .,� „?.,t.. {aL ti .,� '_{,� ,� .< AWS Response: Purchasing Entities have full control of user accounts, control over what those accounts can access, and any delegation or federation of such controls. CA Response: Agile and APIM -The customer is responsible for managing the lifecycle of all user accounts ASM and MAA-The Purchasing Entity can manage their account and create sub-accounts within ASM. PPM - User provisioning and authorization is fully self service via the web interface or available API's MicrosoftResponse: Identity and user accounts can be managed via the initial setup portal discussed in 8.19.2, role based access controls, and Azure Active Directory features. A& AWS Response: Purchasing Entities may install any anti-virus software and encrypt its data stores in whatever ways deemed fit for Low, Moderate and High Risk compliance requirements. CA Response: Agile-We have ClamAV installed on all Linux hosts and TrendMicro for Windows hosts. APIM—AWS provides protection/virus scanning for data at rest ASM, MAA, and PPM - Logical security is provided by ClamAV Antivirus. MicrosoftResponse: Azure offers several anti-virus options for their virtual machines. Microsoft, Symantec and TrendMicro are just a few of the offerings available via the Azure Marketplace. If applicable customer may use their existing anti-virus solutions in Azure provided the system requirements are met. 151 AX419 of 580 8A6.3 � 1 1 1 X X 91 AWS Response: Purchasing Entities are the owners of their data, and have full access to migrate data to other Cloud Hosting providers using industry standard techniques. CA Response: Agile VVecan provide anexport nfdata inXML and]SONformats AP|M—Data can be exported to accommodate relocation. A Professional Services engagement will be required. ASM —REST API and raw data export (CSV). MAA— Datacanbeprnvidedupnnrequest. PPM—Self-service API's and defined dump files are available for migration efforts. See the response to OI2for details. Microsoft Response: Customer data stored in Azure can be removed at anytime without assistance from Microsoft for the purposes nfmigrating nrtransferring tn a successor cloud hosting solution provider. 816A AWS Response: SH| can help Purchasing Entities create and manage user hierarchies, linked accounts, ACLsand other topologies so that they can support sophisticated scenarios for segregated access, access to data, visibility to metadata and char0ebackrequirements. CA Response: Agile All administrative settings are configured by Subscription Administrators on a per subscription basis. AP|M—Delegated administration is built into the product ASM—The ASM dashboard is accessible with any modern web browser with Internet access. MAA—Designated Tenant Administrators from customer can administer the service for their user-base from any supported browser. PPM—Assignment of administration rights is self-service.The client can define multiple user accounts to manage the service 152 AWA20 of 58 0 Microsoft Response: Access can beoffered tn participating entities using the information from the responses in 8.16.1 and 8.19.2. 8^16^5 ...� ......... �� c�� mm�� /��. AWS Response: Purchasing Entities can use a number of subcategory services such as SAML, SSO, Active Directory and other technologies tn manage participating entities' access to |aaSand PaaS services. CA Response: Agile Subscription Administrators have the ability to configured subscription settings. APIM—The product allows for a number of areas that can be configured/policies to be created for purposes nfmanaging the solution ASM and MAA—Not applicable PPM—Process flows and service configuration can be partitioned per client defined entity allowing for entity specific management. See PPM SaaS User's Guides for detailed description of this functionality. Microsoft Response: Please see the responses tnquestions O.16.1and O.19.2. 8.17 HOSTING AND PROVISIONING 8.17A Y�mmm��'��c�� e�/��c�'��mm�� AWS Response: The AWS Management Console is single destination for managing all AWS resources, from Amazon Elastic Compute Cloud (&mazon EC21 instances to Amazon DynamoDB tables. Use the AWS Management Console to perform any number of tasks, from deploying new applications to monitoring the health of applications. The AWS Management Console also enables customers to manage all aspects of their AWS account, including accessing monthly spending by service, managing security credentials, nreven setting upnew users.The AWS Management Console supports all AWS regions and lets customers provision resources across multiple regions. Command Line Interface The is a unified tnn| used to manage AWS cloud services. With just one tool to download and configure, customers can control multiple AWS resources from the command 153 AW,421 of 58 0 line and automate them through scripts.The AWS CLI introduces a new set of simple file commands for efficient file transfers to and from Amazon Simple Storage Service (Amazon S3 . Use Existing Management Tools Many of the tools that organizations use to manage on-premises environments can be integrated with AWS as well. Integrating an AWS environment can provide a simpler and quicker path for cloud adoption, because a customer's operations team does not need to learn new tools or develop completely new processes. For example: • AWS Management Portal for vCenter enables customers to manage their AWS resources using VMware vCenter.The portal installs as a vCenter plug-in within the existing vCenter environment. Once installed, it enables customers to migrate VMware VMs to Amazon EC2 and manage AWS resources from within vCenter.The AWS resources that customers create using the portal can be located in their AWS account, even though those resources have been created using vCenter. For experienced VMware administrators, AWS Management Portal for vCenter provides a familiar look and feel that can make it easy to start using AWS. AWS Management Portal for vCenter is available at no additional charge. • The Amazon EC2 VM Import Connector extends the capabilities of VMware vCenter to provide a familiar graphical user interface customers can use to import their preexisting Virtual Machines (VMs)to Amazon EC2. Using the connector, importing a VM is as simple as selecting a VM from the vSphere infrastructure, and specifying the AWS region, Availability Zone, operating system, instance size, security group, and Amazon Virtual Private Cloud (Amazon VPC) details (if desired) into which the VM should be imported. Once the VM has been imported, customers can launch it as an instance from the AWS Management Console and immediately take advantage of all the features of Amazon EC2. AWS Management Pack for Microsoft System Center enables customers to view and monitor their AWS resources directly in the Operations Manager console.This way, customers can use a single, familiar console to monitor all of their resources,whether they are on-premises or in the AWS cloud. You get a consolidated view of all AWS resources across regions and Availability Zones. It also has built-in integration with Amazon CloudWatch so that the metrics and alarms defined in Amazon ClouclWatch surface as performance counters and alerts in the Operations Manager console. Information on AWS Management Pack for Microsoft System Center can be found here CA Response: Agile-All new systems should be provisions according to our baseline standards and we use configuration management tools to ensure all systems are created with the same standards. APIM—CA SaaS Ops has a well-defined Service Introduction and update process, including review boards, staged rollouts and follow-ups to ensure service integrity. Our cloud provisioning stack is tied to AWS EC2 services, and includes S3 and RDS for storage; RHEL instances for the applications; route 53 DNS services; cloud front for monitoring; and ELB for load balancing ASM and MAA—Automation tools are used to install and configure ASM software on CA infrastructure. SOP documents are used by CA internally. PPM—Workstation requirements are documented in release notes. 154 AX422 of 580 Microsoft esponse® Provisioning in Azure can be best accomplished with the use of Azure Resource Managers.There's several advantages that ARM provides over the existing Azure Service Management(ASM)API, including simplifying complex configurations, repeatable deployments via declarative templates, resource tagging, role-based access control (RBAC) and more. 8.x.7.2 gut"' t .....,�,' a ., t...x ni stit7 � t,� �,td,�tt,� t �',t,� ., AWS Response: Please see the response to question 8.17.1 CA Response: Agile-We utilize configuration management tools to ensure consistent configuration across our servers. We have redundant systems for all critical infrastructure and have the ability to add additional storage if deemed necessary. Access to monitoring tools is provisions according to the principle of least privilege and is only granted based upon business need. APIM—Servers are brought up on demand. AWS EC2 storage is elastic, and can be expanded on demand. All SaaS based instances are monitored by CA SaaS Ops. With Hybrid deployments, customers can manage the on premise components of the deployment using their own tooling or CA products. ASM —See response to 8.17.1. Additional storage is added manually. ASM uses Nimsoft Monitor, third- party open source monitoring tools, and ASM itself to monitor the health of ASM internal services and servers. MAA—See Response to 8.17.1. Virtual storage can be added when needed. MAA is monitored internally as well as externally using multiple tools recognized within industry. PPM—Deploying and creating new servers is not applicable. Additional storage space- Dynamically allocated NAS. Monitoring tools is real time availability metrics at www.trust.ca.com MicrosoftResponse: Azure Virtual Machines lets you deploy a wide range of computing solutions in an agile way. Deploy a virtual machine nearly instantly, and pay by the minute. With support for Microsoft Windows, Linux, Microsoft SQL Server, Oracle, IBM, SAP, and Azure BizTalk Services, you can deploy any workload and any language on nearly any operating system. 155 AX423 of 580 Azure Storage provides the flexibility and hyper-scale needed to store and retrieve large amounts of data. Use Azure Blob Storage (Object Storage)to store unstructured data, such as documents and media files. Use Azure Table Storage for structured NoSQL data. Use Azure Queue Storage to reliably store messages.And use SMB-based Azure file Storage for existing or new applications—no code changes are required. You can monitor key performance metrics for your cloud services in the Azure classic portal. You can set the level of monitoring to minimal and verbose for each service role, and can customize the monitoring displays. Verbose monitoring data is stored in a storage account, which you can access outside the portal. Monitoring displays in the Azure classic portal are highly configurable. You can choose the metrics you want to monitor in the metrics list on the Monitor page, and you can choose which metrics to plot in metrics charts on the Monitor page and the dashboard. 8.173 AWS Response: See response to 8.17.1 CA Response: Only SaaS services are provided. Standard, per user subscription rates are provided. MicrosoftResponse: IaaS, PaaS and SaaS based services in Azure have individualized pricing that is available when selecting those services via the Azure Management Portal. 8.18 TRIAL AND TESTING PERIODS (PRE- AND POST- PURCHASE) 8,18.1 {a h ?.J 1 �,tt,�r )fi f6t `�,)! 1 �,tthI AWS Response: A free-tier IaaS service level is offered for clients to try its subcategory services. Services ordered beyond the free-tier are billed at published rates based on consumption. Clients only pay for what they consume and services can quickly be decommissioned to prevent further billing. CA Response: Agile-CA offers its clients a trial period and training can be included as a service. APIM–CA Professional Services and CA Education offer packaged training and service introduction courses that can be tailored to each customers' needs.Typical offerings include: 156 AX424 of 580 A standard five day deployment and training package is available for purchase and includes: • Portal -trains SaaS APIM users (covering CMS content creation; site branding; user creation;API publication; application creation; interactive API documentation creation; and more) • Policy Manager—introduction to the Gateway and policy creation • Quick Start—help with implementing the Portal to reflect the customers' brand and API management initiative (includes tips and techniques on CSS editing; API publication; API security; WADL/Swagger creation, and more) ASM —30-day trial accounts are available at no cost. MAA—Customers can self-subscribe to trial environment to try out the product for free. PPM—No trial periods are available. CA Technologies has a full catalog of web based and instructor lead training for PPM SaaS. MicrosoftResponse: Azure has the capability of both staging and production environments for the services offered. Environments can be created via Azure credits provided through all MSDN subscriptions in addition to the Azure DevTest Labs feature which is now in preview. 8,182 AWS Response: SHI would address any outstanding questions and provide needed documentation, and also work in good faith to assist evaluating entities' verification of service utility on an as-needed basis. CA Response: CA offers trial environment for interested customers to evaluate the product before making a purchase. For paying customers, CA also offers a non-production environment for testing any functionality prior to rolling out to users. MicrosoftResponse: A proof of concept can be provided with the services provided in 8.18.1. Additional services to support a proof of concept would be provided on a case by case basis. 8.18.3 ,a ", aOyi It AWS Response: The support described above is offered at no additional cost. Training offered at no cost consists of a vast online library of CBT, whitepapers, User and Administration guides, as well as online subject matter discussions. 157 AX425 of 580 CA Response: CA Support is CA Technologies standard support maintenance that offers multiple access methods and support services to meet your operational support and business needs, including: • Online support for self-service and case management • 240 telephone support for Severity 1 cases via a single telephone number(by country) • Product release, version and certification updates • Product fixes and alerts for high impact problems and fixes • Troubleshooting • Multi-platform and product integration support • Implementation and upgrade project support • Access to knowledge documents, product compatibility information and documentation • Access to CA Technologies programs such as: Go Live with CA Technologies; CA Communities; CA Beta Programs; CA Green Books; and CA Tech Insider e-newsletters Support is included in the maintenance cost and all Training must be purchased at additional cost. MicrosoftResponse: Value added support and training are offered by Microsoft Virtual Academy, Channel 9 and TechNet Virtual Labs. Microsoft Learning Partners provide in person trainings at facilities nationwide. The Microsoft Ignite Conference also provides this level of training as well. 8.19 INTEGRATION AND CUSTOMIZATION 8,19,1 . . . <a, AWS Response: Our IaaS and PaaS services are fully documented and ready to integrate into third party applications via REST APIs, CLI, and shell scripting. CA Response: Agile-There are various integrations available between the Agile Central and other platforms. All supported integrations can be found here: https://www.rallydev.com/product-feature/rally-platform- integrations-overview. API —The SaaS Portal features a set of public, documented APIs for integration with third parties ASM—ASM has a REST API that can be used to interact with ASM programmatically. Nimsoft Monitor has a plug-in module for integration with ASM. MAA— MAA SDK can be utilized to integrate it with other products. CA Services can be engaged for such implementations. 158 AX426 of 580 PPM—Standard API's are provided for integration development. Additional details are provided in the user documentation. MicrosoftResponse: Azure has connections to over 3000 SaaS based apps covering virtual machines, developer services, API applications, Azure Active Directory application connectors, Web applications, data services and Microsoft Dynamics solutions online via the Azure Marketplace. ,1 � .0 r� r,fit:" +�Pu ,a1 Ft I ``r 71 Ff°"C." . .rpt! .,� n JfuT SResponse: Purchasing Entities can fully customize and personalize our IaaS and PaaS services to support their specific needs via REST APIs, CLI, and shell scripting. CA Response: Agile-We offer a RESTful API that can be used to create integration services not offered. APIM—SaaS Portal offers a number of ways to customize, configure and brand the product to suit each customer's needs ASM —ASM Public Status Pages can be branded. The REST API can be used to develop customized applications. MAA— MAA SDK can be utilized for customizations. Many personalization options are available out of the box. CA Services can be engaged for custom requirements. PPM—CA PPM SaaS is highly configurable to enable client specific processes. Both the UI and workflows can be configured. MicrosoftResponse: To initially administer your Microsoft Azure services under your Enrollment, there are four distinct administrative roles: the Enterprise Administrator,The Department Administrator, the Account Owner and the Service Administrator. Users are required to authenticate using a valid Microsoft Account (LivelD http://signup.live.com) or School or Work Account (Azure-based Active Directory). Please ensure the ID entered is associated with a monitored mailbox as enrollment and account notifications will be sent to this mailbox. The roles complete tasks on three different Microsoft Azure portals.The Enterprise Portal, the Account Portal and the Management Portal. • Enterprise Administrator The Enterprise Administrator has the ability to add or associate Accounts to the Enrollment, can view usage data across all Accounts, can view the monetary commitment balance associated to the Enrollment with pricing data from the partner. There is no limit to the number of Enterprise Administrators on an Enrollment. 159 AX427 of 580 • Account Owner The Account Owner can add Subscriptions for their Account, update the Service Administrator and Co-Administrator for an individual Subscription, view usage data for their Account, and view Account charges if the Enterprise Administrator has provided access. The Account Owner will not have visibility of the monetary commitment balance unless they also have Enterprise Administrator rights. • Service Administrator The Service Administrator and up to nine Co-Administrators per Subscription have the ability to access and manage Subscriptions and development projects within the Azure Management Portal.The Service Administrator does not have access to the Enterprise Portal unless they also have one of the other two roles. 8.20 MARKETING PLAN 1 Kdt„ SHI Response: SHI understands that when implementing this contract, it will be important to communicate with NASPO ValuePoint and with each Participating State to ensure that our messaging to Participating Entities is accurate and timely. We recognize that we will need to understand NASPO ValuePoint's vision for the contract and the unique requirements of each State, and that we will then need to market the benefits of the contract to each eligible agency, city, county, township, school district and higher education institution. In addition, SHI plans to build on the experience we've gained from the NASPO ValuePoint SVAR contract to help make this contract successful for the Participating Entities. SHI has designed a preliminary marketing plan for the contract to ensure maximum participation. We will work with the individual states on appropriate timing, and agree upon appropriate venues for any face-to-face marketing initiatives. SHI's implementation/transition plan for the new contract provides for a smooth and seamless experience for the States included in the NASPO ValuePoint Cloud Solutions agreement, whether we have worked with these States under another NASPO ValuePoint contract or they are new to SHI. SHI's marketing or outreach to all the participating entities on the contracts we hold is a multi-prong approach: • SHI's CRM System has been uploaded with every public entity within each State. Each State's Account Executives establish a relationship with each purchasing agent/buyer and IT administrator within the organization and update our CRM so that we can verify that they have been reached. The SHI Account Executive discusses the contract with them and provides them with contact information, website information, and contract guidelines for working with SHI. SHI's Account Executives are proactive in their approach with our customers and prospects, and they regularly engage in on-site meetings and joint phone calls with our publisher representatives. 160 AX428 of 580 • SHI's Inside Sales Team members walk individual customers through our www.shi.com website where customers can create quotes, purchase items, obtain order status, and generate reports of their purchases. • SHI's marketing team subscribes our new CRM contacts to SHI's monthly newsletter,which contains helpful information on SHI's publishers, new products and promotions, changes to programs, and industry news. • SHI participates in statewide and local vendor events. SHI Account Executives and publisher partners will meet with all available entities and discuss SHI's support plan and our cloud partners' solutions. • SHI works with each State to create timely and meaningful Tech Days for individual state and local entities to attend to learn about new cloud solutions for their IT environments. Each of these elements come together to ensure that SHI is effectively marketing the new Cloud Solutions contract. 8.21 RELATED VALUE-ADDED SERVICES To CLOUD SOLUTIONS e ,0J'`,t„ b)t'.t I ,.(ti°{a C� .a 1� '%? SHI Response: SHI can offer Professional Services towards application development and migration, scale or complex designs and implementations, 24x7x365 helpdesk, Backup and DR, server patching, monitoring and full- service NOC, billing and financing, split billing and chargeback management, optimization management, and other lifecycle services. As part of this response we have included an attachment about Office 365 Jumpstart, which is available from SHI. SHI is also pleased to provide a response from our partner Ascent Innovations. InnovationsAscent Ascent Innovations, is a Microsoft Dynamics certified solution provider for mid to large size companies, government and education organizations. Ascent Innovations was founded as a firm in 2009 with the goal of providing customer-focused enterprise solutions and high quality service. Now, it has a combined staff experience of decades in ERP/CRM/Cloud Azure deployments. Ascent Innovations is a Microsoft Dynamics ERP/CRM/Cloud Azure certified partner, specializing in complex implementations and is fully capable of provisioning for the Microsoft Azure Cloud services to be recommended by our Prime supplier, SHI,lnc. Ascent Innovations is owned and managed by Sohena Hafiz, and being a financially sound and minority- woman owned and growing company, has received five government small business certifications. Certifications provided by the Federal Small Business Administration as an 8(a)firm, the State of Illinois' BEP program, the Cook County WBE/MBE certification, the City of Chicago WBE certification and the WBENC certification. 161 AX429 of 580 The Federal Small Business Administration 8(a) certification, to be utilized as the primary certification, is valid through May of 2023. Thus providing a woman owned/minority owned status that can be utilized by NASPO through the life of the sourcing agreement. Ascent Innovations possesses the expertise and depth as a Microsoft Dynamics ERP/CRM/Azure certified partner, specializing in Dynamics AX, GP, CRM, SQL Server, SharePoint with a focus on Education, Public Sector, Manufacturing, Professional Services customers, with emphasis on Financial Management, Project Accounting, Business Analytics, Supply Chain, Service Management, Fixed Assets and Compliance within a Cloud/Hosted environment. We have demonstrated expertise in building integrations with Dynamics ERP/CRM on Azure platforms with various external systems, to include EDI, RF solutions, Mobile apps, BI tools, Data Integration tools, Inventory/3PL systems, payment gateways, logistics, electronic document management, e-Commerce sites, etc. Additionally, we have enhanced the operations by building reports for staff, managers and executives, using SSRS, MR, SSAS, Role Centers, etc. Ascent Innovations is a certified partner with multiple 3rd party software providers for Microsoft Dynamics products, including BlackLine, Data Masons EDI, RF Smart, Solver B1360, Scribe, M4 AGL, KwikTag, Dynamics Anywhere, eOne Solutions, etc. Ascent i s' Microsoft Cloud/Azurer servicesoffering: Ascent Innovations is able to deploy functional and technical consultants for the Microsoft Cloud/Azure environment. Our capabilities and skills are provided through on-site and/or remotely located for the full suite of Microsoft offerings within the Azure environment. Providing complete deployment services allowing the NASPO customer to make a solution choice and deploy in full production mode. The following are areas Ascent Innovations focuses for its customers: Microsoft Do more, spend less with Microsoft Azure. With the fast pace of innovation constantly accelerating, it's becoming increasingly expensive to keep investing in the latest and greatest IT solutions. At the same time, relying on older solutions while your competitors invest in new ones gives them a leg up on you to anticipate, manage, and respond more quickly to change. You want to focus on running your organization and the bottom line, not your technology infrastructure. With Microsoft Azure, you can build, deploy, and manage applications in the cloud without worrying about the cost of purchasing new server hardware. You can easily scale up or down as needed and gain peace of mind knowing your data is safe, secured and protected by Microsoft-managed datacenters. Enterprise i iSuite Simplify security and stay productive with the Microsoft Enterprise Mobility Suite (EMS). EMS includes Azure Active Directory,Azure Rights Management, Microsoft Intune, and Advanced Threat Analytics to provide organizations with cost-effective, comprehensive security for users, devices, applications, and data. Organizations are struggling to meet the challenges posed by the influx of consumer-oriented technology into the workplace,which is eroding standards-based approach to IT, and by the growing expectation of users to access all of their work resources from any location, on any device and at any time. 162 4k,430 of 580 The Enterprise Mobility Suite (EMS) is designed to help organizations meet these challenges by providing a people-centric IT solution that gives users access to corporate resources from the devices of their choice, while making it easier for IT administrators to securely manage devices, data, and applications across platforms. Managed Services Staying on top of technology trends has become increasingly expensive. With our deep understanding of Cloud deployment together with our expertise in Cloud based IT infrastructure we can design unique solutions that make technology your trusted investment. Let Ascent Innovations help your organization: • Transition to a cloud environment or extend the value of existing IT investment • Scale out quickly and affordably by running apps and workloads in the cloud • Boost productivity and collaboration with SharePoint Online. • Work with full versions of Office anytime, anywhere, and on virtually any device with Office 365 • Implement flexible, affordable data backup and disaster recovery solutions by taking advantage of cloud services like Microsoft Azure • Safeguard organizational data by integrating enterprise identity management solutions like Active Directory with cloud services Office Office 365 keeps itself up to date, so you always have the latest features of Word, Excel, PowerPoint, and more. Office Applications -Office 365 provides applications you're familiar with and files that are always accessible, always up to date. So online or off, at your desk or on the go,from your PC/Mac or your iOS, Android''", or Windows device, you can get to what you need, when and where you need it. Email & Calendar-Office 365 synchronizes emails, calendars, and contact information across your devices in real time. So you have the latest information, no matter what device is in your hand. Online Meetings- It's easy to meet and connect online from wherever you are on whatever device works best. HD video puts you—and up to 250 people—all at the same table. It's a smart way to share information and meet colleagues from multiple locations. File Sharing-With 1 TB of personal document storage, having your files stored online makes it easy to store, organize, and share them, so you can work on documents with teammates, share reports with organization partners, or connect with constituents. Your files are always up to date, so everyone has access to the latest version. Video Management-Office 365 Video gives you a scalable enterprise video solution. It allows employees to find, discover, and view important topics and ideas across the organization—across their devices—staying informed and in unison. Windows Windows 10 is designed for the modern world of cloud services and mobility simply put Windows 10 is simple to use. 163 AX431 of 580 Windows 10 integrates the Cloud with the PC, delivering fully-functional devices that can operate web- apps, browsing, Windows Store apps, Windows desktop apps, you name it. It also integrates seamlessly with other 3rd party Cloud solutions like CRM, E-Commerce, ERP and Inventory,just to name a few. Cloud synchronization is key with Windows 10. Not only can users synchronize their account, preferences, favorites, settings, and apps between devices using their Microsoft or Office 365 account, they will have the ability to sync their files using OneDrive Cloud storage or email, calendar and contacts with Outlook.com. Windows 10 is still Windows, enabling the best devices for powerful, general-purpose computing. You can run new modern Windows Store apps, desktop apps that run on Windows 7 and later, and of course the custom apps or programs you have invested in for your organization. Windows doesn't need to be always connected to be functional. Users can work with locally installed apps and save those files critical to their workflow on a local drive—and then be confident they will sync back to the cloud when they're connected again. SharePoint SharePoint Products and Technologies provide enterprise-scale capabilities to meet organization-critical needs such as managing content and enterprise processes, simplifying how people find and share information across boundaries, and helping to enable more informed decision-making. Many organizations use SharePoint to create websites. It can also be used as a secure place to store, organize, share, and access information from almost any device. All you need is a web browser, such as Internet Explorer, Chrome, or Firefox. SharePoint is a cloud-based service, hosted by Microsoft, and is for organizations of all sizes. Instead of installing and deploying SharePoint Server on-premises, a decision maker can subscribe to an Office 365 plan or to the standalone SharePoint Online service. Your employees can create sites to share documents and information with colleagues, partners, and customers. Ascent i s Microsoft Cloud/Azurer i s Offerings Technical Consulting and Architecture Services • Ascent Innovations provides technology expertise during engagements to facility a full solution, aligning with the NASPO customer's need. • The Ascent Innovations' solution architect provides for design and delivery for Data Storage, Server design, Operating Systems, Virtualization, Email, Identity Management, Disaster Recovery and timely Backups. Strategic Planning Services • Ascent Innovations has staff and experience to help NASPO's customers to plan for the changes and variables that will confront them within their IT deployment utilizations and environments. We will sit down with decision makers and define a course for managing tomorrow's needs and direction. 164 AX432 of 580 Network nService rcit ct Assessments • The Ascent Innovations has the experience to simplify the limitless choices that are available today. • We will facilitate discussions and lead the customer through the necessary Joint Application Discovery(JAD) sessions, beneficial for an early development of a highly valued direction/roadmap. Security Planning nin rvfc s Ascent Innovations will provide services within a Microsoft Azure Cloud environment to protect against: • Spyware and malware • Data Interception • Identity theft • Viruses • Hacking attempts Standard best practice for security is given the primary importance to include: • Acceptance of industry/organizational standards • System development and maintenance • Organizational continuity planning • Compliance and Governance Training ervic s to End Users • Ascent Innovations is staffed with fully qualified trainers • Providing remote and onsite learning experience—through Webinars and In-person training. • We provide Cloud and Virtualization training, certifications and solutions customized to the NASPO sourcing community. Ensuring the realization of Return on Investment for IT decisions and expenditures. Ascent Innovations is included within the SHI, Inc response to the NASPO Cloud Storage and Productivity Services request. Ascent Innovations recognizes the importance of our service offerings for technology choices of the NASPO customer community. We believe our dedication, knowledge, skill sets and unique coverage for the services of the Microsoft Azure platform will allow SHI and Ascent Innovations to create and foster a successful, efficient and best value offering for a Premier Cooperative Purchase Service for Education as requested by NASPO. CA Response: Professional Services might be engaged in the following ways: • Architecture Consulting—consulting on the creation of a VPN integration between the Portal service and the customer's on premise/datacenter-located APIs • CMS Customization—we provide a number of common Adobe CQ resources out of the box, but PS might be engaged to create new templates, layouts and other components in Adobe CQ. These would then be given to the Ops team who will apply the change to the Adobe CQ CRX for that specific tenant (i.e.,the customization would only be available for the paying customer; would not be available for other tenants) 165 AX433 of 580 • Gateway Policy Creation—creation of Gateway policies, such as: o Create encapsulated assertions that implement a customer's specific security requirements (as well as other business requirements) and will be available as a Policy Template in the Portal when an API Owner goes to publish their APIs o Create custom policies to integrate the SaaS-based API Management imitative back into the customer's enterprise resources in a secure manner, or a to a third party/cloud- based resource • General API Management Consulting—helping the customer apply their branding to the Portal; create Account Plans; onboard users; publish APIs, etc and then migrate everything from non- Production to Production 8.22 SUPPORTING INFRASTRUCTURE 8r , AWS Response: At a minimum customer needs to have access to the internet. CA Response: Agile-An internet connection and supported web browser are required to utilize the stock service. APIM—For SaaS: a desktop PC or laptop able to run a browser(portal) and 64-bit application (interface to the Gateway component) For Hybrid: a 64-bit server with 4-16 cores; 8-64GB of RAM and 20-100+GB of storage space, depending on the volume of transactions expected ASM - No infrastructure is required unless the Purchasing Entity decides to deploy ASM on-premise monitoring stations, in which case they will need to deploy at least one physical or virtual machine. MAA—No infrastructure is required unless the Purchasing Entity decides to deploy MAA on-premise cloud connect agent to integrate any of the on-premise user stores, in which case they will need to deploy at least one physical or virtual machine. PPM—An internet connection and supported web browser are required to utilize the stock service. Microsoft Response: Please see the response to question 8.3.5 for minimum infrastructure requirements. Additional infrastructure requirements can be discussed on a case by case basis. 166 AX434 of 580 &22^2 AWS Response: SH| will seek POs from Purchasing Entities tncover costs for infrastructure deployment and any requisite services needed as identified and approved by Purchasing Entity decision makers. CA Response: Agile Deployment of the service is included in the base offering and is the responsibility of CA Technologies. AP|M—Custnmervvi|| bear the costs; [A Professional services can help with installation ASM —If an (optional)ASM on-premise monitoring station is needed by the Purchasing Entity they will incur those costs. MAA—If an (optional) MAA on-premise cloud connect agent is needed by the Purchasing Entity, they will incur those costs. PPM—Deployment of the service is included in the base offering and is the responsibility of CA Technologies. Microsoft Response: Installation nfnew infrastructure can be completed bySH| unless otherwise agreed upon by both parties. NASPOwould incur all costs nfsaid installation. � �� °�� *�� _�� _�� REFERENCE i i'��c��me��a�"�� e��a�"��me�c��c��c�� i�e "Inw�� i 0 nI I"je ��ax��.�. ��V0, V�"? "'I h 'I c�i U�� So � nwU 'X 'X �� mmn�� S� 0") S�. AWS Response: AWS provides NIST compliant cloud infrastructure services. AWS' compliance is validated by two Agency Authority to Operate (ATOs) achieved based on testing performed against the stringent set of FedRAMP requirements (N|STOUU'S3Rev. 4— Mnderatebase|inerequirements, p|usadditinna| FedRAMPsecurity controls). We provide federal security personnel with our security documentation as a means of verifying the security and compliance of AWS in accordance with applicable NIST controls as defined by 800-53 rev4 and the DoD Cloud Computing Security Requirements Guide (SRG). 167 AW,435 of 58 0 CA Response: Agile-Only SaaS is being offered via a public cloud. APIM—The SaaS portal runs in Amazon Web Services. For an overview of how AWS conforms to NIST, please refer to: ttps:JJaws.amazon.comZabout-awsJw ats-newZ2016Z01Jnist-800-53-standardized- architecture-on-the-aws-cloud-Buick-start-reference-deployment) ASM -As a monitoring service, ASM is considered to be SaaS product. MAA—MAA is considered a SaaS product. PPM—PPM is considered a SaaS product. MicrosoftResponse: The cloud architecture presented will be based on NIST determined architecture in order to offer best practices cloud practices that remains compliant with the customers' requirements. 168 AX436 of 580 PROTECTED OR PROPRIETARY CONFIDENTIAL,, INFORMATION SHI does not have any Confidential, Protected, or Proprietary information in this response. 169 AX437 of 580 10 EXCEPTIONS AND/OR ADDITIONS TO THE STANDARD TERMS AND CONDITIONS iO "in, ......... . .<.... Ql-u 3x�- un-'—" S Response: Per bid instructions SH I is including the requested clarifications to the Master Agreement Terms and Conditions.These clarifications also include: • Response to terms from Microsoft • AWS Access Agreement Upon award, SHI agrees to work with NASPO ValuePoint on the review and final agreement of terms and conditions associated with this response.The primary point of contact for these discussions will be: Natalie Slowick Natalie slowick@shi.com 732-868-5902 170 AW,438 of 580 11 COST PROPOSAL Per bid instructions, SHI has completed Attachment G—Cost Proposal and we have included it as a separate document from the Technical Response. 171 AX439 of 580 12 ADDITIONAL INFORMATION Immediately following is some additional information that SHI has included as part of our response. 172 AX440 of 580 OVERVIEW ASSUMPTIONS (CONT) Supported by a winning combination of SHI's Licensing Team, The customer will provide detailed and accurate Professional Services Organization(PSO),and Microsoft's information regarding their current network environment. FastTrack Center(FTC),customer will be guided through an This information will include the technical configuration of overview of Office 365, creation of a success plan and key the domain environment. initial onboarding steps,all designed for a seamless handoff to All hardware and/or software and licensing required to Microsoft's FTC for completion of the onboarding process. perform the above services will be provided by and is the responsibility of the customer. The customer will provide a technical point of contact during the time of this project. DELIVERABLES m, All parties agree that personnel shall not be asked to perform, nor volunteer to perform, engineering and/ • Creation of pilot tenant for testing, if requested or consulting tasks that lie outside the skill sets and • Comprehensive tour of your new Office 365 tenant experience of personnel. Personnel have the right to • Creation of success plan to help facilitate the decline on a service request if the request falls outside the onboarding process scope of their experience and expertise. • Q&A with an SHI Solution Architect • Activate, setup and configure tenant and test client CUSTOMER RESPONSIBILITIES • Set up all administrative accounts needed by the client • Walkthrough of administrative portal The customer and SHI are responsible for the • Add clients primary domain in the tenant and successful execution of this project.The customer verify ownership agrees to the following: • Configure DNS for Skype for Business Online if Skype for Business on-premise is not currently in the environment Prior to the start of Office 365 Jumpstart,the r;= Identify SSL requirements customer needs to return the signed SOW.All Project communications will be addressed to the customer specified point of contact("Customer Contact"). The Customer Contact shall have the authority to resolve conflicting requirements. RESOURCES AND SKILLS m, The Customer Contact will ensure that any communication between the customer and SHI is made SHI Onboarding Support through SHI's Cloud Onboarding Support Specialist. SHI will provide a Cloud Onboarding Support Specialist, The Customer Contact will provide technical points- responsible for managing the customer and onboarding of-contact("Technical Contacts"), who have a working process through to the Microsoft FastTrack center. knowledge of the enterprise components to be SHI will provide an Onboarding Solution Architect(s), considered during this project. SHI may request that responsible for onboarding technical activities including meetings be scheduled with Technical Contacts. providing CORE onboarding services and answering CORE The customer will inform SHI of all access issues and onboarding questions. security measures, and provide access to all necessary systems as required. ASSUMPTIONS m, The customer will provide, at no expense to SHI: computer hardware, software, and access to the SHI is not responsible for lost data. SHI recommends that customer network as required to complete the work the customer perform a full working backup of their data described in this Statement of Work. prior to the commencement of services. The customer agrees that all related information regarding SHI is not responsible for delays caused by failures; this project will be communicated to SHI as expeditiously including but not exclusive to Microsoft licensing,systems, as possible. personnel,environmental causes or in receiving data from CONTINUED ON PAGE 2 the customer. The customer will make the necessary administrative usernames and passwords available to the SHI consultants. G 3H/International Corp. All Rights Reserved. Version 11.311.15 CUSTOMER RESPONSIBILITIES (CONT) The customer will provide individual resources outlined below to be participants for this project effort.These resources will participate in all required steps and will be fully or partially responsible for tasks and deliverables where appropriate: Sponsor/Project Manager Project and resource coordination to support the effort as well as authority to make decisions and acceptance at project completion. IT Resource Provide building access,workspace access,and general IT requests related to the effort. May also have responsibility for network,data center and project team activities. PROJECT SCOPE 90-minute Kickoff We will conduct a 90-minute kickoff call to review the Office 365 portal,develop a deployment plan, create a pilot tenant(if necessary),and review the onboarding process. Schedule a Jumpstart As a follow-up to the kickoff call,we will schedule a jumpstart call(up to four hours)to set up basic configuration tasks and familiarize you with your new Office 365 tenant. Microsoft FastTrack Center Upon completion of the jumpstart,we will work on your behalf to manage the logistics with the Project Management Microsoft FTC to help you take advantage of the benefits offered to Office 365 customers.This includes continued CORE onboarding services in addition to service onboarding for additional Office 365 workloads if desired. Total Value of Service SHI will provide these services,valued at$893.00,at no cost. j E CUSTOMER ACCEPTANCE - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - SHI Contact Name SHI Signature Agreement Date t _• (4 , S {fF11117111117111IM111,11,11 Contact Name/ Company Title Services Address Customer Signature Signature Date O SHI International Corp. All Nights Reserved. Version 11.311.15 ATTACHMENT E Service Provider Terms and Conditions Page 443 of 580 ATTACHMENT E-1 Microsoft Additional Use Rights and Restrictions Additional Use Rights and Restrictions These Additional Use Rights and Restrictions shall apply to each Enterprise's use of Products 1. General. Right to use. Purchasing Entity may access and use In-Scope Services, and install and use a Client (if any) included with its Subscription, only as described in this agreement. All other rights are reserved. Acceptable use. Purchasing Entity will use In-Scope Services only per the AUP. Purchasing Entity will not use In-Scope Services in any way that infringes a third party's patent, copyright, or trademark or misappropriates its trade secret. Purchasing Entity may not reverse engineer, decompile, work around technical limits in, or disassemble In-Scope Services, except if applicable law permits despite this limit. Purchasing Entity may not rent, lease, lend, resell, transfer, or host In-Scope Services to or for third parties. Compliance. Purchasing Entity will comply with all laws and regulations applicable to its use of In-Scope Services. In providing In-Scope Services, Contractor and Microsoft will comply with all laws and regulations (including applicable security breach notification law) that generally apply to IT service providers. Microsoft will comply with all laws and regulations applicable to its provision of the Online Services, including security breach notification law. However, Microsoft is not responsible for compliance with any laws or regulations applicable to Customer or Customer's industry or government function that are not generally applicable to information technology service providers. Microsoft does not determine whether Customer Data includes information subject to any specific law or regulation. All Security Incidents are subject to the Security Incident Notification terms below. Purchasing Entity will obtain any consents required: (1) to allow it to access, monitor, use, and disclose user data; and (2) for Contractor and Microsoft to provide the In-Scope Services. If Purchasing Entity is an educational institution, it will obtain any parental consent for end users' use of In-Scope Services as required by applicable law. Customer Data. Customer Data is used only to provide Purchasing Entity In-Scope Services. This use may include troubleshooting to prevent, find and fix problems with those In-Scope Services' operation. It may also include improving features for finding and protecting against threats to users. Neither Contractor nor Microsoft will derive information from Customer Data for any advertising or other commercial purposes. As between the parties, the Purchasing Entity retains all right, title and interest in and to Customer Data. Neither Contractor nor Microsoft acquires rights in Customer Data, other than the rights Purchasing Entity grants to Microsoft through Contractor to provide the Online Services to Purchasing Entity. This paragraph does not affect Microsoft's rights in software or Online Services Contractor and Microsoft license to Purchasing Entity. Contractor and Microsoft will enable Purchasing Entity to keep Customer Data in DPT Services separate from Microsoft's consumer services. Customer Data will not be disclosed unless required by law or allowed by this agreement. Purchasing Entity's contact information may be provided so that a requestor can contact it. If law requires disclosure, Contractor and Microsoft will use commercially reasonable efforts to notify Purchasing Entity, if permitted. Page 444 of 580 Customer Data may be transferred to, and stored and processed in, any country Contractor or Microsoft maintain facilities, except when a tenant for DPT Services is provisioned in the United States, in which case Customer Content shall be processed and stored at rest in the Continental United States. Security Incident Notification for DPT Services. Solely for DPT Services, the following terms and conditions apply: If Microsoft becomes aware of any Security Incident (as defined herein), Microsoft will promptly (1) notify Purchasing Entity of the Security Incident; (2) investigate the Security Incident and provide Purchasing Entity with detailed information about the Security Incident; and (3) take reasonable steps to mitigate the effects and to minimize any damage resulting from the Security Incident. Notification(s) of Security Incidents will be delivered to one or more of Purchasing Entity's administrators by any means Microsoft selects, including via email. It is Purchasing Entity's sole responsibility to ensure Purchasing Entity's administrators maintain accurate contact information on each applicable Online Services portal. Microsoft's obligation to report or respond to a Security Incident under this section is not an acknowledgement by Microsoft of any fault or liability with respect to the Security Incident. Purchasing Entity must notify Microsoft promptly about any possible misuse of its accounts or authentication credentials or any Security Incident related to an Online Service. 5-day Security Incident notification for Government Community Cloud Services. As an exception to the foregoing, notification of Security Incident solely pertaining to Government Community Cloud Services will be delivered within 5 days after Microsoft determines that a Security Incident has occurred, provided that Purchasing Entity must comply with the following requirements: For each Online Service Tenant or Azure subscription, as applicable, as a condition of receiving notifications within 5 days, as set forth in the preceding paragraph, Purchasing Entity must register the following information by sending email to ols-notifications@microsoft.com, and must keep such information current at all times: 1) Purchasing Entity's Microsoft Online Direct Routing Domain (MODRD); 2) For one or more individual(s) to be contacted, each of whom must be registered as an administrator on the applicable Online Services, each of the following: a. Name; b. Title; c. Email address registered as an administrator on the Online Services; d. Email address not registered as a user on the Online Services; 3) Name of Purchasing Entity; 4) Enrollment number (provided by Contractor and assigned by Microsoft) to represent Purchasing Entity's Tenant or Azure Subscription, on Contractor's subcontract with Microsoft. Microsoft expects to change the above process by which the Purchasing Entity for each tenant or subscription will be able to register their MODRD and other information for five-day Security Incident notification pursuant to these terms and conditions. In the event that a Purchasing Entity is notified by Microsoft, in the administrative console or otherwise, of revised instructions necessary to ensure five-day Security Incident notification, the Purchasing Entity must comply with such revised instructions. Reimbursement of Security Incident Remediation Costs. To the extent that a Security Incident for a DPT Service results from Microsoft's failure to comply with its obligations under the Master Agreement (and, where applicable, Participating Addenda), and subject to the Limitation of Liability section in this Agreement, Microsoft will reimburse Purchasing Entities for reasonable out-of-pocket remediation costs incurred by such Purchasing Entities in connection with that Security Incident. "Reasonable out-of-pocket remediation costs" are costs that (a) are customary, reasonable and expected to be paid by entities similar to Purchasing Entity, based on the nature and scope of the Security Incident, and (b) do not arise Page 445 of 580 from or relate to Purchasing Entity's violation of(i) laws applicable to Purchasing Entity or (ii) Purchasing Entity's obligations to third parties, and (c) in no event include costs arising related to compliance with laws applicable to Purchasing Entity or its industry or government function that are not generally applicable to information technology services providers. Purchasing Entity must document all such expenditures and, upon Microsoft's request, those expenditures must be validated by an independent, internationally-recognized third party industry expert chosen by both parties. For avoidance of doubt, the costs reimbursed by Microsoft under this paragraph will be characterized as direct damages subject to the limitation on liability set forth in this Section, and not as special damages excluded under the "EXCLUSION OF CERTAIN DAMAGES" in the Limitation of Liability section. Changes. In-Scope Services may be changed periodically. As such, Purchasing Entity's use of them will be subject to a revised OST, then-current as of the date it renews its subscription. For In-Scope Services that include client software, Purchasing Entity may be required to run a client software upgrade on its devices after a change to maintain full functionality, in accordance with the terms and conditions of the OST. Use rights. Use rights specific to each In-Scope Service are posted online at the link to the OST, which is hereby incorporated by reference into this agreement Confidentiality and Security. For DPT Services, Contractor and Microsoft will (a) implement and maintain all appropriate administrative, physical, technical, procedural safeguards and organizational measures, internal controls, and data security routines intended to protect Customer Data against accidental loss or change, unauthorized disclosure or access, unlawful destruction, hacks, introduction of viruses, disabling devices, malware, and other forms of malicious or inadvertent acts that can disrupt Purchasing Entity's access to its Customer Data; and (b) not disclose Customer Data, except as required by law or expressly allowed. Neither party will make any public statement about this agreement's terms without the other's prior written consent. Term, Termination, and Suspension. Term and termination. This agreement will remain in effect for three years subject to each party's right under the Master Agreement and applicable law to terminate for convenience. It may be extended, based upon the mutual consent of the parties, during the term of the Master Agreement. Customer Data. Purchasing Entity may extract Customer Data at any time. If Purchasing Entity's Subscription expires or terminates, Contractor and Microsoft will keep your Customer Data in a limited account for at least 90 days so Purchasing Entity may extract it. Contractor and Microsoft may delete Purchasing Entity's Customer Data after that, and specifically with regard to DPT Services will delete Purchasing Entity's Customer Data after no more than 180 days. Regulatory. If a government rule or regulation applies to Contractor or Microsoft, but not generally to other businesses, and makes it difficult to operate In-Scope Services without change, or Contractor or Microsoft believe this agreement or an In-Scope Service may conflict with the rule or regulation, Microsoft may change the applicable In-Scope Service(s) or Contractor may terminate the agreement. If Microsoft changes In-Scope Services to come into compliance, and Purchasing Entity does not like the change, Purchasing Entity may terminate. Suspension. Microsoft may suspend use of In-Scope Services: (1) if reasonably needed to prevent unauthorized Customer Data access; (2) if Purchasing Entity does not promptly respond under §5 to intellectual property claims; (3) for non-payment; or (4) if Purchasing Entity violates the AUP. A suspension will be in effect only while the condition or need exists and, if under clause (1) or (2), will apply to the minimum extent necessary. Contractor or Microsoft will notify Purchasing Entity before suspension, unless doing so may increase damages. Contractor will notify Purchasing Entity at least 30 days before suspending for non-payment. If Purchasing Entity does not fully address the reasons for suspension within 60 days after suspension, Contractor may terminate Purchasing Entity's Subscription. Page 446 of 580 Limited warranty; disclaimer. Contractor warrants that In-Scope Services will meet the SLA terms during the Subscription; Purchasing Entity's only remedy for breach of warranty is stated in the SLA. Contractor provides no (and disclaims to the extent permitted by law any) other warranties, express, implied, or statutory, including warranties of merchantability or fitness for a particular purpose. Indemnification. a. Subject to the exceptions below and the NASPO Participants' (as defined below) compliance with the notice and defense provisions below, in the event of any defect or deficiency in any Microsoft Products or Services purchased by a Participating Entity or Purchasing Entity, Microsoft agrees to defend NASPO, NASPO ValuePoint, the Lead State, Participating Entities, and Purchasing Entities, along with their officers, agents, and employees (collectively, the "NASPO Participants") against third party claims, damages or causes of action including reasonable attorneys' fees and related costs for any death, injury, or damage to tangible property suffered by such third party and caused by the negligence, or willful misconduct of Microsoft, its employees or subcontractors or volunteers, at any tier, during the performance of this Master Agreement (a "PI Claim"). This clause shall not be construed to bar any legal remedies Microsoft may have with respect to the NASPO Participants' failure to fulfill their obligations pursuant to the Master Agreement or any Participating Addendum. To qualify for such defense, the Participating Entities/Purchasing Entities shall promptly notify Microsoft of any PI Claim of which the Participating Entities/Purchasing Entities become aware which may give rise to a right of defense pursuant to this Section. Notice of any PI Claim that is a legal proceeding, by suit or otherwise, must be provided to Microsoft within thirty (30) days of the Participating Entities'/Purchasing Entities' first learning of such proceeding. If the Participating Entity's/Purchasing Entity's laws require approval of a third party to defend Participating Entity/Purchasing Entity, Participating Entity/Purchasing Entity will seek such approval and if approval is not received, Microsoft is not required to defend that Participating Entity/Purchasing Entity. If a PI Claim is settled, to the extent permitted by law, the Participating Entities/Purchasing Entities shall not publicize the settlement and will cooperate with Microsoft so that Microsoft can make every effort to ensure the settlement agreement contains a non- disclosure provision. Notwithstanding anything to the contrary contained herein, Participating Entities/Purchasing Entities agree that Microsoft has no obligation for any PI Claim covered by this Section arising out of or resulting from the Participating Entities'/Purchasing Entities' or any of their respective employees', contractors' or agents' acts of negligence, gross negligence or misconduct. THE FOREGOING SHALL CONSTITUTE EACH AND EVERY PARTICIPATING ENTITY'S/PURCHASING ENTITY'S SOLE REMEDY AND MICROSOFT'S SOLE AND EXCLUSIVE LIABILITY FOR ALL PI CLAIMS. b. Indemnification — Intellectual Property. Subject to the NASPO Participant's compliance with the notice and defense requirements and exceptions set forth below, Microsoft agrees to defend the NASPO Participants against any claims made by an unaffiliated third party that any Product or Service or its proper or reasonably expected or acceptable use infringes that third party's patent, copyright, or trademark or makes unlawful use of its trade secret (an "Intellectual Property Claim"). (1) Microsoft's obligations under this section shall not extend to any claims based on: (a) Microsoft's compliance with a Participating Entity's/Purchasing Entity's designs, specifications or instructions; or (b) Microsoft's use of technical information or technology provided by the Participating Entity/Purchasing Entity; or (c) Non-Microsoft software, modifications a Participating Entity/Purchasing Entity makes to, or any specifications or materials a Participating Entity/Purchasing Entity provides or makes available for, a Product; or Page 447 of 580 (d) Participating Entity's/Purchasing Entity's combination of the Product or Service with a Non-Microsoft product, data or business process; or damages based on the use of a Non- Microsoft product, data or business process; or (e) Participating Entity's/Purchasing Entity's use of either Microsoft's trademarks or the use or redistribution of a Product or Service in violation of this Master Agreement, Participating Addendum, or any other agreement incorporating its terms; or (f) Participating Entity's/Purchasing Entity's use of a Product or Service after Microsoft notifies Participating Entity/Purchasing Entity to discontinue that use due to a third party claim. (2) To qualify for such defense, the involved NASPO Participants (the "Indemnified Party") shall promptly notify Microsoft of any Intellectual Property Claim of which the Indemnified Party become aware which may give rise to right of defense pursuant to this Section. Notice of any Intellectual Property Claim that is a legal proceeding, by suit or otherwise, must be provided to Microsoft within thirty (30) days of the Indemnified Party's learning of such proceeding. If the Indemnified Party's laws require approval of a third party to defend the Indemnified Party, the Indemnified Party will seek such approval and if approval is not received, Microsoft is not required to defend that Indemnified Party. In the event the Indemnified Party does not authorize sole control to Microsoft over any claims that may arise under this subsection, then the parties agree that Microsoft will be granted authorization to equally participate in any proceeding subject to this subsection. The Indemnified Party must consent in writing for any money damages or obligations for which it may be responsible. The Indemnified Party shall furnish, at the Microsoft's reasonable request and expense, information and assistance necessary for such defense. If Microsoft fails to vigorously pursue the defense or settlement of the Intellectual Property Claim, the Indemnified Party may assume the defense or settlement of it and Microsoft shall be liable for all costs and expenses, including reasonable attorneys' fees and related costs, incurred by the Indemnified Party in the pursuit of the Intellectual Property Claim. Unless otherwise agreed in writing, this section is not subject to any limitations of liability in this Master Agreement or in any other document executed in conjunction with this Master Agreement. If Microsoft reasonably believes that a Product or Service may infringe or misappropriate a third-party's intellectual property rights, Microsoft will seek to: i. procure for Participating Entities/Purchasing Entities the right to continue to use the Product or Service; or ii. modify or replace it with a functional equivalent to make it non-infringing and notify Participating Entities/Purchasing Entities to discontinue use of the prior version, which Participating Entities/Purchasing Entities must do immediately. If the foregoing options are not commercially reasonable for Microsoft, or if required by a valid judicial or government order, Microsoft may cause Contractor to terminate Participating Entities'/Purchasing Entities' license or access rights in the Product or Service. In such a case, Microsoft will provide Participating Entities/Purchasing Entities with notice and refund any amounts Participating Entities/Purchasing Entities have paid for those rights to the Product or Service. THE FOREGOING SHALL CONSTITUTE THE LEAD STATE'S AND EACH AND EVERY PARTICIPATING AND/OR PURCHASING ENTITIES' SOLE REMEDY AND MICROSOFT'S SOLE AND EXCLUSIVE LIABILITY FOR ALL INTELLECTUAL PROPERTY CLAIMS. Limitation of Liability. The parties agree that, other than In-Scope Services, no other Microsoft Products shall be purchased hereunder. As applicable to In-Scope Services, the following terms and conditions shall apply: a. General. The total liability of each party for In-Scope Services hereunder (Microsoft, Contractor and each Purchasing Entity, including their Affiliates and contractors), for claims arising under this Agreement, is limited to direct damages up to the amount Purchasing Entity paid for the In-Scope Service during the prior 12 months before the cause of action arose; but in no event will a party's aggregate liability for any In-Scope Service exceed the total amount paid for that In-Scope Service under this Agreement. In the Page 448 of 580 case of In-Scope Services provided free of charge, previews, or code that a Purchasing Entity is authorized to redistribute to third parties without separate payment to Contractor, Microsoft's liability is limited to direct damages up to U.S. $5,000. These limitations apply regardless of whether the liability is based on breach of contract, tort (including negligence), strict liability, breach of warranties, or any other legal theory. b. Affiliates and contractors. Contractor and Purchasing Entity each agree not to bring any action against the other's Affiliates or contractors in respect of any matter disclaimed on their behalf in this Agreement. Each party will be responsible for its actions in the event of any breach of this provision. c. EXCLUSION OF CERTAIN DAMAGES. Neither party nor their Affiliates or contractors will be liable for any indirect, consequential, special or incidental damages, or damages for lost profits, revenues, business interruption, or loss of business information in connection with this agreement, even if advised of the possibility of such damages or if such possibility was reasonably foreseeable. d. Limits. The limits and exclusions in this section titled "Limitation of liability" do not apply to either party's (1) obligations under the section titled "Defense of third party claims" (2) liability for damages caused by either party's gross negligence or willful misconduct, or that of its employees or its agents, and awarded by a court of final adjudication (provided that, in jurisdictions that do not recognize a legal distinction between "gross negligence" and "negligence," "gross negligence" as used in this subsection shall mean "recklessness'); and(3) liability for violation of its confidentiality obligations (except obligations related to Customer Data) or the other party's intellectual property rights. Agreement mechanics Purchasing Entity must send notice by regular mail, return receipt requested, to the address on the Portal (effective when delivered). Contractor or Microsoft may email notice to your account administrators (effective when sent). Purchasing Entity may not assign this agreement, or any right or duty under it. If part of this agreement is held unenforceable, the rest remains in force. Failure to enforce this agreement is not a waiver. The parties are independent contractors. This agreement does not create an agency, partnership, or joint venture. This agreement is governed by the laws applicable to Purchasing Entity, without regard to conflict of laws. This agreement (including the SLA and OST) and Contractor's price sheet are the parties' entire agreement on this subject and supersedes any concurrent or prior communications. Agreement terms that require performance, or apply to events that may occur, after termination or expiration will survive, including §5. In-Scope Service and any Client associated therewith are subject to U.S. export jurisdiction. Purchasing Entity must comply with the U.S. Export Administration Regulations, the International Traffic in Arms Regulations, and end-user, end-use, and destination restrictions. For more information, see http://www.microsoft.com/exporting/. Microsoft delivers In-Scope Services, and the rights granted to us also apply to them. Miscellaneous Microsoft Terms and Conditions Accessibility. Microsoft supports the government's obligation to provide accessible technologies to its citizens with disabilities as required by Section 508 of the Rehabilitation Act of 1973, and its state law counterparts (including applicable California provisions). Microsoft encourages its customers (including Purchasing Entities under the Master Agreement and Participating Addenda) to judiciously compare product accessibility performance. The Voluntary Product Accessibility Templates ("VPATs") for the Microsoft technologies used in providing the online services can be found at Microsoft's VPAT page. Further information regarding Microsoft's commitment to accessibility can be found at www.microsoft.com/enable. DPT Services Information Security Policy. For each DPT Service, Microsoft follows a written data security policy ("Information Security Policy") that complies with the control standards and frameworks shown in the table below. Page 449 of 580 o- m- m- Office 365 Services Yes Yes Yes Yes* Yes* Microsoft Dynamics CRM Online Yes Yes Yes Yes Yes Services Microsoft Azure Core Services Yes Yes Yes Varies** Varies** Microsoft Intune Online Services Yes Yes Yes Yes Yes *Does not include Yammer Enterprise. **Current scope is detailed in the audit report and summarized in the Microsoft Azure Trust Center. Microsoft may add industry or government standards at any time. Microsoft will not eliminate a standard or framework in the table above, unless it is no longer used in the industry and it is replaced with a successor (if any). Azure Government Services meet a separate set of control standards and frameworks, as detailed on the Microsoft Azure Trust Center. Subject to non-disclosure obligations, Microsoft will make each Information Security Policy available to Purchasing Entity, along with other information reasonably requested by Purchasing Entity regarding Microsoft security practices and policies. Purchasing Entity is solely responsible for reviewing each Information Security Policy and making an independent determination as to whether it meets Purchasing Entity's requirements. Microsoft Audits of DPT Services. For each DPT Service, Microsoft will conduct audits of the security of the computers, computing environment and physical data centers that it uses in processing Customer Data (including personal data), as follows: • Where a standard or framework provides for audits, an audit of such control standard or framework will be initiated at least annually for each DPT Service. • Each audit will be performed according to the standards and rules of the regulatory or accreditation body for each applicable control standard or framework. • Each audit will be performed by qualified, independent, third party security auditors at Microsoft's selection and expense. Each audit will result in the generation of an audit report ("Microsoft Audit Report"), which will be Microsoft's Confidential Information. The Microsoft Audit Report will clearly disclose any material findings by the auditor. Microsoft will promptly remediate issues raised in any Microsoft Audit Report to the satisfaction of the auditor. If Purchasing Entity requests, Microsoft will provide Purchasing Entity with each Microsoft Audit Report so that Purchasing Entity can verify Microsoft's compliance with the security obligations under the DPT. The Microsoft Audit Report will be subject to non-disclosure and distribution limitations of Microsoft and the auditor. HIPAA/HITECH Business Associate. If Purchasing Entity is a "covered entity" or a "business associate" and includes "protected health information" in Customer Data, as those terms are defined in 45 CFR § 160.103, this agreement includes execution of the HIPAA Business Associate Agreement ("BAA"), the full text of which identifies the DPT Services to which it applies and is available at http://aka.ms/BAA. Purchasing Entity may opt out of the BAA by instructing Contractor to send the following information to Microsoft in a written notice (under the terms of the Contractor's subcontract with Microsoft): • the full legal name of Purchasing Entity and any Affiliate that is opting out; • the volume licensing agreement number to which the opt out applies. FedRAMP. During the term of a Purchasing Entity's subscription for Government Community Cloud Services, those services will be operated in accordance with a written data security policy and control framework that is consistent with the requirements of NIST 800-53 Revision 4, or Page 450 of 580 successor standards and guidelines (if any), established to support Federal Risk and Authorization Management Program (FedRAMP) accreditation at a Moderate Impact level. Microsoft intends for Government Community Cloud Services to support FedRAMP Authority to Operate ("ATO"), and Microsoft will use commercially reasonable efforts to obtain an ATO from a Federal agency, and to maintain such ATO through continuous monitoring processes and by conducting regular FedRAMP audits. Background Checks. Microsoft performs the following background checks on all US personnel who have potential to access Customer Data. Adherence to this policy is one of the control procedures addressed by the Microsoft Audit Report per the section of the Microsoft Online Services Terms titled "Microsoft Audits of Online Services." Such Background Checks will be performed in accordance with the Fair Credit Reporting Act and will consist of Social Security Number trace, seven (7) year felony and misdemeanor criminal records check of federal, state, or local records (as applicable)for job related crimes, Office of Foreign Assets Control List (OFAC) check, Bureau of Industry and Security List (BIS) check and Office of Defense Trade Controls Debarred Persons List (DDTC)check. Additionally, for States with which Microsoft has entered into a Microsoft CJIS Information Agreement and provided an FBI CJIS Addendum Certification to the applicable CJIS Systems Agency (CSA, e.g. the California Department of Justice), for its CJIS Covered Services (which are most of the Microsoft Government Community Cloud Services), Microsoft submits its personnel that have access to unencrypted Criminal Justice Information and other Customer Content (including both employees and subcontractors, where applicable) for FBI NCIC fingerprint background checks and adjudication by each such CSA. Click-Through Terms. For the Microsoft In-Scope Services sold and licensed to Purchasing Entities hereunder, no click-through licensing terms presented to end users or administrators, as they pertain to the delivery, operation or use of such services, shall be binding. For clarity, to the extent that certain services may present terms of use for a web portal used to administer and configure the In-Scope Services, or to download software in conjunction with the In-Scope Services, such terms of use shall be binding, to the extent that there are no equivalent terms and conditions in the Master Agreement which pertain to the use of such web portals. Definitions. "AUP" means the section of the OST titled "Acceptable Use Policy-Azure Consumption-Based Services" means any Microsoft Online Service made available for Purchasing Entity's use and consumption under the Microsoft Azure Administrative Portal, following Purchasing Entity's initial subscription order for such services, subject to consumption fees billed to Purchasing Entity (or debited against its prepaid Azure monetary commitment balance, if applicable) as described in the applicable Product Terms. "Client" means device software, if any, that Contractor or Microsoft provides to Purchasing Entity with In- Scope Services. "Customer Content" means the subset of Customer Data created by users, which includes the following: • For Office 365 Services, Customer Content shall at least include Exchange Online mailbox content (e-mail body, calendar entries, and the content of e-mail attachments), SharePoint Online site content and the files stored within that site, and Skype for Business Online archived conversations. • For Microsoft Dynamics CRM Online Services, Customer Content means the entities of Customer Data managed by the Microsoft Dynamics CRM Online Services. • For Microsoft Azure Core Services, Customer Content includes all Customer Data except as may be noted in the Microsoft Azure Trust Center (which Microsoft may update from time to time, but will not add exceptions for existing Microsoft Azure Core Services in general release). • For Microsoft Intune Online Services, Customer Content includes all Customer Data except as may be noted in the "Data Location"section of the Microsoft Intune Trust Center. Page 451 of 580 "Customer Data" means all data, including all text, sound, or image files that are provided to Microsoft by, or on behalf of, Purchasing Entity through its use of In-Scope Services. "DPT" means the section of the OST titled "Data Processing Terms." "DPT Services" means the Microsoft Online Services to which the DPT applies. As of the date this agreement was executed by the parties, DPT Services include "Microsoft Dynamics CRM Online Services," "Office 365 Services," "Microsoft Intune Online Services," and "Microsoft Azure Core Services," which consist of the following component Microsoft Online Services: Microsoft Dynamics CRM Online services made available through volume licensing or the Microsoft online services portal, excluding (1) Microsoft Dynamics CRM for Microsoft Dynamics CRM supported devices, which includes but is not limited to Microsoft Dynamics CRM Online Services Online services for tablets and/or smartphones and (2) any separately-branded service made available with or connected to Microsoft Dynamics CRM Online, such as Microsoft Social Engagement, Parature, from Microsoft, and Microsoft Dynamics Marketing. The following services, each as a standalone service or as included in an Office 365-branded plan or suite: Exchange Online, Exchange Online Archiving, Exchange Online Protection, Advanced Threat Protection, SharePoint Online, OneDrive for Business, Project Online, Skype for Business Online, Sway, Office Office 365 Services Online, Delve Analytics, Customer Lockbox, and Yammer Enterprise. Office 365 Services do not include Office 365 ProPlus, any portion of PSTN Services that operate outside of Microsoft's control, any client software, or any separately branded service made available with an Office 365-branded plan or suite, such as a Bing or a service branded "for Office 365." Cloud Services (web and worker roles), Virtual Machines (including with SQL Server), Storage (Blobs, Tables, Queues), Virtual Network, Traffic Manager, Batch, Microsoft Azure Core Web Sites, BizTalk Services, Media Services, Mobile Services, Service Bus, Services Notification Hub, Workflow Manager, Express Route, Scheduler, Multi-Factor Authentication, Active Directory, Rights Management Service, SQL Database, and HDlnsight. Microsoft Intune Online The cloud service portion of Microsoft Intune such as the Microsoft Intune Add-on Services Product or a management service provided by Microsoft Intune such as Mobile Device Management for Office 365. "Government Community Cloud Services" means the Microsoft Online Services identified as such (a subset of DPT Services) in the DPT and Product Terms. "In-Scope Services" means the Microsoft Online Services for which subscription licenses are sold to Purchasing Entity by Contractor. In-Scope Services include, but are not limited to DPT Services. Except for Azure Consumption-Based Services (which are billed based upon the quantities of such services consumed by Purchasing Entity), Purchasing Entity will order individual licenses from Contractor for all In- Scope Services Licenses. "Master Agreement" means the agreement (described therein as "NASPO ValuePoint Master Agreement for Cloud Services") between Contractor and the Lead State, subject to the terms and conditions of the Participating Addendum between Contractor and Purchasing Entity's State (if different from Utah), and which resulted from award of contract under Utah Solicitation Number CH16012. "Microsoft" means Microsoft Corporation, which is subcontractor to Contractor and delivers the In-Scope Services. "Online Services" means the Microsoft-hosted services for which Purchasing Entity acquires Licenses from Contractor hereunder. "OST" means the Microsoft "Online Services Terms," which are additional terms that apply to Purchasing Entity's use of Online Services published on the Volume Licensing Site and updated from time to time, and is subject to terms and conditions in the OST which govern which version of OST is applicable to a particular subscription order. Page 452 of 580 "Portal" means the Online Services Portal for each In-Scope Service. "Product Terms" means the document that provides information about Microsoft Products and Professional Services available through volume licensing. The Product Terms document is available on the Volume Licensing Site and is updated from time to time. "Security Incident" means any unlawful access, use, theft or destruction to any Customer Data stored on Microsoft's equipment or in Microsoft's facilities, or unauthorized access to such equipment or facilities resulting in use, theft, loss, disclosure, alteration or destruction of Customer Data. All references to "Data Breach" in the Master Agreement shall be deemed to mean Security Incident. "Service Level Agreement" ("SLA") means the document which specifies the standards to which Microsoft agrees to adhere and by which it measures the level of service for an In-Scope Service. Microsoft's current and archived prior version SLAs are available at the Volume Licensing Site. With respect to any In-Scope Service ordered under the this Agreement, the most current SLA available at the onset of a subscription License term shall apply to that In-Scope Service for the duration of that subscription License Term, after which (for any subsequent renewal subscription License term) it will be superseded by the version current at the time of renewal. "Subscription" means an order for a quantity of an In-Scope Service, including but not limited to (a)orders for User Subscription Licenses for one or more In-Scope Services; and (b) an order for the purpose of establishing a subscription for Azure Consumption-Based Services. "Volume Licensing Site" means http://www.microsoft.com/licensing/contracts or a successor site. Page 453 of 580 SOFTWARE AS A SERVICE 1. Data Ownership:The Purchasing Entity will own all right, title and interest in its data that is related to the Services provided by this Master Agreement.The Contractor shall not access Purchasing Entity user accounts or Purchasing Entity data, except (1) in the course of data center operations, (2) in response to service or technical issues, (3) as required by the express terms of this Master Agreement, Participating Addendum, SLA, and/or other contract documents, or (4) at the Purchasing Entity's written request. Contractor shall not collect, access, or use user-specific Purchasing Entity Data except as strictly necessary to provide Service to the Purchasing Entity. No information regarding a Purchasing Entity's use of the Service may be disclosed, provided, rented or sold to any third party for any reason unless required by law or regulation or by an order of a court of competent jurisdiction.This obligation shall survive and extend beyond the term of this Master Agreement. 2. Data Protection: Protection of personal privacy and data shall be an integral part of the business activities of the Contractor to ensure there is no inappropriate or unauthorized use of Purchasing Entity information at any time.To this end, the Contractor shall safeguard the confidentiality, integrity and availability of Purchasing Entity information and comply with the following conditions: a.The Contractor shall implement and maintain appropriate administrative, technical and organizational security measures to safeguard against unauthorized access, disclosure or theft of Personal Data and Non-Public Data. Such security measures shall be in accordance with recognized industry practice and not less stringent than the measures the Contractor applies to its own Personal Data and Non-Public Data of similar kind. b. All data obtained by the Contractor in the performance of the Master Agreement shall become and remain the property of the Purchasing Entity. e. At no time shall any Customer Data —that either belong to or are intended for the use of a Purchasing Entity or its officers, agents or employees — be copied, disclosed or retained by the Contractor or any party related to the Contractor for subsequent use in any transaction that does not include the Purchasing Entity. f.The Contractor shall not use any information collected in connection with the Services issued from this Master Agreement for any purpose other than fulfilling the Services. 6. Notification of Legal Requests:The Contractor shall contact the Purchasing Entity upon receipt of any electronic discovery, litigation holds, discovery searches and expert testimonies related to the Purchasing Entity's data under the Master Agreement, or which in any way might reasonably require access to the data of the Purchasing Entity.The Contractor shall not respond to subpoenas, service of process and other legal requests related to the Purchasing Entity without first notifying and obtaining the approval of the Purchasing Entity, unless prohibited by law from providing such notice. Page 454 of 580 9.Access to Security Logs and Reports:Solely for DPT Services,the section of the DPT titled "Event Logging" shall apply. For clarity, Microsoft logs, or enables Customer to log, access and use of information systems containing Customer Data, registering the access ID, time, authorization granted or denied, and relevant activity. Microsoft shall allow Purchasing Entities reasonable self-service access to security information, latency data, and other related SaaS security data that affect this Contract and the Purchasing Entity's Data, at no cost to the Purchasing Entity.The parties recognize that the type of self- service access and security data made available to Purchasing Entities may be subject to change. and Uptime Guarantee:The Contractor shall be responsible for the acquisition and operation of all hardware, software and network support related to the services being provided.The technical and professional activities required for establishing, managing and maintaining the environments are the responsibilities of the Contractor.The system shall be available 24/7/365, and provide service to customers as defined in the SLA. 17.Subcontractor19. Business Continuity and Disaster Recovery:Solely for DPT Services, the following terms and conditions shall apply: Part 1: Data retention: Customer Data will be processed and retained intact for the duration of Customer's subscription (including data retention period defined in the Online Services Terms document) as described in applicable Online Services documentation published by Microsoft. Processing will be, in accordance with Customer instructions provided in this enrollment and provided through end user and administrator actions and inactions during the use of the services Part 2: Data Recovery Procedures: -On an ongoing basis, but in no case less frequently than once a week (unless no Customer Data has been updated during that period), Microsoft maintains multiple copies of Customer Data from which Customer Data can be recovered. - Microsoft stores copies of Customer Data and data recovery procedures in a different place from where the primary computer equipment processing the Customer Data is located. - Microsoft has specific procedures in place governing access to copies of Customer Data. - Microsoft reviews data recovery procedures at least every six months. - Microsoft logs data restoration efforts, including the person responsible,the description of the restored data and where applicable, the person responsible and which data (if any) had to be input manually in the data recovery process. - In the event such Customer Data restoration activities are conducted and upon subsequent Customer request, Microsoft will make the forgoing information from such logs available to the State, provided that: i) information will be provided only where it can be extracted from system wide logging with commercially reasonable efforts; ii) Microsoft shall not be subject to an urgent timeframe for Page 455 of 580 completion of the request (except as may be required by applicable law); and iii) any information in such logs which pertains to other Microsoft customers and their data, or would compromise the security of the DPT Services,will be withheld. For clarity, "data restoration efforts" does not include automated Customer Data recovery processes such as when one of Microsoft's datacenters is activated upon failure of another. 21.Web Services: Where applicable, the Contractor shall use Web services exclusively to interface with the Purchasing Entity's data in near real time. 22. Encryption of Data at Rest:To whatever extent a form or use of encryption is required of Microsoft pursuant to any of the industry and Federal government standards committed by Microsoft in this Master Agreement and the Microsoft Online Services Terms, Microsoft will comply with such requirements. PLATFORM AS A SERVICE 1. Data Ownership:The Purchasing Entity will own all right, title and interest in its data that is related to the Services provided by this Master Agreement.The Contractor shall not access Purchasing Entity user accounts or Purchasing Entity data, except(1) in the course of data center operations, (2) in response to service or technical issues, (3) as required by the express terms of this Master Agreement, Participating Addendum, SLA, and/or other contract documents, or(4) at the Purchasing Entity's written request. Contractor shall not collect, access, or use user-specific Purchasing Entity Data except as strictly necessary to provide Service to the Purchasing Entity. No information regarding a Purchasing Entity's use of the Service may be disclosed, provided, rented or sold to any third party for any reason unless required by law or regulation or by an order of a court of competent jurisdiction.This obligation shall survive and extend beyond the term of this Master Agreement. 2. Data Protection: Protection of personal privacy and data shall be an integral part of the business activities of the Contractor to ensure there is no inappropriate or unauthorized use of Purchasing Entity information at any time.To this end, the Contractor shall safeguard the confidentiality, integrity and availability of Purchasing Entity information and comply with the following conditions: a.The Contractor shall implement and maintain appropriate administrative,technical and organizational security measures to safeguard against unauthorized access, disclosure or theft of Personal Data and Non-Public Data. Such security measures shall be in accordance with recognized industry practice and not less stringent than the measures the Contractor applies to its own Personal Data and Non-Public Data of similar kind. b. All data obtained by the Contractor in the performance of the Master Agreement shall become and remain the property of the Purchasing Entity. e. At no time shall any Customer Data —that either belong to or are intended for the use of a Purchasing Entity or its officers, agents or employees — be copied, disclosed or retained by the Page 456 of 580 Contractor or any party related to the Contractor for subsequent use in any transaction that does not include the Purchasing Entity. f.The Contractor shall not use any information collected in connection with the Services issued from this Master Agreement for any purpose other than fulfilling the Services. 6. Notification of Legal Requests:The Contractor shall contact the Purchasing Entity upon receipt of any electronic discovery, litigation holds, discovery searches and expert testimonies related to the Purchasing Entity's data under the Master Agreement, or which in any way might reasonably require access to the data of the Purchasing Entity.The Contractor shall not respond to subpoenas, service of process and other legal requests related to the Purchasing Entity without first notifying and obtaining the approval of the Purchasing Entity, unless prohibited by law from providing such notice. 9.Access to Security Logs and Reports: Solely for DPT Services,the section of the DPT titled "Event Logging" shall apply. For clarity, Microsoft logs, or enables Customer to log, access and use of information systems containing Customer Data, registering the access ID,time, authorization granted or denied, and relevant activity. Microsoft shall allow Purchasing Entities reasonable self-service access to security information, latency data, and other related SaaS security data that affect this Contract and the Purchasing Entity's Data, at no cost to the Purchasing Entity.The parties recognize that the type of self- service access and security data made available to Purchasing Entities may be subject to change. 18. Business Continuity and Disaster Recovery: Solely for DPT Services, the following terms and conditions shall apply: Part 1: Data retention: Customer Data will be processed and retained intact for the duration of Customer's subscription (including data retention period defined in the Online Services Terms document) as described in applicable Online Services documentation published by Microsoft. Processing will be, in accordance with Customer instructions provided in this enrollment and provided through end user and administrator actions and inactions during the use of the services Part 2: Data Recovery Procedures: -On an ongoing basis, but in no case less frequently than once a week (unless no Customer Data has been updated during that period), Microsoft maintains multiple copies of Customer Data from which Customer Data can be recovered. - Microsoft stores copies of Customer Data and data recovery procedures in a different place from where the primary computer equipment processing the Customer Data is located. - Microsoft has specific procedures in place governing access to copies of Customer Data. - Microsoft reviews data recovery procedures at least every six months. Page 457 of 580 - Microsoft logs data restoration efforts, including the person responsible, the description of the restored data and where applicable, the person responsible and which data (if any) had to be input manually in the data recovery process. - In the event such Customer Data restoration activities are conducted and upon subsequent Customer request, Microsoft will make the forgoing information from such logs available to the State, provided that: i) information will be provided only where it can be extracted from system wide logging with commercially reasonable efforts; ii) Microsoft shall not be subject to an urgent timeframe for completion of the request (except as may be required by applicable law); and iii) any information in such logs which pertains to other Microsoft customers and their data, or would compromise the security of the DPT Services,will be withheld. For clarity, "data restoration efforts" does not include automated Customer Data recovery processes such as when one of Microsoft's datacenters is activated upon failure of another.20.Web Services: Where applicable,the Contractor shall use Web services exclusively to interface with the Purchasing Entity's data in near real time. 21. Encryption of Data at Rest:To whatever extent a form or use of encryption is required of Microsoft pursuant to any of the industry and Federal government standards committed by Microsoft in this Master Agreement and the Microsoft Online Services Terms, Microsoft will comply with such requirements. INFRASTRUCTURE AS A SERVICE 1. Data Ownership:The Purchasing Entity will own all right, title and interest in its data that is related to the Services provided by this Master Agreement.The Contractor shall not access Purchasing Entity user accounts or Purchasing Entity data, except(1) in the course of data center operations, (2) in response to service or technical issues, (3) as required by the express terms of this Master Agreement, Participating Addendum, SLA, and/or other contract documents, or(4) at the Purchasing Entity's written request. Contractor shall not collect, access, or use user-specific Purchasing Entity Data except as strictly necessary to provide Service to the Purchasing Entity. No information regarding a Purchasing Entity's use of the Service may be disclosed, provided, rented or sold to any third party for any reason unless required by law or regulation or by an order of a court of competent jurisdiction.This obligation shall survive and extend beyond the term of this Master Agreement. 2. Data Protection: Protection of personal privacy and data shall be an integral part of the business activities of the Contractor to ensure there is no inappropriate or unauthorized use of Purchasing Entity information at any time.To this end, the Contractor shall safeguard the confidentiality, integrity and availability of Purchasing Entity information and comply with the following conditions: a.The Contractor shall implement and maintain appropriate administrative,technical and organizational security measures to safeguard against unauthorized access, disclosure or theft of Personal Data and Non-Public Data. Such security measures shall be in accordance with Page 458 of 580 recognized industry practice and not less stringent than the measures the Contractor applies to its own Personal Data and Non-Public Data of similar kind. b. All data obtained by the Contractor in the performance of the Master Agreement shall become and remain the property of the Purchasing Entity. c. All Personal Data shall be encrypted at rest and in transit with controlled access. Unless otherwise stipulated,the Contractor is responsible for encryption of the Personal Data. Any stipulation of responsibilities will identify specific roles and responsibilities and shall be included in the service level agreement (SLA), or otherwise made a part of the Master Agreement. d. Unless otherwise stipulated, the Contractor shall encrypt all Non-Public Data at rest and in transit.The Purchasing Entity shall identify data it deems as Non-Public Data to the Contractor. The level of protection and encryption for all Non-Public Data shall be identified in the SLA. e. At no time shall any data or processes — that either belong to or are intended for the use of a Purchasing Entity or its officers, agents or employees — be copied, disclosed or retained by the Contractor or any party related to the Contractor for subsequent use in any transaction that does not include the Purchasing Entity. f.The Contractor shall not use any information collected in connection with the Services issued from this Master Agreement for any purpose other than fulfilling the Services. 6. Notification of Legal Requests:The Contractor shall contact the Purchasing Entity upon receipt of any electronic discovery, litigation holds, discovery searches and expert testimonies related to the Purchasing Entity's data under the Master Agreement, or which in any way might reasonably require access to the data of the Purchasing Entity.The Contractor shall not respond to subpoenas, service of process and other legal requests related to the Purchasing Entity without first notifying and obtaining the approval of the Purchasing Entity, unless prohibited by law from providing such notice. 9.Access to Security Logs and Reports: Solely for DPT Services,the section of the DPT titled "Event Logging" shall apply. For clarity, Microsoft logs, or enables Customer to log, access and use of information systems containing Customer Data, registering the access ID, time, authorization granted or denied, and relevant activity. Microsoft shall allow Purchasing Entities reasonable self-service access to security information, latency data, and other related SaaS security data that affect this Contract and the Purchasing Entity's Data, at no cost to the Purchasing Entity.The parties recognize that the type of self- service access and security data made available to Purchasing Entities may be subject to change. 18. Business Continuity and Disaster Recovery: Solely for DPT Services, the following terms and conditions shall apply: Part 1: Data retention: Page 459 of 580 Customer Data will be processed and retained intact for the duration of Customer's subscription (including data retention period defined in the Online Services Terms document) as described in applicable Online Services documentation published by Microsoft. Processing will be, in accordance with Customer instructions provided in this enrollment and provided through end user and administrator actions and inactions during the use of the services Part 2: Data Recovery Procedures: -On an ongoing basis, but in no case less frequently than once a week (unless no Customer Data has been updated during that period), Microsoft maintains multiple copies of Customer Data from which Customer Data can be recovered. - Microsoft stores copies of Customer Data and data recovery procedures in a different place from where the primary computer equipment processing the Customer Data is located. - Microsoft has specific procedures in place governing access to copies of Customer Data. - Microsoft reviews data recovery procedures at least every six months. - Microsoft logs data restoration efforts, including the person responsible,the description of the restored data and where applicable, the person responsible and which data (if any) had to be input manually in the data recovery process. - In the event such Customer Data restoration activities are conducted and upon subsequent Customer request, Microsoft will make the forgoing information from such logs available to the State, provided that: i) information will be provided only where it can be extracted from system wide logging with commercially reasonable efforts; ii) Microsoft shall not be subject to an urgent timeframe for completion of the request (except as may be required by applicable law); and iii) any information in such logs which pertains to other Microsoft customers and their data, or would compromise the security of the DPT Services,will be withheld. For clarity, "data restoration efforts" does not include automated Customer Data recovery processes such as when one of Microsoft's datacenters is activated upon failure of another. Page 460 of 580 ATTACHMENT E-2 AWS PUBLIC SECTOR ACCESS POLICY https://www.pu blicsector.shidirect.com/CustomerServices/SH linfo.aspx?Contentid=93901 Page 461 of 580 ATTACH M ENT E-3 CA TERMS AND CONDITIONS - Placeholder Page 462 of 580 ATTACHMENT E-4 CITRIX TERMS AND CONDITIONS 1. SaaS Terms a. Definitions. (1) "Data Breach" means any actual or reasonably suspected non-authorized access to or acquisition of a Purchasing Entity's computerized (uploaded) Non-Public Data or Personal Data that compromises the security, confidentiality, or integrity of the Purchasing Entity's Non-Public Data or Personal Data, or the ability of Purchasing Entity to access such Non-Public Data or Personal Data. (2) "High Risk Data" is as defined in FIPS PUB 199, Standards for Security Categorization of Federal Information and Information Systems ("High Impact Data"). (3) "Moderate Risk Data" is as defined in FIPS PUB 199, Standards for Security Categorization of Federal Information and Information Systems ("Moderate Impact Data"). (4) "NASPO" means the National Association of State Procurement Officials. All references to the "NASPO Contract" shall mean the SHI and State of Utah Cooperative Contract No.AR2488 dated 9/30/2016. (5) "Non-Public Data" means uploaded High Risk Data and Moderate Risk Data that is not subject to distribution to the public as public information. It is deemed to be sensitive and confidential by the Purchasing Entity because it contains information that is exempt by statute, ordinance or administrative rule from access by the general public as public information. (6) "Participating Entity" means a state authorized under the NASPO Contract. (7) "Personal Data" means uploaded data alone or in combination that includes information relating to an individual that identifies the individual by name, identifying number, mark or description can be readily associated with a particular individual and which is not a public record. Personal Information may include the following personally identifiable information (PII): government-issued identification numbers (e.g., Social Security, driver's license, passport); financial account information, including account number, credit or debit card numbers; or Protected Health Information (PHI) relating to a person. (8) "Purchasing Entity" means a state, city, county, district, or other political subdivision of a state, and a nonprofit organization under the laws of some states if authorized by a Participating Addendum, who issues a purchase order against the NASPO Contract and becomes financially committed to the purchase. (9) "Security Incident" is defined as any situation where a Purchasing Entity's Non-Public Data and Personal Data is confirmed to be compromised in a manner that impacts the security or confidentiality of such Data. All other definitions are as set forth in Section 1 of Appendix A to this Attachment E-5, Citrix End User Services Agreement ("EUSA"). Page 463 of 580 b. Data Ownership.The Participating Entity will own all right, title and interest in its proprietary data that is uploaded to the Services provided through this Amendment. Citrix shall not access Participating Entity user accounts or Participating Entity data, except (1) in the course of providing or improving the Services, (2) in response to service or technical issues, (3) as required by the express terms of this Amendment, or(4) at the Participating Entity's written request. Citrix shall not collect, access, or use user-specific Participating Entity Data except as strictly necessary to provide Service to the Participating Entity. No information regarding a Participating Entity's use of the Service may be disclosed, provided, rented or sold to any third party for any reason unless required by law or regulation or by an order of a court of competent jurisdiction.This obligation shall survive and extend beyond the term of this Agreement. c. Data Protection. Protection of Non-Public Data and Personal Data in the Services shall be an integral part of the business activities of Citrix to guard against inappropriate or unauthorized use of Participating Entity information at any time.To this end, Citrix shall safeguard the confidentiality, integrity and availability of Participating Entity information in accordance with industry standards pursuant to the following: (1) Citrix shall implement and maintain appropriate administrative, technical and organizational security measures to safeguard against unauthorized access, disclosure or theft of Personal Data and Non-Public Data. Such security measures shall be in accordance with recognized industry practice and not less stringent than the measures Citrix applies to the Services for protection of its own Personal Data and Non-Public Data of similar kind. (2) All uploaded, proprietary Participating Entity data obtained by Citrix in the performance of this Agreement shall remain the property of the Participating Entity. (3) At no time shall any data or processes — that either belong to or are intended for the use of a Participating Entity or its officers, agents or employees — be copied, disclosed or retained by Citrix or any party related to Citrix for subsequent use in any transaction that does not include the Participating Entity. (4) Citrix shall not use any Personal Data and Non-Public Data collected in connection with the Services issued from this Agreement for any purpose other than fulfilling the Services. Notwithstanding the foregoing, the parties agree that Citrix does not require access to any Personal Data for the Services provided hereunder, and Citrix requests that Participating Entity not disclose any such information to Citrix. d. Data Location.Storage of uploaded Participating Entity data at rest shall be located solely in data centers in the U.S. Citrix shall not allow its personnel or Partners to store Participating Entity data on portable devices, including personal computers, except for devices that are used and kept only at its U.S. data centers. Citrix shall permit its personnel and Partners to access Participating Entity data remotely only as required to provide technical support and Services.The Partner may provide technical user support on a 24/7 basis using a Follow the Sun model. Page 464 of 580 e. Security Incident or Data Breach Notification. (1) Incident Response: Citrix may need to communicate with outside parties regarding a security incident, which may include contacting law enforcement, fielding media inquiries and seeking external expertise as mutually agreed upon or defined by law. Discussing security incidents with the Participating Entity should be handled on an urgent as-needed basis, as part of Citrix's communication and mitigation processes as defined by law. (2) Security Incident Reporting Requirements: Citrix shall report a security incident involving the Participating Entity's uploaded data to the Participating Entity identified contact within seventy-two (72) hours of Partner's knowledge of same or promptly without out unreasonable delay. (3) Breach Reporting Requirements: If Citrix has actual knowledge of a confirmed data breach involving the Participating Entity's uploaded data that affects the security of any Participating entity's content that is subject to applicable data breach notification law, Citrix shall (1)within seventy- two hours of its knowledge of same or promptly without out unreasonable delay notify the Participating Entity, unless shorter time is required by applicable law, and (2) take commercially reasonable measures to address the data breach in a timely manner, where applicable. f. Notification of Legal Requests.Citrix shall contact the Participating Entity upon receipt of any electronic discovery, litigation holds, discovery searches and expert testimonies related to the Participating Entity's data under this Amendment, or which in any way might reasonably require access to the data of the Participating Entity. Citrix shall not respond to subpoenas, service of process and other legal requests related to the Participating Entity without first notifying and obtaining the approval of the Participating Entity, unless prohibited by law from providing such notice. g.Termination and Suspension of Service. (1) In the event of a termination of this Amendment or Participating Entity's NASPO participation, Citrix shall implement an orderly return of Participating Entity's uploaded data in a mutually agreeable format at a time agreed to by the parties or allow the Participating Entity to extract it's data and the subsequent secure disposal of Participating Entity's data. (2) During any period of Service suspension, Citrix shall not take any action to intentionally erase or otherwise dispose of any of the Participating Entity's data. (3) In the event of termination of any Services or this Amendment in entirety, Citrix shall not take any action to intentionally erase Participating Entity's data for a period of 30 days after the effective date of termination. After such period, Citrix shall have no obligation to maintain or provide any Participating Entity's data and shall thereafter, unless legally prohibited, delete all Participating Entity's data in its systems or otherwise in its possession or under its control. (4) Subject to Section 4.3 of Attachment 1, the Participating Entity shall be entitled to any post termination assistance generally made available with respect to the Services. (5) Upon termination of the Services or this Amendment in its entirety, Citrix shall promptly return or securely dispose of all Participating Entity's data in all of its forms, such as disk, CD/ DVD, backup tape and paper, unless stipulated otherwise by the Participating Entity. Data shall be permanently deleted and shall not be recoverable, according to National Institute of Standards and Page 465 of 580 Technology(NIST)-approved methods. Certificates of destruction shall be provided to the Participating Entity upon request. h. Background Checks. Citrix performs reasonable pre-employment background checks on its employees and requires its subcontractors to do the same, including, but not limited to, identification of all state or federal misdemeanor or felony convictions of such individual during the preceding seven (7)years. Upon the request of the Participating Entity and at Participating Entity's sole expense, Citrix will cooperate with obtaining consent of assigned personnel for additional criminal background checks. Consent by any individual is completely voluntary, and requirements for checks may cause project or service delays. i. Access to Security Logs and Reports. Upon reasonable request and for good cause, Citrix shall provide security logs and reports reports relating to Participant's uploaded datain a format as used by Citrix for its own analyses. . j. Change Control and Advance Notice. Updates (as defined in Section 1.14 of Attachment 1)will be provided in accordance with the Citrix Service Descriptions as found at https://www.citrix.com/buy/I icensi ng/saas-service-descri ptio ns.html. k. Security. Citrix represents and warrants that it will take reasonable steps, consistent with industry standards, to inspect the Services for the presence of unauthorized code, and remove any unauthorized code found. "Self-help code" does not include product routines in a computer program, if any, designed to permit a licensor of the computer program (or other person acting on authority of the licensor)to obtain access to a licensee's computer system(s) (e.g., remote access via modem)for purposes of authorized maintenance or technical support. "Unauthorized code" means any virus, Trojan horse, worm or other product routine designed to permit unauthorized access; to disable, erase, or otherwise harm product, hardware, or data; or to perform any other such actions. Participating Entity's exclusive remedy for violation of this warranty shall be repair or replacement of the relevant product." I. Non-disclosure. Citrix shall limit staff knowledge of Participating Entity data to that which is necessary to perform job duties. M. Import and Export of Data.The Participating Entity shall have the ability to upload or download its data in piecemeal or in entirety at its discretion without interference from t Citrix at any time during the term of Services.This includes the ability for the Participating Entity to upload or download data to/from other Partners. Upon request, Citrix shall specify if Participating Entity is required to provide its' own tools for this purpose, including the optional purchase of Citrix tools, if and as available, if Citrix applications are not able to provide this functionality directly. n. Responsibilities. Citrix shall be responsible for the the Services being provided.The technical and professional activities required for establishing, managing and maintaining the environments are the responsibilities of Citrix, subject to the provisions of Section 5.2 of Attachment 1.. o. Business Continuity and Disaster Recovery. Upon request, Citrix shall provide a copy of its corporate business continuity and disaster recovery plan. Page 466 of 580 p.Compliance with Accessibility Standards. Citrix shall comply with and adhere to Accessibility Standards of Section 508 Amendment to the Rehabilitation Act of 1973. q.Subscription Terms. Citrix grants to a Participating Entity a license to: (i) access and use the Services for its business purposes; (ii)view, copy, upload and download (where applicable), and use Citrix's documentation, in accordance with the EUSA. r. Limitation of Liability. Notwithstanding these additional terms and conditions of paragraph 5, Participating Entity's purchase and use of Services, and care of all classes of Participating Entity's data, shall be subject to all terms of the EUSA, including but not limited to, the limitation of liability in the EUSA. All classes of Participating Entity's data shall be Customer Content under the EUSA. Page 467 of 580 ATTACHMENT E-4 APPENDIX A CITRIX END USER SERVICES AGREEMENT("EUSA") Last Revised:October 24, 2016 CITRIXTERMS OF SERVICE THIS IS A LEGAL AGREEMENT BETWEEN CUSTOMER AND CITRIX. BY ACCESSING AND/OR USING THE SERVICES, CUSTOMER IS AGREEING, ON BEHALF OF AN INDIVIDUAL AND/OR A LEGAL ENTITY, TO BE BOUND BY THE TERMS OF THIS AGREEMENT. 1. DEFINITIONS. As used in the Agreement, the following defined terms shall apply: 1.1. Affiliate means, with respect to a party, any entity which directly or indirectly controls, is controlled by, or is under common control with such party, where "control" means the power, directly or indirectly, to direct, or to cause the direction of, the management and policies of an entity, through majority ownership of voting securities or equity interests. 1.2. Agreement means these Terms of Service, the Service Descriptions, and any other documents incorporated herein by reference. 1.3. Citrix means the providing Citrix entity specified at https://www.citrix.com/buy/licensing/citrix- providing-entities.html. 1.4. Citrix Marks means any name, logo, or mark belonging to Citrix or its Affiliates. 1.5. Customer means the legal entity or individual that has ordered any Services from Citrix. 1.6. Customer Content means any files, documents, recordings and other information belonging to Customer, users or others as uploaded to Customer's account for storage and/or used, presented or shared in connection with the Services, and is not related to Citrix servicing or accessing Customer's account. 1.7. Fees means all Citrix fees applicable to the Services. 1.8. Open Source Software means third party software distributed by Citrix under an open source licensing model (e.g., the GNU General Public License, BSD or a license similar to those approved by the Open Source Initiative). 1.9. Order or Services Order means any initial or subsequent ordering document and/or online request for access to the Services submitted to Citrix, a Citrix authorized reseller and/or through Citrix product websites. 1.10. Privacy Policy means Citrix Privacy Policy at http://www.citrix.com/about/legal/privacy.html, and any privacy policy applicable to a specific Service, if any, which may be viewed by clicking the applicable "Privacy Policy" link listed in such Service Description. 1.11. Services means the generally available Citrix software-as-a-service offerings ("SaaS Services"), including any components provided with them, and Updates, all as further described in the Service Descriptions. Services availability is subject to the Citrix product lifecycle policy on www.citrix.com. Citrix may update the Services with Updates at any time in its sole discretion, and all Services set forth in the Services Descriptions may not be available to all Customers. Page 468 of 580 1.12. Service Descriptions means the overview and other terms applicable to the Services, as amended from time to time, as found at https://www.citrix.com/buy/licensing/saas-service-descriptions.html. 1.13. Taxes means all applicable transactional taxes on Services (including but not limited to withholding tax, sales tax,services tax, value-added tax(VAT),goods and services tax(GST), and tariffs and/or duties) imposed by any government entity or collecting agency based on the Services. Taxes shall not include those taxes based on Citrix' net income, and/or those taxes for which Customer has provided a valid certificate confirming Customer is exempt. 1.14. Updates means any corrections, bug fixes, new features or functions added to or removed from the Services, but shall not include any new Service(s)version(s)that Citrix markets and sells separately. 1.15. Use Level means the model by which Citrix measures, prices and offers the Services to Customer as set forth on the applicable price list, websites, Order, and/or Service Description. 2. RIGHTS. 2.1. Right to Use Service for Business.Subject to these terms, Citrix will provide the Services set forth in any Order that Citrix has accepted for Customer's use in accordance with the Agreement and applicable Use Levels. Customer acknowledges that Services are not intended for use by consumers. Customer may use Services only for business and professional purposes. Citrix hereby grants to Customer a limited, personal, non-exclusive, non-transferable, non-sublicensable right to use any components provided as may be required to access and use the Services during the Term in accordance with the Agreement. Technical support for the Services is provided as set forth in the applicable Service Description. Updates to the Services are included in the Fees. Customer shall use the then-current version of the Services, including any Updates, as made available by Citrix. To the extent that Affiliates use the Services, Customer warrants that it has the authority to bind under this Agreement those Affiliates. Customer will be liable to Citrix in the event any Affiliate fails to comply with any term or condition of this Agreement. 2.2. Limitations on Use. Except to the extent permitted by applicable law, Customer agrees, on behalf of itself and its users, not to (i) modify, distribute, prepare derivative works of, reverse engineer, reverse assemble, disassemble, decompile or attempt to decipher any code relating to the Services and/or Citrix technology; (ii)knowingly or negligently access or use the Services in a manner that abuses or disrupts the Citrix networks, security systems, user accounts, or Services of Citrix or any third party, or attempt to gain unauthorized access to any of the above through unauthorized means, (iii)transmit through or post on the Services any material that is deemed abusive, harassing, obscene, slanderous, fraudulent, libelous or otherwise objectionable or unlawful; (iv) market, offer to sell, and/or resell the Services alone, except pursuant to a Citrix resale program; (v) use the Services to send unsolicited or unauthorized advertising, junk mail, or spam; (vi) harvest, collect, or gather information or data regarding other users without their consent unless permitted by applicable law; (vii)transmit through or post on the Services any material that may infringe the intellectual property rights or other rights of third parties, including, without limitation, trademark, copyright, data privacy or right of publicity; (viii) transmit or post on the Services any material that contains software viruses or other harmful or deleterious computer code, files or programs; (ix) if the Customer is a Citrix competitor for the relevant Services, use the Services directly or indirectly for competitive benchmarking or other competitive analysis, unless permitted under applicable law; (x)submit to, or store in the Services, any Protected Health Information ("PHI") unless Customer has complied with Section 5.1 below; or (xi) make any representations with respect to Citrix or this Agreement (including, without limitation, that Citrix is a warrantor or co-seller of any of Customer's products and/or services). Furthermore Customer shall not offer to sell or resell the Services, but the Services may be used by Customer in support of Customer's service offering(s). Except for Infringement Claims, Customer agrees to indemnify and hold Citrix harmless against any third party claim and/or liability resulting from Customer's use of the Services. THE SERVICE DESCRIPTION FOR THE INDIVIDUAL SAAS SERVICES MAY CONTAIN ADDITIONAL RESTRICTIONS. 2.3. Proprietary Rights. Except for the limited subscription rights granted herein, Customer has no right, title or interest in or to the Citrix Marks or Services or any components provided by Citrix in connection with the Services or any intellectual property rights related thereto. Customer acknowledges that Citrix or its licensors retain all proprietary right, title and interest in and to, or practiced in connection with, the Citrix Marks and the Services and any components, including,without limitation, all modifications, enhancements, Page 469 of 580 derivative works, configuration, translations, upgrades and interfaces thereto. 2.4. Citrix Marks. Unless expressly authorized under the terms of this Agreement, Customer agrees that it shall not use, register or apply for registration of any trademark, service mark, business name, company/trade name, domain name or social media account name or handle which is comprised of or incorporates in whole or in part any Citrix Mark, or is otherwise confusingly similar to a Citrix Mark. In the event of any breach of this provision, Customer agrees that it will do all things necessary to effect the transfer of any such same or similar trademark, service mark, business name, company/trade name, domain name or social media account name or handle to Citrix, including but not limited to executing assignment documentation. Except as expressly granted herein, no license regarding the use of Citrix copyrights, patents, trademarks, service marks or company/trade names is granted or will be implied. For any authorized use of the Citrix Marks, Customer represents that it has reviewed and will adhere to Citrix' Trademark & Copyright Guidelines, available at https://www.citrix.com/about/legal/brand-guidelines.html, and incorporated herein by reference and as may be periodically updated by Citrix. 3. ORDERS, FEES AND PAYMENT. 3.1. Orders. Customer may order Services using the Citrix then-current ordering processes. All Orders are subject to acceptance by Citrix in its discretion. All Customer information provided by or on behalf of Customer must be current, complete and accurate, and Customer is responsible for keeping such information updated. Order information is subject to automatic processing by Citrix for the purposes of managing Customer's account. 3.2. Fees, Taxes and Payment. Customer is responsible for all Fees and Taxes. If Customer fails to pay Taxes, Customer agrees to reimburse Citrix for any such Taxes assessed against Citrix and indemnify and hold Citrix harmless against any other claim, liability and/or penalties resulting therefrom.All purchases are final with no right to a refund, except as expressly provided under the warranty or the infringement indemnification terms of this Agreement. 3.3. Additional Services. Customer may order additional Services at any time.Additional Services may not be available on a coterminous basis with previously ordered Services. 3.4. Late Payments. Citrix reserves the right, in its discretion, to (i) suspend or terminate the Services or any portion thereof for non-payment of Fees, and (ii) impose a charge to restore archived data from delinquent accounts. 4. TERM AND TERMINATION. 4.1. Term. The terms of this Agreement shall apply for the period of Services set forth under accepted Orders, or if none, for the period of paid or trial subscription. 4.2. Termination for Cause. Either party may terminate the Agreement or a specific Services if the other party breaches any of its material obligations under the Agreement, or as to the specific Services, and fails to cure within thirty(30)days of receipt of written notice from the non-breaching party, and either party may immediately terminate the Agreement if the other party becomes insolvent or bankrupt, liquidated or is dissolved, or ceases substantially all of its business. Citrix may immediately terminate the Agreement if the Customer breaches Sections 2, 5 or 6. 4.3. Effect of Termination. Upon termination of the Agreement or affected specific Services, Customer will immediately discontinue all access and use of all Services under the Agreement or the specific Services. Citrix has no obligation to maintain Customer Content following termination, subject to compliance with applicable law. Subject to availability and the applicable Service Description, Customer shall have thirty (30) days to download Customer Content after termination and must contact Citrix technical support for download access and instructions. Neither party shall be liable for any damages resulting from termination of the Agreement, including without limitation unavailability of Customer Content arising therefrom; provided, however,termination shall not affect any claim arising prior to the effective termination date. Citrix shall have the right to invoice Customer and Customer agrees to pay for any use of the Services past the date of expiration or termination. 4.4. Survival. The provisions of Sections 3 (Fees),4.3 (Effect of Termination), 5 (Customer Content and Customer Accounts), 8 (Indemnification), 9 (Limitation of Liability), and 10.15 (Notices) shall survive any Page 470 of 580 termination of the Agreement. 5. CUSTOMER CONTENT AND CUSTOMER ACCOUNTS. 5.1. Customer Content. Customer retains all rights to any and all of its Customer Content, subject to a non- exclusive, worldwide, royalty-free, license to Citrix as necessary to provide the Services hereunder. Citrix shall not own any data, content, information or material in such Customer Content. Each party shall apply reasonable technical,organizational and administrative security measures to keep Customer Content protected in accordance with industry standards, and Customer shall retain a current copy of Customer Content outside the Services. Citrix will not monitor Customer's or its users' use of the Services, and Citrix will not view, access or process any Customer Content, except: (i)as necessary for providing or improving the Services, (ii) as directed or instructed by Customer and its users, and/or (iii)for compliance with Citrix policies, applicable law, regulation, or governmental request. Customer shall comply with all intellectual property laws related to the Customer Content and legal duties applicable to Customer as a data controller by virtue of the submission or storage of Customer Content within the Services, including providing all information or notices Customer is required by law to provide to users and obtain consent of the users, where required. Customer and its users shall not submit to or store in any Services any Customer Content that is governed by US International Traffic in Arms Regulations (ITAR)or similar regulations of any country that restricts import or export of defense articles or defense services. Customer and its users shall not submit to or store any personal health information ("PHI")in any Services, unless Customer has specifically purchased a Service identified in the applicable Service Description as intended for retention of PHI, notified Citrix at privacy@sharefile.com, and entered into the applicable Business Associate Agreement(BAA)with Citrix at least thirty (30)days in advance of any PHI upload. Citrix has no obligation to maintain Customer Content following expiration of a subscription to the affected Services. Subject to availability and the applicable Service Description, Customer shall have thirty (30) days to download Customer Content after expiration, and must contact Citrix technical support for download access and instructions. Notwithstanding anything in this Agreement to the contrary, this Section expresses the entirety of Citrix' obligations with respect to Customer Content. 5.2. Customer Accounts. Customer is solely responsible for (i) the configuration of Customer's Services account, (ii) the operation, performance and security of Customer's equipment, networks and other computing resources used to connect to the Services, (iii)ensuring all users exit or log off from the Services at the end of each session, (iv) maintaining the confidentiality of Customer's accounts, user id's, conference codes, passwords and/or personal identification numbers used in conjunction with the Services, and (v) all uses of the Services by Customer and its users. Citrix reserves the right to suspend the Services or terminate the Agreement if Customer misuses or otherwise shares login information among users. Customer will notify Citrix immediately of any unauthorized use of its account or any other breach of security. Citrix will not be liable for any loss that Customer may incur as a result of a third party using Customer's password or account. Citrix reserves the right to review Customer's account to the extent necessary to confirm compliance with applicable Use Levels and this Section 5.2, and to terminate or suspend Customer's access for overuse and/or misuse. Customer agrees to pay for any overage in excess of permitted Use Levels. 6. COMPLIANCE WITH LAWS. In connection with the performance, access and use of the Services under the Agreement, each party agrees to comply with all laws, rules and regulations including, but not limited to, export and import, data protection, and privacy laws and regulations applicable to that party. Specifically, without limiting the generality of the foregoing, Customer shall provide the relevant persons and/or participants with all information or notices Customer is required by applicable privacy and data protection laws to provide and, if necessary,obtain the consent of or provide choices to such persons and/or participants as required. Citrix may cooperate with applicable government authorities with respect to the Services and Citrix provision of such Services to Customers. 7. WARRANTIES AND WARRANTY DISCLAIMER. CITRIX WARRANTS THAT THE SERVICES, INCLUDING WITHOUT LIMITATION ANY COMPONENTS DELIVERED WITH SERVICES, WILL MATERIALLY CONFORM TO THE SERVICE DESCRIPTIONS. CITRIX DOES NOT REPRESENT OR WARRANT THAT(1)THE USE OF SUCH SERVICES WILL BE TIMELY, UNINTERRUPTED OR ERROR FREE, OR OPERATE IN COMBINATION WITH ANY OTHER HARDWARE, SOFTWARE, SYSTEM OR DATA, (11)SUCH SERVICES WILL MEET CUSTOMER'S REQUIREMENTS OR EXPECTATIONS, OR(III) Page 471 of 580 ALL ERRORS OR DEFECTS WILL BE CORRECTED. CITRIX' ENTIRE LIABILITY AND CUSTOMER'S EXCLUSIVE REMEDY UNDER THIS WARRANTY WILL BE, AT CITRIX' SOLE OPTION AND SUBJECT TO APPLICABLE LAW, TO PROVIDE CONFORMING SERVICES, INCLUDING REPLACEMENT COMPONENTS AS REQUIRED, OR TO TERMINATE THE NON-CONFORMING SERVICES, AND PROVIDE A PRO-RATED REFUND OF ANY PREPAID FEES FROM THE PERIOD OF NON- CONFORMANCE THROUGH THE END OF THE REMAINING TERM. TO THE EXTENT PERMITTED BY APPLICABLE LAW, CITRIX DISCLAIMS ALL OTHER WARRANTIES AND CONDITIONS, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING ANY EXPRESS OR IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF CERTAIN WARRANTIES AND CONDITIONS, THEREFORE SOME OF THE ABOVE EXCLUSIONS MAY NOT APPLY TO CUSTOMERS LOCATED IN SUCH JURISDICTIONS. THE SERVICE DESCRIPTIONS MAY CONTAIN ADDITIONAL LIMITED WARRANTIES AND/OR WARRANTY DISCLAIMERS APPLICABLE TO INDIVIDUAL SAAS SERVICES. 8. INDEMNIFICATION. 8.1. Indemnification by Citrix. Subject to Sections 8.2. and 8.3. below, Citrix shall indemnify and defend Customer against any third party Infringement Claim, and pay reasonable attorneys' fees, court costs, damages finally awarded, or reasonable settlement costs with respect to such Infringement Claim; provided that: (i)Customer promptly notifies Citrix in writing of an Infringement Claim such that Citrix is not prejudiced by any delay of such notification; (ii) Citrix will have sole control over the defense and any settlement of any Infringement Claim; and (iii) Customer will provide reasonable assistance in the defense of same subject to reimbursement by Citrix for reasonable expenses incurred in providing such assistance. For the purposes of these terms, "Infringement Claim" means any claim, suit or proceeding brought against a Customer based on an allegation that the Services, excluding any Open Source Software included in any software components distributed to Customer or used in conjunction with the Services, as delivered by Citrix, infringes upon any patent or copyright or violates any trade secret rights of any third party. 8.2. Infringement Cures. If Customer's use of any of the Services is, or in Citrix' opinion is likely to be, enjoined as a result of an Infringement Claim, Citrix shall, at its sole option and expense, either (i) procure for Customer the right to continue to use the Services as contemplated herein, or(ii) replace or modify the Services to make their use non-infringing without degradation in performance or a material reduction in functionality. If options (i) and (ii) above are not reasonably available, Citrix may, in its sole discretion and upon written notice to Customer, terminate this Agreement, cancel access to the Services and refund to Customer any prepaid, but unused Fees. 8.3. Limitation. Citrix assumes no liability, and shall have no liability, for any Infringement Claim based on (i)Customer's access to and/or use of the Services following notice of an Infringement Claim; (ii) any modification of the Services by Customer or at its direction; (iii) Customer's combination of the Services with third party programs, services, data, hardware, or other materials; or (iv) any trademark or copyright infringement involving any marking or branding not applied by Citrix or involving any marking or branding applied at Customer's request. 8.4. Exclusive Remedy. THE FOREGOING STATES CITRIX SOLE LIABILITY AND CUSTOMER'S EXCLUSIVE REMEDY WITH RESPECT TO ANY INFRINGEMENT CLAIM HEREUNDER. 9. LIMITATION ON LIABILITY. NEITHER PARTY SHALL BE LIABLE TO THE OTHER PARTY OR TO ANY OTHER PERSON FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL OR INCIDENTAL LOSS, EXEMPLARY OR OTHER DAMAGES, WHETHER DIRECT OR INDIRECT, ARISING OUT OF OR RELATING TO: (i) LOSS OF DATA, (ii) LOSS OF INCOME, (iii) LOSS OF OPPORTUNITY, (iv) LOST PROFITS, (v)COSTS OF RECOVERY OR ANY OTHER DAMAGES, HOWEVER CAUSED AND BASED ON ANY THEORY OF LIABILITY, INCLUDING, BUT NOT LIMITED TO, BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), OR VIOLATION OF STATUTE, WHETHER OR NOT SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME JURISDICTIONS DO NOT ALLOW LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO SOME OF THE ABOVE LIMITATIONS MAY NOT APPLY. EXCEPT FOR (a) A PARTY'S INDEMNIFICATION OBLIGATIONS (b) A BREACH BY CUSTOMER OF SECTIONS 2 OR 5, AND TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE TOTAL CUMULATIVE LIABILITY OF EITHER Page 472 of 580 PARTY AND THEIR RESPECTIVE LICENSORS AND SUPPLIERS ARISING OUT OF THIS AGREEMENT AND/OR THE TERMINATION THEREOF, SHALL BE LIMITED TO THE SUM OF THE AMOUNTS PAID FOR THE APPLICABLE SERVICE DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE INCIDENT GIVING RISE TO THE LIABILITY. THE FOREGOING SHALL NOT LIMIT CUSTOMER'S OBLIGATIONS TO PAY ANY FEES AND/OR OTHER SUMS DUE UNDER ANY ORDER. THE SERVICE DESCRIPTIONS MAY CONTAIN ADDITIONAL LIMITATIONS OF LIABILITY APPLICABLE TO CITRIX THAT RELATED TO INDIVIDUAL SAAS SERVICES. 10. ADDITIONAL TERMS. 10.1. European Union Customers. The provisions of this Section 10.1 shall apply only to Customers residing in the European Union. If Customer desires to enter into standard contractual clauses with Citrix as it relates to the processing of Customer information by Citrix, Customer may request a Data Processing Addendum ("DPA") by submitting a DPA Request Form, and Citrix will provide Customer with a DPA for execution. 10.2. U.S. Government End-Users. If Customer is a U.S. Government agency, Customer hereby acknowledges and agrees that the software being accessed through Services, as well as any software that is downloaded by any Customer end user in connection with the Service, constitutes "Commercial Computer Software" as defined in Section 2.101 of the Federal Acquisition Regulation ("FAR"), 48 CFR 2.101. Therefore, in accordance with Section 12.212 of the FAR (48 CFR 12.212), and Sections 227.7202- 1 and 227.7202-3 of the Defense Federal Acquisition Regulation Supplement ("DFARS") (48 CFR 227.7202-1 and 227.7202-3), the use, duplication, and disclosure of the software and related Documentation by the U.S. Government or any of its agencies is governed by, and is subject to, all of the terms, conditions, restrictions, and limitations set forth in this Agreement. If, for any reason, FAR 12.212 or DFARS 227.7202-1 or 227.7202-3 or these license terms are deemed not applicable, Customer hereby acknowledges that the Government's right to use, duplicate, or disclose the software and related Documentation are "Restricted Rights" as defined in 48 CFR Section 52.227- 14(a) (May 2014)or DFARS 252.227-7014(a)(15) (Feb 2014), as applicable. Manufacturer is Citrix Systems, Inc., 851 West Cypress Creek Road, Fort Lauderdale, Florida 33309. 10.3. Services Trial. Citrix may make the Services available to Customer for a limited period of time on a demonstration or trial basis ("Trial Period"), as specified in the applicable Order. The Trial Period shall terminate (i)at the end of the stated Trial Period, or(ii) if no such date is specified, thirty(30)days from the date of Customer's initial access to the Services. Following expiration of the Trial Period, the Services will cease or automatically continue as specified in the Order unless cancelled by Customer, and Customer is responsible for payment of the applicable Fees set forth in the Order. During the Trial Period, CITRIX PROVIDES THE SERVICES "AS IS" AND WITHOUT WARRANTY OR INDEMNITY, TO THE EXTENT PERMITTED BY LAW, AND ALL OTHER TERMS OF THIS AGREEMENT OTHERWISE APPLY. Citrix reserves the right to modify or discontinue any trials or promotions at any time without notice. 10.4. Beta, Tech Preview or Labs Services. CUSTOMER ACKNOWLEDGES THAT BETA, TECH PREVIEW OR LABS SERVICES ARE OFFERED "AS-IS", WITHOUT WARRANTY, LIABILITY OR INDEMNITY OF ANY KIND BY CITRIX. SUCH SERVICES MAY CONTAIN BUGS, ERRORS AND OTHER DEFECTS. Citrix does not make any representations, promises or guarantees that such Services will be publicly announced or made generally available. Citrix has no obligation to provide technical support or continued availability, and such Services can be suspended or terminated at any time by Citrix in its sole discretion with or without notice to Customer. Customer may be asked to provide feedback regarding Customer's experience and use ("Feedback"). Customer acknowledges and expressly agrees that any contribution in the form of services, suggestions, ideas, reports, listing of defects or deficiencies, expenditures, logs or otherwise by Customer to any such improvements, updates, modifications or enhancements shall not give or grant Customer any right, title or interest in any such Feedback. Customer agrees to allow Citrix to incorporate into any commercial product or offering derived any suggested Feedback of any kind, without compensation or accounting and without retention by Customer of any proprietary claim. With respect to the Beta or Labs Services, these terms supersede any conflicting terms and conditions in the Agreement, but only to the extent necessary to resolve conflict. 10.5. Third Party Features. The Services may be linked to third party sites or applications ("Third Party Services"). Citrix does not endorse, warrant or control such Third Party Services and is not responsible for Page 473 of 580 the legality, quality, accuracy, reliability, or availability of any Third Party Services. Customer has sole discretion whether to purchase or connect to any Third Party Services. Customer's use of Third Party Services is governed solely by the terms relating to such Third Party Services. Citrix is not liable for and makes no representations related thereto, including without limitation, content or the manner in which Third Party Services handle content and/or customer data. 10.6. Copyright. In the event Customer believes that the Services have been used in a manner that constitutes copyright infringement, Customer shall notify Citrix in writing at: Legal Department, Citrix Systems, Inc., 851 W Cypress Creek Road, Ft. Lauderdale, FL 33309 USA, and provide all of the following information, as required by the Digital Millennium Copyright Act ("DMCA"): (i) a statement that Customer has identified content in the Services that infringes a copyright of a third party for whom Customer is authorized to act; (ii) a description of the copyrighted work Customer claims has been infringed; (iii) a specific description of where the allegedly infringing material is located in the Services, including a URL or exact description of the content's location; (iv) Customer's name, address, telephone number, and e-mail address; (v) a statement that Customer has a good faith belief that the disputed use of the copyrighted material is not authorized by the copyright owner, its agent, or the law (e.g., as a fair use); (vi)a statement that, under penalty of perjury, the information in Customer's notice is accurate and that Customer is authorized to act on behalf of the owner of the exclusive right that is allegedly infringed; and (vii)Customer's electronic or scanned physical signature. Citrix reserves the right to delete or disable allegedly infringing content, to terminate the accounts of users who are repeat infringers, and to forward the information in the copyright-infringement notice to the user who allegedly provided the infringing content. 10.7. Consent to Use Data. Customer agrees that Citrix may collect and use data and related information, including, but not limited to, technical information about devices, systems, related software, services, or peripherals associated with Customer's use of the Services (excluding Customer Content). Data collected may be used for purposes of facilitating the provision of software updates, license authentication, support, analytics and other purposes consistent with the Citrix Privacy Policy at http://www.citrix.com/about/legal/privacy.html. By using the Services or Citrix websites, Customer agrees to the Citrix Privacy Policy and use of cookies which Citrix uses to facilitate use of the Services and website. 10.8. Suspension of Service. Citrix may temporarily suspend the Services if Citrix determines, in its sole discretion,that continued provision would compromise the security of the Services due to,without limitation, hacking attempts, denial of service attacks, mail bombs or other malicious activities, and Citrix will take action to promptly resolve any such security issues. Citrix agrees to notify Customer of any such suspension and subsequent reactivation of the Services. 10.9. High-Risk Use. Customer acknowledges that the Services are not designed or intended for access and/or use in or during high-risk activities, including but not limited to: medical procedures; on-line control of aircraft, air traffic, aircraft navigation or aircraft communications; or the design, construction, operation or maintenance of any nuclear facility. 10.10. Recordings. Certain Services provide functionality that allows a Customer to record and/or store, use, transfer and/or present audio and/or data recordings and/or videos. Customer is solely responsible for complying with all federal, state, and local laws in the relevant jurisdiction when using this functionality. Citrix expressly disclaims all liability with respect to Customer's recording, storage, use, transfer and/or presentation of audio or shared data while using the Services, and Customer releases and agrees to hold Citrix harmless from and against any damages or liabilities related to this functionality. 10.11. Voice and Data Charges; Customer Connectivity. Customer is responsible for all fees and charges imposed by Customer's telephone carriers, wireless providers, and other voice and/or data transmission providers arising out of access to and use of the Services. If Customer's broadband connection and/or telephone service fails, or Customer experiences a power or other failure or interruption, the Services may also cease to function for reasons outside of Citrix' control. STANDARD DATA FEES AND TEXT MESSAGING RATES MAY APPLY BASED ON CUSTOMER'S PLAN WITH ITS MOBILE PHONE OR OTHER APPLICABLE CARRIER. As mobile access and text message delivery is subject to Customer's mobile carrier network availability, such access and delivery is not guaranteed. 10.12. Assignment. Customer may not assign its rights or delegate its duties under this Agreement either in whole or in part without Citrix prior written consent, except that Customer may assign this Agreement as part of a corporate reorganization, consolidation, merger, or sale of all or substantially all of its assets, Page 474 of 580 provided that the assignee abides by these terms. Any attempted assignment in violation of the foregoing shall be void. This Agreement will bind and inure to the benefit of each party's successors or permitted assigns. 10.13. Export Restriction. Customer acknowledges that the Services are subject to U.S., foreign, and international export controls and economic sanctions laws and regulations and agrees to comply with all such applicable laws and regulations, including, but not limited to, the U.S. Export Administration Regulations ("EAR") and regulations promulgated by the U.S. Department of the Treasury's Office of Foreign Assets Control ("OFAC"). Customer also specifically agrees not to, directly or indirectly, allow access to or use of the Services in embargoed or sanctioned countries/regions, by sanctioned or denied persons, or for prohibited end-uses under U.S. law without authorization from the U.S. government. 10.14. Audit. Not more frequently than annually and at Citrix' expense, Citrix may audit Customer's use of any Service, including without limitation on-premises components provided with the Services. If an audit reveals that Customer has underpaid fees for any Services, in addition to other remedies provided for herein, Customer shall be invoiced for such underpaid fees. If the underpaid fees exceed ten percent(10%) of the Fees paid, then Customer shall also pay Citrix' reasonable costs of conducting the audit. 10.15. Notices. All legal notices required under this Agreement shall be in writing and delivered in person or by certified or registered express mail to the address last designated on the account for Customer, and the Citrix contracting entity as specified below, or such other address as either party may specify by notice to the other party as provided herein. Notice shall be deemed given (i) upon personal delivery; (ii) if delivered by air courier or email, upon confirmation of receipt; or (iii) five (5) days after deposit in the US mail. Non-legal notices may be provided to the email address specified on the applicable Order and shall be deemed effective on the next business day following the date and time stamp on the sender's email. Citrix may also provide Customer with notice postings on the Citrix website. A copy of all Customer legal notices must also be sent to Legal Department, Citrix Systems, Inc., 851 W Cypress Creek Road, Ft. Lauderdale, FL 33309 USA. 10.16. Entire Agreement; Order of Precedence. The Agreement sets forth the entire agreement and understanding of the parties relating to the Services and supersedes all prior and contemporaneous oral and written agreements. For any conflict between these terms and supplementary BAA terms related to PHI,this Agreement shall control. For any conflict between these terms and the Service Descriptions related to a specific Service, the Service Descriptions shall control with respect to the affected Services. Nothing contained in any Order or other document submitted by Customer shall in any way add to or otherwise modify the Agreement or any Citrix license program terms under which an Order is submitted. The terms of this Agreement and/or Service Descriptions or other referenced documents may be updated by Citrix from time to time without notice(but will be identified by the last updated date)and may be reviewed anytime at https://www.citrix.com/content/dam/citrix/en_us/documents/buy/enterprise-saas-eusa.pdf. Customer's continued access to and use of the Services constitutes acceptance of the then-current terms. 10.17. General Terms. Captions and headings are used herein for convenience only, are not a part of this Agreement, and shall not be used in interpreting or construing this Agreement. If any provision of this Agreement is declared by a court of competent jurisdiction to be invalid, illegal, or unenforceable, such provision shall be severed from this Agreement and the other provisions shall remain in full force and effect. The parties are independent contractors and nothing in this Agreement creates a partnership, franchise, joint venture, agency, fiduciary, or employment relationship between or among the parties. No person or entity not a party to this Agreement will be deemed to be a third party beneficiary of this Agreement or any provision hereof. Citrix authorized resellers and distributors do not have the right to make modifications to this Agreement or to make any additional representations, commitments, or warranties binding on Citrix. No waiver or amendment of any term or condition of this Agreement shall be valid or binding on any party unless agreed to in writing by such party. Citrix failure to enforce any term of this Agreement will not be construed as a waiver of the right to enforce any such terms in the future. Unless otherwise specified, remedies are cumulative. This Agreement may be agreed to online, by use of the Services and/or executed by electronic signature and in one or more counterparts. No party will be responsible for any delay, interruption or other failure to perform under this Agreement due to force majeure events and acts beyond a party's reasonable control, but only for so long as such conditions persist. Force majeure events may include: natural disasters; wars; terrorist activities, activities of local exchange carriers, telephone carriers, Page 475 of 580 wireless carriers, and Internet service providers, labor disputes; and acts of government. 10.18. Contracting Party, Choice of Law and Location for Resolving Disputes. The Citrix contracting entity under this Agreement, and governing law and jurisdiction to resolve any dispute, are identified at https://www.citrix.com/buy/licensing/citrix-providing-entities.htm1. Page 476 of 580 ATTACH M ENT E-5 VMware Terms and Conditions VMware Standard EULA http://www.vmware.com/download/eula VMware PSO Standard Terms https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/services/ vmware-professional-services-terms-and-conditions.pdf VMware Cloud Terms of Service https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/ down loads/euIa/vmware-cloud-services-universal-tos.pdf Page 477 of 580 NASPO ValuePoint PARTICIPATING ADDENDUM CLOUD SOLUTIONS Administered by the State of Utah (hereinafter "Lead State") Alternative Contract Source No: 43230000-NASPO-I6-ACS SHI International Corp. Master Agreement No: AR2488 (hereinafter "Contractor") And Florida Department of Management Services (hereinafter "Department/Participating State/Entity") The State of Utah, acting by and through the National Association of State Procurement Officials (NASPO) ValuePoint, competitively procured and awarded a Request for Proposal resulting in Master Agreement number AR2488. The Master Agreement was created as a cooperative purchasing agreement for Cloud Solutions. This Participating Addendum is entered into pursuant to Section 287.042, Florida Statutes. The Department is authorized by subsection 287.042(16), Florida Statutes, "to evaluate contracts let by the Federal Government, another state, or a political subdivision for the provision of commodities and contract services, and, if it is determined in writing to be cost-effective and in the best interest of the state, to enter into a written agreement authorizing an agency to make purchases under such contract." Accordingly, agencies and eligible users (Customer) may make purchases from this Participating Addendum pursuant to the terms and conditions herein. The Department evaluated the Master Agreement, and hereby acknowledges that use of the Master Agreement as an alternative contract source is cost-effective and in the best interest of the State. This Participating Addendum and all incorporated Exhibits, set forth the entire understanding of the Parties and supersedes all prior agreements. Accordingly, the Parties agree as follows: 1. Term and Effective Date The initial term of this Participating Addendum will become effective on the date the document is signed by all Parties, and shall be effective through September 30, 2020, unless terminated earlier in accordance with the General Contract Conditions. 2. Renewal Upon agreement of the Parties, the Department and the Contractor may renew this Participating Addendum in accordance with section 287.057(13), Florida Statutes, and Rule 60A-1.048, Florida Administrative Code. Renewals must be in writing and are subject to the same terms, conditions, and modifications set forth in this Participating Addendum. Renewal determinations will be based upon utilization and achieved savings. 3. Modifications or Additions to Master Agreement The following changes are modifying or supplementing the Master Agreement terms and conditions. a. Scope: The Contractor's Master Agreement products or services listed on the Contractor's page of the NASPO ValuePoint website are included in this contract only if they are not offered on a State Term Contract. Page 478 of 580 Page 2 of 15 In accordance to 74-3.004, F.A.C., Agency requests for Infrastructure as a Service (laaS) must be submitted via a Service Request to the State Data Center. b. Exhibits: All Exhibits attached and listed below are incorporated in their entirety into, and form part of this Participating Addendum. The Participating Addendum Exhibits shall have priority in the order listed: 1) Exhibit A: Contract Conditions, Florida General 2) Exhibit B: Contract Conditions, Florida Special 3) Exhibit C: NASPO ValuePoint Master Agreement Number AR2488 If a conflict exists among any of the documents, the following shall have priority in the order listed below: 1) The Addendum 2) Florida Special Contract Conditions, Exhibit B 3) Florida General Contract Conditions, Exhibit A 4) NASPO ValuePoint Master Agreement Number AR2488, Exhibit C c. Participation: Use of specific NASPO ValuePoint cooperative contracts by agencies, political subdivisions and other entities (including cooperatives) authorized by an individual state's statutes are subject to the prior approval of the respective State Chief Procurement Official. Issues of interpretation and eligibility for participation are solely within the authority of the State Chief Procurement Official. d. Access to Cloud Solutions Services Requires State CIO Approval: Unless otherwise stipulated in this Participating Addendum, specific services accessed through the NASPO ValuePoint cooperative Master Agreements for Cloud Solutions by state executive branch agencies are subject to the authority and prior approval of the State Chief Information Officer's Office. The State Chief Information Officer means the individual designated by the state Governor within the Executive Branch with enterprise-wide responsibilities for leadership and management of information technology resources of a state. Any agency requests for Infrastructure as a Service must be submitted via a service request to the state data center. See section 3.a. above. e. Authorization: Approval of this Participating Addendum by the State Chief Procurement Official and State Chief Information Officer is an authorization for participation in the NASPO cooperative contract process, it is not intended as an approval of any specific purchase or solution. It is the responsibility of the Customer to validate all terms and conditions and to ensure compliance with all applicable statutes and rules. f. Request for Quotes: Customers purchasing Cloud Solutions from this Participating Addendum shall create a Request for Quote (RFQ), each time they desire to purchase Cloud Solutions. The Customer shall issue a detailed RFQ to the ACS Contractor(s) who offer the applicable cloud solutions(s). The specific format of the RFQ is left to the discretion of the Customer, but must contain the following: 1) Applicable service and deployment model(s); 2) Data security classification; 3) Service level agreement requirements; and 4) Exit strategy considerations. Page 479 of 580 Page 3 of 15 g. Enterprise Agreements: The Contractor shall honor any Volume or Enterprise Agreement(s) established between a State of Florida agency and the manufacturer of products or services offered under their Master Agreement. h. Purchase Orders., Customers shall issue purchase orders under this Participating Addendum to their awarded RFQ Contractor using this State of Florida ACS number 43230000-NASPO-16-ACS. The purchase order period survives the expiration of the Contract. The duration of purchase orders must not exceed the expiration of the Contract by more than 12 months. i. Contractor Selection Justification Form: Customers purchasing Cloud Solutions from this Participating Addendum shall attach to the purchase order a completed Contractor Selection Justification Form (Attachment A). 4. Warranty of Authority Each person signing this document warrants that he or she is duly authorized to do so and to bind the respective party. 6. Entire Agreement of the Parties This document and the attached exhibits constitute the Participating Addendum and the entire understanding of the parties. 6. Amendments All modifications to this Participating Addendum must be in writing and signed by all Parties. No oral modifications to this Participating Addendum are permitted. Notwithstanding the order listed in section 3b, amendments executed after the Participating Addendum is executed may expressly change the provisions of the Participating Addendum. If they do so expressly, then the most recent amendment will take precedence over anything else that is part of the Participating Addendum. IN WITNESS THEREOF, the Parties hereto have caused this agreement, which includes the attached and incorporated Exhibits, to be executed by their undersigned officials as duly authorized. This agreement is not valid and binding until signed and dated by the Parties. Participating State. Florida Contractor: SHI International Corp. By: By: -ftal7U4 C"M 4du - Name: Dave Zeckman Name: Natalie Castagno Title: Chief of Staff Title: irector of Respqnse Team -Date: CIL L&-AIA Date: 8/10/17 N nto 's WChie P roc c Pur en Officerr: Florida's Chief InformationOfficer B By- am : R n a -d-ame: Eric Larson Title: Direct r of State Purchashwa�d Title: Executive Director of the Florida Agency for Chief Proclemen/Officer State Technology and Chief Information Officer Date! Date: Page 480 of 580 Page 4 of 15 Alternate Contract Source No. 43230000-NASPO-I6-ACS Exhibit A GENERAL CONTRACT CONDITIONS Table of Contents SECTION 1. DEFINITIONS. ......................................................................................................4 SECTION 2. CONTRACT TERM AND TERMINATION. ............................................................4 SECTION 3. PAYMENT AND FEES..........................................................................................5 SECTION 4. CONTRACT MANAGEMENT................................................................................6 SECTION 5. COMPLIANCE WITH LAWS. ................................................................................7 SECTION 6. MISCELLANEOUS................................................................................................8 SECTION 7. WORKERS' COMPENSATION AND GENERAL LIABILITY INSURANCE, AND INDEMNIFICATION....................................................................................................................9 SECTION 8. PUBLIC RECORDS, TRADE SECRETS, DOCUMENT MANAGEMENT AND INTELLECTUAL PROPERTY...................................................................................................10 SECTION 9. DATA SECURITY AND SERVICES. ...................................................................11 SECTION 10. GRATUITIES AND LOBBYING.........................................................................12 SECTION 11. CONTRACT MONITORING. .............................................................................12 SECTION 12. CONTRACT AUDITS. .......................................................................................12 SECTION 13. BACKGROUND SCREENING AND SECURITY. ..............................................13 These General Contract Conditions supersede and replace in their entirety all General Contract Conditions, Form PUR 1000, which is incorporated by reference in Rule 60A-1.002, Florida Administrative Code (F.A.C.) SECTION 1. DEFINITIONS. The following definition applies in addition to the definitions in Chapter 287, Florida Statutes, (F.S.) and Rule Chapter 60A-1, F.A.C.: 1.1 Customer. The agency or eligible user that purchases commodities or contractual services pursuant to the Contract. SECTION 2. TERMINATION. 2.1 Termination for Convenience. The Contract may be terminated by the Department in whole or in part at any time, in the best interest of the State of Florida. If the Contract is terminated before performance is completed, the Contractor will be paid only for that work satisfactorily performed for which costs can be substantiated. Such payment, however, may not exceed an amount which is the same percentage of the Contract price as the amount of work satisfactorily performed. All work in Page 481 of 580 Page 5 of 15 progress will become the property of the Customer and will be turned over promptly by the Contractor. 2.2 Termination for Cause. If the Department determines that the performance of the Contractor is not satisfactory, the Department may, at its sole discretion, (a) immediately terminate the Contract, (b) notify the Contractor of the deficiency with a requirement that the deficiency be corrected within a specified time, otherwise the Contract will terminate at the end of such time, or (c) take other action deemed appropriate by the Department. SECTION 3. PAYMENT AND FEES 3.1 Payment Invoicing. The Contractor will be paid upon submission of properly certified invoices to the Customer after delivery and acceptance of commodities or contractual services is confirmed by the Customer. Invoices must contain detail sufficient for an audit and contain the Contract Number and the Contractor's Federal Employer Identification Number. 3.2 Travel. Travel expenses are not reimbursable unless specifically authorized by the Customer in writing, and may be reimbursed only in accordance with section 112.061, F.S. 3.3 Annual Appropriation. Pursuant to section 287.0582, F.S., if the Contract binds the State of Florida or an agency for the purchase of services or tangible personal property for a period in excess of one fiscal year, the State of Florida's performance and obligation to pay under the Contract is contingent upon an annual appropriation by the Legislature. 3.4 Transaction Fees. The State of Florida, through the Department of Management Services, has instituted MyFloridaMarketPlace, a statewide eProcurement system pursuant to section 287.057(22), Florida Statutes. All payments issued by Customers to registered Vendors for purchases of commodities or contractual services will be assessed Transaction Fees as prescribed by rule 60A-1.031, Florida Administrative Code, or as may otherwise be established by law. Vendors must pay the Transaction Fees and agree to automatic deduction of the Transaction Fees, when automatic deduction becomes available. Vendors will submit any monthly reports required pursuant to the rule. All such reports and payments will be subject to audit. Failure to comply with the payment of the Transaction Fees or reporting of transactions will constitute grounds for declaring the Vendor in default and subject the Vendor to exclusion from business with the State of Florida. 3.5 Taxes. The State of Florida is not required to pay any taxes, including customs and tariffs, on commodities or contractual services purchased under the Contract. 3.6 Return of Funds. Contractor will return any overpayments due to unearned funds or funds disallowed pursuant to the terms of the Contract that were disbursed to the Contractor by the Department or Customer. The Contractor must return any overpayment within 40 calendar days after either discovery by the Contractor, its independent auditor, or notification by the Department or Customer of the overpayment. Page 482 of 580 Page 6 of 15 SECTION 4. CONTRACT MANAGEMENT. 4.1 Composition and Priority. The Contractor agrees to provide commodities or contractual services to the Customer within the manner and at the location specified in the Purchase Order and any attachments to the Purchase Order. 4.2 Notices. All notices required under the Contract must be delivered to the designated Contract Manager by certified mail, return receipt requested, by reputable air courier service, email, or by personal delivery, or as otherwise identified by the Department. 4.3 Department's Contract Manager. The Department's Contract Manager, is primarily responsible for the Department's oversight of the Contract. In the event that the Department changes the Contract Manager, the Department will notify the Contractor. Such a change does not require an amendment to the Contract. 4.4 Contractor's Contract Manager. The Contractor's Contract Manager is primarily responsible for the Contractor's oversight of the Contract performance. In the event that the Contractor changes its Contract Manager, the Contractor will notify the Department. Such a change does not require an amendment to the Contract. 4.5 Diversity Reporting. The State of Florida supports its diverse business community by creating opportunities for woman-, veteran-, and minority-owned small business enterprises to participate in procurements and contracts. The Department encourages supplier diversity through certification of woman-, veteran-, and minority-owned small business enterprises, and provides advocacy, outreach, and networking through regional business events. For additional information, please contact the Office of Supplier Diversity (OSD) at osdinfo@dms.myflorida.com. Upon request, the Contractor will report to the Department its spend with business enterprises certified by the OSD. These reports must include the time period covered, the name and Federal Employer Identification Number of each business enterprise utilized during the period, commodities and contractual services provided by the business enterprise, and the amount paid to the business enterprise on behalf of each Customer purchasing under the Contract. 4.6 RESPECT. Subject to the agency determination provided for in Section 413.036, F.S., the following statement applies: IT IS EXPRESSLY UNDERSTOOD AND AGREED THAT ANY ARTICLES THAT ARE THE SUBJECT OF, OR REQUIRED TO CARRY OUT, THIS CONTRACT SHALL BE PURCHASED FROM A NONPROFIT AGENCY FOR THE BLIND OR FOR THE SEVERELY HANDICAPPED THAT IS QUALIFIED PURSUANT TO CHAPTER 413, FLORIDA STATUTES, IN THE SAME MANNER AND UNDER THE SAME PROCEDURES SET FORTH IN SECTION 413.036(1) AND (2), FLORIDA STATUTES; AND FOR PURPOSES OF THIS CONTRACT THE PERSON, FIRM, OR OTHER BUSINESS ENTITY CARRYING OUT THE PROVISIONS OF THIS CONTRACT SHALL BE DEEMED TO BE SUBSTITUTED FOR THE STATE AGENCY INSOFAR AS DEALINGS WITH SUCH QUALIFIED NONPROFIT AGENCY ARE CONCERNED. Page 483 of 580 Page 7 of 15 Additional information about the designated nonprofit agency and the commodities or contractual services it offers is available at http://www.respectofflorida.org. 4.7 PRIDE. Subject to the agency determination provided for in Sections 946.515 and 287.042(1), F.S., the following statement applies: IT IS EXPRESSLY UNDERSTOOD AND AGREED THAT ANY ARTICLES WHICH ARE THE SUBJECT OF, OR REQUIRED TO CARRY OUT, THIS CONTRACT SHALL BE PURCHASED FROM THE CORPORATION IDENTIFIED UNDER CHAPTER 946, F.S., IN THE SAME MANNER AND UNDER THE SAME PROCEDURES SET FORTH IN SECTION 946.515(2) AND (4), F.S.; AND FOR PURPOSES OF THIS CONTRACT THE PERSON, FIRM, OR OTHER BUSINESS ENTITY CARRYING OUT THE PROVISIONS OF THIS CONTRACT SHALL BE DEEMED TO BE SUBSTITUTED FOR THIS AGENCY INSOFAR AS DEALINGS WITH SUCH CORPORATION ARE CONCERNED. Additional information about PRIDE and the commodities or contractual services it offers is available at http://www.pride-enterprises.org. SECTION 5. COMPLIANCE WITH LAWS. 5.1 Department of State Registration. The Contractor and any subcontractors that assert corporate status must provide the Department with conclusive evidence, per section 607.0127, F.S., of a certificate of status, not subject to qualification, if a Florida business entity, or of a certificate of authorization if a foreign business entity and maintain such status or authorization through the life of the Contract and any resulting contract or purchase order. 5.2 Convicted and Discriminatory Vendor Lists. In accordance with sections 287.133 and 287.134, F.S., an entity or affiliate who is on the Convicted Vendor List or the Discriminatory Vendor List may not perform work as a contractor, supplier, subcontractor, or consultant under the Contract. The Contractor must notify the Department if it or any of its suppliers, subcontractors or consultants have been placed on the Convicted Vendor List or the Discriminatory Vendor List during the term of the Contract. 5.3 Contractor Certification. If the Contract exceeds $1,000,000.00 in total, not including renewal years, Contractor certifies that it is not listed on either the Scrutinized Companies with Activities in Sudan List, the Scrutinized Companies with Activities in the Iran Petroleum Energy Sector List, or the Scrutinized Companies that Boycott Israel List created pursuant to sections 215.473, F.S. and 215.4725 F.S, respectively. Pursuant to section 287.135(5), F.S., and 287.135(3), F.S., Contractor agrees the Department may immediately terminate the Contract for cause if the Contractor is found to have submitted a false certification or if Contractor is placed on the Scrutinized Companies with Activities in Sudan List, the Scrutinized Companies with Activities in the Iran Petroleum Energy Sector List, or the Scrutinized Companies that Boycott Israel List, or is engaged in a boycott of Israel during the term of the Contract. 5.4 Cooperation with Inspector General. Pursuant to subsection 20.055(5), F.S., Contractor, and any subcontractor to the Contractor, understand and will comply with their duty to cooperate with the Inspector General in any investigation, audit, inspection, review, or hearing. Upon request of the Inspector General or Page 484 of 580 Page 8 of 15 any other authorized State official, the Contractor must provide any type of information the Inspector General deems relevant to the Contractor's integrity or responsibility. Such information may include, but will not be limited to, the Contractor's business or financial records, documents, or files of any type or form that refer to or relate to the Contract. The Contractor will retain such records for five years after the expiration of the Contract, or the period required by the General Records Schedules maintained by the Florida Department of State (available at: http://dos.myflorida.com/library-archives/records-management/general- records-schedules/), whichever is longer. The Contractor agrees to reimburse the State of Florida for the reasonable costs of investigation incurred by the Inspector General or other authorized State of Florida official for investigations of the Contractor's compliance with the terms of this or any other agreement between the Contractor and the State of Florida which results in the suspension or debarment of the Contractor. Such costs will include, but will not be limited to: salaries of investigators, including overtime; travel and lodging expenses; and expert witness and documentary fees. SECTION 6. MISCELLANEOUS. 6.1 Notice of Legal Actions. The Contractor must notify the Department of any legal actions filed against it for a violation of any laws, rules, codes, ordinances or licensing requirements within 30 days of the action being filed. The Contractor must notify the Department of any legal actions filed against it for a breach of a contract of similar size and scope to this Contract within 30 days of the action being filed. Failure to notify the Department of a legal action within 30 days of the action will be grounds for termination for cause of the Contract. 6.2 Subcontractors. All contactors, dealers, and resellers authorized by the Department, as shown on the dedicated Contractor NASPO ValuePoint website, are approved to provide sales and service support to participants in the Master Agreement. The Contractor's dealer participation will be in accordance with the terms and conditions set forth in the Master Agreement. The Contractor is fully responsible for satisfactory completion of all subcontracted work. The Department supports diversity in its procurements and contracts, and requests that Contractor offer subcontracting opportunities to certified woman-, veteran-, and minority-owned small businesses. The Contractor may contact the OSD at osdhelp(a_dms.myflorida.com for information on certified small business enterprises available for subcontracting opportunities. 6.3 Assignment. The Contractor will not sell, assign or transfer any of its rights, duties or obligations under the Contract without the prior written consent of the Department. In the event of any assignment, the Contractor remains secondarily liable for performance of the Contract. The Department may assign the Contract to another state agency. 6.4 Independent Contractor. The Contractor and its employees, agents, representatives, and subcontractors are not employees or agents of the Department and are not entitled to the benefits of State of Florida employees. The Department will not be bound by any acts or conduct of the Contractor or its employees, agents, representatives, or subcontractors. The Contractor agrees to include this provision in all of its subcontracts under the Contract. 6.5 Ombudsman. A Vendor Ombudsman has been established within the Department of Financial Services. The duties of this office are found in section 215.422, F.S., which include disseminating information relative to prompt payment and assisting contractors in receiving their payments in Page 485 of 580 Page 9 of 15 a timely manner from a Customer. The Vendor Ombudsman may be contacted at (850) 413- 5516. 6.6 Information Technology Standards Pursuant to sections 282.0051 and 282.318, F.S., the Agency for State Technology (AST) is to establish standards for the implementation and management of information technology resources. Vendors agree to cooperate with the state agency in furtherance of the state agency's efforts to comply with AST standards, established in Rule Chapter 74, F.A.C, as applicable. SECTION 7. WORKERS' COMPENSATION AND GENERAL LIABILITY INSURANCE, AND INDEMNIFICATION 7.1 Workers' Compensation Insurance. To the extent required by law, the Contractor must be self-insured against, or must secure and maintain during the life of the contract, Worker's Compensation Insurance for all its employees connected with the work of this project, and in case any work is subcontracted, the Contractor must require the subcontractor similarly to provide Worker's Compensation Insurance for all of the latter's employees unless such employees engaged in work under the resulting contract are covered by the Contractor's insurance program. Self-insurance or insurance coverage must comply with the Florida Worker's Compensation law. In the event hazardous work is being performed by the Contractor under the resulting contract or purchase order and any class of employees performing the hazardous work is not protected under Worker's Compensation statutes, the Contractor must provide, and cause each subcontractor to provide adequate insurance satisfactory to the Department for the protection of employees not otherwise protected. 7.2 General Liability Insurance. The Contractor must secure and maintain Commercial General Liability Insurance including bodily injury, property damage, product-liability, personal & advertising injury and completed operations. This insurance must provide coverage for all claims that may arise from the services, and operations completed under the Contract and any resulting contract or purchase order, whether such services or operations are by the Contractor or anyone directly or indirectly employed by them. Such insurance must include a Hold Harmless Agreement in favor of the State of Florida and also include the State of Florida as an Additional Named Insured for the entire length of the Contract and any resulting contract or purchase order. The Contractor is responsible for determining the minimum limits of liability necessary to provide reasonable financial protections to the Contractor and the State of Florida under the Contract and any resulting contract or purchase order. All insurance policies must be with insurers licensed or eligible to transact business in the State of Florida. The Contractor's current certificate of insurance must contain a provision that the insurance must not be canceled for any reason except after thirty (30) days written notice to the Department's Contract Manager. The Contractors must submit insurance certificates evidencing such insurance coverage prior to execution of a contract with the Department. The Contractor must require its insurance carrier to add the Department to the insurance policies as an additional insured, as provided below: Florida Department of Management Services Page 486 of 580 Page 10 of 15 c/o Division of State Purchasing 4050 Esplanade Way, Suite 36060 Tallahassee, Florida 32399-0950 SECTION 8. PUBLIC RECORDS, TRADE SECRETS, DOCUMENT MANAGEMENT AND INTELLECTUAL PROPERTY. 8.1 Public Records. The Department may unilaterally cancel this Contract for refusal by the Contractor to comply with this section by not allowing public access to all documents, papers, letters or other material made or received by the Contractor in conjunction with the Contract, unless the records are exempt from section 24(a) of Article I of the State Constitution and section 119.07(1), F.S. Solely for the purposes of this section the contract manager is the agency custodian of public records, unless another is designated per (e), below. If, under a resulting contract or purchase order, the Contractor is providing services and is acting on behalf of a public agency, as provided by section 119.0701, Florida Statutes. The Contractor shall: (a) Keep and maintain public records required by the public agency to perform the service; (b) Upon request from the public agency's custodian of public records, provide the public agency with a copy of the requested records or allow the records to be inspected or copied within reasonable time and at a cost that does not exceed the cost provided in Chapter 119, Florida Statutes, or as otherwise provided by law; (c) Ensure that public records that are exempt or confidential and exempt from public records disclosure are not disclosed except as authorized by law for the duration of the contract term and following the completion of the contract if the contractor does not transfer the records to the public agency; (d) Upon completion of the contract, transfer, at no cost, to the public agency all public records in possession of the Contractor or keep and maintain public records required by the public agency to perform the service. If the contractor transfers all public records to the public agency upon completion of the contract, the contractor shall destroy any duplicate public records that are exempt or confidential and exempt from public records disclosure requirements. If the contractor keeps and maintains public records upon completion of the contract, the contractor shall meet all applicable requirements for retaining public records. All records stored electronically must be provided to the public agency, upon request from the public agency's custodian of public records, in a format that is compatible with the information technology systems of the public agency; and (e) IF THE CONTRACTOR HAS QUESTIONS REGARDING THE APPLICATION OF CHAPTER 119, FLORIDA STATUTES, TO THE CONTRACTOR'S DUTY TO PROVIDE PUBLIC RECORDS RELATING TO THIS CONTRACT, CONTACT THE CUSTODIAN OF PUBLIC RECORDS AT THE TELEPHONE NUMBER, EMAIL ADDRESS AND MAILING ADDRESS PROVIDED IN THE RESULTING CONTRACTOR PURCHASE ORDER. 8.2 Protection of Trade Secrets or Confidential Information. If the Contractor considers any portion of materials made or received in the course of performing the Contract ("contract-related materials") to be trade secret under section 812.081, F.S., or otherwise confidential under Florida or federal law, the Contractor must Page 487 of 580 Page 11 of 15 clearly designate that portion of the materials as "confidential" when submitted to the Department. If the Department receives a public records request for contract-related materials designated by the Contractor as "confidential," the Department will provide only the portions of the contract-related materials not designated as "confidential." If the requester asserts a right to examine contract-related materials designated as "confidential," the Department will notify the Contractor. The Contractor will be responsible for responding to and resolving all claims for access to contract-related materials it has designated "confidential." If the Department is served with a request for discovery of contract-related materials designated "confidential," the Department will promptly notify the Contractor about the request. The Contractor will be responsible for filing the appropriate motion or objection in response to the request for discovery. The Department will provide materials designated "confidential" only if the Contractor fails to take appropriate action, within timeframes established by statute and court rule, to protect the materials designated as "confidential" from disclosure. The Contractor will protect, defend, and indemnify the Department for claims, costs, fines, and attorney's fees arising from or relating to its designation of contract-related materials as "confidential." 8.3 Document Management. The Contractor must retain sufficient documentation to substantiate claims for payment under the Contract and all other records, electronic files, papers and documents that were made in relation to this Contract. Contractor must retain all documents related to the Contract for five years after expiration of the Contract, or, if longer, the period required by the General Records Schedules maintained by the Florida Department of State available at: http://dos.myflorida.com/library-archives/records-management/general-records-schedules/. SECTION 9. DATA SECURITY AND SERVICES. 9.1 Warranty of Security. Unless otherwise agreed in writing, the Contractor and its subcontractors will not perform any of the services from outside of the United States, and the Contractor will not allow any State of Florida Data to be sent by any medium, transmitted or accessed outside of the United States. Notwithstanding any provision of this Contract to the contrary, the Contractor must notify the Department as soon as possible, in accordance with the requirements of section 501.171, F.S., and in all events within one (1) business day in the event Contractor discovers any Data is breached, any unauthorized access of Data occurs (even by persons or companies with authorized access for other purposes), any unauthorized transmission of Data or any credible allegation or suspicion of a material violation of the above. This notification is required whether the event affects one agency/customer or the entire population. The notification must be clear and conspicuous and include a description of the following: (a) The incident in general terms. (b) The type of information that was subject to the unauthorized access and acquisition. (c) The type and number of entities who were, or potentially have been affected by the breach. (d) The actions taken by the Contractor to protect the Data from further unauthorized access. However, the description of those actions in the written notice may be general so as not to further increase the risk or severity of the breach. 9.2 Remedial Measures. Page 488 of 580 Page 12 of 15 Upon becoming aware of an alleged security breach, Contractor's Contract Manager must set up a conference call with the Department's Contract Manager. The conference call invitation must contain a brief description of the nature of the event. When possible, a 30 minute notice will be given to allow Department personnel to be available for the call. If the designated time is not practical for the Department, an alternate time for the call will be scheduled. All available information must be shared on the call. The Contractor must answer all questions based on the information known at that time and answer additional questions as additional information becomes known. The Contractor must provide the Department with final documentation of the incident including all actions that took place. If the Contractor becomes aware of a security breach or security incident outside of normal business hours, the Contractor must notify the Department's Contract Manager and in all events, within one business day. 9.3 Indemnification (Breach of Warranty of Security). The Contractor agrees to defend, indemnify and hold harmless the Department, Customer, the State of Florida, its officers, directors and employees for any claims, suits or proceedings related to a breach of the Warranty of Security. The Contractor will include credit monitoring services at its own cost for those individuals affected or potentially affected by a breach of this warranty for a two year period of time following the breach. 9.4 Annual Certification. The Contractor is required to submit an annual certification demonstrating compliance with the Warranty of Security to the Department by December 31 of each Contract year. SECTION 10. GRATUITIES AND LOBBYING. 10.1 Gratuities. The Contractor will not, in connection with this Contract, directly or indirectly (1) offer, give, or agree to give anything of value to anyone as consideration for any State of Florida officer or employee's decision, opinion, recommendation, vote, other exercise of discretion, or violation of a known legal duty, or (2) offer, give, or agree to give to anyone anything of value for the benefit of, or at the direction or request of, any State of Florida officer or employee. 10.2 Lobbying. In accordance with sections 11.062 and 216.347, F.S., Contract funds are not for the purpose of lobbying the Legislature, the judicial branch, or the Department. Pursuant to subsection 287.058(6), F.S., the Contract does not prohibit the Contractor from lobbying the executive or legislative branch concerning the scope of services, performance, term, or compensation regarding the Contract, after the Contract execution and during the Contract's term. SECTION 11. CONTRACT MONITORING. 11.1 Financial Consequences of Non-Performance. If the corrective action plan is unacceptable to the Department or Customer, or fails to remedy the performance deficiencies, the Contractor will be assessed a non-performance retainage equivalent to 10% of the total invoice amount or as specified in the Contract. The retainage will be applied to the invoice for the then-current billing period. The retainage will be withheld until the Contractor resolves the deficiency. If the deficiency is subsequently resolved, the Contractor may invoice the Customer for the retained amount during the next billing period. If the Contractor is unable to resolve the deficiency, the funds retained will be forfeited. SECTION 12. CONTRACT AUDITS. 12.1 Payment Audit. Page 489 of 580 Page 13 of 15 Records of costs incurred under terms of the Contract will be maintained. Records of costs incurred will include the Contractor's general accounting records, together with supporting documents and records of the Contractor and all subcontractors performing work, and all other records of the Contractor and subcontractors considered necessary by the Department, State of Florida's Chief Financial Officer or the Office of the Auditor General for audit. SECTION 13. BACKGROUND SCREENING AND SECURITY. 13.1 E-Verify. In accordance with Executive Order 11-116, the Contractor agrees to utilize the U.S. Department of Homeland Security's E-Verify system to verify the employment eligibility of all new employees hired during the term of the Contract for the services specified in the Contract. The Contractor must also include a requirement in subcontracts that the subcontractor must utilize the E-Verify system to verify the employment eligibility of all new employees hired by the subcontractor during the Contract term. In order to implement this provision, the Contractor must provide a copy of its DHS Memorandum of Understanding (MOU) to the Contract Manager within five days of Contract execution. If the Contractor is not enrolled in DHS E- Verify System, it will do so within five days of notice of Contract award, and provide the Contract Manager a copy of its MOU within five days of Contract execution. The link to E- Verify is provided below. http://www.uscis.gov/e-verify. Upon each Contractor or subcontractor new hire, the Contractor must provide a statement within five days to the Contract Manager identifying the new hire with its E-Verify case number. 13.2 Disqualifying Offenses. If at any time it is determined that a person has a criminal misdemeanor or felony record regardless of adjudication (e.g., adjudication withheld, a plea of guilty or nolo contendere, or a guilty verdict) within the last six years from the date of the court's determination for the crimes listed below, or their equivalent in any jurisdiction, the Contractor is required to immediately remove that person from any position with access to State of Florida Data or directly performing services under the Contract. The disqualifying offenses are as follows: (a) Computer related or information technology crimes (b) Fraudulent practices, false pretenses and frauds, and credit card crimes (c) Forgery and counterfeiting (d) Violations involving checks and drafts (e) Misuse of medical or personnel records (f) Felony theft 13.3 Communications and Confidentiality. The Contractor agrees that it will make no statements, press releases, or publicity releases concerning the Contract or its subject matter or otherwise disclose or permit to be disclosed any of the data or other information obtained or furnished in compliance with the Contract, or any particulars thereof, during the period of the Contract, without first notifying the Department's Contract Manager or the Department designated contact person and securing prior written consent. The Contractor must maintain confidentiality of all confidential data, files, and records related to the services and commodities provided pursuant to the Contract and must comply with all state and federal laws, including, but not limited to sections 381.004, 384.29, 392.65, and 456.057, F.S. The Contractor's confidentiality procedures must be consistent with the most recent version of the Department security policies, protocols, and procedures. The Contractor must also comply with any applicable professional standards with respect to confidentiality of information. Page 490 of 580 Page 14 of 15 Alternate Contract Source No. 43230000-NASPO-I6-ACS EXHIBIT B FLORIDA SPECIAL CONTRACT CONDITIONS This Exhibit contains the Special Contract Conditions. If a conflict exists between the Special Contract Conditions and the General Contract Conditions, the Special Contract Conditions shall take precedence over the General Contract Conditions unless the conflicting term in the General Contract Conditions is required by Florida law, in which case the General Contract Conditions term will take precedence. Special Contract Conditions are as follows: Section 1 Delays and Complaints Delivery delays and service complaints will be monitored on a continual basis. Documented inability to perform under the conditions of the contract, via the established Complaint to Vendor process (PUR 7017 form), may result in default proceedings and cancellation. Section 2 Monthly Transaction Fee Report The Contractor is required to submit monthly Transaction Fee Reports electronically through MFMP VIP. All such reports and payments shall be subject to audit. Failure to comply with the payment of the Transaction Fees or reporting of transactions shall constitute grounds for declaring the Contractor in default and subject the Contractor to exclusion from business with the State of Florida. For information on how to submit Transaction Fee Reports online, please reference the detailed fee reporting instructions and Vendor training presentations available online through MFMP U on the MyFloridaMarketPlace website (located at http://dms.myflorida.com/mfmp). Assistance is also available from the MyFloridaMarketPlace Customer Service Desk at feeprocessing@myfloridamarketplace.com or 866-FLA-EPRO (866-352-3776) between the hours of 8:00 AM to 6:00 PM, Eastern Time. Section 3 Quarterly Sales Reports Each Contractor shall submit a sales report to the Department on a Quarterly basis. Contract Sales Reports must include the Contractor's name, the dates of Quarter covered, each Customer's name, services provided (to include identification of the cloud solution and service model), and the amount paid by the Customer. Initiation and submission of the Contract Sales Reports are to be the responsibility of the Contractor. The Contractor will submit the completed Sales Report forms by email to the Department Contract Manager no later than the due date indicated in Section 10. Submission of these reports is considered a material requirement of this Contract and the Contractor. Failure to provide quarterly sales reports, including those indicating no sales, within thirty (30) calendar days following the end of each quarter (January, April, July and October) is considered as Non-Performance by the Contractor. Exceptions may be made if a delay in submitting reports is attributable to circumstances that are clearly beyond the control of the Contractor. The burden of proof of unavoidable delay shall rest with the Contractor and shall be supplied in a written form and submitted to the Department. Page 491 of 580 Page 15 of 15 The Department reserves the right to request additional sales information as needed. Section 4 Quarterly Reporting Timeframes Quarterly reporting timeframes coincide with the State Fiscal Year as follows: Quarter 1 - (July-September) — Due by October 10 Quarter 2 - (October-December) — Due by January 10 Quarter 3 - (January-March) — Due by April 10 Quarter 4 - (April-June) — Due by July 10 Section 5 Business Review Meetings The Department reserves the right to schedule business review meetings as frequently as necessary. The Department will provide the format for the Contractor's agenda. Prior to the meeting, the Contractor shall submit the completed agenda to the Department for review and acceptance. The Contractor shall address the agenda items and any of the Department's additional concerns at the meeting. Failure to comply with this section may result in the Contractor being found in default and contract termination. THE REMAINDER OF THIS PAGE IS INTENTIONALLY LEFT BLANK. Page 492 of 580 Department of MANAGEMENT SERVICES We serve those who serve Florida AMENDMENT NO.: 3 Alternate Contract Source No.: 43230000-NASPO-16-ACS Alternate Contract Source Name: Cloud Solutions This Amendment No. 3 ("Amendment") to the Cloud Solutions Alternate Contract Source, No. 43230000-NASPO-16-ACS ("Participating Addendum"), between the State of Florida, Department of Management Services ("Department"), and SHI International Corp. ("Contractor"), collectively referred to herein as the "Parties," is effective upon execution by both Parties. WHEREAS, the Parties agree that the Participating Addendum may be amended by mutual agreement as provided in section 6, Amendments, of the Participating Addendum; and WHEREAS, the Parties wish to amend the Participating Addendum to reflect updated discounts. NOW THEREFORE, for the mutual covenants contained herein, the Parties agree as follows: 1. Amendment to the Participating Addendum. The Participating Addendum is amended to add the following section: 7. Additional Discounts. Notwithstanding the Cost Schedule provided in Exhbit C: NASPO ValuePoint Master Agreement Numbwer AR2488, for Microsoft Azure Cloud Solutions and Services, in addition to any discounts offered by the manufacturer under a Volume or Enterprise Agreement (required to be honored by section 3.g., Enterprise Agreements, of the Participating Addendum), the Contractor will discount an additional 15% off of the ERP. This discount will become effective on February 1, 2020, and will expire on September 30, 2026. This discount shall only apply to Microsoft Azure Cloud Solutions and Services purchased through Alternate Contract Source No. 43230000- NASPO-16-ACS. 11. Amendment to the Participating Addendum. The reference to "Rule Title 74, F.A.C." in section 6.6, Information Technology Standards, of the Participating Addendum's Exhibit A: Contract Conditions, Florida General, is amended to read "Rule Title 60GG, F.A.C." 111. Conflict. To the extent any of the terms of this Amendment conflict with the terms of the Participating Addendum, the terms of this Amendment shall control. IV. Warranty of Authority. Each person signing this Amendment warrants that he or she is duly authorized to do so and to bind the respective party. V. Effect. Unless otherwise modified by this Amendment, all terms and conditions contained in the Participating Addendum shall continue in full force and effect. Cloud Solutions Page 1 of 2 Alternate Contract Source No.: 43230000-NASPO-16-ACS Page 493 of 580 Department of MANAGEMENT SERVICES We serve those who serve Florida AMENDMENT NO.: 3 Alternate Contract Source No.: 43230000-NASPO-16-ACS Alternate Contract Source Name: Cloud Solutions IN WITNESS WHEREOF, the Parties have executed this Amendment by their duly authorized representatives. State of Florida: Contractor: Department of Management Services SHI International Corp. By: By: Name: Rosalyn Ingram Name: Title: Director of State Purchasing Title: Date: Date: Cloud Solutions Page 2 of 2 Alternate Contract Source No.: 43230000-NASPO-16-ACS Page 494 of 580 Department of MANAGEMENT ENJ' 7 SERVICES We serve those who serve Florida AMENDMENT .: Alternate Contract Source o.: 43230000- AS -1 - C Alternate Contract Source Name: Cloud Solutions IN WITNESS , the Partieshave executed this Amendment by their duly authorized representatives. State I i . Contractor: t of Management Services SHIitre i I Corp. - �4A ® - - -Name: r : Cassie Skelton Title: Director of State PurchasingTitle: Contracts Manager Date: arw t 1131/2020 * a Ale 4 Cloud Solutions Page 2 of 2 Alternate Contract Source No.: 43230000-NASPO-16-ACS Page 495 of 580 MicrosoftmEm Volume Licensing Previous Enrollment(s)/Agreement(s) Form Entity Name: City of Boynton Beach Contract that this form is attached to: State Local Government For the purposes of this form, "entity" can mean the signing entity, Customer, Enrolled Affiliate, Government Partner,Institution,or other party entering into a volume licensing program agreement. Please provide a description of the previous Enrollment(s), Agreement(s), Purchasing Account(s), and/or Affiliate Registration(s) being renewed or consolidated into the new contract identified above. a. Entity may select below any previous contract(s)from which to transfer MSDN subscribers to this new contract. Entity shall ensure that each MSDN subscriber transferred is either properly licensed under the new contract or is removed. b. Entity may select below only one previous contract from which to transfer the Software Assurance (SA)Benefit contact details, i.e., benefits contact(not the SA manager)and the program codes, to this new contract. c. An Open License cannot be used to transfer either the SA Benefit details or MSDN subscribers. d. The date of the earliest expiring Enrollment/Agreement that contains SA or Online Services will be the effective date of the new contract(or SA coverage period for Select Plus). e. Please insert the number of the earliest expiring Enrollment/Agreement with SA or Online Services in the appropriate fields of the new contract. Enrollment/Agreement/ Enrollment/Agreement/ Transfer Transfer Purchasing Account/Affiliate Purchasing Account/Affiliate SA Benefit IVISDN Registration Description Registration Public Customer Contact Subscribers Number Standard Enrollment 84753476 X X PrevEnrAgrForm(WW)(ENG)(Oct2019) Page 1 of 1 Document X20-12873 Page 496 of 580 MicrosoftI Licensing Enterprise Enrollment State and Local Enterprise Enrollment number $6907200 Framework ID (Microsoft to complete) (if applicable) Previous Enrollment number $4753476 (Reseller to complete) This Enrollment must be attached to a signature form to be valid. This Microsoft Enterprise Enrollment is entered into between the entities as identified in the signature form as of the effective date. Enrolled Affiliate represents and warrants it is the same Customer, or an Affiliate of the Customer, that entered into the Enterprise Agreement identified on the program signature form. This Enrollment consists of: (1) these terms and conditions, (2) the terms of the Enterprise Agreement identified on the signature form, (3) the Product Selection Form, (4) the Product Terms, (5) the Online Services Terms, (6) any Supplemental Contact Information Form, Previous Agreement/Enrollment form, and other forms that may be required, and (7) any order submitted under this Enrollment. This Enrollment may only be entered into under a 2011 or later Enterprise Agreement. By entering into this Enrollment, Enrolled Affiliate agrees to be bound by the terms and conditions of the Enterprise Agreement. All terms used but not defined are located at http://www.microsoft.com/licensing/contracts. In the event of any conflict the terms of this Agreement control. Effective date. If Enrolled Affiliate is renewing Software Assurance or Subscription Licenses from one or more previous Enrollments or agreements, then the effective date will be the day after the first prior Enrollment or agreement expires or terminates. If this Enrollment is renewed, the effective date of the renewal term will be the day after the Expiration Date of the initial term. Otherwise, the effective date will be the date this Enrollment is accepted by Microsoft. Any reference to "anniversary date" refers to the anniversary of the effective date of the applicable initial or renewal term for each year this Enrollment is in effect. Term. The initial term of this Enrollment will expire on the last day of the month, 36 full calendar months from the effective date of the initial term. The renewal term will expire 36 full calendar months after the effective date of the renewal term. Terms and Conditions 1. Definitions. Terms used but not defined in this Enrollment will have the definition in the Enterprise Agreement. The following definitions are used in this Enrollment: "Additional Product" means any Product identified as such in the Product Terms and chosen by Enrolled Affiliate under this Enrollment. "Community" means the community consisting of one or more of the following: (1) a Government, (2) an Enrolled Affiliate using eligible Government Community Cloud Services to provide solutions to a Government or a qualified member of the Community, or(3)a Customer with Customer Data that is subject to Government regulations for which Customer determines and Microsoft agrees that the use of Government Community Cloud Services is appropriate to meet Customer's regulatory requirements. EA20201EnrGov(US)SLG(ENG)(0ct2019) Page 1 of 10 Document X20-10635 Page 497 of 580 Membership in the Community is ultimately at Microsoft's discretion, which may vary by Government Community Cloud Service. "Enterprise Online Service" means any Online Service designated as an Enterprise Online Service in the Product Terms and chosen by Enrolled Affiliate under this Enrollment. Enterprise Online Services are treated as Online Services, except as noted. "Enterprise Product" means any Desktop Platform Product that Microsoft designates as an Enterprise Product in the Product Terms and chosen by Enrolled Affiliate under this Enrollment. Enterprise Products must be licensed for all Qualified Devices and Qualified Users on an Enterprise-wide basis under this program. "Expiration Date" means the date upon which the Enrollment expires. "Federal Agency" means a bureau, office, agency, department or other entity of the United States Government. "Government" means a Federal Agency, State/Local Entity, or Tribal Entity acting in its governmental capacity. "Government Community Cloud Services" means Microsoft Online Services that are provisioned in Microsoft's multi-tenant data centers for exclusive use by or for the Community and offered in accordance with the National Institute of Standards and Technology (NIST) Special Publication 800-145. Microsoft Online Services that are Government Community Cloud Services are designated as such in the Use Rights and Product Terms. "Industry Device" (also known as line of business device) means any device that: (1) is not useable in its deployed configuration as a general purpose personal computing device (such as a personal computer), a multi-function server, or a commercially viable substitute for one of these systems; and (2)only employs an industry or task-specific software program (e.g. a computer-aided design program used by an architect or a point of sale program) ("Industry Program"). The device may include features and functions derived from Microsoft software or third-party software. If the device performs desktop functions (such as email, word processing, spreadsheets, database, network or Internet browsing, or scheduling, or personal finance), then the desktop functions: (1) may only be used for the purpose of supporting the Industry Program functionality; and (2) must be technically integrated with the Industry Program or employ technically enforced policies or architecture to operate only when used with the Industry Program functionality. "Managed Device" means any device on which any Affiliate in the Enterprise directly or indirectly controls one or more operating system environments. Examples of Managed Devices can be found in the Product Terms. "Qualified Device" means any device that is used by or for the benefit of Enrolled Affiliate's Enterprise and is: (1) a personal desktop computer, portable computer, workstation, or similar device capable of running Windows Pro locally (in a physical or virtual operating system environment), or(2)a device used to access a virtual desktop infrastructure ("VDI"). Qualified Devices do not include any device that is: (1)designated as a server and not used as a personal computer, (2)an Industry Device, or(3) not a Managed Device. At its option, the Enrolled Affiliate may designate any device excluded above (e.g., Industry Device) that is used by or for the benefit of the Enrolled Affiliate's Enterprise as a Qualified Device for all or a subset of Enterprise Products or Online Services the Enrolled Affiliate has selected. "Qualified User" means a person (e.g., employee, consultant, contingent staff) who: (1) is a user of a Qualified Device, or (2) accesses any server software requiring an Enterprise Product Client Access License or any Enterprise Online Service. It does not include a person who accesses server software or an Online Service solely under a License identified in the Qualified User exemptions in the Product Terms. "Reseller" means an entity authorized by Microsoft to resell Licenses under this program and engaged by an Enrolled Affiliate to provide pre- and post-transaction assistance related to this agreement; "Reserved License" means for an Online Service identified as eligible for true-ups in the Product Terms, the License reserved by Enrolled Affiliate prior to use and for which Microsoft will make the Online Service available for activation. EA20201EnrGov(US)SLG(ENG)(0ct2019) Page 2 of 10 Document X20-10635 Page 498 of 580 "State/Local Entity" means (1) any agency of a state or local government in the United States, or (2) any United States county, borough, commonwealth, city, municipality, town, township, special purpose district, or other similar type of governmental instrumentality established by the laws of Customer's state and located within Customer's state's jurisdiction and geographic boundaries. "Tribal Entity" means a federally recognized tribal entity performing tribal governmental functions and eligible for funding and services from the U.S. Department of Interior by virtue of its status as an Indian tribe. "Use Rights" means, with respect to any licensing program, the use rights or terms of service for each Product and version published for that licensing program at the Volume Licensing Site and updated from time to time. The Use Rights include the Product-Specific License Terms, the License Model terms, the Universal License Terms, the Data Protection Terms, and the Other Legal Terms. The Use Rights supersede the terms of any end user license agreement (on-screen or otherwise) that accompanies a Product. "Volume Licensing Site" means http://www.microsoft.com/licensing/contracts or a successor site. 2. Order requirements. a. Minimum order requirements. Enrolled Affiliate's Enterprise must have a minimum of 250 Qualified Users or Qualified Devices. The initial order must include at least 250 Licenses for Enterprise Products or Enterprise Online Services. (i) Enterprise commitment. Enrolled Affiliate must order enough Licenses to cover all Qualified Users or Qualified Devices, depending on the License Type, with one or more Enterprise Products or a mix of Enterprise Products and the corresponding Enterprise Online Services (as long as all Qualified Devices not covered by a License are only used by users covered with a user License). (ii) Enterprise Online Services only. If no Enterprise Product is ordered, then Enrolled Affiliate need only maintain at least 250 Subscription Licenses for Enterprise Online Services. b. Additional Products. Upon satisfying the minimum order requirements above, Enrolled Affiliate may order Additional Products. c. Use Rights for Enterprise Products. For Enterprise Products, if a new Product version has more restrictive use rights than the version that is current at the start of the applicable initial or renewal term of the Enrollment, those more restrictive use rights will not apply to Enrolled Affiliate's use of that Product during that term. d. Country of usage. Enrolled Affiliate must specify the countries where Licenses will be used on its initial order and on any additional orders. e. Resellers. Enrolled Affiliate must choose and maintain a Reseller authorized in the United States. Enrolled Affiliate will acquire its Licenses through its chosen Reseller. Orders must be submitted to the Reseller who will transmit the order to Microsoft. The Reseller and Enrolled Affiliate determine pricing and payment terms as between them, and Microsoft will invoice the Reseller based on those terms. Throughout this Agreement the term "price" refers to reference price. Resellers and other third parties do not have authority to bind or impose any obligation or liability on Microsoft. f. Adding Products. (i) Adding new Products not previously ordered. New Enterprise Products or Enterprise Online Services may be added at any time by contacting a Microsoft Account Manager or Reseller. New Additional Products, other than Online Services, may be used if an order is placed in the month the Product is first used. For Additional Products that are Online Services, an initial order for the Online Service is required prior to use. EA20201 EnrGov(US)SLG(ENG)(0ct2019) Page 3 of 10 Document X20-10635 Page 499 of 580 (ii) Adding Licenses for previously ordered Products. Additional Licenses for previously ordered Products other than Online Services may be added at any time but must be included in the next true-up order. Additional Licenses for Online Services must be ordered prior to use, unless the Online Services are (1) identified as eligible for true-up in the Product Terms or(2)included as part of other Licenses. g. True-up requirements. Enrolled Affiliate must submit an annual true-up order that accounts for any changes since the initial order or last order. If there are no changes, then an update statement must be submitted instead of a true-up order. (i) Enterprise Products. For Enterprise Products, Enrolled Affiliate must determine the number of Qualified Devices and Qualified Users (if ordering user-based Licenses) at the time the true-up order is placed and must order additional Licenses for all Qualified Devices and Qualified Users that are not already covered by existing Licenses, including any Enterprise Online Services. (ii) Additional Products. For Additional Products that have been previously ordered under this Enrollment, Enrolled Affiliate must determine the maximum number of Additional Products used since the latter of the initial order, the last true-up order, or the prior anniversary date and submit a true-up order that accounts for any increase. (iii) Online Services. For Online Services identified as eligible for true-up in the Product Terms, Enrolled Affiliate may place a reservation order for the additional Licenses prior to use and payment may be deferred until the next true-up order. Microsoft will provide a report of Reserved Licenses ordered but not yet invoiced to Enrolled Affiliate and its Reseller. Reserved Licenses will be invoiced retrospectively to the month in which they were ordered. (iv) Subscription License reductions. Enrolled Affiliate may reduce the quantity of Subscription Licenses at the Enrollment anniversary date on a prospective basis if permitted in the Product Terms, as follows: 1) For Subscription Licenses that are part of an Enterprise-wide purchase, Licenses may be reduced if the total quantity of Licenses and Software Assurance for an applicable group meets or exceeds the quantity of Qualified Devices and Qualified Users (if ordering user-based Licenses)identified on the Product Selection Form, and includes any additional Qualified Devices and Qualified Users added in any prior true-up orders. Step-up Licenses do not count towards this total count. 2) For Enterprise Online Services that are not a part of an Enterprise-wide purchase, Licenses can be reduced as long as the initial order minimum requirements are maintained. 3) For Additional Products available as Subscription Licenses, Enrolled Affiliate may reduce the Licenses. If the License count is reduced to zero, then Enrolled Affiliate's use of the applicable Subscription License will be cancelled. Invoices will be adjusted to reflect any reductions in Subscription Licenses at the true-up order Enrollment anniversary date and effective as of such date. (v) Update statement. An update statement must be submitted instead of a true-up order if, since the initial order or last true-up order, Enrolled Affiliate's Enterprise: (1) has not changed the number of Qualified Devices and Qualified Users licensed with Enterprise Products or Enterprise Online Services; and (2) has not increased its usage of Additional Products. This update statement must be signed by Enrolled Affiliate's authorized representative. (vi) True-up order period. The true-up order or update statement must be received by Microsoft between 60 and 30 days prior to each Enrollment anniversary date. The third- year true-up order or update statement is due within 30 days prior to the Expiration Date, and any license reservations within this 30 day period will not be accepted. Enrolled Affiliate EA20201 EnrGov(US)SLG(ENG)(0ct2019) Page 4 of 10 Document X20-10635 Page 500 of 580 may submit true-up orders more often to account for increases in Product usage, but an annual true-up order or update statement must still be submitted during the annual order period. (vii)Late true-up order. If the true-up order or update statement is not received when due, Microsoft will invoice Reseller for all Reserved Licenses not previously invoiced and Subscription License reductions cannot be reported until the following Enrollment anniversary date (or at Enrollment renewal, as applicable). h. Step-up Licenses. For Licenses eligible for a step-up under this Enrollment, Enrolled Affiliate may step-up to a higher edition or suite as follows: (i) For step-up Licenses included on an initial order, Enrolled Affiliate may order according to the true-up process. (ii) If step-up Licenses are not included on an initial order, Enrolled Affiliate may step-up initially by following the process described in the Section titled "Adding new Products not previously ordered," then for additional step-up Licenses, by following the true-up order process. i. Clerical errors. Microsoft may correct clerical errors in this Enrollment, and any documents submitted with or under this Enrollment, by providing notice by email and a reasonable opportunity for Enrolled Affiliate to object to the correction. Clerical errors include minor mistakes, unintentional additions and omissions. This provision does not apply to material terms, such as the identity, quantity or price of a Product ordered. j. Verifying compliance. Microsoft may, in its discretion and at its expense, verify compliance with this Enrollment as set forth in the Enterprise Agreement. 3. Pricing. a. Price Levels. For both the initial and any renewal term Enrolled Affiliate's Price Level for all Products ordered under this Enrollment will be Level"D"throughout the term of the Enrollment. b. Setting Prices. Enrolled Affiliate's prices for each Product or Service will be established by its Reseller. Except for Online Services designated in the Product Terms as being exempt from fixed pricing, As long as Enrolled Affiliate continues to qualify for the same price level, Microsoft's prices for Resellers for each Product or Service ordered will be fixed throughout the applicable initial or renewal Enrollment term. Microsoft's prices to Resellers are reestablished at the beginning of the renewal term. 4. Payment terms. For the initial or renewal order, Microsoft will invoice Enrolled Affiliate's Reseller in three equal annual installments. The first installment will be invoiced upon Microsoft's acceptance of this Enrollment and remaining installments will be invoiced on each subsequent Enrollment anniversary date. Subsequent orders are invoiced upon acceptance of the order and Enrolled Affiliate may elect to pay annually or upfront for Online Services and upfront for all other Licenses. 5. End of Enrollment term and termination. a. General. At the Expiration Date, Enrolled Affiliate must immediately order and pay for Licenses for Products it has used but has not previously submitted an order, except as otherwise provided in this Enrollment. b. Renewal option. At the Expiration Date of the initial term, Enrolled Affiliate can renew Products by renewing this Enrollment for one additional 36-month term or by signing a new Enrollment. Microsoft must receive a Renewal Form, Product Selection Form, and renewal order prior to or at the Expiration Date. Microsoft will not unreasonably reject any renewal. EA20201 EnrGov(US)SLG(ENG)(0ct2019) Page 5 of 10 Document X20-10635 Page 501 of 580 Microsoft may make changes to this program that will make it necessary for Customer and its Enrolled Affiliates to enter into new agreements and Enrollments at renewal. c. If Enrolled Affiliate elects not to renew. (i) Software Assurance. If Enrolled Affiliate elects not to renew Software Assurance for any Product under its Enrollment, then Enrolled Affiliate will not be permitted to order Software Assurance later without first acquiring a new License with Software Assurance. (ii) Online Services eligible for an Extended Term. For Online Services identified as eligible for an Extended Term in the Product Terms, the following options are available at the end of the Enrollment initial or renewal term. 1) Extended Term. Licenses for Online Services will automatically expire in accordance with the terms of the Enrollment.An extended term feature that allows Online Services to continue month-to-month ("Extended Term") is available. During the Extended Term, Online Services will be invoiced monthly at the then-current published price as of the Expiration Date plus a 3% administrative fee for up to one year. If Enrolled Affiliate wants an Extended Term, Enrolled Affiliate must submit a request to Microsoft at least 30 days prior to the Expiration Date. 2) Cancellation during Extended Term. At any time during the first year of the Extended Term, Enrolled Affiliate may terminate the Extended Term by submitting a notice of cancellation to Microsoft for each Online Service. Thereafter, either party may terminate the Extended Term by providing the other with a notice of cancellation for each Online Service. Cancellation will be effective at the end of the month following 30 days after Microsoft has received or issued the notice. (iii) Subscription Licenses and Online Services not eligible for an Extended Term. If Enrolled Affiliate elects not to renew, the Licenses will be cancelled and will terminate as of the Expiration Date. Any associated media must be uninstalled and destroyed and Enrolled Affiliate's Enterprise must discontinue use. Microsoft may request written certification to verify compliance. d. Termination for cause. Any termination for cause of this Enrollment will be subject to the "Termination for cause" section of the Agreement. In addition, it shall be a breach of this Enrollment if Enrolled Affiliate or any Affiliate in the Enterprise that uses Government Community Cloud Services fails to meet and maintain the conditions of membership in the definition of Community. e. Early termination. Any early termination of this Enrollment will be subject to the "Early Termination" Section of the Enterprise Agreement. For Subscription Licenses, in the event of a breach by Microsoft, or if Microsoft terminates an Online Service for regulatory reasons, Microsoft will issue Reseller a credit for any amount paid in advance for the period after termination. 6. Government Community Cloud. a. Community requirements. If Enrolled Affiliate purchases Government Community Cloud Services, Enrolled Affiliate certifies that it is a member of the Community and agrees to use Government Community Cloud Services solely in its capacity as a member of the Community and, for eligible Government Community Cloud Services, for the benefit of end users that are members of the Community. Use of Government Community Cloud Services by an entity that is not a member of the Community or to provide services to non-Community members is strictly prohibited and could result in termination of Enrolled Affiliate's license(s) for Government Community Cloud Services without notice. Enrolled Affiliate acknowledges that only Community members may use Government Community Cloud Services. b. All terms and conditions applicable to non-Government Community Cloud Services also apply EA20201 EnrGov(US)SLG(ENG)(0ct2019) Page 6 of 10 Document X20-10635 Page 502 of 580 to their corresponding Government Community Cloud Services, except as otherwise noted in the Use Rights, Product Terms, and this Enrollment. c. Enrolled Affiliate may not deploy or use Government Community Cloud Services and corresponding non-Government Community Cloud Services in the same domain. d. Use Rights for Government Community Cloud Services. For Government Community Cloud Services, notwithstanding anything to the contrary in the Use Rights: (i) Government Community Cloud Services will be offered only within the United States. (ii) Additional European Terms, as set forth in the Use Rights, will not apply. (iii) References to geographic areas in the Use Rights with respect to the location of Customer Data at rest, as set forth in the Use Rights, refer only to the United States. EA20201 EnrGov(US)SLG(ENG)(Oct2019) Page 7 of 10 Document X20-10635 Page 503 of 580 Enrollment Details 1. Enrolled Affiliate's Enterprise. a. Identify which Agency Affiliates are included in the Enterprise. (Required) Enrolled Affiliate's Enterprise must consist of entire offices, bureaus, agencies, departments or other entities of Enrolled Affiliate, not partial offices, bureaus, agencies,or departments,or other partial entities. Check only one box in this section. If no boxes are checked, Microsoft will deem the Enterprise to include the Enrolled Affiliate only. If more than one box is checked, Microsoft will deem the Enterprise to include the largest number of Affiliates: 0 Enrolled Affiliate only ❑ Enrolled Affiliate and all Affiliates ❑ Enrolled Affiliate and the following Affiliate(s) (Only identify specific affiliates to be included if fewer than all Affiliates are to be included in the Enterprise): ❑ Enrolled Affiliate and all Affiliates, with following Affiliate(s)excluded: b. Please indicate whether the Enrolled Affiliate's Enterprise will include all new Affiliates acquired after the start of this Enrollment: Exclude future Affiliates 2. Contact information. Each party will notify the other in writing if any of the information in the following contact information page(s) changes. The asterisks (*) indicate required fields. By providing contact information, Enrolled Affiliate consents to its use for purposes of administering this Enrollment by Microsoft,its Affiliates, and other parties that help administer this Enrollment. The personal information provided in connection with this Enrollment will be used and protected in accordance with the privacy statement available at https://www.microsoft.com/licensing/servicecenter. a. Primary contact. This contact is the primary contact for the Enrollment from within Enrolled Affiliate's Enterprise. This contact is also an Online Administrator for the Volume Licensing Service Center and may grant online access to others. The primary contact will be the default contact for all purposes unless separate contacts are identified for specific purposes Name of entity(must be legal entity name)* City of Boynton Beach Contact name* First Charles Last Stevens Contact email address*stevensc@bbfl.us Street address* 100 East Boynton Beach Boulevard City* Boynton Beach State* FL Postal code* 33435-3838- (Please provide the zip +4, e.g. xxxxx-xxxx) Country* United States Phone* 561-742-6070 Tax ID *indicates required fields b. Notices contact and Online Administrator. This contact(1)receives the contractual notices, (2) is the Online Administrator for the Volume Licensing Service Center and may grant online access to others, and (3)is authorized to order Reserved Licenses for eligible Online Servies, including adding or reassigning Licenses and stepping-up prior to a true-up order. EA20201 EnrGov(US)SLG(ENG)(0ct2019) Page 8 of 10 Document X20-10635 Page 504 of 580 ❑ Same as primary contact (default if no information is provided below, even if the box is not checked). Contact name* First Charles Last Stevens Contact email address*stevensc@bbfl.us Street address* 100 East Boynton Beach Boulevard City* Boynton Beach State* FL Postal code* 33435-3838- (Please provide the zip +4, e.g. xxxxx-xxxx) Country* United States Phone* 561-742-6070 Language preference. Choose the language for notices. English ❑ This contact is a third party (not the Enrolled Affiliate). Warning: This contact receives personally identifiable information of the Customer and its Affiliates. *indicates required fields c. Online Services Manager. This contact is authorized to manage the Online Services ordered under the Enrollment and (for applicable Online Services) to add or reassign Licenses and step-up prior to a true-up order. Same as notices contact and Online Administrator(default if no information is provided below, even if box is not checked) Contact name*: First Charles Last Stevens Contact email address*stevensc@bbfl.us Phone* 561-742-6070 ❑This contact is from a third party organization(not the entity). Warning: This contact receives personally identifiable information of the entity. *indicates required fields d. Reseller information. Reseller contact for this Enrollment is: Reseller company name* SHI International Corp. Street address (PO boxes will not be accepted)* 290 Davidson Ave City* Somerset State* NJ Postal code* 08873-4145 Country* United States Contact name* Scott Doherty Phone* 888-764-8888 Contact email address* msteam@shi.com *indicates required fields By signing below, the Reseller identified above confirms that all information provided in this Enrollment is correct. Signature* Printed name* Printed title* Date* *indicates required fields Changing a Reseller. If Microsoft or the Reseller chooses to discontinue doing business with each other, Enrolled Affiliate must choose a replacement Reseller. If Enrolled Affiliate or the Reseller intends to terminate their relationship,the initiating party must notify Microsoft and the EA20201 EnrGov(US)SLG(ENG)(0ct2019) Page 9 of 10 Document X20-10635 Page 505 of 580 other party using a form provided by Microsoft at least 90 days prior to the date on which the change is to take effect. e. If Enrolled Affiliate requires a separate contact for any of the following,attach the Supplemental Contact Information form. Otherwise, the notices contact and Online Administrator remains the default. (i) Additional notices contact (ii) Software Assurance manager (iii) Subscriptions manager (iv) Customer Support Manager (CSM)contact 3. Financing elections. Is a purchase under this Enrollment being financed through MS Financing? ❑ Yes, 0 No. If a purchase under this Enrollment is financed through MS Financing, and Enrolled Affiliate chooses not to finance any associated taxes, it must pay these taxes directly to Microsoft. EA20201 EnrGov(US)SLG(ENG)(0ct2019) Page 10 of 10 Document X20-10635 Page 506 of 580 Enterprise Enrollment Product Selection Form Microsoft I Volume Licensing Proposal ID Enrollment Number 1152244.004 Language: English(United States) Enrolled Affiliate's Enterprise Productsand Enterprise Online Services summary for#he'initial order: Qualified Device/User CAL Licensing Devices Profile Qualified Users Enterprise Product Platform Ratio Model Enterprise 850 875 1.0 Yes User Licenses Products Enterprise Quantity Office Professional Plus Office Professional Plus 850' Client Access License(CAL) Core CAL Core CAL 875 Windows Desktop Windows Enterprise OS Upgrade 850 Enrolled Affiliate's Product Quantities: Price,Group 1 2 3 4 Enterprise Products Office Professional Plus+ Client Access License+ Client Access Win E3+Win E5+ M365 Apps for Enterprise+ Office 365(Plans E1,E3 License+Windows Win VDA+ Office 365(Plans E3 and E5)+ and E5)+Microsoft 365 Intune+EMS USL+ Microsoft 365 Microsoft 365 Enterprise Enterprise Microsoft 365 Enterprise Enterprise Quantity 850 875 875 850 Enrolled Affiliate's Price Level: Product Offering 1 Pool Price Level Enterprise Products and Enterprise Online Services USLs:Unless otherwise indicated in associated contract documents,Price level set using the highest quantity from Groups 1 through 4. D Additional Product Application Pool:Unless otherwise indicated in associated contract documents,Price level set using quantity from Group 1. D Additional Product Server Pool:Unless otherwise indicated in associated contract documents,Price level set using the highest quantity from Group 2 or 3. D Additional Product Systems Pool:Unless otherwise indicated in associated contract documents,Price level set using quantity from Group 4. D Page 1 of 2 EA EASProdSelForm(WW)(ENG) MS Quote Page 507 of 580 Enterprise Enrollment Product Selection Form Microsoft I Volume Licensing MOTES Unless otherwise indicated in the associated contract documents,the price level for each Product offering/pool is set as described above,based upon the quantity to price level mapping below: Quantity of Licenses and Software Assurance Price Level 2,399 and below A 2,400 to 5,999 B 6,000 to 14,999 c 15,000 and above D Note 1:Enterprise Online Services may not be available in all locations. Please see the Product List for a list of locations where these may be purchased. Note 2:Unless otherwise indicated in associated Agreement documents,the CAL selection must be the same across the Enterprise for each Profile. Note 3:Enrolled Affiliate acknowledges that in order to use a third party to reimage the Windows Operating System Upgrade,Enrolled Affiliate must certify that it has acquired qualifying operating system licenses.The requirement applies to Windows Enterprise OS Upgrade.See Product Terms for details. Note 4:If Enrolled Affiliate does not order an Enterprise Product or Enterprise Online Service associated with an applicable Product pool, he price level for Additional Products in the same pool will be price level"A"throughout the term of the Enrollment.Refer to the Qualifying Government Entity Addendum pricing provision for more details on price leveling. Page 2 of 2 EA-EASProdSelForm("(ENG) MS Quote Page 508 of 580 M, MicrosoftclipLicensing Program Signature Form MBA/MBSA number 5-0000008036205 Agreement number 01E73902 Note: Enter the applicable active numbers associated with the documents below. Microsoft requires the associated active number be indicated here,or listed below as new. For the purposes of this form, "Customer" can mean the 'signing entity, Enrolled Affiliate, Government Partner,Institution,or other party entering into a volume licensing program agreement. This signature form and all contract documents identified in the table below are entered into between the Customer and the Microsoft Affiliate signing, as of the effective date identified below. Contract Document Number or Code Enterprise Enrollment Indirect X20-10635 Enterprise Amendment M97 NEW Product Selection Form 1152244.004 PSF By signing below, Customer and the Microsoft Affiliate agree that both parties (1) have received, read and understand the above contract documents, including any websites or documents incorporated by reference and any amendments and (2)agree to be bound by the terms of all such documents. Name of Entity (must be legal entity name)*City of Boynton Beach Signature* Printed First and Last Name* Printed Title Signature Date* Tax ID *indicates required field Microsoft Microsoft Corporation Signature Printed First and Last Name Printed Title Signature Date (date Microsoft Affiliate countersigns) Agreement Effective Date (may be different than Microsoft's signature date) Programs ignForm(MSS ign)(NA,LatAm)ExB RA,MLI(ENG)(May202O) Page 1 of Document X20-12883 Page 509 of 580 Optional 2nd Customer signature or Outsourcer signature(if applicable) Name of Entity (must be legal entity name)* Signature* Printed First and Last Name* Printed Title Signature Date* *indicates required field Outsourcer Name of Entity (must be legal entity name)* Signature* Printed First and Last Name* Printed Title Signature Date* *indicates required field If Customer requires additional contacts or is reporting multiple previous Enrollments, include the appropriate form(s)with this signature form. After this signature form is signed by the Customer, send it and the Contract Documents to Customer's channel partner or Microsoft account manager,who must submit them to the following address. When the signature form is fully executed by Microsoft, Customer will receive a confirmation copy. Microsoft Corporation Dept. 551,Volume Licensing 6880 Sierra Center Parkway Reno, Nevada 89511 USA ProgramSignForm(MSSign)(NA,LatAm)ExBRA,MLI(ENG)(May202O) Page 2 of 2 Document X20-12883 Page 510 of 580 7.C. Consent Bids and Purchases Over $100,000 2/11/2022 City of Boynton Beach Agenda Item Request Form Commission Meeting Date: 2/1/2022 Requested Action by Commission: Authorize utilizing the GSA contract GS-07F-173GA, previously approved on 9/1/2020, for the purchase of services for support and maintenance of citywide camera, access control, and Real Time Crime Center technology as needed from Broadcast Systems in the amount of up to $110,000. Explanation of Request: The GSA contract complies with the City of Boynton Beach competitive bid requirements. Budgeted in the Police FY 2022 annual budget, this is to provide support for several technical systems used citywide. The City has several technology systems that require ongoing technical support to ensure continuous operation. These include a citywide Avigilon Access Control System that provides centralized and secure access to multiple city buildings, an Avigilon security Camera System with cameras installed across the city, call boxes at key locations, digital signage, and technical systems in the Real Time Crime Center. How will this affect city programs or services? This will ensure that the access control system, citywide security cameras, and technology in the Real Time Crime Center are available and operational throughout the year. Fiscal Impact: B udgeted Funding was approved and is available in fiscal year 2021/22. Account#001-2112-521-46-20 Equipment Maintenance in the amount of$110,000. Alternatives: The City can issue an RFP for support of individual systems, resulting in delay of availability of support and less coverage. Strategic Plan: Building Wealth in the Community, High Performing Organization Strategic Plan Application: This maintenance agreement will assist with building and maintaining wealth in the community by protecting the City's investment in technology infrastructure. Not continuing equipment maintenance would have a negative impact on City employees' ability to effectively use the systems, and to continue operating as a high performing organization. Climate Action Application: Page 511 of 580 Is this a grant? No Grant Amount: Contracts Vendor Name: Broadcast Systems Start Date: 9/1/2017 End Date: 8/31/2022 Contract Value: $110,000 Minority Owned Contractor?: No Extension Available?: Yes Extension Explanation: The City of Boynton Beach Purchasing Manager in consultation with the Finance Director may extend the agreement at the same price, terms, and conditions, for three (3) one-year renewals (exercised separately) subject to vendor acceptance, satisfactory performance as determined by the Purchasing Manager, and determination by the Purchasing Manager that renewal will be in the best interest of the City. Attachments: Type Description Contract roadcast\CSA Contract information Agreement Agreement and ExhibitA Scope of Service Exhibit CSA Contract Vendor information Page 512 of 580 T ER Tech Systems Group Inc. -line access to contract ordering information,terms and conditions, up-to-date pricing, and the option to create an electronic delivery order are available through GSA Advantage!, a menu-driven database system. The Internet address for GSA Advantage! is: http:/Lwww.gsaadvantage.gov SCHEDULE 84:Total Solutions for Law Enforcement, Security, Facilities Management, Fire, Rescue, Special Purpose Clothing, Marine Craft, and Emergency/Disaster Response CONTRACT.GS-07F`173GA VALID.09/01/2017—08/31/2022 Contractor: ER Tech Systems Group Inc. Dba: Broadcast Systems Address: 290 SW 12th Avenue, Suite 1 Pompano Beach, FL 33069 Office: (561) 578-4964 Fax: (561) 658-0360 Website: www.broadcastsystemsinc.com Email: GSA@ broadcastsystemsinc.com Point of Contact: Nicholas Ehr nick@broadcastsystemsinc.com Contract Admin: Pascale Ozelie Pascale@broadcastsystemsinc.com BROADCAS1 SYSE EMS GS- 7F-173G Page 513 of 580 GSA AWARDED TERMS AND CONDITIONS 1)AWARDED SINS: 334512—Total Solution Support Products for Facilities Management Systems/Subject to Cooperative Purchasing 541330L—Security System Integration, Design, Management, and Life Cycle Support/Subject to Cooperative Purchasing 334290L— Physical Access Control Systems (PACS)/Subject to Cooperative Purchasing 561210SB—Smart Buildings Systems Integrator/Subject to Cooperative Purchasing OLM—Order-Level Materials 2) MAX ORDER GUIDELINES: 334512 - $250,000 541330L - $250,000 334290L - $250,000 561210SB -$1,000,000 3) MINIMUM ORDER LIMITS: No minimum order. 4) GEOGRAPHIC COVERAGE: 334512 - Worldwide 541330L—48 States, DC 334290L- Worldwide 561210SB -48 States, DC 5) POINT OF PRODUCTION: Contact contract administrator for a complete list of production points. 6) BASIC DISCOUNT FROM LIST: Prices shown are net discount. 7) VOLUME DISCOUNT: Contact contract administrator for volume discount. 8) PROMPT PAYMENT DISCOUNT: None 9) GOVERNMENT PURCHASE CARDS: Government Purchase Cards are accepted at or below the micro-purchase threshold Government Purchase Cards are not accepted above the micro-purchase threshold 10) FOREIGN ITEMS: All products are in compliance with the Trade Agreements Act. 11) TIME OF DELIVERY: Standard Delivery: 7 to 14 DARO Expedited Delivery: Contact Administrator for Rates BROADCAS1 SYS E EMS 2 S- 7F-173G Page 514 of 580 12) FOB POINT: FOB Destination, Shipping included in price 13) ORDERING: Ordering address—Same as contractor address Ordering Procedures- For supplies and services, the ordering procedures, information on Blanket Purchase Agreements (BPA's) are found in FAR 8.405-3 14) PAYMENT ADDRESS: 290 SW 12th Avenue, Suite 1, Pompano Beach, FL 33069 15) WARRANTY PROVISION: Contact contract administrator for warranty information. 16) EXPORT PACKING CHARGES: N/A 17) TERMS AND CONDITIONS OF GVT PURCHASE CARD ACCEPTANCE: Accepted at and below the micro-purchase threshold 18) TERMS AND CONDITIONS OF RENTAL, MAINTENANCE, AND REPAIR: N/A 19) TERMS AND CONDITIONS OF INSTALLATION: N/A 20) TERMS AND CONDITIONS OF REPAIR PARTS: N/A 21) TERMS AND CONDITIONS FOR ANY OTHER SERVICES: N/A 22) LIST OF SERVICES DISTRIBUTION POINTS: N/A 23) LIST OF PARTICIPATING DEALERS: N/A 24) PREVENTATIVE MAINTENANCE: N/A 25a) SPECIAL ATTRIBUTES: N/A b) SECTION 508: N/A 26) DUNS NUMBER: 079637089 27) NOTIFICATION REGARDING SAM: SAM Registration valid and current. 28) CAGE CODE: 7C6T7 BROADCAS1 SYS E EMS 3 S- 7F-1 13G Page 515 of 580 SERVICE PRICE LIST 561210SB Project Manager Per Hour $110.83 Labor rate for Project Manager Master Technician Per Hour $110.83 Labor rate for installation & services Access Control and Surveillance Systems System Design Engineer Per Hour $110.83 Labor rate for design & programming 541330L Project Manager Per Hour $110.83 Labor rate for Project Manager Master Technician Per Hour $110.83 Labor rate for installation & services Access Control and Surveillance Systems System Design Engineer Per Hour $110.83 Labor rate for design & programming BROADCASI SYS E EMS 4 S- 7F-1 13G Page 516 of 580 AGREEMENT FOR INFORMATION TECHNOLGY RELATED SERVICES This Agreement is made as of this day of 2022 by and between Broadcast Systems, Inc. with a principal address 290 SW 12th Avenue, Suite 1, Pompano Beach, FL 33069 and THE CITY OF BOYNTON BEACH, a municipal corporation organized and existing under the laws of Florida, with a business address of 100 East Ocean Avenue, Boynton Beach, FL 33435, hereinafter referred to as "City". RECITALS WHEREAS, in order to obtain technical support for citywide access control systems, security cameras systems, and real time crime center and related technology, the City's Police Department is requesting the City enter into an Agreement with Broadcast Systems to perform Information Technology (IT) related services; and WHEREAS, Broadcast Systems has agreed to allow the City to piggyback the General Service Administration (GSA) Schedule pursuant to Contract No. GS-0717-172GA to provide IT related services in the amount not to exceed $ 110,000.00 based on Contract No. GS-07F-172GA; and NOW, THEREFORE, in consideration of the mutual covenants contained herein, and for other valuable consideration received, the receipt and sufficiency of which are hereby acknowledged, the parties agree as follows: AGREEMENT Section 1. The foregoing recitals are true and correct and are hereby incorporated in this Agreement. Section 2. The City and Broadcast Systems agree that Broadcast Systems shall provide IT related services in the amount not to exceed $ 110,000.00 based on the General Service Administration (GSA) Schedule Contract No. GS-07F-172GA, a copy of which is attached hereto as Exhibit"B", except as hereinafter provided: A. All references to the General Service Administration (GSA) Schedule Contract No GS-0717-172GA shall be deemed as references to the City of Boynton Beach. B. All Notices to the City shall be sent to: General Service Administration (GSA) Schedule— IT Related Services Page 517 of 580 City: Lori LaVerriere, City Manager City of Boynton Beach P.O. Box 310 Boynton Beach, Florida 33425 Telephone: (561) 742-6010 /Facsimile: (561) 742-6090 Copy: James A. Cherof, City Attorney Goren, Cherof, Doody & Ezrol, PA. 3099 East Commercial Boulevard, Suite 200 Fort Lauderdale, FL 33308 Telephone: (954)771-4500 Facsimile: (954)771-4923 C. The following terms and conditions are hereby incorporated into the Agreement: PUBLIC RECORDS. Sealed documents received by the City in response to an invitation are exempt from public records disclosure until thirty (30) days after the opening of the Bid unless the City announces intent to award sooner, in accordance with Florida Statutes 119.07. The City is a public agency subject to Chapter 119, Florida Statutes. The Contractor shall comply with Florida's Public Records Law. Specifically, the Contractor shall: A. Keep and maintain public records required by the CITY to perform the service; B. Upon request from the CITY's custodian of public records, provide the CITY with a copy of the requested records or allow the records to be inspected or copied within a reasonable time at a cost that does not exceed the cost provided in chapter 119, Fla. Stat. or as otherwise provided by law; C. Ensure that public records that are exempt or that are confidential and exempt from public record disclosure requirements are not disclosed except as authorized by law for the duration of the contract term and, following completion of the contract, Contractor shall destroy all copies of such confidential and exempt records remaining in its possession once the Contractor transfers the records in its possession to the CITY; and D. Upon completion of the contract, Contractor shall transfer to the CITY, at no cost to the CITY, all public records in Contractor's possession All records stored electronically by Contractor must be provided to the CITY, upon request from the CITY's custodian of public records, in a format that is compatible with the information technology systems of the CITY. General Service Administration (GSA) Schedule— IT Related Services Page 518 of 580 E. IF THE CONTRACTOR HAS QUESTIONS REGARDING THE APPLICATION OF CHAPTER 119, FLORIDA STATUTES, TO THE CONTRACTOR'S DUTY TO PROVIDE PUBLIC RECORDS RELATING TO THIS CONTRACT, CONTACT THE CUSTODIAN OF PUBLIC RECORDS: CRYSTAL GIBSON, CITY CLERK 100 E. OCEAN AVE. BOYNTON BEACH, FL, 33435 561-742-6061 GIBSONC@BBFL.US SCRUTINIZED COMPANIES -- 287.135 AND 215.473 By execution of this Agreement, Contractor certifies that Contractor is not participating in a boycott of Israel. The contractor further certifies that Contractor is not on the Scrutinized Companies that Boycott Israel list,not on the Scrutinized Companies with Activities in Sudan List, and not on the Scrutinized Companies with Activities in the Iran Petroleum Energy Sector List, or has Contractor been engaged in business operations in Syria. Subject to limited exceptions provided in state law, the City will not contract for the provision of goods or services with any scrutinized company referred to above. Submitting a false certification shall be deemed a material breach of contract. The City shall provide notice, in writing, to the Contractor of the City's determination concerning the false certification. The contractor shall have five (5) days from receipt of notice to refute the false certification allegation. If such false certification is discovered during the active contract term, the Contractor shall have ninety (90) days following receipt of the notice to respond in writing and demonstrate that the determination of false certification was made in error. If the Contractor does not demonstrate that the City's determination of false certification was made in error then the City shall have the right to terminate the contract and seek civil remedies pursuant to Section 287.135, Florida Statutes, as amended from time to time. DISPUTES. Any disputes that arise between the parties with respect to the performance of this Agreement, which cannot be resolved through negotiations, shall be submitted to a court of competent jurisdiction in Palm Beach County, Florida. This Agreement shall be construed under Florida Law. EXECUTION OF THE AGREEMENT. This Agreement will take effect once signed by both parties. This Agreement may be signed by the parties in counterparts which together shall constitute one and the same agreement among the parties. A facsimile signature shall constitute an original signature for all purposes. Section 1. In the event that the General Service Administration (GSA) Schedule is amended, or terminated, Broadcast Systems shall notify the City within ten (10) days. In the event the General Service Administration (GSA) Schedule is amended or terminated prior to its General Service Administration (GSA) Schedule— IT Related Services Page 519 of 580 expiration, this Contract shall remain in full force and effect, and not be deemed amended or terminated until specifically amended or terminated by the parties hereto. Section 3. Broadcast Systems agrees that in the event it enters into a Contract for the same (or substantially similar) scope of services with another local government in Florida which contains a term or condition, including fees, charges, or costs, which the City determines to be more favorable than the terms in this Contract, the parties shall enter into an Addendum to provide those terms to the City. Section 4. The insurance required shall require that the Certificate of Insurance name the City of Boynton Beach as an additional insured. Section 5. In all other aspects, the terms and conditions of the General Service Administration (GSA) Schedule are hereby ratified and shall remain in full force and effect under this Contract, as provided by their terms. Section 6. Vendor agrees to perform the services, identified on Exhibit"A" Scope of Services attached hereto and incorporated herein by reference, including the provision of all labor, materials, equipment and supplies on an"AS NEEDED" basis as requested by the city's project manager or designee. Section 7. TERM. The initial term of the contract shall be for one year effective upon date the contract is fully executed by all parties and subject to limits of annual approved budget. The City of Boynton Beach Purchasing Manager in consultation with the Finance Director may extend the agreement at the same price, terms, and conditions, for three (3) one-year renewals (exercised separately) subject to vendor acceptance, satisfactory performance as determined by the Purchasing Manager, and determination by the Purchasing Manager that renewal will be in the best interest of the City. Section 7. PAYMENT a. Payment for the work provided by Vendor shall be made promptly on all invoices submitted to the City properly, provided that the total amount of payment to Vendor shall not exceed the total contract price without express written modification of the Agreement signed by the City Manager or designee and invoices are in accordance with the Exhibit"B" AGREEMENT BETWEEN GENERAL SERVICE ADMINISTRATION(GSA) SCHEDULE AND BROADCAST SYSTEMS. b. The Vendor may submit invoices to the City once per month during the progress of the work for partial payment. Such invoices will be checked by the City, and upon approval thereof,payment will be made to the Vendor in the amount approved. c. Payment as provided in this section by the City shall be full compensation for work performed, services rendered, and for all materials, supplies, equipment and incidentals necessary to complete the work. d. The Vendor's records and accounts pertaining to this Agreement are to be kept available for inspection by representatives of the City and State for a period of three (3)years after the termination of the Agreement. Copies shall be made available upon request. Page 520 of 580 IN WITNESS OF THE FOREGOING, the parties have set their hands and seals the day and year first written above. CITY OF BOYNTON BEACH, FLORIDA ATTEST: By: Lori LaVerriere, City Manager City Clerk APPROVED AS TO FORM: James A. Cherof, City Attorney WITNESSES: Broadcast Systems, Inc. BY: Print Name: Title: ATTEST: SECRETARY Page 521 of 580 EXHIBIT A SCOPE OF Service SERVICES: Service provided to City of Boynton Beach to include on site and on-line troubleshooting, break fix services, remote system administration services, and related software updates within the version of software. During the maintenance period, a 12/5/365 Help Desk/Troubleshooting service will be provided. Maintenance of security related systems to include security camera systems, access control systems, visitor management systems, biometric systems, call boxes, digital signage systems, Real Time Crime Center (RTCC) systems (Hiperwall, video displays, and audio systems in the RTCC), code blue boxes, and related software associated to the operation and management of the systems covered under this contract. Proactive monthly preventative maintenance to include update of software versions, operating systems, and firmware as well as other routine activities as recommended by system manufacturers. 1. Routine Service Hours: Routine service hours are defined in the table below. 2. Remote access: The customer responsible for allowing Broadcast Systems access to its systems via secure Virtual Private Network(VPN) or equivalent connection. 3. Technical Telephone Support: Broadcast Systems provides telephone support during normal business hours to address simple technical questions/issues. Telephone support is handled in a routine manner. The intent of this service is to provide timely answers to simple technical questions regarding system operations. 4. Support tickets: All support tickets must be generated through the Broadcast Systems help desk. All tickets will be emailed to admin(a�broadcastsystemsinc.com . Broadcast Systems will generate a ticket number and all parties will be able to track the support ticket throughout the event till resolution of service request. An additional copy of the support ticket will be forwarded to City of Boynton Beach with the support desk email address. 5. Priority Handling of Service Requests: Broadcast Systems will respond rapidly to routine service calls on a priority basis. Calls and tickets received prior to 8:OOAM EST/EDT on normal business days are responded to during the same day. The initial response may be via telephone or remote programming (if applicable). Calls received after 8:OOAM EST/EDT are handled with priority status and responded to no later than close of business on the following business day. Page 522 of 580 6. Emergency Response Service: This includes service requests that require immediate response to a mission critical system failure. Emergency Response Service (ERS) is provided twelve (12) hours a day, five (5) days per week, including holidays. Upon receipt of an authorized Emergency Service request, a Broadcast Systems engineer, or technician will respond within a maximum of (8) hours. He/she will initially perform remote diagnostics via telephone or other remote connection (if applicable) and will either resolve the problem or downgrade the emergency to a routine service call. If the emergency is downgraded to a routine service call, the service call will be completed during regular business hours. If the emergency persists and an on- site response is required, Broadcast Systems will have an engineer/technician or approved subcontractor on-site within the following twelve (12) hours. The work effort will be continuous until the response requirement is satisfied, and/or as directed by the customer. 7. Battery Tracking Program: This includes tracking the age of batteries used in the system. Broadcast Systems will advise the Customer when certain batteries should be replaced. If a complete list of batteries is not currently available, or they were provided (i.e. installed)by others, an inventory of batteries will be completed during the first year of the Service Agreement. The cost of battery replacement is charged separately to customer. 8. Parts and Equipment Coverage: Equipment and/or material that needs to be replaced that are not covered by manufacture warranty will be purchased: All Shop Materials Sold at Cost + 10% (I.E. Home Depot, Lowes, Electrical Supply, Amazon). Items such as a man lifts or bucket trucks are not included and, if required, will be charged separately at cost. 9. System Documentation Maintenance: Broadcast Systems will maintain all relevant system documentation to support the system, including changes. Documentation and system information will be available to customer. 10. Communications: The contractor or his/her representative will meet with the City's contract administrator at least every other week to discuss schedules, problems, needs, and mutual areas of concern. Service Hours A. Routine Service—Labor: Routine Labor Rate applies to service work and Technical Telephone Support provided during normal business hours(Monday through Friday between the hours of 9:OOAM and 5:OOPM EST/EDT). i. Routine Service Labor Rate per Hour is charged in accordance with standard rates ii. Minimum Time Billing per on-site event.If remote support exceeds.5 hour the 1 Hour minimum service charge time will apply. lll. Time Billing Increment in Excess of Minimum Time 0.5 Hour Page 523 of 580 B. Emergency Response Services—(ERS)—Labor: Emergency Response Service Labor Rate applies to work that client has specifically requested on an emergency basis.ERS is provided with a response time of 8 hours(exceptions may apply,subject to type and location of the emergency). i. Emergency Response work during normal business hours(Monday through Friday between hours of 8:OOAM and 6:OOPM EST/EDT) Labor rate per hour is charged in accordance with standard rates in the class per technician. ii. Emergency Response work after normal business hours and Saturday 1.5 x (Monday through Friday,6:OOPM—11:OOPM EST; Saturday,8:OOAM—2:OOPM) Hourly Rate Emergency Response work during all other hours including Weekends and Holidays iii. Holidays:New Year's Day,Good Friday,Memorial Day,Independence Day,Labor Day, 3x Hourly Thanksgiving Day and day after,Christmas Day Rate iv. Minimum Time Billing for Emergency Calls 2x Hours V. Time Billing Increment in Excess of Minimum Time .5 hour EXHIBIT B AGREEMENT BETWEEN GENERAL SERVICE ADMINISTRATION (GSA) SCHEDULE AND BROADCAST SYSTEMS Page 524 of 580 Contractor Information Contract: GS-07F-173GA Contractor: ER TECH SYSTEMS GROUP INC. Address: 205 NW 12TH AVENUE, POMPANO BEACH,FL33069 E-Mail: GSA@BROADCASTSYSTEMSINC.COM Web Address: http;//WWW.BROADCASTSYSTEMSINC.COM Contract end date: Aug 31,2022 Order Status POC: GSA@ BROADCASTSYST E MSI NC.COM DUNS: 079637089 Business type: Small Business Disadvantaged business EPLS: Contractor not found on the Excluded Parties List System Ordering Information: Contact the office nearest you if more than one location is shown. Name/Order POC Email Address City,State Zip Code Phone Number Fax Number ER TECH SYSTEMS GROUP INC. 205 NW 12TH AVENUE POMPANO BEACH,FL 33069 5615784964 5616580360 GSA@BROADCASTSYSTEMSI NC.COM Page 525 of_5$,q 9.A. City Manager's Report 2/11/2022 City of Boynton Beach Agenda Item Request Form Commission Meeting Date: 2/1/2022 Requested Action by Commission: Approve City Hall Cafe Space RFP Scope of Work presented by David Scott, Director of Economic Development and Strategy. Explanation of Request: In 2020, Avison Young was retained by the City through E21-to identify operators to oversee and manage the City Hall I nnovation Space and the City Hall Cafe Space. Florida Atlantic University was selected as the operator of the Innovation Space. Avison Young received interest from four respondents to the City Hall Cafe Space solicitation (Common Grounds, Trindy Gourmet, 500 Ocean Cafe, Juice Bar Paradise, LLC). The retail market was e)dremely impacted by the pandemic. Many restaurants closed or provided severely restricted service. The City Hall Cafe Space solicitation was suspended to allow for economic recovery. Staff has developed an RFP that will solicit a culinary operator/incubator to occupy the City Hall Cafe Space with an option to occupy the vacant space in the Arts and Cultural Center and provide up to $20,000 toward tenant improvements. How will this affect city programs or services? The proposed City Hall Cafe will provide beverage and food options for patrons and employees of City Hall and the surrounding area. Fiscal Impact: $20,000 Alternatives: N/A Strategic Plan: Culturally Distinct Downtown Strategic Plan Application: The City Hall Cafe will provide healthy food options for patrons and employees of City Hall. It will also serve as a destination for visitors to the many events and activities in an around Town Square, while incubating startups. Climate Action Application: Is this a grant? Grant Amount: Page 526 of 580 Attachments: Type Description D Attachment City Hall Cafe RFP Presentation Page 527 of 580 a O co LO 4- 0 co N LO N .O ro N M 4-+ ro ro ate--+ ro v N O _ Q N N +-+ ;n 0 �n 0 O 0 c 4— O, � ro ro 4-j0 Ln C:� Lnru ' Q, v E U Q ro Q) Ln 0 Ln ° O v 4-j ° (U ,� v U °' Q ti,s is L +jLn 0 Ln cit . cU (U -0 C: ro ro Ln X ro S„1 D ro `;s�l sst • N U _0 U U In Vl 0 •I--+° U .,'4ststs}�i`�� • ro . L (L3 L V1 i t tt114�)� ro 0- roN 4J L N rB Q r1J p' tss�tl�(iLn MR, ru ru — L (UO — ru J r6 L O = L ' iJ ro0 Ln Q _ ro M L 1 S s s +-+ ©V O Q > Q C J �+°- N L fi litlll� OO In �_ cn CU } ro °_ O to = fQ }iiq`rs S\11 EnU — i L L S r[5 is��l 4— O Q) 4- N N , rlJ In 111 O 4-j I--+ �. � . � O ' Ln L O r _0 Ol cn �3 L 0 0 0 0') f11 .N U SU L ' 0 E2 .ro rc) �_ ro E ClJ 0 �) to rt3 U � rC3 ' T v O cU � Ol O m M O O— tn 0 W O ro N � U ro L L+ L Ln O -0 ro +-� �+— L Ln OLn — 01 — � + ' ro ro O Ln O t ° -0 c ro L N Q � o � m O V O Q O E U ;� N -0 rc5 —0 O rB> +-+ U — U Q1 CU O 4— - 0 N L U Ln N Q N N O i � Ln LLn n4-jO U; U U u U � V (3) 4-J +j w S M Ln (U N m i a O 4-+ v - _0 ° C v cy) '7n .- r ro its ?� q j — +-j Ln -C Ln ru o � � ru C: ru ru E N N its i .-. >Ln i Q u Ln l O ° tU t ,r�tr ; rB 4 L L �► N O rro 4--+ 4--' iU �3t ro Ln ru iU r 11 E �' — Ln O NF10, L ' cl R5 ��la,Q1 • O _ ,tt� CU 4-J C2 SU f U ? Ln (� ru ru QJtri ' ° ° � tla Ln ° E ru ' r� its X_ ++ V14— 41� "O T) i ro Ul a0., rB its ,Q j4-J ro . N N Ln its tQ) 4-J ria T O O mc© OO O vv L o u x o v >, >, C a' o c6 a� s2 V -0 L its +_-+ (�► to N L ro 0 = 4- L- o -0 0 0 O +-j i31 (1) S= Q D ro ° O a1 O� ro Ln Ln CY) -OL Ln 0 its 4-- Q) , • • • ® O ® , co if) .® 4— . ® ® • ' O e • r � ® • ' LO e ® a , • • e •• • • • ® 0 co ® • LO 4- 0 • ® • • N C7 LO N O1 • • • • . • r e • e • e • O co LO 4- 0 C7 C7 LO N O1 zx ou Y'V r I 0 F- V 10.A. Unfinished Business 2/11/2022 City of Boynton Beach Agenda Item Request Form Commission Meeting Date: 2/1/2022 Requested Action by Commission: Continue discussion for clarification to staff on language to be included in the Resolution and on the Plaque for the Progress Pride Intersection. Explanation of Request: On October 5, 2021, the City Commission considered a request from the Palm Beach County Human Rights Council to adopt a resolution and place a plaque at the newly painted "Progress Pride Intersection" at E. Ocean Avenue and E. 1st Street. The City Commission directed the item to the Historic Resources Preservation Board for review and advisement. The Historic Resources Preservation Board discussed the item on December 13, 2021 and passed a motion recommending the City Commission pass a resolution and not install a plaque. Minutes from the December 13, 2021 meeting are included in the backup for this item. At the January 18, 2022 Commission Meeting, the Commission passed a motion for the City Attorney to work with the State Attorney to determine language for the plaque. Minutes for the January 18, 2022 meeting are included in the backup for this item. At this time, staff is requesting further clarification on the language to be included in both the Resolution and on the plaque, prior to discussion with the State Attorney's Office. How will this affect city programs or services? Fiscal Impact: Alternatives: Strategic Plan: Strategic Plan Application: Climate Action Application: Is this a grant? Grant Amount: Page 534 of 580 Attachments: Type Description D Attachment Request for Resolution & Plaque from PBC Human Rights Council D Minutes Minutes from Item 6A on Dec. 13, 2021 Historic Resources Preservation Board Meeting D Attachment Minutes from Item 10A on Jan. 18, 2022 Commission Meeting Page 535 of 580 PALM BEACH COUNTY s Please respond to:9 G HUMAN RIGHTS COUNCIL 400 Northl let Drive,#1402 West Palm Beach, Florida 33401 Rand c (561)358-0105 Prosirk-ger sand Foair del - och sa.net WV' T PI°.•;Br-C;i Meredith Ockman _MEMORANDUMme( °a e-mg:iIj t iu?111e=sfr eni \rot c�i c•,.t, .?., 1'0: Mayor Steven B. Grant Daniel Hall `'ice-hial,or Woodrow I.. ay fr€�.��starar Wrd-t I'rl Cr sat Co ssionex Tustin Katz, Rae Franks Commissioner Christina Ro elus d-rct.ao�.. (:ommissionerTy Penserga Carly Cass From: Jude Rand Hoch (retired),President and Founder laniece N. Davis Re: Adopting a resolution to install a plaque at the LGBTQ Pride W'"' r' ' R`````'` Intersection to address CC C)6.13 and 806.135, Florida a Sta tes Hutch Floyd (2021) i.-.,,I Ci-,if( Sriolzr" Jamie T. Foreman Date: September 8,2021 Michael Duquette Fowler Pa`,,,6FAcri cAR"°N` 1s you tray know, much to PITC RC's dismav, State Attorney Dave Aron erg G. Joseph Garcia refused to charge Alexander 1erich with violating the recently enacted "Combating WEIL'c'ru` Public Disorder Act", § 806.13, Florida Statutes (2021).("'the Act") for defacing Chauncey Graham the Delray Beach LGBTQ Pride Intersection WFS'7 I'AtM BENCH Jasmin Lewis The Act provides,in pertinent part: R,Err>-.Bi-.rri Tamara Sager Criminal isc `ef; penalties; penalty fort or.— Any person who, without vVr,zr F,,m Frr,2r,i the consent of the owner thereof,willfully and maliciously defaces,injures,or 1. P.Sasser othemrise damages by any means a memorial or hist iric property, as defined P Itin s. 806.135(1), and the value of the damage to t ie memorial or historic W.Trent Steele 11,� r G.._.,i1 property is greater than 5200, commits a felon` of the third degree, ; punishable as provided in s. 457 775.082, s. 775.083, or s. 775.084. A court Rhonda Williams shall order any person convicted of violating this subsection to pay 459 restitution,which shall include the full cost of repair or replacement of such P.O. Box 267 memorial or historic Property. \1VF51ptl.ti BE-AC •t Florida 33402, I spoke to Dave and his staff at length following s decis.,,,n and was advised that it would have been easier for him to utilize the Act had there been a plaque near 501.5E 6,0203 the intersection establishing the site as a memorial in accordance With 1jhchrc@aoLcon7 806.135(i)(b), of the stet, "Destroying or demolishing a memorial or historic i i-i f i,.pbchl c::org Property"which provides: The Palm Beach County Human Rights Council is dedicated to ending discrimination based on sexual orientation, gender identify, and gender expression. The council promotes equality through education,advocacy, direct action,impact litigation arid community outreach. A apy(I ih,rfEcrzl registFat v)nnd hn3r0al mPcr m.-aon may be ob:air�ed frr m*c D ri Pn rf(,nsumer sera:ces h,ollinq tnivi �iaiir the stat~. F_nimatsnn des not n�.�y e�AQr ms�nt.�pryrrF-J,of Ecemirrdariaa3 L,.fie si.,t;-P6CHRC 5 eai u�t�c=r�i;i.rt-;r=s CM�S,Sy.To rbS in reputrditf i l�rrt.etmn,you arty tC 1§l(t ths'r`rt>tilp ar(att FG?435-7351 Page 536 of 580 Boynton Beach Magor and City Commissioners September S,2021 Page two--- "Memorial" means a plaque, statue,marker, flag,banner, cenotaph, religious symbol, painting, seal, tombstone, structure name, or display that is constructed and located with the intent of being permanently, displayed or perpetually maintained; is dedicated to a historical person, an entity,an event, or a series of ev -.nts; and honors or recounts the military service of any past or present United States Armed Forcesmilitan, personnel, or the past or present public service of a resident of the geographical area comprising the state or the United States. Therefore, PBCHRC is requesting the Cite adopt the attached draft resolution and install a plaque near the intersection. The very precisely worded draft resolution and plaque language meet all of the requirements of the statute—permanence,dedication to a series of events, a id recoun•ing the public service of a resident. (A copy-of the draft has been reviewed by the State Att,rney's Office.) "Thank you for your consideration. attachment copies (w/attachment)via a-mail to: PBCHRC Board of Directors City Manager Lori LaVerriere City ,attorney Jim Cherof Page 537 of 580 RESOLUTION NO. A RESOLUTION OF THE CITY COMMISSION OF THE CITY OF BOYNTON BEACH,FLORIDA,ESTABLISHING THE BOYNTON BEACH LGBTQ PRIDE INTERSECTION AS A PERMANENT MEMORIAL; DEDICATING THE BOYNTON BEACH LGBTQ PRIDE INTERSECTION TO A SERIES OF VOTES TATMN BY THE BOYNTON BEACH CITY COMMISSION PROVIDING EQUAL RIGHTS, BENEFITS AND PROTECTIONS TO THE CITY'S LGBTQ RESIDENTS; RECOUNTING AND HONORING THE PUBLIC SERVICE OF ALLAN HENDRICKS;AUTHORIZING THE PLACEMENT OF A PLAQUE AT THE SITE OF THE BOYNTON BEACH MEMORIAL LGBTQ PRIDE INTERSECTION; PROVIDING AN EFFECTIVE DATE. WHEREAS,the City Commission of the City of Boynton Beach("Corr nission")voted to create a permanent streetscape based on the Progress Pride Flag at the intersection of East Ocean Avenue and 1 st Street SE: and. WHEREAS,a Dedication for the Boynton Beach LGBTQ Pride Intersection was held on June 5, 2021 at which the Mayor, City Commissioners, representatives of the Palm Bea;h County Human Rights Council and Compass,and Allan Hendricks made remarks; and, WHEREAS, at the June 5, 2021 event, the Boynton Beach LGBTQ Pride Intersection was dedicated to a series of votes taken by the Commission since 2014 protecting LGBTQ residents from discrimination, prohibiting conversion therapy for minors, and providing gender neutral restrooms in municipal buildings;and, WHEREAS,remarks made at the Dedication recounted the public servicr of Allan Pendricks,who, in addition to being instrumental in the establishment of the Boynton Beach Lt,BTQ Pride Intersection, served as a board member of Community Caring Center of Greater Boynton Beach, the Chair of the Transportation Team for the Boynton Beach Community Alliance, a member of the the Development Team forthe Historic Jones Cottage Relocation and Development,the Boynton Beach Community Redevelopment Advisory Board, the Boynton Beach Racial & Social Equity Task Force, the Boynton Beach Historic Preservation Ad Hoc Committee,and the Climate Action Task Force, as well as i leader in Seacrest CleE.n Up Days of Action,the Forest Park Neighborhood Group,and the efforts to save t..e historic Boynton Beach High School; and, WHEREAS, the City seeks to install a plaque commemorating the permanent Boynton Beach Memorial LGBTQ Pride Intersection; NOW,THEREFORE,BE IT RESOLVED BY THE CITY COMMISr ION OF THE CITY OF BOYNTON BEACH,FLORIDA: -1- Page 538 of 580 Section 1: The Commission authorizes a plaque to be installed by the Boynton each Memorial LGBTQ Pride Intersection to read as follows: BOYNTON BEACH MEMORIAL LQ PRIDE INTERSE( TION Recounting and honoring the public service of Allan Hendricks, the Boynton each City Commission dedicates the pennament Boynton each Memorial LGQ Pride Intersection to a series of votes taken since 2014 providing equal rights,benefits,and protections to the LQ community. June 5,2021 Section 2: This Resolution shall become effective immediately upon passage. PASSED AND ADOPTED on this—day of --,2021. CITY OF BOYNTON BEACH,FLORIDA YES NO Mayor-Stephen B.Grant Vice Mayor-Woodrow L. Hay Commissioner-Justin Katz Commissioner-Christina Rornelus Commissioner-Ty Penserga VOTE ATTEST: Crystal Gibson, City Clerk (Corporate Seal) Page 539 of 580 Meeting Minutes Historic Resources Preservation Board Boynton Beach, Florida December 13, 2021 Mr. Rumpf explained over the past few years the Board started a plaque program for historic properties, as properties locally or nationally designated are often identified as such with a marker or a plaque. They picked up on a program that was left off in the past, found a design, fabricator, finalized a design, ordered them and will receive them. The Board selected a larger plaque for institutional uses and Mr. Rumpf is still working on getting the national marker for the Schoolhouse Children's Museum. They have local markers for the Schoolhouse Children's Museum and Old High School ready to be mounted. Mr. Rumpf advised he can take pictures for promotional purposes for the website for the event and can coordinate with the City marketing director for social media and website coverage. Ms. Sexton suggested the Coastal Star may do a story on it. She noted Boynton is coming along in historic preservation and it would be a great lead in to some of the controversy they may hear about the Oyer property. There is a historic element in the City. Mr. Wilson agreed. Ms. Sexton also has a contact at the newspaper there and could set up a time to mount the plaques. Mr. Rumpf would coordinate with Ms. Krusell and the City Commission. It would be nice to make a presentation to the City Commission in January. The Board Members agreed. Chair Ready will assist Mr. Rumpf. 6. A. LGBTQ Pride Intersection memorial plaque — Consider and advise City Commission regarding request from Palm Beach County Human Rights Council to install a plaque at the LGBTQ Pride Intersection. (Heard out of Order) Gemma Torcivia, local attorney, was present on behalf of the Palm Beach County Human Rights Council (HRC) being seated on the Board of Directors and thanked the Board for the opportunity to discuss the matter. Attorney Torcivia reviewed the City dedicated and had a ceremony for the LGBTQ intersection on the road. It was promoted and well attended and it was an exciting thing for the City. Delray Beach did a similar thing on their roadway and a young man defaced that section of the road with his truck and posted it on Facebook. The State Attorney is working with Delray Beach to determine the appropriate way to prosecute that individual. The current hate crime statute does not provide the teeth to effectively prosecute without the City dedicating and creating a memorial and have a memorial plaque to dedicate that road way, so if later the road is purposely defaced or damaged, the individual can be held responsible via the courts to pay to repair or replace the roadway. The Board drafted a resolution the HRC is recommending that has all the requirements in the statute to dedicate it as a memorial to give it protection under the hate crime act and related laws. Chair Ready asked if the State Attorney said they could not prosecute the person because the intersection in Delray was not designated or dedicated. Attorney Torcivia explained they were not able to use the law that was intended for hate crimes and used a lesser law that did not have the same effect. Under the hate 2 Page 540 of 580 Meeting Minutes Historic Resources Preservation Board Boynton Beach, Florida December 13, 2021 crime law, not only would the individual have to pay to replace or repair the roadway segment, but they would also receive a felony charge. Attorney Torcivia advised they are going to other cities requesting they take these steps. The State can prosecute and the City can recoup the loss. The State Attorney worked with the Human Rights Council to create the language which they provided to the City. There must have some sort of physical marker or even an engraved stone. Chair Ready asked if the road segment needed a plaque to designate it, but Attorney Torcivia was unsure. There needs to be physical designation and a corresponding City Act to dedicate the intersection. The specific language provided by the State Attorney being recommended was included in the meeting materials, which the HRC strongly recommended be used. Chair Ready asked if the City instituted a monument program on their own to designate special things, with or without a plaque, would suffice. Attorney Torcivia did not know and offered to find out. Chair Ready suggested researching if the City wrote an ordinance that covered the designation and the punishment, giving the State Attorney the power to pursue individuals for prosecution would be sufficient. Chair Ready explained the matter is not really a historic item, but the issue was referred to the Board by the City Commission and they would make a recommendation, but the recommended wording concerns her. Once they start putting up plaques honoring specific people for specific things, they are liable to having all kinds of people come forward asking for a plaque to honor themselves. Attorney Torcivia reviewed the language and clarified, it could be a plaque, statue, marker, flag, banner, cenotaph, a religious symbol, a painting, seal, tombstone, a structure name or display that is constructed and located with the intent to be permanently displayed or perpetually maintained, is dedicated to a historical person, entity, event, or series of events. It could be a small seal, like a metal disc in the cement. The statute gives a lot of different options. Mr. Ramiccio asked Mr. Rumpf if there could be some confusion as lots of times when a City does a dedication for an intersection, attorneys will say it needs to be memorialized to be legitimate or on the books. He queried if they want the City to take official action memorializing what they are trying to do, rather than put up a plaque. No matter what they do with this ordnance as far as a hate crime, this would be a crime against pavement versus a crime against a person. He asked if that was why it should be dedicated to a specific person so they can say it was against an individual. He thought they were really stretching it to try to make something fit into something that may not be necessary. Mr. Rumpf commented from what he read and referenced in the request, it was unclear to him what was wanted. It gave two options, a historic site, which is a typical City process, or dedication to a person. Mr. Ramiccio thought if the end result is restitution for the person to fix the damage, it could be treated like any other vandalism. He thought it was a stretch to get to the hate. He suggested they 3 Page 541 of 580 Meeting Minutes Historic Resources Preservation Board Boynton Beach, Florida December 13, 2021 have to be careful how they apply this through the Code of Ordinances to social issues. Mr. Wilson commented as he read it, there are two issues: is the intersection a historic site or is the intersection dealing with a specific person of historic interest to make the wording of the statute legitimate. He understood a local resident was suggested to be memorialized. He noted there were other roads in the City such as Ocean Avenue, Seacrest Boulevard, and A1A that are historic. In his view, the subject intersection was not historical at all. He understood a request was made to memorialize a specific person or make it a historic site and agreed with the Chair, if you start memorializing individuals or group, it is for the City Commission to discuss, and it opens up a Pandora's Box. The Statute designates both historic or memorial, but the HRC is focusing on a memorial. The act of painting an intersection in a City in America a memorial. Not every other City has done this so it is a historic act. A memorial can be to a person, entity, event, or a series of events. The event could be the vote of the Boynton Beach Commission to paint the intersection and take a public and positive stand towards the LGBTQ community. Attorney Torcivia explained if the first black lawyer in Florida was from Boynton Beach and his childhood home was in the City and his family later requested the house be memorialized, Attorney Torcivia hoped the City would do so. Anything in the City can be of note. Attorney Torcivia hoped if kids came with hammers and went after a plaque, there should be more than restitution. The Legislature went forward to pass this act and made it clear what it would cover, they gave the opportunity to the cities if something was memorialized and vandalized, they could be prosecuted with a felony. The representation they are requesting is very tiny perhaps 1% of the actual painting of the intersection. It appears the City already took the bold historic act and this just gives the City the opportunity to work with the Legislature and the State Attorney if something occurred. Ms. Crump empathized, and thought it was great the City painted the intersection and put on the display. Attorney Torcivia made a good point with legalization of gay marriages, but she is more confused how this would move forward or if it is something the Board has to approve, or discuss more with the City Commission David Katz, 67 Midwood Lane, stated 28 years ago in August 1993, he and another Commissioner tried to pass a Human Rights Ordinance in Boynton and Mr. Katz still has the plaque presented by Rand Hoch and Richard Giorgio as someone who fought for human rights. He disagreed with the plaque. The intersection in Delray that was desecrated was paid for by the County HRC and AIDS Healthcare Foundation. The one here in Boynton Beach was paid for by the City. He did not know why Boynton had to pay for the painting and Delray Beach did not According the Palm Beach Post, the perpetrator has the possibility to get six years in prison, so to say that nothing would happen to him is 4 Page 542 of 580 Meeting Minutes Historic Resources Preservation Board Boynton Beach, Florida December 13, 2021 not true, but Mr. Katz thought they would look for restitution in terms of prosecution. Another thing in the article is Rand Hoch likened this to painting a swastika in front of a kosher deli. Someone on Mr. Katz's father's side, who lost people in the camps said this is nothing like what happened then. It is vandalism, but for the Palm Beach County HRC to portray it in the same light, and Mr. Hoch speaks for everyone, is horrible and offensive to him. He understood the person in the backup is Allan Hendricks. Mr. Katz noted Norman Aaron lived in Boynton Beach in the 70s, 80s and 90s who fought for human rights in the City, County and Country. He thought to put Allan Hendricks as the person was also obscene. He thought if the City Commission decides to create a plaque to memorialize this intersection, it better be Norman Aaron than Allan Hendricks because Mr. Hendricks has done nothing compared to Mr. Aaron. He thought they were creating a solution to a problem for something that does not exist. He thought it was bad enough the intersection was paid for with unbudgeted funds when two other organizations paid for the one in Delray. He noted that was not really the issue, but he wanted to put it on record because odds are the City Commission will read the minutes to see what he had to say, but if it comes before the Commission he will say the same thing. Ms. Sexton asked if this is an exact example of a historic marker that a group wants to have established at this intersection. She asked if there any other examples of historic markers in Boynton Beach that have a similar effect in Boynton Beach, such as for a pioneer of something. She was aware they have buildings and sites, but asked if they have anything like this where they are dedicating an intersection or specific place in town that this would relate to, as far as restitution or vandalism. Mr. Rumpf understood it is intersection specific and what is requested is for that site and for that purpose. Ms. Sexton asked if there were any other historic sites that have a plaque or marker and if the City was fearful that what happened in Delray would happen in Boynton. Mr. Rumpf responded they are really establishing some of the first historic site markers, and the Code of Ordinances has provisions on defacing public property. This is associated with a state statute that would be applicable, but the City has its own rules. Mr. Wilson understood if the intersection was defaced as occurred in Delray, what was brought up at the meeting is the plaque and the wording would allow the City to receive financial restitution from the perpetrator. The statutes on the City books deal with defacing any property and there would be a way for the City, if on City property or something the City applied on this intersection, The Code of Ordinances would protect the City where they would be able to ask for financial compensation against the person committing the crime. Mr. Rumpf stated in the past, but not recently. He did not believe it was a factor of the damage of the product, it was more of a flat rate penalty up to a certain amount in Court. Not restitution. 5 Page 543 of 580 Meeting Minutes Historic Resources Preservation Board Boynton Beach, Florida December 13, 2021 Attorney Torcivia explained there is a historical trail and historical markers in Palm Beach County, but in Boynton Beach, there are three on the Palm Beach County Trail: the 1913 Schoolhouse, the Boynton Beach Woman's Club and Bethesda Hospital. Mr. Wilson commented each place that was referenced has historic significance of being 50 years old or older and designed by Mizner. Those locations have a wealth of historic information on them, but there is none for this intersection. Mr. Ramiccio commented Tom Kaiser Memorial Park comes to mind and there are some locations, but he agreed with the Board to deal with it just on face value. It is recognition to a group of residents that live in a community, that wanted to receive recognition by dedication of the Pride Flag at the intersection and the City Commission did that. The difference is the State Attorney is looking to prosecute and needs something to grab onto to prosecute and it is a different area. He thought it was vandalism to a certain intersection and he understood it is a personal attack. From a City standpoint, it is not applicable to law. Even the State Attorney, once it is memorialized, the State Attorney cannot prosecute that person anymore because it was not a hate crime against an individual or group of people unless it could be proven it is intentional. When the City dedicated the new City Hall, they could say it was a historic day, but for historic purposes, statutorily, it is not recognizable until 50 years from now, because it is not considered historic until it is 50 years old. Chair Ready did not believe they can recommend they move forward with a plaque honoring Allan Hendricks, but would recommend to the City Commission that they could dedicate it. She did not understand why having a ribbon cutting and painting does not prove its significance. Attorney Torcivia commented if they had known it before it was painted and the City had its ceremony and some sort of physical marker, the matter would have been solved. Mr. Ramiccio suggested working on a resolution because on law, it is more binding than a plaque. A plaque gives no legal authority or entity validity, historically or hate/crime wise. Chair Ready noted a resolution from the City Commission could memorialize it. Attorney Torcivia explained the distinction is it needs to be a memorial for this act to apply, in order to take stronger action. Chair Ready inquired if potentially spending six years in jail is sufficient punishment for tire tracks. Attorney Torcivia commented she heard it was a misdemeanor and the perpetrator had offered to pay the repair, which had not been requested. Attorney Torcivia had not heard about six years and noted misdemeanors typically have light penalties. Attorney Torcivia commented Boynton Beach is wonderful city and has done incredible things. There are a lot of LGBTQ everywhere that have had terrible things done. It is a different thing to do tire tracks on LGBTQ and on a piece of asphalt because it is intentional. The goal is to say we do not agree. When people commit violent acts against a group, and nothing is done, it empowers other people to commit atrocities. She recalled a young person who went to a church in South Carolina and killed them after he worshiped with them. Attorney Torcivia thought it was not the same. 6 Page 544 of 580 Meeting Minutes Historic Resources Preservation Board Boynton Beach, Florida December 13, 2021 Ms. Sexton noted Attorney Torcivia is not looking for a historic designation, but rather a memorial, but it is not within the Board's purview. The City Commission is seeking the Board's recommendation and Chair Ready thought a recommendation should be given. Mr. Wilson commented the Ordinance suggested a historic person which is why the City Commission referred it to the Board. Chair Ready thought someone may want to research the individual referenced by Mr. Katz and see what they did for the City years ago as he may be someone worthy of a plaque. Mr. Wilson inquired what Delray did about this. It was noted the same letter was sent to Delray Beach. The statute references a historic site and/or historic person. Attorney Torcivia noted it also says or the past of present public service of a resident of the geographic area of the state or United States and it lists several memorials. Mr. Katz commented if the Board decides to make a motion to send it back to the City Commission with a recommendation of no, but if in the motion, if the Commission is going to look at some sort of memorial or plaque honoring a person, that they could look at other people other than one person. It could be for other residents. If Rand Hoch and the Palm Beach County Human Rights Council decides to use the name of Norman Aaron and pay for the memorial, Mr. Katz would support the, but if not, there would be a problem. Attorney Torcivia offered to pay for the plaque. Motion Mr. Ramiccio moved the Historic Resources Preservation Board recommend to the City Commission they draft a resolution memorializing the intersection so it has the teeth the State Attorney needs to enforce the laws that he sees fit. Ms. Sexton seconded the motion. Mr. Ramiccio commented this would be done in a legal way. The motion passed unanimously. B. Historic Preservation Programming — Staff will continue facilitating the Board's establishment of a strategic plan or work program with continued discussion on goals, priorities, tasks and/or related implementation needs and strategies. Mr. Rumpf commented the past few meetings, the members discussed the long-range plan. Mr. Rumpf identified six different priorities, which were: • Program staffing • Updating and maintaining current inventory of historic sites. Mr. Rumpf explained there has been a couple inventories of historic sites in the City. The properties have to be 50 years or older to be eligible for historic designation. The Board had also previously spoken about using internships to assist with these tasks. It is a prerequisite for historic designation and historic districts. 7 Page 545 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 themselves, and to have the property annexed into the City. Motion Commissioner Katz moved to approve Proposed Ordinance No. 22-001 - Second Reading. Commissioner Penserga seconded the motion. Vote City Clerk Gibson called the roll. The vote was 5-0. Motion Vice Mayor Hay moved to approve Proposed Ordinance No. 22-002 - Second Reading. Commissioner Katz seconded the motion. Vote City Clerk Gibson called the roll. The vote was 5-0. Motion Commissioner Katz moved to approve Proposed Ordinance No. 22-003 - Second Reading. Vice Mayor Hay seconded the motion. Vote City Clerk Gibson called the roll. The vote was 5-0 Item 10A was heard out of order. Hear report of recommendations from the Historic Resources Preservation Board Chair Barbara Ready regarding placement of a plaque and approving a Resolution for the Pride Intersection at E. Ocean Avenue and E. 1 st Street. Barbara Ready, Chair of the Historic Resources Preservation Board, stated in December 2021, the Board discussed the HR request for a plaque at the Pride Intersection. She said the Board Consensus was it would not be advisable to set a precedent with the plaque request. A motion was made, and unanimously approved, to recommend that the City Commission could address the specialness and protection of the Pride Intersection with a formal resolution. Mayor Grant noted the request is a Progress Pride flag and not the Pride flag and asked if that made a difference. 33 Page 546 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 Alan Hendricks, 716 NW 1St Avenue, said there is a difference between the two flags. Since part of the dedication was to Mr. Hendricks, Mayor Grant asked him what he would like the intersection to be known as. He responded that he would like the Progress Pride Intersection. Mayor Grant asked Mr. Hendricks if he was willing to accept the resolution in lieu of a plaque. Mr. Hendricks responded no. He said he would rather leave the naming up to Palm Beach County Human Rights Council (HRC) and whoever makes the decisions at the City level. Mayor Grant responded that the Commission makes the decisions at the City level, which is why they are asking Mr. Hendricks these questions. Mr. Hendricks responded he would prefer Boynton Beach Progress Pride Intersection. Mayor Grant requested from the Commission a plaque with the requested name and the date of June 5, 2021. Commissioner Katz asked Ms. Ready is the objection based on a plaque that is similar in nature to the historical plaques. Ms. Ready responded yes that is part of it. She said the other part is that a plaque is not necessary. She noted the Commission has the power to raise the specialness and protection with a resolution. Commissioner Katz said he is trying to determine if there is a compromise for paying respects to different types of commemorations. Ms. Ready stated the Board members were concerned with where does it stop if you start putting up plaques all over town. Mayor Grant stated there are plenty of buildings with names on it. He believes this dedication is a historic aspect. Vice Mayor Hay asked what the purpose of the plaque is. Mayor Grant said the purpose is the recognition and the acknowledgment. Ms. Ready noted a Board member shared there might be other members of the City who might have made contributions and would also be deserving of recognition. David Katz agreed with the Mayor about the purpose of the intersection. Mr. Katz 34 Page 547 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 provided history of his involvement with the Palm Beach County Human Rights cause. He does not believe a plaque is necessary because the intersection is not historic or a memorial. He stated Alan Hendricks' name should not be on a plaque. He believes Norman Aaron should be honored. Gemma Torcivia spoke on this topic at the City Committee meeting in late December. She took the request to the Historic Resources Preservation Board. She stated the distinction is one of law and explained the necessity of the plaque in regard to Florida statute. Mayor Grant noted that power was suddenly lost on the dais, and they are trying to work out the volume level. Mayor Grant read the Florida statute referenced and discussed the importance of a plaque or perpetual maintenance to qualify. Discussion ensued about the Florida statue, prosecution of hate crimes, and legal protections. Vice Mayor Hay asked where the plaque would be located. Commissioner Romelus asked if the plaque could be dedicated to the Palm Beach County HRC instead of Mr. Hendricks. Commissioner Penserga said the law says an individual, entity, or historical event. Commissioner Romelus replied that the HRC is an entity. City Attorney Cherof stated the backup documents did not include the full language for the Florida Statutes and read the remaining language. He noted it considers organizations that are not individuals and read some examples. Mr. Hendricks said his understanding is that the conversations Rand Hoch has had with the State Attorney was very specific for how you can protect this intersection with specific language. Motion Commissioner Romelus moved to have the City Attorney work with the State Attorney on the specific language and location for the plaque. Commissioner Penserga seconded the motion. The motion passed unanimously. There was a consensus that the plaque would be installed on the ground and not erected. Thus, the plaque will not be in the way of any future development downtown. 35 Page 548 of 580 Meeting Minutes City Commission Boynton Beach, FL January 18, 2022 Ms. Torcivia thanked the Commission for their commitment to diversity and inclusion. Mr. Katz said he applauds Commissioner Romelus for meeting in the middle and believes her recommendation is the way to go. 6. Consent Agenda Matters in this section of the Agenda are proposed and recommended by the City Manager for "Consent Agenda" approval of the action indicated in each item, with all of the accompanying material to become a part of the Public Record and subject to staff comments. Item was taken out of order on agenda as approved. A. Proposed Resolution No. R22-010 - Amend the FY 2021-22 budget, which will adjust budgeted appropriations and revenue sources and provide spending authority for the General Fund (001), Capital Improvement Funds (302 & 303), the Utility Capital Improvement Funds (403 & 404), the Solid Waste Fund (431), and the Fleet Fund (501) for previous years Purchase Orders plus unspent project budgets. B. Accept the City of Boynton Beach FY2020/2021 Annual Grants Report. C. Proposed Resolution No. R22-011 - Approve Interlocal Agreement with Boynton Beach Community Redevelopment Agency (CRA) for Partial Funding of the City's Economic Development Plan by Florida International University and authorize the Mayor to execute the agreement. D. Accept the written report to the Commission for purchases over $10,000 for the month of November 2021. E. Accept the written report to the Commission for purchases over $10,000 for the month of December 2021. F. Approve minutes from the January 4, 2022, City Commission meeting. Motion Commissioner Katz moved to approve the Consent Agenda. Vice Mayor Hay seconded the motion. The motion passed unanimously. 7. Consent Bids And Purchases Over $100,000 A. Approve the one-year extension for RFPs/Bids and/ or piggybacks for the procurement of services and/or commodities over $100,000 as described in the written report for January 18, 2022 - "Request for Extensions and/or Piggybacks." B. Approve Task Order ASPS-93-031721 with Atlantic Southern Paving & 36 Page 549 of 580 11.A. New Business 2/1/2022 City of Boynton Beach Agenda Item Request Form Commission Meeting Date: 2/1/2022 Requested Action by Commission: Mayor Grant has requested a discussion regarding naming the urban orchard at Sara Sims Park for Latosha Clemons. Explanation of Request: How will this affect city programs or services? Fiscal Impact: Alternatives: Strategic Plan: Strategic Plan Application: Climate Action Application: Is this a grant? Grant Amount: Attachments: Page 550 of 580 11.B. New Business 2/11/2022 City of Boynton Beach Agenda Item Request Form Commission Meeting Date: 2/1/2022 Requested Action by Commission: Mayor Grant has requested a discussion on creating a Citizens Engagement Committee for Police Department. Explanation of Request: How will this affect city programs or services? Fiscal Impact: Alternatives: Strategic Plan: Strategic Plan Application: Climate Action Application: Is this a grant? Grant Amount: Attachments: Page 551 of 580 12.A. Legal 2/11/2022 City of Boynton Beach Agenda Item Request Form Commission Meeting Date: 2/1/2022 Requested Action by Commission: Proposed Ordinance 22-004- First Reading -Approve Mural Ordinance creating a mural standards section in the City's Land Use Regulations. Explanation of Request: On January 4, 2022, the sign ordinance, Ordinance 21-031 was adopted by the City Commission. The adoption of the sign ordinance effectively removed mural standards and requirements from the City's Land Use Regulations. This ordinance creates a mural standard section in the City's Land Use Regulations. Specifically, this ordinance includes the authority for the City's Art Advisory Board to review and approve proposed murals. In addition, this ordinance includes mural criteria to the Art in Public Places Program guidelines. How will this affect city programs or services? The ordinance's mural standards and the amendments to the City's Art Advisory Board powers, duties, and art in public places guidelines will have a minimal impact on City programs or services to the extent that City staff is reviewing proposed murals. Fiscal Impact: It is anticipated that the fiscal impact will be minimal to the extent that City staff will dedicate resources to enforcing this Ordinance. Alternatives: The alternative to this Ordinance is that there are no standards relating to murals in the City. Strategic Plan: Strategic Plan Application: Climate Action Application: Is this a grant? Grant Amount: Attachments: Page 552 of 580 Type Description O Ordinance Mural Ordinance 1 2 ORDINANCE NO. 22- 3 4 5 AN ORDINANCE OF THE CITY OF BOYNTON BEACH, 6 FLORIDA AMENDING PART II CITY OF BOYNTON 7 BEACH'S CODE OF ORDINANCES; AMENDING CHAPTER 8 27 ENTITLED "ADVISORY BOARDS AND COMMITTEES"; 9 ARTICLE II ENTITLED `BOYNTON BEACH ART 10 ADVISORY BOARD"; SECTION 27-24 ENTITLED "PURPOSE 11 AND DUTIES"; AMENDING SECTION 27-27 ENTITLED 12 "ART ADVISORY BOARD'S GUIDELINES AND 13 RECOMMENDATIONS"; AMENDING PART III LAND 14 DEVELOPMENT REGULATIONS; AMENDING CHAPTER 1 15 ENTITLED "GENERAL ADMINISTRATION"; ARTICLE H 16 ENTITLED "DEFINITIONS"; AMENDING CHAPTER 4 17 ENTITLED "SITE DEVELOPMENT STANDARDS"; 18 CREATING ARTICLE XIV ENTITLED "MURAL 19 STANDARDS"; PROVIDING FOR CODIFICATION, 20 PROVIDING FOR CONFLICTS; PROVIDING FOR 21 SEVERABILITY; AND PROVIDING FOR AN EFFECTIVE 22 DATE. 23 24 WHEREAS, City Staff periodically reviews the Land Development Regulations Code 25 of the City and makes recommendations to the City Commission to revise its Regulations; and 26 WHEREAS, the City Staff recommends that the City Commission there be a mural 27 standard section in the City's Land Development Regulations; and 28 WHEREAS, the City Staff recommends that the Art Advisory Board's powers and 29 duties be amended to include the authority to approve proposed murals; and 30 WHEREAS, the City Staff recommends that mural criteria is included in the Art in 31 Public Places Program guidelines; and 32 WHEREAS, City Staff has determined that this Ordinance is consistent with 33 the Comprehensive Plan, the Land Development Regulations and the Ordinances of the 34 City, and recommends approval of this Ordinance; and 35 WHEREAS, the City Commission of the City of Boynton Beach has considered the 36 recommendations and has determined that it is in the best interest of the citizens and 100438316.2 306-90018211 l C:AUsers\Swansonl\Appdata\Local\Microsoft\Windows\lnetcacheAContent.Outlook\SZSTQOLYMural Ordinance(004316-$3a@ 554 Of 580 2xc4b6a).Docx g 37 residents of the City of Boynton Beach, Florida to approve the Ordinance to the City's Code 38 of Ordinances and Land Development Regulations as contained herein. 39 NOW THEREFORE, BE IT ORDAINED BY THE CITY COMMISSION OF 40 THE CITY OF BOYNTON BEACH, FLORIDA, THAT: 41 Section 1. The foregoing whereas clauses are true and correct and are now ratified 42 and confirmed by the City Commission. 43 Section 2. Part II, City of Boynton Beach's Code of Ordinances, Chapter 27 44 "Advisory Boards and Committees" are hereby amended as follows: 45 Chapter 27 Advisory Boards and Committees 46 Article II. Boynton Beach Art Advisory Board 47 Section 27-24. Purpose and duties. 48 (d) The Art Advisory Board shall have the following additional powers and duties: 49 ... 50 (5) Exercise their authority to approve, approve with conditions or disapprove proposed 51 installation of artwork including murals based on Art in Public Places Program Guidelines; 52 and 53 ... 54 Section 27-27. Art Advisory Board's guidelines and recommendations. 55 (b) Guidelines. The Art Advisory Board shall prepare and from time to time recommend to 56 the City Commission revisions to the Art in Public Places Program guidelines and make the 57 same available to the public, which shall provide guidance for program organization; 58 organizational governance and staffing responsibilities; procedures for project planning; 59 artist selection; art selection criteria; art placement criteria; mural criteria; donations; loans 60 and memorials; collection management; and administration of the public art fiend. 61 62 Section 3. Part III, City of Boynton Beach's Land Development Regulations, Chapter 1 63 "Definitions" and Chapter 4 "Site Development Standards" are hereby amended as follows: 64 Chapter 1. General Administration 65 Article IL Definitions 66 ... 100438316.2 306-90018211 2 C:AUsers\Swansonl\Appdata\Local\Microsoft\Windows\lnetcacheAContent.Outlook\SZSTQOLT1Mural Ordinance(004316-$3a@ 555 Of 580 2xc4b6a).Docx g 67 MURAL - A work of art that is hand-painted image, hand-tiled mosaic, carved or etched 68 masonry, digitally printed image or digitally display system on the exterior surfaces of a 69 building or site 70 71 . Such mural is s not a sign and shall not contain any-advertising or 72 other commercial message with brand name, product name, abbreviation thereof, company 73 or business name or logo, hashtag, trademark or brand imagery. or e*her- eemmereia' 74 fnessage. 75 ... 76 Chapter 4. Site Development Standards 77 Article XIV. Murals 78 a. Purpose. Murals, as defined in Chapter 1, Article 11, are intended as works of art to 79 improve the value and aesthetic appearance of the city, contribute to community 80 identity and redevelopment, foster cultural identity and preserve history, and may be 81 used to enhance exterior walls, roofs, plaza, sidewalks and other surfaces that are 82 visible to the public, all the while respecting community standards. 83 84 b. Standards. Murals shall be a work of art as determined by the Art Advisory Board 85 and 86 1) Be resistant to weathering or vandalism, and 87 2) Be maintained in good condition without deterioration and unrepaired damage, 88 and 89 3) Be unaltered from the approved design, and 90 4) Does not directly or indirectly encourage violation of any federal, state, or local 91 law. 92 93 c. Review Process. Any proposed new mural or any proposed modification to an 94 existing mural shall be reviewed and approved by the Art Advisory Board for 95 compliance with the Art in Public Places guidelines for works of art prior to 96 installation on any building or property. 97 98 Section 4. Each and every other provision of the Land Development Regulations 99 not herein specifically amended, shall remain in full force and effect as originally adopted. 100 Section 5. All laws and ordinances applying to the City of Boynton Beach in 101 conflict with any provisions of this ordinance are hereby repealed. 102 Section 6. Should any section or provision of this Ordinance or any portion 103 thereof be declared by a court of competent jurisdiction to be invalid, such decision shall not 104 affect the remainder of this Ordinance. 100438316.2 306-90018211 3 C:AUsers\Swansonl\Appdata\Local\Microsoft\Windows\lnetcacheAContent.Outlook\SZSTQOLYMural Ordinance(004316-$3a@ 556 Of 580 2xc4b6a).Docx g 105 Section 7. Authority is hereby given to codify this Ordinance. 106 Section 8. This Ordinance shall become effective immediately. 107 FIRST READING this day of , 2022. 108 SECOND, FINAL READING AND PASSAGE this day of 109 2022. 110 CITY OF BOYNTON BEACH, FLORIDA III YES NO 112 113 Mayor— Steven B. Grant 114 115 Vice Mayor—Woodrow L. Hay 116 117 Commissioner—Justin Katz 118 119 Commissioner— Christina L. Romelus 120 121 Commissioner— Ty Penserga 122 123 VOTE 124 125 ATTEST: 126 127 128 129 Crystal Gibson, MMC 130 City Clerk 131 132 133 (Corporate Seal) 100438316.2 306-90018211 4 C:AUsers\Swansonl\Appdata\Local\Microsoft\Windows\lnetcacheAContent.Outlook\SZSTQOLYMural Ordinance(004316-$3a@ 557 Of 580 2xc4b6a).Docx g 12.B. Legal 2/11/2022 City of Boynton Beach Agenda Item Request Form Commission Meeting Date: 2/1/2022 Requested Action by Commission: Proposed Ordinance 22-005 - First Reading -Approve Ordinance Amending Chapter 26 entitled "Water, Sewers and City Utilities," by Amending Article I, entitled "In General," to create §26-6, entitled "Conditions for Utility Service; Penalties," establishing requirements for utility service, penalties for non-compliance, and appeals; amending Article "IV" entitled "Sewers," §26-57, entitled "Connections Required," to amend the time period to connect to sewer; providing for severability, conflicts, codification, and an effective date. Explanation of Request: The proposed amendments to Chapter 26 of the Code of Ordinances provides clarification regarding water and sewer utility service for property owners. For properties located outside of the City limits, a Water and Sewer Service/Annexation Agreement is required. The Code amendments define and clarify the requirements for water service customers to connect to sanitary sewer when it is available adjacent to or abutting the property. The amended timeframe for connecting to sanitary sewer is within ninety (90) days after notice by the City, changed from the previous requirement of thirty (30) days. The ordinance also outlines enforcement and appeals provisions. How will this affect city programs or services? The proposed amendments to Chapter 26 of the Code of Ordinances will provide clarification regarding the requirements for utility service, required connections, time period, penalties, and appeals. Fiscal Impact: There is no fiscal impact to the City or Utilities Department with the proposed Ordinance amendments. Alternatives: Do not approve the proposed Ordinance amendments. Strategic Plan: Strategic Plan Application: Climate Action Application: Is this a grant? Grant Amount: Attachments: Page 558 of 580 Type Description Ordinance Ordinance amending Chapter 26- Water, Sewers Page 559 of 580 1 2 ORDINANCE 22- 3 4 5 AN ORDINANCE OF THE CITY COMMISSION OF THE CITY OF 6 BOYNTON BEACH, FLORIDA, AMENDING CHAPTER 26, 7 ENTITLED "WATER, SEWERS AND CITY UTILITIES," BY 8 AMENDING ARTICLE I, ENTITLED "IN GENERAL," TO CREATE 9 §26-6, ENTITLED "CONDITIONS FOR UTILITY SERVICE; 10 PENALTIES;" ESTABLISHING REQUIREMENTS FOR UTILITY 11 SERVICE, PENALTIES FOR NON COMPLIANCE, AND APPEALS; 12 AMENDING ARTICLE "IV" ENTITLED "SEWERS," §26-57, 13 ENTITLED "CONNECTIONS REQUIRED," TO AMEND THE TIME 14 PERIOD TO CONNECT TO SEWER; PROVIDING FOR 15 SEVERABILITY, CONFLICTS, CODIFICATION, AND AN 16 EFFECTIVE DATE. 17 18 WHEREAS, the City of Boynton Beach ("City") finds it efficient and in the best 19 interest of health and safety to require the bundling of utility services,where possible, and 20 to provide penalties for failure to comply with various provisions of the City Code of 21 Ordinances, Chapter 26, entitled "Water, Sewers, and City Utilities;" and, 22 23 WHEREAS, the City currently provides water and sanitary sewer services to 24 various properties both within the City's jurisdictional boundaries and outside of the City's 25 boundaries but within the City's Utility Service Area; and, 26 27 WHEREAS, certain properties to which the City provides water service currently 28 dispose of wastewater by utilizing on-site septic systems, a practice with adverse 29 environmental impact; and, 30 31 WHEREAS, the proper disposal of wastewater is necessary to protect sources of 32 drinking water and is vital to maintaining a healthy environment; and, 33 34 WHEREAS, the Supreme Court of Florida has found that water and wastewater 35 services are "...so interlocked that neither can be effective without the other;" and, 36 37 WHEREAS, implicit in the power to provide municipal services is the power to 38 construct, maintain, and operate necessary water and sanitary sewer facilities; and, 39 40 WHEREAS, the Supreme Court of Florida has held "...[u]sers who benefit 41 especially, not from the maintenance of the system, but by the extension of the 42 system...should bear the cost of that extension;" and, 43 44 WHEREAS,the City Commission hereby finds that water and wastewater services 45 provided by the City,are so interlocked that such services shall be bundled where possible, 46 thus water service customers shall be required to utilize the City's sanitary sewer system 47 where available, so that the City may effectively ensure the proper disposal of wastewater 48 while protecting the City's ground and surface waters; and, 100473285.6 306-99054951 Page 1 of 6 Page 560 of 580 49 50 WHEREAS, it is the intent of the City Commission that property owners whom 51 fail to take such action that may be necessary to pay for and connect to any newly placed 52 or existing sanitary sewer facilities shall be subject to various penalties including, the 53 discontinuation of water service, the imposition of a utility lien, and legal action for non 54 payment of fees and charges; and, 55 56 WHEREAS, the City Commission finds it in the best interest of health and safety 57 to adopt this ordinance to require all property owners within the City Utility Service Area 58 to comply with the requirements of City Code of Ordinances, Chapter 26, or shall be 59 subject to certain penalties for failure to comply. 60 61 BE IT ORDAINED BY THE CITY COMMISSION OF THE CITY OF BOYNTON 62 BEACH, FLORIDA: 63 64 Section 1. The foregoing"WHEREAS" clauses are hereby ratified and confirmed 65 as being true and correct and made a specific part of this Ordinance by this reference. All 66 references to"City" contained herein shall be construed as referring to the City of Boynton 67 Beach. 68 Section 2. Chapter 26, entitled "Water, Sewers and City Utilities," Article I, 69 entitled "In General," of the City's Code of Ordinances, is hereby amended to create new 70 Section 26-6, entitled"Conditions for utility service;penalties," as set forth below: 71 Sec. 26-6. Conditions for utility service; penalties. 72 (a) Agreement required. 73 Property owners with property within the municipal limits of the City seeking 74 utility service shall,as a condition of obtaining service, open a utility account,enter 75 into and maintain a current service agreement with the City's Utility Department 76 and comply with the provisions of this Chapter 26. Property owners with property 77 lying outside the municipal limits of the City but within the City Utility Service 78 Area shall, as a condition of obtaining service, open a utility account with the 79 City's Utility Department, enter into and maintain a current Water and Sewer 100473285.6 306-99054951 Page 2 of 6 Page 561 of 580 80 Service/Annexation Agreement with the City, and comply with the provisions of 81 this Chapter 26. 82 (b) Bundling of services, connection and payment required. 83 City water service customers, as a condition of obtaining service, are required to 84 connect to any newly placed or existing City sanitary sewer facilities that are 85 adjacent to or abutting any applicable lot or parcel, so that the City may oversee 86 the proper disposal of wastewater while also protecting the City's ground and 87 surface waters. Sanitary sewer facilities shall be deemed adjacent to or to abut a 88 lot or parcel if a facility is located in a street, right-of-way, or easement adjoining 89 the subject lot or parcel.Property owners are required to connect to available sewer 90 facilities within ninety (90) days after the City provides official notice to do so. 91 Once connected,the property owner shall cease to use any other method of sewage 92 disposal and comply with Palm Beach County's onsite sewage system 93 abandonment procedures. All costs and expense incidental to compliance with this 94 Section shall be borne by the property owner. 95 (c) Penalties. 96 1. Should a property owner fail to comply with requirements of this Chapter 97 26, the City may assess and impose a delinquency charge on the property 98 owner's utility bill. 99 2. If a delinquency charge is in default for forty-nine (49) or more days, or a 100 property owner has failed to comply with the requirements of this Chapter 101 26, for more than (49) days once the City has provided property owner 102 notice of any such default, in addition to any other remedy permissible by 103 law,the City shall cease to furnish service and may refuse to resume service 100473285.6 306-99054951 Page 3 of 6 Page 562 of 580 104 to the property until all sums due shall have been paid in full and the default 105 is cured. The City shall have a lien against the property for any unpaid fees 106 and charges, such sums may be recovered by the City by suit in a court 107 having jjurisdiction of said cause. 108 (d) Appeals. 109 A property owner who desires to challenge_ a City enforcement action or charge 110 may request review of the action or charge rendered by the City's Utility 111 Department pursuant to this Section. The City's Finance Director or their designee 112 shall review the facts and decide meals where it is alleged that there is an error 113 in the application and enforcement of this Chapter 26. Any meal pursuant to this 114 section shall be in writing and delivered to the City Clerk within sixty (60) days 115 from the date of the subject utility bill or default notice. The meal shall specify 116 the grounds for such meal. The Finance Director or their designee shall 117 coordinate the review of the meal with the appropriate Departmental and 118 Administrative personnel and render a final decision within ninety(90)days of the 119 date the meal is filed with the City Clerk. The Finance Director's determination 120 on the meal shall be in writing and set forth in detail the reasons for its decision. 121 All determinations arising out of this section shall be final. 122 Section 3. Chapter 26, entitled "Water, Sewers and City Utilities," Article IV, 123 entitled "Sewers," of the City's Code of Ordinances, is hereby amended to revise Section 124 26-57, entitled "Connections required," as set forth below: 125 Sec. 26-57. Connections required. 100473285.6 306-99054951 Page 4 of 6 Page 563 of 580 126 (a)(1) A connection to the City's sanitary sewer system is required when t-The 127roomy owner, tenant or occupant of each lot or parcel of land within the city 128 .-� is adjacent to or abuts upon a street or other public way containing any 129 newly placed or existing City sanitary sewer served or which may be served by the 130 sewage disposal system and upon which lot or parcel a building has been or shall 131 be constructed for residential, commercial or industrial use., 132 (2) Such connection shall be made within nine (990) days after the Cily 133 provides official notice to connect 134 , 135 or within +hiftt� nine (990) days after the completed construction of 6tteh a 136 applicable building_ 137 tD Thereafter,the property owner,tenant or occupant of each lot or parcel of land 138 within the City shall cease to use any other method for the disposal of sewage, 139 sewage waste or other polluting matter and comply with Palm Beach County's 140 onsite sewage system abandonment procedures. All costs and expense incidental 141 to compliance with this Section shall be borne by the property owner. 142 ... 143 Section 4. Codification. It is the intention of the City Commission that the 144 provisions of this Ordinance shall become a part of the City's Code of Ordinances, as 145 amended. The provisions of this Ordinance may be renumbered or re-lettered and the word 146 "ordinance" may be changed to "section," "article" or other appropriate word to 147 accomplish such intention. 148 Section 5. Severability. The provisions of this Ordinance are severable, and if 149 any section, subsection, sentence, clause or provision is held invalid by any court of 100473285.6 306-99054951 Page 5 of 6 Page 564 of 580 150 competent jurisdiction, the remaining provisions of this Ordinance shall not be affected 151 thereby. 152 Section 6. Conflicts. All ordinances or parts of ordinances,resolutions or parts of 153 resolutions, in conflict herewith are hereby repealed to the extent of such conflict. 154 Section 7. Effective Date. This Ordinance shall become effective 155 immediately upon adoption. 156 FIRST READING this day of , 2022. 157 158 SECOND, FINAL READING AND PASSAGE this day of 159 , 2022. 160 161 CITY OF BOYNTON BEACH, FLORIDA 162 163 YES NO 164 165 Mayor— Steven B. Grant 166 167 Vice-Mayor—Woodrow L. Hay 168 169 Commissioner—Justin Katz 170 171 Commissioner—Christina L. Romelus 172 173 Commissioner—Ty Penserga 174 175 VOTE 176 177 ATTEST: 178 179 180 181 Crystal Gibson, MMC 182 City Clerk 183 184 185 186 (Corporate Seal) 100473285.6 306-99054951 Page 6 of 6 Page 565 of 580 13.A. Future Agenda Items 2/11/2022 City of Boynton Beach Agenda Item Request Form Commission Meeting Date: 2/1/2022 Requested Action by Commission: School Board Member Erica Whitfield has requested to present the 2021-2022 School Year State of Education Report to the City Commission. - February 15, 2022 Explanation of Request: How will this affect city programs or services? Fiscal Impact: Alternatives: Strategic Plan: Strategic Plan Application: Climate Action Application: Is this a grant? Grant Amount: Attachments: Page 566 of 580 13.B. Future Agenda Items 2/11/2022 City of Boynton Beach Agenda Item Request Form Commission Meeting Date: 2/1/2022 Requested Action by Commission: Discuss potential Parks Bond Referendum and approve resolution to enter into agreement for Parks Master Plan for CAPRA accreditation and potential Parks Bond Referendum. - February 15, 2022 Explanation of Request: How will this affect city programs or services? Fiscal Impact: Alternatives: Strategic Plan: Strategic Plan Application: Climate Action Application: Is this a grant? Grant Amount: Attachments: Page 567 of 580 13.C. Future Agenda Items 2/11/2022 City of Boynton Beach Agenda Item Request Form Commission Meeting Date: 2/1/2022 Requested Action by Commission: Building Department staff will present an update on the implementation of the new SagesGov software for permitting and inspections- March 1, 2022 Explanation of Request: How will this affect city programs or services? Fiscal Impact: Alternatives: Strategic Plan: Strategic Plan Application: Climate Action Application: Is this a grant? Grant Amount: Attachments: Page 568 of 580 13.D. Future Agenda Items 2/1/2022 City of Boynton Beach Agenda Item Request Form Commission Meeting Date: 2/1/2022 Requested Action by Commission: Discuss disposition of vacant 3.62 acre parcel adjacent to Leisurevillle and west of SW 8th Avenue-TBD Explanation of Request: On July 19, 2021, the City received a letter of intent(see attached Exhibit"A")to purchase the vacant 3.62 acre parcel adjacent to Leisureville and west of SW 8th Street. Address or Legal PBC Property Property Property Control Number Description Appraiser Assessed Zoning Value 29-45-43, E 330.70 FT OF W LY 660.16 FT OF SLY 672.12 FT OF NLY 1252.12 1 08-43-45-29-00-000-1040 FT(LESS N 499.34 FT OF $271,500 R1 AA- Single E 126.90 FT) OF TH PT Family OF NE 1/4LYGSOFSR 804 According to Chapter 2 Article IV. 2-56 of the City of Boynton Beach Code of Ordinance, the City Commission can sell property, which is determined to be in the best interest of the City: Real property may be sold in the manner recommended by the City Manager and determined by the City Commission to be in the best interest of the city. With regard to the sale of any real estate owned by the city which has an appraised value exceeding $100,000.00 as determined by the most recent valuation of the Palm Beach County Property Appraiser, no such sale shall be conducted or consummated until such time as subject property has been appraised by a disinterested qualified appraiser to be designated by the city commission for the purpose of establishing a fair market value thereon. The sale of real property for less than the fair market value shall require the approval by a vote of four-fifths(4/5)of the City Commission. Additionally, members of staff have researched other municipal disposition processes and have attached sample code language (see attached Exhibit"B")to discuss potential changes. How will this affect city programs or services? Disposition of the property may provide new housing in the City and reduce the number of vacant parcels currently being maintained by the City. Fiscal Impact: The sale of the property can potentially increase the City's tax base(new housing)and reduce the maintenance costs associated with vacant lots. The City spent approximately$10,000 last year for the maintenance of the parcel which includes: Lot mowing, trash removal, and tree trimming. Alternatives: Reject the letter of intent. Strategic Plan: Strategic Plan Application: Climate Action Application: Page 569 of 580 Is this a grant? Grant Amount: Attachments: Type Description D Exhibit Letter of Intent(Exhibit"A") D Location Map Location Map D Attachment Property Detail D Exhibit Sample Municipal Disposition Code Language(Exhibit"B") Page 570 of 580 LETTER OF INTENT TO PURCHASE REAL PROPERTY July 19, 2021 Alan Sperling Alan Sperling LLC. RE: Proposed purchase of CITY OF BOYNTON BEACH: PARCEL ID 0843-45-29-00-000-1040 This letter constitutes an outline of a proposed transaction between CITY OF BOYNTON BEACH (Seller) and ALAN SPERLING LLC (Buyer), encompassing all land and improvements described below (The Property), the terms of which are intended to be embodied in a formal Agreement of Purchase and Sale (The Agreement) to be submitted by the Buyer. The terms proposed for the Agreement will include, but are not limited to, the following: LEGAL DESCRIPTIONS Proposed Purchase: CITY OF BOYNTON BEACH: PARCEL ID 08-43-45-29-00-000-1040 Purchase Price:The purchase price for the property shall be $300K INCLUDING PROPOSED PUBLIC ROAD CONNECTING ALL CITY DEAD END STREETS RUNNING PARRALEL TO OUR SITES FROM THE FUTHURST SOUTH POINT TO THE MOST NORTHERN CLOSEST TO BOYNTON BEACH BLVD Initial Deposit: Simultaneously with the execution of the Agreement, Buyer shall place with Anaheim Properties, Inc. (as Escrow Agent) an initial deposit at contract of$25K Title and Survey: Ten (10) days after the execution of the Agreement, Seller shall deliver to Buyer a current ALTA survey of the property and a title insurance commitment from a nationally recognized title insurance company in the amount of the Purchase Price. Inspection: Buyer shall have NINETY-120DAYS, (90-120) Days after the execution of the Agreement(the Inspection Period)to conduct, at Buyer's expense, whatever reasonable investigations, analyses and studies of the Property that Buyer deems appropriate. At any time and for any reason during the Inspection Period, Buyer may by giving of written notice to Seller and Escrow Agent, terminate the Agreement and receive the return of his Deposit without and Interest or Deductions. If Buyer elects to proceed with the transaction, Buyer shall Deposit an additional $25K with the Escrow Agent within (5) Business days after the expiration of the inspection Period. Seller agrees to provide such information as may be required by the Buyer. Representation &Warranties: The Agreement shall contain representations and Warranties of Seller customarily provided by sellers in transactions of this nature. Date of Closing: Closing shall take place no later than THIRTY (30) days following completion of the Inspection Period by the Buyer. Closing shall take place in Palm Beach County. Page 571 of 580 Access: Buyer, by appointment only, shall have full access to the Property prior to Closing for the purpose of conducting all studies and surveys required by Buyer. To the extent of the deposit, Buyer will hold Seller harmless from and indemnify Seller against any liability or loss by virtue of such entry. Assignability: Buyer reserves the right to assign the Agreement to any entity owned or controlled by or affiliated with Buyer or its principals. Zoning: The Agreement shall be contingent on the Property being properly zoned for the buyers use. Other Provisions: The Agreement shall contain other provisions dealing with such matters as allocation of closing expenses, conditions of closing, delivery of possession, examination of title, prorations of rents and taxes, transfer of Leases, if necessary, warranties and representations of Seller with respect to the Property, and other matters typically found in transactions of this nature. Expenses shall be borne as follows: REQUIREMENT RESPONSIBILITY Survey Seller Title Search Seller Title Insurance Commitment and Policy Seller Documentary Stamps and Surtax Seller Inspection Costs Buyer Attorneys' Fees Each pays Own Hazardous Waste Studies Buyer as to Phase I Seiler as to Phase 11, (if necessary) Binding Agreement: It is understood and agreed that this letter is merely a non-binding summary of the terms of a proposed transaction and, while we agree in principle to these terms and conditions and agree to proceed promptly and in good faith to work out a definitive agreement for the transaction, any legal obligations shall arise only as set forth in an executed Agreement signed by both parties. The Agreement shall be in form and substance satisfactory to both of us and will contain all usual and appropriate covenants and conditions. Validity: This proposal shall be valid until AUGUST 1ST, 2021. Per: ALAN SPERLING LLC .7 Si 7 9/, ACCEPTED AND AGREED TO: By Print name: Title: Dated: Page 572 of 580 7119/2021 hftps:f/www.pbrgay.org/papa/AspsIPropertyDetaiI/PrinterfriendIyPropertyPrint.aspx?parcel=08434529000001040 Property Detail, l .1-1-1-....'---"'-- __ ------------ ......... –_— –--------------------- ------- Location Address Municipality BOYNTON BEACH Parcel Control Number 08-43-45-29-00-000-1040 Subdivision Official Records Book 06652 Page 1 31 5 Sale Date NOV-1990 Legal Description 29-45-43, E 330.70 FT OF WILY 660.16 FT OF SLY 672.12 FT OF NLY 12 52.12 FT (LESS N 499.34 FT or E 126.90 M OF TH PT OF NE 1/4 LYG S OF SIR 804 ...Owner Information.... ....................... ............ .W. W.._.-.-_..___—-------------------------- ------------- Mailing address Owners PO BOX 310 BOYNTON BEACH CITY OF BOYNTON BEACH FL 33425 0310 ........................... .................. --- ----- .................. ;Sales Information--.-....- ...........- ....... Sales Date Price OR Book/Page Sale Type Owner NOV-1990 $100 06652 /01315 WARRANTY DEED ------------- ----------- --------- .............. �Exemption Information ........ Applicant/Owner Year Detail 2021 ........... ........ 1-1-1-..................... ............... ,Property Information-.._ __ -... ..... w _.. ............... ................. Number of Units *Total Square Feet 0 Acres 3.62 Use Code 8900-MUNICIPAL Zoning RI AA- R1 AA SINGLE FAMILY, 5.5 DU/AC(08-BOYNTON BEACH :Appraisals ------ Tax Year 2020 2019 2018 Improvement Value $0 $0 Land Value $271,500 3271,500 $271,500 Total Market Value $271,500 S271,500 $271,500 All values are as orianuary Ist each year .......... ... ................................ ... .................. ...................... ... ...... Assessed and Taxable Values .................. Tax Year 2020 2019 2018 Assessed Value $271,SOO $271,500 5271,500 Exemption Amount S271,500 $271,500 $271,500 Taxable Value $0W -------- Tax Year -------- 2020 2019 2018 Ad Valorem $0 $0 $O! Non Ad Valorem $0 $0 $0: Total tax $0 $0 Dorothy Jacks, CFA,AAS PALM REACH COUNTY PROPERTY APPRAISER www.pbcgov.org/PAPA Page 573 of 580 t { � k f � tc c � < s� i J t 1 IS AV N s , t Si t {�, - r o`•_ �� Y�� r - k kk � i 574 of 580 PAPA Barmer LocationAddress "+Tualclpalltw BOYNTON BEACH Parcel Control Nu nber 08-43-45-29-00-000-1040 Sulvlslaara Official Records Book 06652 Page 1315 Sala:Tate NOV-1990 29-45-43,E 330.70 FT OF WLY 660.16 FT OF SLY 672.12 FT Le-gal Description OF NLY 1252.12 FT(LESS N 499.34 FT OF E 126.90 FT)OF TH PT OF NE 1/4 LYG S OF SR 804 -- Mailing address Owners PO BOX 310 BOYNTON BEACH CITY OF BOYNTON BEACH FL 33425 0310 Sales Tate Price OR BooldPage Sale'T'vpe Owner NOV-1990 $100 06652/01315 WARRANTY DEED Exc tion Applic t/(hN aer Year Detail BOYNTON BEACH CITY OF 2021 FULL.MUNICIPAL GOVERNMENT �°'T'otal I u nber of Units 0 Salaaar",Feet t 0 Acres 3.62 8900- ZonR1AA-R1AA SINGLEFAMILY,5.5 DU/AC Use Code MUNICIPALi (08-BOYNTON BEACH) 'T'ax Year 2020 2019 2018 Improvement Valu $0 $0 $0 Land Valu $271,500 $271,500 $271,500' Total Market Value $271,500 $271,500 $271,500 All values are as of January 1 st each year 'T'ax Year 2020 2019 2018 AssessedValue $271,500 $271,500 $271,500'' E xemptionA meat $271,500 $271,500 $271,500 'T'axable Valu $0 $0 $0' Tax Year 2020 2019 20113 Ad Valorem $0 $0 $0'' Nora Ad Valorem $0 $0 $0''' 'T'otal tax $0 $0 $0' Page 575 of 580 Disposal of city real property. (a) Power to sell. The City Commission may authorize by Resolution the sale, transfer, and swap any real property, improved or unimproved, now owned or hereafter acquired by or owned by the city, as provided herein. These procedures supplement any other procedures that may now or in the future be applicable as provided by law or regulation. (b) Disposal of property which is sufficient in size and of such character as to comprise an independent building site and which will involve a conveyance of the city's fee simple interest. These parcels typically enjoy access to a public right-of-way, and are developable as building sites. (1) Resolution declaring surplus. Before any improved or unimproved property owned by the city shall be sold or otherwise disposed of pursuant to this subsection (b), the governing body shall adopt a resolution declaring same surplus. (2) Determination concerning surplus. a. The city governing body shall review and consider the following: 1. The legal description (by reference to a recorded plat or government survey); 2. The property address by street number, if there be any; 3. A description of all improvements located upon the land; 4. How said land has been used since same has belonged to the city; 5. The current use of the property; 6. How the property was acquired and financed; 7. The needs of the city; 8. Whether disposal is consistent with the city comprehensive plan; 9. The estimated property value; 10. Any relevant property history; 11. The property's title; and 12. Whether the disposal of the property is precluded by grant provisions of other agencies. (3) Public hearing. The city governing body shall hold one (1) public hearing prior to adopting a resolution declaring property as surplus. An advertisement for such public hearing shall appear once in a newspaper of general circulation at least ten (10) days prior to the hearing. The advertisement will contain the resolution title and the date,time and place of the hearing. The city clerk shall advertise the proposed resolution for public hearing by placing it on the city council agenda and posting such agenda at least three (3) business days prior to the city council meeting. (4) When appraisals are needed. a. Any real property that the city proposes to sell or otherwise dispose of pursuant to this subsection (b) must be appraised by two (2) independent appraisers, who are designated members of the Appraisal Institute, if the property is estimated to have a value that exceeds one million dollars ($1,000,000.00). b. Any real property that the city proposes to sell or otherwise dispose of pursuant to this subsection (b) must be appraised by one (1) independent appraiser, who is designated member of the Appraisal Institute, if the property is estimated to have a value between five hundred thousand dollars ($500,000.00) and one million dollars ($1,000,000.00). c. Any real property that the city proposes to sell or otherwise dispose of pursuant to this subsection (b) with an estimated value below five hundred thousand dollars ($500,000.00) shall not require an appraisal. 100460579.1306-90018211 Page 576 of 580 d. Notwithstanding subparagraphs a., b., and c. above, no appraisal shall be needed: 1. Where the city acquired the property from Palm Beach County as a result of the tax sale process and is returning such asset to the former owner or its successors and assigns; 2. Where the city transfers the property to another governmental entity or agency; or 3. Where the city is exchanging such real property with the private sector for a replacement parcel determined by the city governing body to have similar utility and where the public interests would be served. (5) Methods of disposal. a. Methods. The city may dispose of property pursuant to this subsection (b) utilizing the following methods: negotiation, trade with other governmental entities or agencies, request for letters of intent, sealed bids, or request for proposals. The city may retain professional real estate services to aid in the disposal of property. 1. Negotiation. The city may negotiate the sale of real property with a particular person or entity, and no further advertising will be needed to effect a transfer. 2. Sealed bids, requests for letters of intent, and request for proposals. At any time no more than ninety (90) days after adoption of resolution declaring the property surplus, the land may be offered for public disposition, and a notice shall be published by the city in a newspaper of general circulation in the city once not less than ten (10) days before sealed bids, letters of intent, or proposals are due. The notice shall state, at a minimum, the date when sealed bids, letters of intent, or proposals shall be received and whether the sale is with or without reservation. Sealed bids, letters of intent, and proposals shall be received accompanied by cashier's checks or certified checks payable to the city in an amount equal to at least ten (10) percent of the disposition price. 3. Transfer to governmental agencies. The city may sell or transfer any of its property to any other governmental agency, if the city governing body determines that: i. A transfer of the property to the other governmental agency shall provide a benefit to the city; and ii. That the terms received by the city are fair and equitable. 4. Land swap with any private or public land owner provided the properties are appraised at substantially the same value. In determining substantial value the City may take into consideration the potential increase in value following the swap. (6) Proceeds from sale or transfer. Any proceeds derived from the sale of any land, as authorized in this subsection (b), shall be deposited in the general fund of the city, or such other fund or account of the city as is determined by the finance director. (7) Conveyance. In order to convey property pursuant to this subsection (b)the city governing body shall be required to adopt a resolution authorizing the conveyance. Notwithstanding anything possibly to the contrary,the city may reject any and all offers, bids, letters of intent, or proposals, or terminate negotiations at any time and choose not to dispose of property, and nothing shall obligate the city governing body to adopt any necessary resolution. 100460579.1306-90018211 Page 577 of 580 13.E. Future Agenda Items 2/1/2022 City of Boynton Beach Agenda Item Request Form Commission Meeting Date: 2/1/2022 Requested Action by Commission: Proposed Ordinance No. 21-025 First Reading. Approve DevelopmentAgreement Ordinance. (Tabled from the September 21, 2021 City Commission Meeting.) - TBD Explanation of Request: How will this affect city programs or services? Fiscal Impact: Alternatives: Strategic Plan: Strategic Plan Application: Climate Action Application: Is this a grant? Grant Amount: Attachments: Page 578 of 580 13.F. Future Agenda Items 2/11/2022 City of Boynton Beach Agenda Item Request Form Commission Meeting Date: 2/1/2022 Requested Action by Commission: Mayor Grant has requested a discussion on J KM lawsuit- TBD Explanation of Request: How will this affect city programs or services? Fiscal Impact: Alternatives: Strategic Plan: Strategic Plan Application: Climate Action Application: Is this a grant? Grant Amount: Attachments: Page 579 of 580 13.G. Future Agenda Items 2/11/2022 City of Boynton Beach Agenda Item Request Form Commission Meeting Date: 2/1/2022 Requested Action by Commission: Discuss Building Safety Inspection Program- (Pending outcome of 2022 legislative session) Explanation of Request: How will this affect city programs or services? Fiscal Impact: Alternatives: Strategic Plan: Strategic Plan Application: Climate Action Application: Is this a grant? Grant Amount: Attachments: Page 580 of 580