The URL can be used to link to this page

Home My WebLink AboutItem 06 - COUNCIL READING FILE_e_University of California agreement with WatchGuardPurchasing Agreement – Cloud Agreement #2018-000203 Revised 2/5/18 Page 1 of 8 The Agreement to furnish certain goods, services and cloud computing services described herein and in the documents referenced herein (“Services”), is effective July 1, 2018 (“Effective Date”), and is made by and between The Regents of the University of California, a California public corporation (“UC”) on behalf of the University of California, and WatchGuard, Inc. (“Supplier”). This Agreement is binding only if it is negotiated and executed by an authorized representative with the proper delegation of authority. 1. StatementofWork ThepurposeofthisAgreementisfortheSuppliertofurnish bodyandincarcameraproducts,videoevidencesoftwareand relatedproductsandservicestotheUCinamannerthatwillprovidemaximumvaluetoUCthroughenhancedtechnology, superiorcustomerservice,streamlinedprocesses,andlowertotalcost ofownership,allalignedwithUC’sneedsasfurther detailedherein. SupplieragreestoprovidetheServicesdescribed inthestatementofworkattached asAttachmentA(“StatementofWork”) andanyotherdocumentsreferencedintheIncorporatedDocu mentssectionherein.Unlessotherwiseprovidedinthe Agreement,UCwillnot beobligatedtopurchaseaminimum amountofServicesfromSupplier. 2. ScopeofAgreement a) IfSuppliereliminatesanyfunctionalityofanyoftheServicesprovidedunderthisAgreementandsubsequently offersthatfunctionalityinotherornewproducts(whetherdirectlyorindirectlythroughagreementwithathird party),thentheportionofthoseotherornewproducts thatcontainthefunctionalityinquestion,ortheentire productifthefunctionalitycannotbeseparatedout,willbeprovide dtoUCatnoadditionalchargeandunder thetermsofthisAgreement,includingtechnicalsupport .IfSupplierincorporatesthefunctionalityofthe ServicesprovidedunderthisAgreementintoanewerversionofthesoftwareorcloudservicesproductand continuestoofferbothproducts,UCmay,initssolediscretion,exercisetheoptiontoupgradetothenewer productatnoadditionalcost.Ifadditionalfunctionalityisaddedtoanewversionofhardwareproductsthen UCmaychoosetoupgradetothenewerproducta testablishedcontractdiscountlevels.Regardlessofwhether thefunctionalityoftheServicesisimpacted,Supplierwillnotify UCofanynamechangesinanyServiceswithin theearlierofthirty(30)calendardaysofsuchchang eorthirty(30)calendardaysofwhenUCaskswhether Supplierhasmadeanyname changesintheServices. b) UCandtheusersauthorizedbyUCwillhavether ighttoaccessanduse theServicesatanylocation. c) SupplieragreestoextendpricingandServicestotheCaliforniaStateUniversityinstitutions(CSU)andthe CaliforniaCommunityColleges(CCC)underthefollowing conditions: i) Supplieragreestoextendthesameproductpricingand ServicestotheCSUandCCCcampusesunderthe termsofthisAgreement,butunderseparate agreementswithCSUandCCC. ii) Allcontractualadministrationissuesregardingthis Agreement(e.g.termsandconditions,extensions, renewals,etc.)willremainUC’s responsibility.Operationalissues,fiduciary responsibility,paymentissues, performanceissuesandliabilities,anddisputesinvolvingi ndividualCSUorCCCcampuseswillbeaddressed, administered,andresolvedbySupplierandtheappropriateCSUorCCCcampus.UC,CSUandCCCare separateanddistinctgovernmentalentities.Assuch,CSU’sandCCC’sadministrativeunitsandcampuses arefinanciallyseparatefromUCandwillbe responsiblefortheirrespectiveindividualcommitments, financialandotherwise. Page 2 of 8 Revised 5/21/18 3. RightsandLicenseInandToUCData a) UCretainstherighttousetheServicestoaccessandretrieveNonpublicInformation(asdefinedintheUC Appendix–DataSecurityandPrivacy)storedonSupplier’sServicesinfrastructureatanytimeatUC’ssole discretion.IfUCrequeststheNonpublicInformationfromSupplier,Supplierwill provideUCwithcopieswithin fortyeight(48)hours afterreceiptofarequestfromUC,andwillcooperatewithUC’sreasonablerequestsin connectionwithitsresponse. b) UCwillownallrights,titleandinterestinanyand allintellectualpropertycreatedintheperformanceofthis Agreement asa“workmadeforhire”under U.S.copyrightlaw,andwillhave fullownershipandbeneficialuse thereof,freeandclearofclaimsofanynaturebya nythirdpartyincluding,withoutlimitation,copyrightor patentinfringementclaims.Intheeventthatitisdetermined thatthe“workmadefor hire”doctrinedoesnot applytosuchintellectualproperty,SupplieragreestoassignandherebyassignstoUCallrights,title,and interestinanyandallintellectualpropertycreatedintheperformanceofthisAgreement,andwillexecuteany futureassignmentsorotherdocumentsneededforUCtodocument,register,orotherwiseperfectsuchrights. c) Allpreexistingintellectualpropertyofeachpartywill remaintheexclusivepropertyofthatpartyand,except asspecificallyprovidedinthisAgreement,nopart ywillacquireanyrightsorinterestsi ntheotherparty'spre existingintellectualproperty,exceptasneeded toaccessandfurnishtheServicesunderthisAgreement. d) ForthepurposesofArticle8ofAppendix–Data SecurityandPrivacy,SupplierwillreturnallNonpublic InformationtoUCinacommonlyused,nonproprietary ,andmutuallyagreeduponformat. 4. TechnicalSupport a) DuringthetermofthisAgreementSupplierwillprovideUCwithongoingtechnicalsupportfortheServicesat nolessthanthelevelsandinthemanner(s)specifiedherein. b) SuppliermaynotwithdrawtechnicalsupportforanyServicewithouttwelve(12)months advancewrittennotice toUC,and thenonlyifSupplieriswithdrawingtec hnicalsupportfromallofitscustomers. c) UCacquirestherighttoaccess andusetechnicalsuppo rtacquiredunderthisAg reementatanylocation. d) UCwillreceiveatitsoptionthegeneralhelpdesktechnicalsupportofferedbySuppliertoits othercustomers. IrrespectiveofSupplier’sgeneraltechnicalsupportofferings,Sup plierwillprovideUCatUC’soptionwiththe followingtechnicalsupport: i) SupplierwillprovidetechnicalsupporttoUCforthepurposeofansweringquestionsrelatingtotheServices, including(a)clarificationoffunctionsandfeaturesoftheServices;(b)clarificationoftheDocumentation; (c)guidanceintheoperationoftheServices;and(d)errorverification,analysis,andcorrection,including thefailuretoproduceresultsinaccordancewiththeDocumentation. ii) SuchassistancewillbeprovidedbySupplie rtwentyfour(24)hoursaday,seven (7)daysaweekviaatoll freetelephonenumber,emailandlive,onlinechatstaffedbyhelpdesktechnicianssufficientlytrainedand experiencedtoidentifyandresolvemostsupportissuesandwhowillrespondtoallUCrequestsforsupport withinthirty(30)minutesafterreceivingarequestforassistance. iii) TheCustomerService callcentercanbereached bydialingourtollfreenumber 18663843567 . Page 3 of 8 Revised 5/21/18 iv) MondaythroughFridayfrom7:0 0amto6:00pmCST.Ifcallingoutsideofnormalbusinesshourscustomers havetheoptiontoleaveavoicemessage,orinthe eventofanemergency,calltheafterhourssupport phonenumber 18663843567 wherearepresentativewillbeavailabletoprovideassistance. v) Email–UCshallhavetheoptionofco ntactingcustomerservicebyemailat CustomerService@WatchGuardVideo.com.Requestsreceivedviaemailwillreceivearesponsewithin24 businesshours. vi) WebPortal–UCmaysubmitrequeststhroughWatchGuardVideo’swebportal at http://cs.watchaguardvideo.com.Requests receivedthroughthewebportal willreceivearesponsewithin 24businesshours. vii) SupplierwillprovideacurrentlistofpersonsandtelephonenumbersforUCtocontacttoenableUCto escalate its support requests for issues that cannot be resolved by a help desk technician or for circumstanceswhereahelpdesk techniciandoesnot respondwithinthetimespecifiedherein. viii) SupplierprovidedtelephonetechnicalsupportwillbecompliantwithSection508oftheRehabilitationAct. a) Thefollowingprovisionswillbeapplicablet othecorrectionofServiceserrors: i) IfUCdetectswhatitconsiderstobeanerrorintheServices whichcausesitnottoconformto,orproduce resultsinaccordancewith,theDocumentation,thenUC willbytelephoneoremailnotifySupplierofthe error. ii) Supplierwillrespondwithintwo(2)hourstoUC’s initialrequestforassistanceincorrectingorcreatinga workaroundforaServiceserror.Supplier’sresponsewillincludeassigningfullyqualifiedtechniciansto workwithUCtodiagnoseandcorrectorcreatea workaroundfortheServiceserrorandnotifyingUC’s representativemakingtheinitialrequestforassistanceofSupplier’sefforts,plansforresolutionofthe error,andestimatedtimerequiredtoresolvetheerror. iii) Within twentyfour (24) hours after UC first reports the error, Supplier will provide a correction or workaroundacceptabletoUC. b) Thefollowingprovisionswillsetforth Supplier’sobligationstoprovideEnhancements: i) SupplierwillgenerallyenhanceandimprovetheServicesforaslongasUCelectstoreceiveandpaysfor theServices. ii) SupplierwillprovidetoUCduringtheAgreementterm,(a)anyandallEnhancementswhichitdevelops withrespecttotheServices;(b)anyandallEnhanceme ntsrequiredbyfederalorstategovernmental,or professionalregulatorymandatesrelatedtoUC’suseoftheServices;and(c)theDocumentationassociated withanyEnhancements. iii) SupplierwillprovideEnhancementstoUCupontheirgeneralreleaseandnolaterthanthetimewhenthe firstfivepercent(5%)ofSupplier's customersreceivethoseEnhancements. Page 4 of 8 Revised 5/21/18 iv) Exceptasotherwiseprovidedinasignedaddendumto thisAgreement,nothinghereinwillobligateSupplier toenhancetheServicesinanyparticularrespectoronanyparticulardate.Thedecisionastowhether and/orwhen,toenhancetheServices willbewithinSupplier’sdiscretion. c) SupplierwillprovideUCwith ninety(90)calendardays advancewrittennoticeofproposedproductchangesas wellasproductroadmapsrelatingtotheS ervicesprovidedtoUCunderthisAgreement. 5. TermofAgreement/Termination a)TheinitialtermofthisAgreementwillbefrom July 1,2018andthrough June 30,2023(InitialTe rm)andis subjecttoearlierter minationasprovidedbelow. b) UCmayrenewtheAgreementforthree(3)successiveone(1)yearperiods(each,aRenewalTerm)byproviding Supplier withatleast60calendardays’writtennoticebefore theendoftheInitialTermoranyRenewalTerm. c) UCmayterminatethisAgreementforconveniencebygivingSupplieratleast 30calendardays'writtennotice. d) UCorSuppliermayterminatethisAgreementforcausebygivingthe otherpartyatleast15 calendardays'notice tocureabreachoftheAgreement(CurePeriod).Ifthebreaching partyfailstocurethe breachwithintheCure Period,thenonbreachingpartymay immediatelyterminatetheAgreement. 6. PurchaseOrder a) UnlessotherwiseprovidedinthisAgreement,Supplier maynotbeginprovidingServicesuntilUCapprovesa PurchaseOrderfortheServices. b) ThetermsofthisAgreementwillcoverpurchaseanduseoftheServicesbyanyUClocation. 7. Pricing,InvoicingMethod,SettlementMethodandTerms a) Pricingshallremainfirmforthe initialtermofthisagreement. TheInvoicingMethod,andSettlementMet hodandTermsareaddressedbelow. b) InvoicingMethod NotwithstandingtheprovisionsofArticle3oftheTermsandConditionsofPurchase,Supplierwillberequired tousethefollowingInvoicingMetho d:Asspecifiedbyeachcampus. i) Allinvoicesmustclearlyindicatethefollowinginformation: Californiasalestax(ifapplicable)asaseparatelineitem; UCPurchase OrderorReleaseNumber; Description,quantity,catalognumberandmanufacturernumberoftheitemordered; Netcostofeachitem; Anypay/earned /dynamicdiscount; Referencetooriginalordernumberforallcreditmemosissued; Page 5 of 8 Revised 5/21/18 ii) Supplierwillsubmitinvoicesfollowingthedesignate dinvoicemethoddirectlytoUCAccountsPayable Departments at each UC Location, unless UC notifies the Supplier otherwise by amendment to the Agreement. c) SettlementMethodandTerms i) NotwithstandingtheprovisionsofArticle3ofthe TermsandConditionsofPurchase,theSettlement MethodandTermswillbedefaultt oOption1unlessaUClocationelectsOp tion2or3asanalternative. ii) IfUCdisputesaninvoicedamount,thenSupplierandUCwill worktoresolvethedispute.UCmay suspendthepaymentofalldisputedamountswhilethe disputeispending,durin gwhichtimeallof Supplier’sobligationswillcontinueunabated. 9. Notices AsprovidedintheUCTermsandConditionsofPurchase,notices maybegivenbyovernightdeliveryorbycertifiedmailwith returnreceiptrequested,attheaddressesspecifiedbelow.Additionally,noticesbyEmailwillbeconsideredlegalnoticeif suchcommunicationsincludethefollowingtextintheSubjectfield:FORMALLEGALNOTICE–[insert,asthecasemaybe, SuppliernameorUniversityofCalifornia]. ToUC,regardingconfirmedorsuspectedBreachesasdefinedu nderAppendix–Data SecurityandPrivacy: Name DavidRusting Phone5109870086 EmailDavid.rusting@ucop.edu Address 1111FranklinStreet Oakland,CA94607 Page 6 of 8 Revised 5/21/18 ToUC,regardingcontractissuesnotaddressedabove: Name ThomasTrappler Phone3108257516 Email Thomas.Trappler@ucop.edu Address 1111FranklinStreet Oakland,CA94607 ToSupplier: Name MikeBurridge Phone8006056734 Email contracts@watchguardvideo.com Address 415E.ExchangeParkway Allen,TX75002 10. Insurance SuppliermustdelivertheCertificateofInsurancet oUC’sBuyerbymailorovernight delivery.Additionally,thisrequirement willbeconsideredsatisfiedifaPDFversionoftheCertificateofInsuranceissentbyEmailandincludesthefollowingtext in theSubjectfield:CERTIFICATEOFINSURANCE–WatchGuardInc. 11. ServiceSpecificProvisions BodyWornCamera’s,InCarCameraSystems,VideoE videnceSystems,Servers,Warranty,TrainingandImplementation. a) AdditionalWarranties: i) Services Warranty. Supplier represents and warrants tha t the Services provided to UC under this Agreementwillconformto,beperf ormed,function,andpr oduceresultssubstantiallyin accordancewith theDocumentation.SupplierwillofferUCwarrantycov erageequaltoorgreaterthanthatofferedby Suppliertoanyofitscustomers. ii) IllicitCodeWarranty.Supplierrepresentsandwarrantsthat theServices(1)containnohiddenfiles,(2) donotreplicate,transmit,oractivatetheServiceswithoutcontrolofapersonoperatingcomputing equipmentonwhichitresides,(3)donotalter,damage ,oreraseanydataorcomputerprogramswithout controlofapersonoperatingthecomputingequipmenton whichitresides,(4)containnokey,nodelock, timeout,"backdoor,”“trapdoor,""boobytrap,""dro pdeaddevice,""datascramblingdevice"orother function,whetherimplementedbyelectronic,mechanicalorothermeans,whichisintendedtorestrict useoraccesstoanyServicesunderthisAgreement(hereinafter"IllicitCode").Providedandtotheextent anyServiceshave anyoftheforegoingattributesthatwereintentionallywrittenintotheServices,and notwithstandinganythingelsewhereinthisAgreementto thecontrary,Supplierwillbeindefaultofthis Agreement,andnocureperiodwillapply.Supplieragrees,inordertoprotectUCfromdamageswhich may be intentionally or unintentionally caused by the introduction of Illicit Code to UC’s data or InformationResources,nosoftwarewillbeinstalled,executed,orcopiedonUCdataorInformation ResourceswithouttheexpressapprovalofUC.Supplieralsoacknowledgesthatitdoesnothaveanyright Page 7 of 8 Revised 5/21/18 toelectronicallyrepossesstheServices.Thisprovisiondoesnotrelatetoviruses.Supplierrepresentsand warrantsthatifIllicitCodeisinstalledonUCdataorInformationResources,Supplierwillimmediately provideUCwithwrittennoticeoftheinstallationofsuchIllicitCode.Supplierrepresentsandwarrants thatevenifIllicit Codeisinstalled,SUPPLIERWILLNEVERUTILIZETHEILLICITCODE.IfIllicitCodeisenacted andUCisdamaged,Supplierwillberesponsibleforall damages(includingbut notlimitedtoconsequential, incidentalandindirectdamages)sustainedbyUCuptotheamountoffivetimestheamountofthefees paidbyUCtotheSupplier pursuanttothisAgreement. iii) Third Party Warranties and Indemnities. Supplier will assign to UC all third party warranties and indemnitiesthatSupplierreceivesinconnectionwithany ServicesprovidedtoUC.Totheextentthat SupplierisnotpermittedtoassignanywarrantiesorindemnitiesthroughtoUC,Supplieragreesto specificallyidentifyandenforcethosewarrantiesandindemnitiesonbehalfofUCtotheextentSupplier ispermittedto dosounderthetermsof theapplicableThirdPartyagreements. iv) Date/TimeChangeWarranty.Supplierrepresentsandwarrants toUCthattheServicesprovidedwill accuratelyprocessdateandtimebasedcalculationsund ercircumstancesofchangeincluding,butnot limitedto:centurychanges,daylight savingtimechanges,leapyearch angesandleapsecondchanges. Suppliermustrepairanydate/timech angedefectsatSupplier’ssoleexpense. 12.AmendmentstoAppendix–DataSecurityandPrivacy TheUCAppendix–DataSecuritya ndPrivacyisherebyamendedasfollows: Article13–AdditionalInsuranceishereb yamendedtoreadinfullasfollows: InadditiontotheinsurancerequiredundertheAgreement,Supplier,atitssolecostandexpense,willobtain,keepinforce, andmaintainone ormoreinsurancepoliciesthatprovidecoveragefortechnology,professionalliability,dataprotection, and/orcyberliability.TypicallyreferredtoasPrivacy,Technology andDataSecurityLiability,CyberLiability,orTechnol ogy ProfessionalLiabilityinsurance,itwillcoverliabilitiesforfinanciallossduetotheacts,omissions,orintentionalmisco nduct ofSupplier,itsofficers,employees,agents,subsuppliers,oranyone directlyorindirectlyemployedbySupplier,oranyperson orpersonsunderSupplier’sdirectionandcontrol,inconnection withtheperformanceofthisAgreement,aswellasall Suppliercosts,includingdamagesitisobligatedtopayUCor anythirdparty,thatareassociatedwithanyconfirmedor suspectedBreachorlossofNonpublicInformation.In somecases,ProfessionalLiabilitypoliciesmayincludesomecoverage fordatabreachesorlossofNonpublicInformation.Regardlessofth etypeofpolicy(ies)inplac e,suchcoveragewillinclud e withoutlimitation:(i)coststonotifypartieswhose datawaslostorcompromised;(ii)coststoprovidecreditmonitoringand creditrestorationservicestopartieswhosedatawaslostorcompromised;(iii)costsassociatedwiththirdpartyclaimsarisi ng fromtheconfirmedorsuspectedBreachorlossof NonpublicInformation,includinglitigationcostsandsettlement costs;(iv) anyinvestigation,enforcement,finesandpenalties,orsim ilarmiscellaneouscosts;and(v)anypaymentmadetoathirdparty asaresultofextortionrelatedtoaconfirmedorsuspectedBreach.Thisinsurancepolicymusthaveminimumlimitsof $2,000,000eachoccurrenceand$10,0 00,000intheaggregate. Page 8 of 8 Revised 5/21/18 13.IncorporatedDocuments Thefollowingdocumentsareincorporatedandmadeapartofthis Agreementbyreferenceasiffullysetforthherein,listed intheorderofprecedencefollowingtheAgreement: a) UCTermsandConditionso fPurchase,dated11/29/17 b)UCAppendix–DataSecuritya ndPrivacy,date d5/24/18 c) StatementofWork–At tachmentA d) PriceSchedule–AttachmentB 14.EntireAgreement TheAgreementanditsIncorporatedDocumentscontaintheentireAgreementbetweenthepartiesandsupersedeallprior writtenororalagreementswithrespecttothesubjectmatterherein.Noclickthrough,orotherendusertermsand conditionsoragreements(“AdditionalTerms”)providedwithanyServicesorproductshereunderwill bebindingonUC,even ifuseofsuchServicesorproductsrequiresanaffirmative“acceptance”ofthoseAdditionalTermsbeforeaccessispermitted. AllsuchAdditionalTermswillbeofnoforceandeffectandwillbedeemed rejectedbyUCintheirentirety. TheAgreementcanonlybesigned byanauthorizedrepresentativewiththeproperdelegationofauthority. THEREGENTSOFTHE WATCHGUARD,INC, UNIVERSITYOFCALIFORNIA ________________________________ ___________________________________ (Signature)(Signature) WilliamCooper ___________________________________ AssociateVicePresident&ChiefProcurementOfficer (PrintedName,Title) ________________________________ ____________________________________ (Date)(Date) Mike Burridge, Senior VP of Sales 06/11/2018 Director, Strategic Sourcing Justin Sullivan 6/22/2018 Page 1 of 11 Revised 11/29/17 ARTICLE 1 – GENERAL The equipment, materials, or supplies (“Goods”) and/or services (“Services”) furnished by Supplier (together, the “Goods and Services”) and covered by the UC Purchase Order (“PO”) and/or other agreement (which, when combined with these Terms and Conditions and any other documents incorporated by reference, will constitute the “Agreement”) are governed by the terms and conditions set fort h herein. As used herein, the term "Supplier" includes Supplier and its sub-suppliers at any tier. As used herein, “UC” refers to The Regents of the University of California, a corporation described in California Constitution Art. IX, Sec. 9, on behalf of the UC Location (s) identified in the Agreement and/or the PO. UC and Supplier individually will be referred to as “Party” and collectively as “Parties.” Any defined terms not defined in these Terms and Conditions of Purchase will have the meaning ascribed to such term in any of the other documents incorporated in and constituting the Agreement. No other terms or conditions will be binding upon the Parties unless accepted by them in writing. Written acceptance or shipment of all or any portion of the Goods, or the performance of all or any portion of t he Services, covered by the Agreement, will constitute Supplier’s unqualified acceptance of all of the Agreement’s terms and conditions. The terms of any proposal referred to in the Agreement are included and made a part of the Agreement only to the extent the proposal specifies the Goods and/or Services ordered, the price therefor, and the delivery thereof, and then only to the extent that such terms are consistent with the terms and conditions of the Agreement. ARTICLE 2 – TERM AND TERMINATION A. As applicable, the term of the Agreement (“Initial Term”) will be stated in the Agreement. Following the Initial Term, the Agreement may be extended by written mutual agreement. B. UC’s obligation to proceed is conditioned upon the appropriation of state, federal and other sources of funds not controlled by UC ("Funding"). UC will have the right to terminate the Agreement without damage, penalty, cost or further obligation in the event that through no action or inaction on the part of UC, the Funding is withdrawn. C. UC may, by written notice stating the extent and effective date thereof, terminate the Agreement for convenience in whole or in part, at any time with not less than the number of days’ notice stated elsewhere in the Agreement. As specified in the termi nation notice, UC will pay Supplier as full compensation the pro rata Agreement price for performance through the later of the date that( i) UC provided Supplier with notice of termination or (ii) Supplier’s provision of Goods and/or Services will terminate. D. UC may by written notice terminate the Agreement for Supplier’s breach of the Agreement, in whole or in part, at any time, if Supplier refuses or fails to comply with the provisions of the Agreement, or so fails to make progress as to endanger perform ance and does not cure such failure within a reasonable period of time, or fails to supply the Goods and/or Services within the time specified or any written extension thereof. In such event, UC may purchase or otherwise secure Goods and/or Services and, except as otherwise provided herein, Supplier will be liable to UC for any excess costs UC incurs thereby. ARTICLE 3 – PRICING, INVOICING METHOD, AND SETTLEMENT METHOD AND TERMS. Pricing is set forth in the Agreement or Purchase Order Number. Unless otherwise agreed in writing by UC, Supplier will use the invoicing method and payment settlement method (and will extend the terms applicable to such settlement method) set forth in UC’s Supplier Invoicing, Terms & Settlement Matrix. UC will pay Supplier, upon submission of acceptable invoices, for Goods and/or Services provided and accepted. Invoices must be itemized and reference the Agreement or Purchase Order number. UC will not pay shipping, packaging or handling expenses, unle ss specified in the Agreement or Purchase Order. Unless otherwise provided, freight is to be FOB destination. Any of Supplier’s expenses that UC agrees to reimburse will be reimbursed under UC’s Travel Policy, which may be found at http://www.ucop.edu/central-travel- management/resources/index.html. Where applicable, Supplier will pay all taxes imposed on Supplier. Notwithstanding any other provision to the contrary, UC will not be responsible for any fees, interest or surcharges Supplier wishes to impose. ARTICLE 4 – INSPECTION. The Goods and/or Services furnished will be exactly as specified in the Agreement, free from all defects in Supplier's performance, design, workmanship and materials, and, except as otherwise provided in the Agreement, will be subject to inspection and test by UC at all times and places. If, prior to final acceptance, any Goods and/or Services furnished are found to be incomplete, or not as specified, UC may reject them, require Supplier to correct them without charge, or require provision of such Goods and/or Services at a reduction in price that is equitable under the circumstances. If Supplier is unable or refuses to correct such deficiencies within a time UC deems reasonable, UC may terminate the Agreement in whole or in part. Supplier will bear all risks as to rejected Goods and/or Services and, in addition to any costs for which Supplier may become liable to UC under other provisions of the Agreement, will reimburse UC for all transportation costs, other related costs incurred, or payments to Supplier in accordance with the terms of the Agreement for unaccepted Goods and/or Services and materials and supplies incidental thereto. Notwithstanding final acceptance and payment, Supplier will be liable for latent defects, fraud or such gross mistakes as amount to fraud. Terms and Conditions of Purchase Page 2 of 11 Revised 11/29/17 ARTICLE 5 – ASSIGNED PERSONNEL; CHARACTER OF SERVICES Supplier will provide the Services as an independent contractor and furnish all equipment, personnel and materiel sufficient to provide the Services expeditiously and efficiently, during as many hours per shift and shifts per week, and at such locations as UC may so require . Supplier will devote only its best-qualified personnel to work under the Agreement. Should UC inform Supplier that anyone providing the Services is not working to this standard, Supplier will immediately remove such personnel from providing Services and he or s he will not again, without UC’s written permission, be assigned to provide Services. At no time will Supplier or Supplier’s employees, sub-suppliers, agents, or assigns be considered employees of UC for any purpose, including but not limited to workers’ compensation provisions. ARTICLE 6 – WARRANTIES In addition to the warranties set forth in Articles 11, 12, 17, 23, 24, 25 and 26 herein, Supplier makes the following warranties. Supplier acknowledges that failure to comply with any of the warranties in the Agreement will constitute a material breach of t he Agreement and UC will have the right to terminate the Agreement without damage, penalty, cost or further obligation. A. General Warranties. Supplier agrees that the Goods and Services furnished under the Agreement will be covered by the most favorable warranties Supplier gives to any customer for the same or substantially similar goods or services, or such other more favorable warranties as specified in the Agreement. The rights and remedies so provided are in addition to and do not limit any rights afforded to UC by any other article of the Agreement. B. Permits and Licenses. Supplier agrees to procure all necessary permits or licenses and abide by all applicable laws, regulations and ordinances of the United States and of the state, territory and political subdivision or any other country in which the Goods and/or Services are provided. C. Federal and State Water and Air Pollution Laws. Where applicable, Supplier warrants that it complies with the requirements in UC Business and Finance Bulletin BUS-56 (Materiel Management; Purchases from Entities Violating State or Federal Water or Air Pollution Laws). Consistent with California Government Code 4477, these requirements do not permit UC to contract with entities in violation of Federal or State water or air pollution laws. D. Accessibility Requirements. Supplier warrants that: 1. It complies with California and federal disabilities laws and regulations; and 2. The Goods and Services will conform to the accessibility requirements of WCAG 2.0AA. Supplier agrees to promptly respond to and resolve any complaint regarding accessibility of its Goods and/or Services. E. Warranty of Quiet Enjoyment. Supplier warrants that Supplier has the right to use all intellectual property that will be needed to provide the Goods and/or Services. F. California Child Abuse and Neglect Reporting Act ("CANRA"). Where applicable, Supplier warrants that it complies with CANRA. G. Debarment and Suspension. Supplier warrants that it is not presently debarred, suspended, proposed for debarment, or declared ineligible for award of federal contracts or participation in federal assistance programs or activities. H. UC Code of Conduct for Trademark Licensees. If the Goods will bear UC’s name (including UC campus names, abbreviations of these names, UC logos, UC mascots, or UC seals) or other trademarks owned by UC, Supplier warrants that it holds a valid license fr om UC and complies with the Trademark Licensing Code of Conduct policy, available at http://policy.ucop.edu/doc/3000130/TrademarkLicensing. I. Outsourcing (Public Contract Code section 12147) Compliance. Supplier warrants that if the Agreement will displace UC employees, no funds paid under the Agreement will be used to train workers who are located outside of the United States, or plan to relocate outside the United States as part of the Agreement. Additionally, Supplier warrants that no work will be performed under the Agreement with workers outside the United States, except as described in Supplier’s bid. If Supplier or its subsupplier performs the Agreement with workers outside the United States during the life of the Agreement and Supplier did not describe such work in its bid, Supplier acknowledges and agrees that a) UC may terminate the Agreement without further obligation for noncompliance, and b) Supplier will forfeit to UC the amount UC paid for the percentage of work that was performed with workers outside the United States and not described in Supplier’s bid. ARTICLE 7 – INTELLECTUAL PROPERTY, COPYRIGHT AND PATENTS A. Goods and/or Services Involving Work Made for Hire. 1. Unless UC indicates that the Goods and/or Services do not involve work made for hire, Supplier acknowledges and agrees that any deliverables provided to UC by Supplier in the performance of the Agreement, and any intellectual property rights therein, (hereinafter the "Deliverables") will be owned by UC. The Deliverables will be considered "work made for hire" under U.S. copyright law and all right, title, and interest to and in such Deliverables including, but not limited to, any and all copyr ights or trademarks, will be owned by UC. In the event that it is determined that UC is not the owner of such Delivera bles under the Page 3 of 11 Revised 11/29/17 "work made for hire" doctrine of U.S. copyright law, Supplier hereby irrevocably assigns to UC all right, title, and interest to and in such Deliverables and any copyrights or trademarks thereto. 2. The Deliverables must be new and original. Supplier must not use any pre-existing copyrightable or trademarked images, writings, or other proprietary materials (hereinafter "Pre-Existing Materials") in the Deliverables without UC’s prior written permission. In the event that Supplier uses any Pre-Existing Materials in the Deliverables in which Supplier has an ownership interest, UC is hereby granted, and will have, a non-exclusive, royalty-free, irrevocable, perpetual, paid-up, worldwide license (with the right to sublicense) to make, have made, copy, modify, make derivative works of, use, perform, display publicly, sell, and otherwise distribute such Pre-Existing Materials in connection with the Deliverables. 3. Whenever any invention or discovery is made or conceived by Supplier in the course of or in connection with the Agreement, Supplier will promptly furnish UC with complete information with respect thereto and UC will have the sole power to determine whether and where a patent application will be filed and to determine the disposition of title to and all rights under any application or patent that may result. 4. Supplier is specifically subject to an obligation to, and hereby does, assign all right, title and interest in any such inte llectual property rights to UC as well as all right, title and interest in tangible research products embodying any such inventions whether the inventions are patentable or not. Supplier agrees to promptly execute any additional documents or forms that UC may require in order to effectuate such assignment. B. Goods and/or Services Not Involving Work Made for Hire. 1. If the Goods and/or Services do not involve work made for hire, and in the event that Supplier uses any Pre-Existing Materials in the Deliverables in which Supplier has an ownership interest, UC is hereby granted, and will have, a non-exclusive, royalty-free, irrevocable, perpetual, paid-up, worldwide license (with the right to sublicense) to make, have made, copy, modify, make derivative works of, use, perform, display publicly, sell, and otherwise distribute such Pre-Existing Materials in connection with the Deliverables. 2. The Deliverables must be new and original. Supplier must not use any Pre-Existing Materials in the Deliverables without UC’s prior written permission. 3. Whenever any invention or discovery is made or conceived by Supplier in the course of or in connection with the Agreement, Supplier will promptly furnish UC complete information with respect thereto and UC will have the sole power to determine whether and where a patent application will be filed and to determine the disposition of title to and all rights under any application or patent that may result. 4. Supplier is specifically subject to an obligation to, and hereby does, assign all right, title and interest in any such inte llectual property rights to UC as well as all right, title and interest in tangible research products embodying any such inventions whether the inventions are patentable or not. Supplier agrees to promptly execute any additional documents or forms that UC may require in order to effectuate such assignment. C. General. Should the Goods and/or Services become, or in Supplier’s opinion be likely to become, the subject of a claim of infringement of any patent, copyright, trademark, trade name, trade secret, or other proprietary or contra ctual right of any third party, Supplier will provide written notice to UC of the circumstances giving rise to such claim or likely claim. In the eve nt that UC receives notice of a claim of infringement or is made a party to or is threatened with being made a party to any claim of infringement related to the Goods and/or Services, UC will provide Supplier with notice of such claim or threat. Following receipt of such notice, Supplier will either (at Supplier’s sole election) (i) procure for UC the right t o continue to use the affected portion of the Goods and/or Services, or (ii) replace or otherwise modify the affected portion of the Goods and/or Services to make them non- infringing, or obtain a reasonable substitute product for the affected portion of th e Goods and/or Services, provided that any replacement, modification or substitution under this paragraph does not effect a material change in the Goods’ and/or Services’ functionality. If none of the foregoing options is reasonably acceptable to UC, UC will have the right to terminate the Agreement without damage, penalty, cost or further obligation. ARTICLE 8 – INDEMNITY Supplier will defend, indemnify, and hold harmless UC, its officers, employees, and agents, from and against all losses, expe nses (including, without limitation, reasonable attorneys' fees and costs), damages, and liabilities of any kind resulting from or aris ing out of the Agreement, including the performance hereunder of Supplier, its officers, employees, agents, sub-suppliers, or anyone directly or indirectly employed by Supplier, or any person or persons under Supplier's direction and control, provided such losses, expen ses, damages and liabilities are due or claimed to be due to the acts or omissions of Supplier, its officers, employees, agents, sub-suppliers, or anyone directly or indirectly employed by Supplier, or any person or persons under Supplier's direction and control. UC agrees to provide Supplier with prompt notice of any such claim or action and to permit Supplier to defend any claim or action, and that UC will cooperate fully in such defense. UC retains the right to participate in the defense against any such claim or action, and the right to consent to any settlement, which consent will not unreasonably be withheld. Page 4 of 11 Revised 11/29/17 ARTICLE 9 – INSURANCE Supplier, at its sole cost and expense, will insure its activities in connection with providing the Goods and/or Services and obtain, keep in force, and maintain the following insurance with the minimum limits set forth below, unless UC specifies otherwise: A. Commercial Form General Liability Insurance (contractual liability included) with limits as follows: 1. Each Occurrence $ 1,000,000 2. Products/Completed Operations Aggregate $ 2,000,000 3. Personal and Advertising Injury $ 1,000,000 4. General Aggregate $ 2,000,000 B. Business Automobile Liability Insurance for owned, scheduled, non-owned, or hired automobiles with a combined single limit of not less than one million dollars ($1,000,000) per occurrence. (Required only if Supplier drives on UC premises or transports UC employees, officers, invitees, or agents in the course of supplying the Goods and/or Services to UC.) C. If applicable, Professional Liability Insurance with a limit of two million dollars ($2,000,000) per occurrence with an aggre gate of not less than two million dollars ($2,000,000). If this insurance is written on a claims-made form, it will continue for three years following termination of the Agreement. The insurance will have a retroactive date of placement prior to or coinciding with the effecti ve date of the Agreement. D. Workers' Compensation as required by applicable state law and Employer’s Liability with limits of one million dollars ($1,000,000) per occurrence. E. If applicable, Supplier Fidelity Bond or Crime coverage for the dishonest acts of its employees in a minimum amount of one mi llion dollars ($1,000,000). Supplier will endorse such policy to include a “Regents of the University of California Coverage” or “Joint Payee Coverage” endorsement. UC and, if so requested, UC’s officers, employees, agents and sub-suppliers will be named as "Loss Payee, as Their Interest May Appear” in such Fidelity Bond. F. Additional other insurance in such amounts as may be reasonably required by UC against other insurable risks relating to performance. If the above insurance is written on a claims-made form, it will continue for three years following termination of the Agreement. The insurance will have a retroactive date of placement prior to or coinciding with the effective date of the Agre ement. If the above insurance coverage is modified, changed or cancelled, Supplier will provid e UC with not less than fifteen (15) days’ advance written notice of such modification, change, or cancellation, and will promptly obtain replacement coverage that comp lies with this Article. G. The coverages referred to under A and B of this Article must include UC as an additional insured. It is understood that the coverage and limits referred to under A, B and C of this Article will not in any way limit Supplier’s liability. Supplier will furnish UC with certificates of insurance (and the relevant endorsement pages) evidencing compliance with all requirements prior to commencing work under the Agreement. Such certificates will: 1. Indicate that The Regents of the University of California has been endorsed as an additional insured for the coverage referred to under A and B of this Article. This provision will only apply in proportion to and to the extent of the negligent acts or omi ssions of Supplier, its officers, agents, or employees. 2. Include a provision that the coverage will be primary and will not participate with or be excess over any valid and collectible insurance or program of self-insurance carried or maintained by UC. ARTICLE 10 – USE OF UC NAME AND TRADEMARKS Supplier will not use the UC name, abbreviation of the UC name, trade names and/or trademarks (i.e., logos and seals) or any derivation thereof, in any form or manner in advertisements, reports, or other information released to the public, or place the UC name, abbreviations, trade names and/or trademarks or any derivation thereof on any consumer goods, products, or services for sale or distribution to the public, without UC’s prior written approval. Supplier agrees to comply at all times with California Education Code Section 92000. ARTICLE 11 – FEDERAL ACQUISITION REGULATIONS – COMMERCIAL GOODS AND SERVICES Supplier who supplies commercial Goods and/or Services certifies and represents its compliance with the following clauses, as applicable. Supplier shall promptly notify UC of any change of status with regard to these certifications and representations. These certifications and representations are material statements upon which UC will rely: A. FAR 52.203-13, Contractor Code of Business Ethics and Conduct; B. FAR 52.219-8, Utilization of Small Business Concerns; C. FAR 52.222-4, Contract Work Hours and Safety Standards Act; D. FAR 52.222-17, Nondisplacement of Qualified Workers; Page 5 of 11 Revised 11/29/17 E. FAR 52.222-21, Prohibition of Segregated Facilities; F. FAR 52.222-26, Equal Opportunity; G. FAR 52.222-35, Equal Opportunity for Veterans; H. FAR 52.222-36, Equal Opportunity for Workers with Disabilities; I. FAR 52.222-37, Employment Reports on Veterans; J. FAR 52.222-40, Notification of Employee Rights Under the National Labor Relations Act; K. FAR 52.222-41, Service Contract Labor Standards; L. FAR 52.222-50, Combating Trafficking in Persons; M. FAR 52.222-51, Exemption from Application of the Service Contract Labor Standards to Contracts for Maintenance, Calibration, or Repair of Certain Equipment - Requirements; N. FAR 52.222-53, Exemption from Application of the Service Contract Labor Standards to Contracts for Certain Services - Requirements; O. FAR 52.222-54, Employment Eligibility Verification; P. FAR 52.222-55, Minimum Wages Under Executive Order 13658; Q. FAR 52.226-6, Promoting Excess Food Donation to Nonprofit Organizations; and R. FAR 52.247-64, Preference for Privately Owned U.S.-Flag Commercial Vessels. In these provisions, the term "contractor" as used therein will refer to Supplier, and the terms “Government” or “Contracting Officer” as used therein will refer to UC. Where a purchase of items is for fulfillment of a specific U.S. Government prime or subcontract, additional information and/or terms and conditions may be included in an attached supplement. By submitting an invoice to UC, Supplier is representing to UC that, at the time of submission: 1. Neither Supplier nor its principals are presently debarred, suspended, or proposed for debarment by the U.S. government (see FAR 52.209-6); 2. Supplier has filed all compliance reports required by the Equal Opportunity clause (see FAR 52.222-22); and 3. Any Supplier representations to UC about U.S. Small Business Administration or state and local classifications, including but not limited to size standards, ownership, and control, are accurate and complete. ARTICLE 12 – EQUAL OPPORTUNITY AFFIRMATIVE ACTION Supplier will abide by the requirements set forth in Executive Orders 11246 and 11375. Where applicable, Supplier will abide by 41 CFR §§ 60-1.4(a), 60-300.5(a) and 60-741.5(a), incorporated by reference with this statement: “This contractor and subcontractor shall abide by the requirements of 41 CFR §§ 60-1.4(a), 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity, or national origin. Moreover, the se regulations require that covered prime contractors and subcontractors take affirmative action to employ and advance in employment individuals without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status or disability.” With respect to activities occurring in the State of California, Supplier agrees to adhere to the California Fair Employment and Housing Act. Supplier will provide UC on request a breakdown of its labor force by groups as specified by UC, and will discuss with UC its policies and practices relating to its affirmative action programs. Supplier will not maintain or provide facilities for employees at any establishment under its control that are segregated on a basis prohibited by federal law. Separate or single-user restrooms and necessary dressing or sleeping areas must be provided, however, to ensure privacy. ARTICLE 13 – LIENS Supplier agrees that upon UC’s request, Supplier will submit a sworn statement setting forth the work performed or material furnished by sub-suppliers and material men, and the amount due and to become due to each, and that before the final payment called for under the Agreement, will upon UC’s request submit to UC a complete set of vouchers showing what payments have been made for such work performed or material furnished. Supplier will promptly notify UC in writing, of any claims, demands, causes of action, liens or suits brought to its attention that arise out of the Agreement. UC will not make final payment until Supplier, if required, deliv ers to UC a complete release of all liens arising out of the Agreement, or receipts in full in lieu thereof, as UC may require, and if required in either case, an affidavit that as far as it has knowledge or information, the receipts include all the labor and materials for which a lien could be filed; but Supplier may, if any sub-supplier refuses to furnish a release or receipt in full, furnish a bond satisfactory to UC to indemnify it against any claim by lien or otherwise. If any lien or claim remains unsatisfied after all payments are made, Supplier wil l refund to UC all monies that UC may be compelled to pay in discharging such lien or claim, including all costs and reasonable attorneys' fees. Page 6 of 11 Revised 11/29/17 ARTICLE 14 – PREMISES WHERE SERVICES ARE PROVIDED A. Cleaning Up. Supplier will at all times keep UC premises where the Services are performed and adjoining premises free from accumulations of waste material or rubbish caused by its employees or work of any of its sub-suppliers, and, at the completion of the Services; will remove all rubbish from and about the premises and all its tools, scaffolding, and surplus materials, and will leave the premises "broom clean" or its equivalent, unless more exactly specified. In case of dispute between Supplier and its sub- suppliers as to responsibility for the removal of the rubbish, or if it is not promptly removed, UC may remove the rubbish and charge the cost to Supplier. B. Environmental, Safety, Health and Fire Protection. Supplier will take all reasonable precautions in providing the Goods and Services to protect the health and safety of UC employees and members of the public and to minimize danger from all hazards to life and property, and will comply with all applicable environmental protection, health, safety, and fire protection regulations and requirements (including reporting requirements). In the event that Supplier fails to comply with such regulations and requirements, UC may, without prejudice to any other legal or contractual rights of UC, issue an order stopping all or any part of the provision of the Goods and/or Services; thereafter a start order for resumption of providing the Goods and/or Services may be issued at UC’s discretion. Supplier will not be entitled to make a claim for extension of time or for compensation or damages by reason of or in connection with such stoppage. Supplier will have sole responsibility for the safety of all persons employed by Supplier and its sub - suppliers on UC premises, or any other person who enters upon UC premises for reasons relating to the Agreement. Supplier wi ll at all times maintain good order among its employees and all other persons who come onto UC's premises at Supplier's request and will not engage any unfit or unskilled person to provide the Goods and/or Services. Supplier will confine its employees and all other persons who come onto UC's premises at Supplier's request or for reasons relating to the Agreement and its equipment to that portion of UC's premises where the Services are to be provided or to roads leading to and from such work sites, and to any other area which UC may permit Supplier to use. Supplier will take all reasonable measures and precautions at all times to prevent injuries to or the death of any of its employees or any other person who enters upon UC premises at Supplier’s request. Such measur es and precautions will include, but will not be limited to, all safeguards and warnings necessary to protect workers and others aga inst any conditions on the premises that could be dangerous and to prevent accidents of any kind whenever the Goods and/or Services are being provided in proximity to any moving or operating machinery, equipment or facilities, whether such machinery, equipment or facilities are the property of or are being operated by, Supplier, its sub-suppliers, UC or other persons. To the extent compliance is required, Supplier will comply with all relevant UC safety rules and regulations when on UC premises. C. Tobacco-free Campus. UC is a tobacco-free institution. Use of cigarettes, cigars, oral tobacco, electronic cigarettes and all other tobacco products is prohibited on all UC owned or leased sites. ARTICLE 15 – LIABILITY FOR UC - FURNISHED PROPERTY Supplier assumes complete liability for any materials UC furnishes to Supplier in connection with the Agreement and Supplier agrees to pay for any UC materials Supplier damages or otherwise is not able to account for to UC's satisfaction. UC furnishing to Supplier any materials in connection with the Agreement will not, unless otherwise expressly provided in writing by UC, be construed to ve st title thereto in Supplier. ARTICLE 16 – COOPERATION Supplier and its sub-suppliers, if any, will cooperate with UC and other suppliers and will so provide the Goods and/or Services that other cooperating suppliers will not be hindered, delayed or interfered with in the progress of their work, and so that all of such work will be a finished and complete job of its kind. ARTICLE 17 – ADDITIONAL TERMS APPLICABLE TO THE FURNISHING OF GOODS The terms in this Article have special application to the furnishing of Goods: A. Price Decreases. Supplier agrees immediately to notify UC of any price decreases from its suppliers, and to pass through to UC any price decreases. B. Declared Valuation of Shipments. Except as otherwise provided in the Agreement, all shipments by Supplier under the Agreement for UC's account will be made at the maximum declared value applicable to the lowest transportation rate or classification an d the bill of lading will so note. C. Title. Title to the Goods purchased under the Agreement will pass directly from Supplier to UC at the f.o.b. point shown, or as otherwise specified in the Agreement, subject to UC’s right to reject upon inspection. D. Changes. Notwithstanding the terms in Article 34, Amendments, UC may make changes within the general scope of the Agreement in drawings and specifications for specially manufactured Goods, place of delivery, method of shipment or packing of the Goods by Page 7 of 11 Revised 11/29/17 giving notice to Supplier and subsequently confirming such changes in writing. If such changes affect the cost of or the time required for performance of the Agreement, UC and Supplier will agree upon an equitable adjustment in the price and/or delive ry terms. Supplier may not make changes without UC’s written approval. Any claim of Supplier for an adjustment und er the Agreement must be made in writing within thirty (30) days from the date Supplier receives notice of such change unless UC waives this condition in writing. Nothing in the Agreement will excuse Supplier from proceeding with performance of the Agreem ent as changed hereunder. Supplier may not alter or misbrand, within the meaning of the applicable Federal and State laws, the Good s furnished. E. Forced, Convict and Indentured Labor. Supplier warrants that no foreign-made Goods furnished to UC pursuant to the Agreement will be produced in whole or in part by forced labor, convict labor, or indentured labor under penal sanction. If UC determi nes that Supplier knew or should have known that it was breaching this warranty, UC may, in addition to terminating t he Agreement, remove Supplier from consideration for UC contracts for a period not to exceed one year. This warranty is in addition to any applicable warranties in Articles 6 and 11. F. Export Control. If any of the Goods is export-controlled under the International Traffic in Arms Regulations (22 CFR §§ 120-130), the United States Munitions List (22 CFR § 121.1), or Export Administration Regulations (15 CFR §§ 730-774) 500 or 600 series, or controlled on a military strategic goods list, Supplier agrees to pr ovide UC (the contact listed on the Purchase Order) with written notification that identifies the export-controlled Goods and such Goods’ export classification. ARTICLE 18 – CONFLICT OF INTEREST Supplier affirms that, to the best of Supplier’s knowledge, no UC employee who has participated in UC’s decision-making concerning the Agreement has an “economic interest” in the Agreement or Supplier. A UC employee’s “economic interest” means: A. An investment worth $2,000 or more in Supplier or its affiliate; B. A position as director, officer, partner, trustee, employee or manager of Supplier or its affiliate; C. Receipt during the past 12 months of $500 in income or $440 in gifts from Supplier or its affiliate; or D. A personal financial benefit from the Agreement in the amount of $250 or more. In the event of a change in these economic interests, Supplier will provide written notice to UC within thirty (30) days afte r such change, noting such changes. Supplier will not be in a reporting relationship to a UC employee who is a near relative, nor will a near relative be in a decision making position with respect to Supplier. ARTICLE 19 – AUDIT REQUIREMENTS The Agreement is subject to the examination and audit of the Auditor General of the State of California or Comptroller Ge neral of the United States or designated Federal authority for a period of up to five (5) years after final payment under the Agreement. UC, and if the underlying grant or cooperative agreement so provides, the other contracting Party or grantor (and if that be the United States or an instrumentality thereof, then the Comptroller General of the United States) will have access to and the right to examine Supp lier’s pertinent books, documents, papers, and records involving transactions and work related to the Agreement until the expiration of five (5) years after final payment under the Agreement. The examination and audit will be confined to those matters connected with th e performance of the Agreement, including the costs of administering the Agreement. ARTICLE 20 – PROHIBITION ON UNAUTHORIZED USE OR DISCLOSURE OF CONFIDENTIAL INFORMATION Supplier agrees to hold UC’s Confidential Information, and any information derived therefrom, in strict confidence. Confidential Information shall be defined as any information disclosed by UC to Supplier for the purposes of providing the Good and/or Services which is (i) marked as “Confidential” at the time of disclosure; (ii) disclosed orally, identified at the time of such oral disclo sure as confidential, and reduced to writing as “Confidential” within thirty (30) days of such oral disclosure; and (iii) if not marked as “Confidential,” information that would be considered by a reasonable person in the relevant field to be confidential given its content and the circumstances of its disclosure. Confidential Information will not include information that: (i) Supplier can demonstrate by written records was known to Supplier prior to the effective date of the Agreement; (ii) is currently in, or in the future enters, the public domain other than through a breach of the Agreement or through other acts or omissions of Supplier; (iii) is obtained lawfully from a third party; or (iv) is disclosed under the California Public Records Act or legal process. Supplier will not access, use or disclose Confidential Information other than to carry out the purposes for which UC disclosed the Confidential Information to Supplier, except as permitted or required by applicable law, or as otherwise authorized in writing by UC. For avoidance of doubt, this provision prohibits Supplier from using for its own benefit Confidential Information and any information derived therefrom. If required by a court of competent jurisdiction or an administrative body to disclose Confidential Information, Supplier will notify UC in writing immediately upon receiving notice of such requirement and prior to any such disclosure (unless Supplier is prohibited by law from doing so), to give UC an opportunity to Page 8 of 11 Revised 11/29/17 oppose or otherwise respond to such disclosure. Supplier’s transmission, transportation or storage of Confidential Information outside the United States, or access of Confidential Information from outside the United States, is prohibited except with prior written authorization by UC. UC’s Appendix – Data Security and Privacy and/or Appendix – HIPAA Business Associate will control in the event that one or both appendices is incorporated into the Agreement and conflicts with the provisions of this Article. ARTICLE 21 – UC WHISTLEBLOWER POLICY UC is committed to conducting its affairs in compliance with the law, and has established a process for reporting and investigating suspected improper governmental activities. Please visit http://www.ucop.edu/uc-whistleblower/ for more information. ARTICLE 22 – ENVIRONMENTALLY PREFERABLE PRODUCTS Supplier will use environmentally preferable products and services (i.e., products and services with a lesser or reduced effe ct on human health and the environment), to the maximum possible extent consistent with the Agreement. Information on environmentally preferable products and services is available at: http://www.epa.gov/opptintr/epp/. ARTICLE 23 – PATIENT PROTECTION AND AFFORDABLE CARE ACT (PPACA) EMPLOYER SHARED RESPONSIBILITY If the Services involve Supplier furnishing UC with temporary or supplementary staffing, Supplier warrants that: A. If Supplier is an Applicable Large Employer (as defined under Treasury Regulation Section 54.4980H-1(a)(4)): 1. Supplier offers health coverage to its full-time employees who are performing Services for UC; 2. Supplier’s cost of enrolling such employees in Supplier’s health plan is factored into the fees for the Services; and 3. The fees for the Services are higher than what the Services would cost if Supplier did not offer health coverage to such full-time employees. B. If Supplier is not an Applicable Large Employer (as defined above): 1. Supplier offers group health coverage to its full-time employees who are performing Services for UC and such coverage is considered Minimum Essential Coverage (as defined under Treasury Regulation Section 1 -5000A-2) and is Affordable (as defined under Treasury Regulation Section 54.4980H-5(e)); or 2. Supplier’s full-time employees who are performing services for UC have individual coverage and such coverage satisfies the PPACA requirements for mandated individual coverage. Supplier acknowledges that UC is relying on these warranties to ensure UC’s compliance with the PPACA Employer Shared Responsibility provision. ARTICLE 24 - PREVAILING WAGES Unless UC notifies Supplier that the Services are not subject to prevailing wage requirements, Supplier will comply, and will ensure that all sub-suppliers comply, with California prevailing wage provisions, including but not limited to those set forth in Labor Code sections 1770, 1771, 1771.1, 1772, 1773, 1773.1, 1774, 1775, 1776, 1777.5, and 1777.6. For purposes of the Agreement, the term “sub -supplier” means a person or firm, of all tiers, that has a contract with Supplier or with a sub-supplier to provide a portion of the Services. The term sub-supplier will not include suppliers, manufacturers, or distributors. Specifically, and not by way of limitation, if apprenticable occupations are involved in providing the Services, Supplier will be responsible for ensuring that Supplier and any sub -suppliers comply with Labor Code Section 1777.5. Supplier and sub-supplier may not provide the Services unless currently registered and qualified to perform public work pursuant to Labor Code Section 1725.5 and 1771.1. Notwithstanding the foregoing provisions, Supplier will be solely responsible for tracking and ensuring proper payment of prevailing wages regardless if Services are partially or wholly subject to prevailing wage requirements. In every instance, Supplier will pay not less than the UC Fair Wage (defined as $13 per hour as of 10/1/15, $14 per hour as of 10/1/16, and $15 per hour as of 10/1/17) for Services being performed at a UC Location (defined as any location owned or leased by UC). The California Department of Industrial Relations (DIR) has ascertained the general prevailing per diem wage rates in the loc ality in which the Services are to be provided for each craft, classification, or type of worker required to provide the Services. A copy of the general prevailing per diem wage rates will be on file at each UC Location’s procurement office, and will be made available to any interested party upon request. Supplier will post at any job site: A. Notice of the general prevailing per diem wage rates, and B. Any other notices required by DIR rule or regulation. Page 9 of 11 Revised 11/29/17 By this reference, such notices are made part of the Agreement. Supplier will pay not less than the prevailing wage rates, as specified in the schedule and any amendments thereto, to all workers employed by Supplier in providing the Services. Supplier will cause all subcontracts to include the provision that all sub-suppliers will pay not less than the prevailing rates to all workers employed by such sub- suppliers in providing the Services. The Services are subject to compliance monitoring and enforcement by the DIR. Supplier will forfeit, as a penalty, not more than $200 for each calendar day or portion thereof for each worker that is paid less than the prevailing rates as determined by the DIR for the work or craft in which the worker is employed for any portion of the Services provided by Suppl ier or any sub-supplier. The amount of this penalty will be determined pursuant to applicable law. Such forfeiture amounts may be deducted from the amounts due under the Agreement. If there are insufficient funds remaining in the amounts due under the Agreement, Supplier will be liable for any outstanding amount remaining due. Supplier will also pay to any worker who was paid less than the prevailing wage rate for the work or craft for which the worker was employed for any portion of the Services, for each day, or portion thereof, fo r which the worker was paid less than the specified prevailing per diem wage rate, an amount equal to the difference between the specified prevailing per diem wage rate and the amount which was paid to the worker. Review of any civil wage and penalty assessment w ill be made pursuant to California Labor Code section 1742. ARTICLE 25 – FAIR WAGE/FAIR WORK If the Services will be performed at one or more UC Locations, do not solely involve furnishing Goods, and are not subject to extramural awards containing sponsor-mandated terms and conditions, Supplier warrants that it is in compliance with applicable federal, state and local working conditions requirements, including but not limited to those set forth in Articles 11, 12 and 14 herein, and that Supplier pays its employees performing the Services no less than the UC Fair Wage. Supplier agrees UC may conduct such UC Fair Wage/Fair Work interim compliance audits as UC reasonably requests, as determined in UC’s sole discretion. Supplier agrees to post UC Fair Wage/Fair Work notices, in the form supplied by UC, in public areas (such as break rooms and lunch rooms) frequented by Supplier employees who perform Services. For Services that exceed $100,000 annually and are not subject to prevailing wage requirements, Supplier will, a) at Supplier’s expense, provide an annual independent audit performed by Supplier’s independent auditor or independent internal audit department (http://na.theiia.org/standards-guidance/topics/Pages/Independence-and-Objectivity.aspx) in compliance with UC’s required audit standards and procedures (http://www.ucop.edu/procurement-services/_files/fw-fw-annual-audit-standards-procedures.pdf), concerning Supplier’s compliance with this provision, and b) ensure that in the case of a UC interim audit, its auditor makes available to UC its UC Fair Wage/Fair Work work papers for the most recently audited time period. Supplier agrees to provide UC with a UC Fair Wage/Fair Work certification annually, in a form acceptable to UC, no later than ninety days after each one year anniversary of the agreement’s effective date, for the twelve months immediately preceding the anniversary date. ARTICLE 26 – MEDICAL DEVICES This Article applies when the Goods and/or Services involve UC purchasing or leasing one or more medical devices from Supplier, or when Supplier uses one or more medical devices in providing Goods and/or Services to UC. Medical Device as used herein will have the meaning provided by the U.S. Food and Drug Administration (“FDA”) and means an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including a component part, or accessory which is: (i) recognized in the o fficial National Formulary, or the United States Pharmacopoeia, or any supplement to them; (ii) intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatm ent, or prevention of disease, in man or other animals, or (iii) intended to affect the structure or any function of the body of man or other animals, and which does not achieve any of its primary intended purposes through chemical action within or on the body of man or other animals and which is not dependent upon being metabolized for the achievement of any of its primary intended purposes. Supplier warrants that prior to UC’s purchase or lease of any Goods and/or Services or Supplier’s use of any product in providing Goods and/or Services hereunder, Supplier will: (i) perform security testing and validation for each such Goods and/or Services or product, as applicable; (ii) perform a security scan by an anti-virus scanner, with up-to-date signatures, on any software embedded within any Goods and/or Services or products, as applicable, in order to verify that the software does not contain any known viruses or malware; (iii) conduct a vulnerability scan encompassing all ports and fuzz testing; and (iv) provide UC with reports for (i) – (iii). Supplier warrants that all security testing performed by Supplier covers all issues noted in the “SANS WE TOP 25” and/or “OWASP Top 10” documentation. Throughout Supplier’s performance of this Agreement, Supplier will provide UC with reasonably up-to-date patches, firmware and security updates for all Goods and/or Services provided to UC, and other products used in the course of providing Services, as applica ble. All such Page 10 of 11 Revised 11/29/17 patches and other security updates will be made available to UC within thirty (30) days of its commercial release or as otherwise recommended by Supplier or Supplier’s sub-supplier, whichever is earlier. Supplier warrants that all software and installation media not specifically required for any products used by Supplier or Goods and/or Services delivered to UC under this Agreement as well as files, scripts, messaging services and data will be removed from all such Goods or products following installation, and that all hardware ports and drives not required for use or operation of such Goods an d/or Services or products will be disabled at time of installation. In addition, Medical Devices must be configured so that only Supplier-approved applications will run. Supplier agrees that UC may take any and all actions that it, in its sole discretion, deems necessary to address, mitigate and/or rectify any real or potential security threat, and that no such action, to the extent such action does not compromise device certificatio n, will impact, limit, reduce or negate Supplier’s warranties or any of Supplier’s other obligations hereunder. Supplier warrants that all of the Goods and/or Services provided to UC, and other products used in the course of providing such Goods and/or Services, meet and comply with all cyber-security guidance and similar standards promulgated by the U.S. Food and Drug Administration and any other applicable regulatory body. If the Goods and/or Services entail provision or use of medical devices, Supplier will provide UC with a completed Manufacturer Disclosure Statement for Medical Device Security (MDS2) form for each such medical device before UC is obligated to purchase or lease such medical device or prior to Supplier’s use of such device(s) in its performance of Services. If Supplier provides MDS2 form(s) to UC concurrently with its provision of Goods and/or Services, UC will have a reasonable period of time to review such MDS2 form(s), and if the MDS2 form(s) is unacceptable to UC, then UC in its sole discretion may return the Goods or terminate the Agreement with no further obligation to Supplier. ARTICLE 27 – FORCE MAJEURE Neither Party will be liable for delays due to causes beyond the Party’s control (including, but not restricted to, war, civil disturbances, earthquakes, fires, floods, epidemics, quarantine restrictions, freight embargoes, and unusually severe weather). ARTICLE 28 – ASSIGNMENT AND SUBCONTRACTING Except as to any payment due hereunder, Supplier may not assign or subcontract the Agreement without UC’s written approval. In case such consent is given, the assignee or subcontractor will be subject to all of the terms of the Agreement. ARTICLE 29 – NO THIRD-PARTY RIGHTS Nothing in the Agreement is intended to make any person or entity that is not a signer to the Agreement a third -party beneficiary of any right created by this Agreement or by operation of law. ARTICLE 30 – OTHER APPLICABLE LAWS Any provision required to be included in a contract of this type by any applicable and valid federal, state or local law, ord inance, rule or regulations will be deemed to be incorporated herein. ARTICLE 31 – NOTICES A Party must send any notice required to be given under the Agreement by overnight delivery or by certified mail with return rec eipt requested, to the other Party’s representative at the address specified by such Party. ARTICLE 32 – SEVERABILITY If a provision of the Agreement becomes, or is determined to be, illegal, invalid, or unenforceable, that will not affect the legality, validity or enforceability of any other provision of the Agreement or of any portion of the invalidated provision that remains legal, valid, or enforceable. ARTICLE 33 – WAIVER Waiver or non-enforcement by either Party of a provision of the Agreement will not constitute a waiver or non-enforcement of any other provision or of any subsequent breach of the same or similar provision. Page 11 of 11 Revised 11/29/17 ARTICLE 34 – AMENDMENTS The Parties may make changes in the Goods and/or Services or otherwise amend the Agreement, but only by a writing signed by both Parties’ authorized representatives. ARTICLE 35 – GOVERNING LAW AND VENUE California law will control the Agreement and any document to which it is appended. The exclusive jurisdiction and venue for any and all actions arising out of or brought under the Agreement is in a state court of competent jurisdiction, situated in the county in the State of California in which the UC Location is located or, where the procurement covers more than one UC Location, the exclusive venue is Alameda County, California. ARTICLE 36 – SUPPLIER TERMS Any additional terms that Supplier includes in an order form or similar document will be of no force and effect, unless UC expressly agrees in writing to such terms. ARTICLE 37 – SURVIVAL CLAUSE Upon expiration or termination of the Agreement, the following provisions will survive: WARRANTIES; INTELLECTUAL PROPERTY, COPYRIGHT AND PATENTS; INDEMNITY; USE OF UC NAMES AND TRADEMARKS; LIABILITY FOR UC-FURNISHED PROPERTY; COOPERATION; TERMS APPLICABLE TO THE FURNISHING OF GOODS; AUDIT REQUIREMENTS; PROHIBITION ON UNAUTHORIZED USE OR DISCLOSURE OF CONFIDENTIAL INFORMATION; GOVERNING LAW AND VENUE, and, to the extent incorporated into the Agreement, the terms of the APPENDIX–DATA SECURITY and/or APPENDIX–BUSINESS ASSOCIATES. Revised 5/24/18 Page 1 of 15 ARTICLE 1 – PURPOSE AND SCOPE OF APPLICATION A. This Data Security and Privacy Appendix is designed to protect the University of California’s (UC) Non- public Information and UC Information Resources (defined below). This Appendix describes the data security and privacy obligations of Supplier and its sub-suppliers that connect to UC Information Resources and/or gain access to Non-public Information (defined below). B. Supplier agrees to be bound by the obligations set forth in this Appendix. To the extent applicable, Supplier also agrees to impose, by written contract, the terms and conditions contained in this Appendix on any third party retained by Supplier to provide services for or on behalf of the UC. ARTICLE 2 – DEFINED TERMS A. Breach. Breach means the unauthorized acquisition, access, use or disclosure of Non-public Information that compromises the security, confidentiality or integrity of such information. B. Non-public Information. Supplier’s provision of Services under this Agreement may involve access to certain information that UC wishes to be protected from further use or disclosure. Non-public Information shall be defined as: (i) Protected Information (defined below); (ii) information UC discloses, in writing, orally, or visually, to Supplier, or to which Supplier obtains access to in connection with the negotiation and performance of the Agreement, and which relates to UC, its students or employees, its third-party vendors or licensors, or any other individuals or entities that have made confidential information available to UC or to Supplier acting on UC’s behalf (collectively, “UC Users”), marked or otherwise identified as proprietary and/or confidential, or that, given the nature of the information, ought reasonably to be treated as proprietary and/or confidential; (iii) trade secrets; and (iv) business information. C. Protected Information. Protected Information shall be defined as information that identifies or is capable of identifying a specific individual, including but not limited to personally-identifiable information, medical information other than Protected Health Information as defined under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the HIPAA regulations (including, but not limited to 45 CFR § 160.103), Cardholder Data (as currently defined by the Payment Card Industry Data Security Standard and Payment Application Standard Glossary of Terms, Abbreviations, and Acronyms), student records, or individual financial information that is subject to laws restricting the use and disclosure of such information, including but not limited to Article 1, Section 1 of the California Constitution; the California Information Practices Act (Civil Code § 1798 et seq.); the federal Gramm- Leach-Bliley Act (15 U.S.C. §§ 6801(b) and 6805(b)(2)); the federal Family Educational Rights and Privacy Act (20 U.S.C. § 1232g); the federal Fair and Accurate Credit Transactions Act (15 USC § 1601 et seq.) and the Fair Credit Reporting Act (15 USC § 1681 et seq.). D. UC Information Resources. UC Information Resources shall be defined as those devices, networks and related infrastructure that UC owns, operates or has obtained for use to conduct UC business. Devices include but are not limited to, UC-owned or managed storage, processing, communications devices and related infrastructure on which UC data is accessed, processed, stored, or communicated, and may include personally owned devices. Data includes, but is not limited to, Non-public Information, other UC- Appendix – Data Security and Privacy Revised 5/24/18 Page 2 of 15 created or managed business and research data, metadata, and credentials created by or issued on behalf of UC. E. Work Product. Work Product shall be defined as works-in-progress, notes, data, reference materials, memoranda, documentation and records in any way incorporating or reflecting any Non-public Information and all proprietary rights therein, including copyrights. Work Product is subject to the Agreement’s Intellectual Property, Copyright and Patents Article. For the avoidance of doubt, Work Product shall belong exclusively to UC and unless expressly provided, this Appendix shall not be construed as conferring on Supplier any patent, copyright, trademark, license right or trade secret owned or obtained by UC. ARTICLE 3 – ACCESS TO UC INFORMATION RESOURCES A. In any circumstance when Supplier is provided access to UC Information Resources, it is solely Supplier’s responsibility to ensure that its access does not result in any access by unauthorized individuals to UC Information Resources. This includes conformance with minimum security standards in effect at the UC location(s) where access is provided. Any Supplier technology and/or systems that gain access to UC Information Resources must contain, at a minimum, the elements in the Computer System Security Requirements set forth in Attachment 1 to this Appendix. No less than annually, Supplier shall evaluate and document whether Supplier’s practices accessing UC Information Resources comply with the terms of this Appendix. Documentation of such evaluation shall be made available to UC upon UC’s request. Regardless of whether UC requests a copy of such evaluation, Supplier shall immediately inform UC of any findings of noncompliance and certify when findings of non-compliance have been addressed. B. Supplier shall limit the examination of UC information to the least invasive degree of inspection required to provide the Goods and/or Services. In the event Goods and/or Services include the inspection of a specific threat to or anomaly of UC’s Information Resources, Supplier shall limit such inspection in accordance with the principle of least perusal. Supplier will notify UC immediately upon such events. C. With UC’s prior written consent, Supplier may alter a UC Information Resource to the extent such alteration is specifically required for Supplier to provide Goods and/or Services to UC pursuant to the Agreement. ARTICLE 4 – SECURITY PATCHES AND UPDATES Supplier is required to perform patches and updates in connection with the Goods and/or Services provided to UC as follows: A. Devices and Software Provided Directly to UC. Supplier will make available to UC any patches and other updates to system security software or firmware utilized by Supplier in its provision of Goods and/or Services no later than the earlier of thirty (30) days of its commercial release or as recommended by Supplier or Supplier’s sub-supplier. B. Supplier’s Internal Systems and Services Necessary for Supplier to Fulfill its Obligations to UC. Supplier will regularly apply security patches and functional updates to its internal systems software and firmware. Revised 5/24/18 Page 3 of 15 ARTICLE 5 – COMPLIANCE WITH APPLICABLE LAWS, FAIR INFORMATION PRACTICE PRINCIPLES AND UC POLICIES A. Supplier agrees to comply with all applicable state, federal and international laws, as well as industry best practices, governing the collection, access, use, disclosure, safeguarding and destruction of Protected Information. Additionally Supplier will comply as applicable with the Fair Information Practice Principles, as defined by the U.S. Federal Trade Commission. Such principles would typically require Supplier to have a privacy policy, and a prominently-posted privacy statement or notice in conformance with such principles. If collecting Protected Information electronically from individuals on behalf of UC, Supplier’s prominently-posted privacy statement will be similar to those used by UC (UC’s sample Privacy Statement for websites is available at http://www.ucop.edu/information-technology- services/policies/it-policies-and-guidelines/records-mgmt-and- privacy/files/sampleprivacystatement.doc). Supplier also agrees, to the extent applicable, to comply with UC’s Business and Finance Bulletin IS-2, Inventory, Classification, and Release of UC Electronic Information (https://policy.ucop.edu/doc/7020447/BFB-IS-2), and IS-3, Electronic Information Security (https://policy.ucop.edu/doc/7000543/BFB-IS-3). B. Supplier shall make available to UC all products, systems, and documents necessary to allow UC to audit Supplier’s compliance with the terms of this Article 5. UC shall have the right to audit Supplier’s compliance with its Information Security Plan and the obligations set forth in Attachment 1. C. UC reserves the right to monitor Supplier’s connectivity to UC Information Resources while Supplier accesses Non-public Information. ARTICLE 6 – PROHIBITION ON UNAUTHORIZED USE OR DISCLOSURE OF NON-PUBLIC INFORMATION Supplier agrees to hold UC’s Non-public Information, and any information derived from such information, in strictest confidence. Supplier will not access, use or disclose Non-public Information other than to carry out the purposes for which UC disclosed the Non-public Information to Supplier, except as permitted or required by applicable law, or as otherwise authorized in writing by UC. For avoidance of doubt, this provision prohibits Supplier from using for its own benefit Non-public Information or any information derived from such information. If required by a court of competent jurisdiction or an administrative body to disclose Non-public Information, Supplier will notify UC in writing immediately upon receiving notice of such requirement and prior to any such disclosure, to give UC an opportunity to oppose or otherwise respond to such disclosure (unless prohibited by law from doing so). Supplier’s transmission, transportation or storage of Non-public Information outside the United States, or access of Non-public Information from outside the United States, is prohibited except on prior written authorization by UC. ARTICLE 7 – SAFEGUARD STANDARD Supplier agrees to protect the privacy and security of Non-public Information according to all applicable laws and regulations, by commercially-acceptable standards, and no less rigorously than it protects its own confidential information, but in no case less than reasonable care. Supplier will implement, maintain and use appropriate administrative, technical and physical security measures to preserve the confidentiality, integrity and availability of the Non-public Information. All Protected Information stored on portable devices or media must be encrypted in accordance with the Federal Information Processing Standards (FIPS) Publication 140-2. Supplier will ensure that such security measures are regularly reviewed and revised to address evolving threats and vulnerabilities while Supplier has responsibility for the Non-public Information under the terms of this Revised 5/24/18 Page 4 of 15 Appendix. Prior to agreeing to the terms of this Appendix, and periodically thereafter (no more frequently than annually) at UC’s request, Supplier will provide assurance, in the form of a third-party audit report or other documentation acceptable to UC, such as SOC2 Type II, demonstrating that appropriate information security safeguards and controls are in place. ARTICLE 8 – INFORMATION SECURITY PLAN A. Supplier acknowledges that UC is required to comply with information security standards for the protection of Protected Information as required by law, regulation and regulatory guidance, as well as UC’s internal security program for information and systems protection. B. Supplier will establish, maintain and comply with an information security plan (“Information Security Plan”), which will contain, at a minimum, such elements as those set forth in Attachment 1 to this Appendix. C. Supplier’s Information Security Plan will be designed to: i. Ensure the security, integrity and confidentiality of Non-public Information; ii. Protect against any anticipated threats or hazards to the security or integrity of such information; iii. Protect against unauthorized access to or use of such information that could result in harm or inconvenience to the person that is the subject of such information; iv. Reduce risks associated with Supplier having access to UC Information Resources; and v. Comply with all applicable legal and regulatory requirements for data protection. D. On at least an annual basis, Supplier will review its Information Security Plan, update and revise it as needed, and submit it to UC upon request. At UC’s request, Supplier will make modifications to its Information Security Plan or to the procedures and practices thereunder to conform to UC’s security requirements as they exist from time to time. If there are any significant modifications to Supplier’s Information Security Plan, Supplier will notify UC within 72 hours. ARTICLE 9 – RETURN OR DESTRUCTION OF NON-PUBLIC INFORMATION Within 30 days of the termination, cancellation, expiration or other conclusion of this Appendix, Supplier will return the Non-public Information to UC unless UC requests in writing that such data be destroyed. This provision will also apply to all Non-public Information that is in the possession of subcontractors or agents of Supplier. Such destruction will be accomplished by “purging” or “physical destruction,” in accordance with National Institute of Standards and Technology (NIST) Special Publication 800-88. Supplier will certify in writing to UC that such return or destruction has been completed. If Supplier believes that return or destruction of the Non-public Information is technically impossible or impractical, Supplier must provide UC with a written statement of the reason that return or destruction by Supplier is technically impossible or impractical. If UC determines that return or destruction is technically impossible or impractical, Supplier will continue to protect the Non-public Information in accordance with the terms of this Appendix. ARTICLE 10 – NOTIFICATION OF CORRESPONDENCE CONCERNING NON-PUBLIC INFORMATION Revised 5/24/18 Page 5 of 15 Supplier agrees to notify UC immediately, both orally and in writing, but in no event more than two (2) business days after Supplier receives correspondence or a complaint regarding Non-public Information, including but not limited to, correspondence or a complaint that originates from a regulatory agency or an individual. ARTICLE 11 – BREACHES OF NON-PUBLIC INFORMATION A. Reporting of Breach: Supplier will report any confirmed or suspected Breach to UC immediately upon discovery, both orally and in writing, but in no event more than two (2) business days after Supplier reasonably believes a Breach has or may have occurred. Supplier’s report will identify: (i) the nature of the unauthorized access, use or disclosure, (ii) the Non-public Information accessed, used or disclosed, (iii) the person(s) who accessed, used, disclosed and/or received Non-public Information (if known), (iv) what Supplier has done or will do to mitigate any deleterious effect of the unauthorized access, use or disclosure, and (v) what corrective action Supplier has taken or will take to prevent future unauthorized access, use or disclosure. Supplier will provide such other information, including a written report, as reasonably requested by UC. In the event of a suspected Breach, Supplier will keep UC informed regularly of the progress of its investigation until the uncertainty is resolved. B. Coordination of Breach Response Activities: Supplier will fully cooperate with UC’s investigation of any Breach involving Supplier and/or the Services, including but not limited to making witnesses and documents available immediately upon Supplier’s reporting of the Breach. Supplier’s full cooperation will include but not be limited to Supplier: i. Immediately preserving any potential forensic evidence relating to the Breach, and remedying the Breach as quickly as circumstances permit ii. Promptly (within 2 business days) designating a contact person to whom UC will direct inquiries, and who will communicate Supplier responses to UC inquiries; iii. As rapidly as circumstances permit, applying appropriate resources to remedy the Breach condition, investigate, document, restore UC service(s) as directed by UC, and undertake appropriate response activities; iv. Providing status reports to UC on Breach response activities, either on a daily basis or a frequency approved by UC; v. Coordinating all media, law enforcement, or other Breach notifications with UC in advance of such notification(s), unless expressly prohibited by law; and vi. Ensuring that knowledgeable Supplier staff is available on short notice, if needed, to participate in UC-initiated meetings and/or conference calls regarding the Breach. C. Grounds for Termination. Any Breach may be grounds for immediate termination of the Agreement by UC. D. Assistance in Litigation or Administrative Proceedings. Supplier will make itself and any employees, subcontractors, or agents assisting Supplier in the performance of its obligations available to UC at no cost to UC to testify as witnesses, or otherwise, in the event of a Breach or other unauthorized disclosure of Non-public Information caused by Supplier that results in litigation, governmental investigations, or administrative proceedings against UC, its directors, officers, agents or employees based upon a claimed violation of laws relating to security and privacy or arising out of this Appendix. Revised 5/24/18 Page 6 of 15 ARTICLE 12 – ATTORNEY'S FEES In any action brought by a party to enforce the terms of this Appendix, the prevailing party will be entitled to reasonable attorney's fees and costs, including the reasonable value of any services provided by in-house counsel. The reasonable value of services provided by in-house counsel will be calculated by applying an hourly rate commensurate with prevailing market rates charged by attorneys in private practice for such services. ARTICLE 13 – INDEMNITY The Agreement includes an Indemnity provision, but for the avoidance of doubt regarding a Breach involving Protected Information, Supplier’s indemnification obligations under the Agreement will include the following fees and costs which arise as a result of Supplier’s breach of this Appendix, negligent acts or omissions, or willful misconduct: any and all costs associated with notification to individuals or remedial measures offered to individuals, whether or not required by law, including but not limited to costs of notification of individuals, establishment and operation of call center(s), credit monitoring and/or identity restoration services; time of UC personnel responding to Breach; fees and costs incurred in litigation; the cost of external investigations; civil or criminal penalties levied against UC; civil judgments entered against UC; attorney’s fees, and court costs. ARTICLE 14 – ADDITIONAL INSURANCE In addition to the insurance required under the Agreement, Supplier at its sole cost and expense will obtain, keep in force, and maintain an insurance policy (or policies) that provides coverage for privacy and data security breaches. This specific type of insurance is typically referred to as Privacy, Technology and Data Security Liability, Cyber Liability, or Technology Professional Liability. In some cases, Professional Liability policies may include some coverage for privacy and/or data breaches. Regardless of the type of policy in place, it needs to include coverage for reasonable costs in investigating and responding to privacy and/or data breaches with the following minimum limits unless UC specifies otherwise: $1,000,000 Each Occurrence and $5,000,000 Aggregate. Revised 5/24/18 Page 7 of 15 FIRST AMENDMENT TO APPENDIX – DATA SECURITY AND PRIVACY SAFEGUARD STANDARD FOR PAYMENT CARD DATA (IF APPLICABLE) A. Supplier agrees that it is responsible for the security of Cardholder Data (as currently defined by the Payment Card Industry Data Security Standard and Payment Application Standard Glossary of Terms, Abbreviations, and Acronyms) that it possesses (if any), including the functions relating to storing, processing and transmitting Cardholder Data. In this regard, Supplier represents and warrants that it will implement and maintain certification of Payment Card Industry (“PCI”) compliance standards regarding data security, and that it will undergo independent third party quarterly system scans that audit for all known methods hackers use to access private information and vulnerabilities that would allow malicious software (e.g., viruses and worms) to gain access to or disrupt UC Information Resources. These requirements, which are incorporated herein, can be found at https://www.pcisecuritystandards.org/document_library. Supplier agrees to provide at least annually, and from time to time at the written request of UC, current evidence (in form and substance reasonably satisfactory to UC) of compliance with these data security standards, which has been properly certified by an authority recognized by the payment card industry for that purpose. B. In connection with credit card transactions processed for UC, Supplier will provide reasonable care and efforts to detect fraudulent payment card activity. In performing the Services, Supplier will comply with all applicable rules and requirements, including security rules and requirements, of UC’s financial institutions, including its acquiring bank, the major payment card associations and payment card companies. If during the term of an Agreement with UC, Supplier undergoes, or has reason to believe that it will undergo, an adverse change in its certification or compliance status with the PCI standards and/or other material payment card industry standards, it will promptly notify UC of such circumstances. C. Supplier further represents and warrants that software applications it provides for the purpose of performing Services related to processing payments, particularly credit card payments, are developed in accordance with all applicable PCI standards, and are in compliance with all applicable PCI standards, including but not limited to Payment Application Data Security Standards (PA-DSS), Point to Point Encryption Solution Requirements (P2PE) including approved card readers or Point of Interaction (POI). As verification of this, Supplier agrees to provide at least annually, and from time to time upon written request of UC, current evidence (in form and substance reasonably satisfactory to UC) that any such application it provides is certified as complying with these standards and agrees to continue to maintain that certification as may be required. D. Supplier will immediately notify UC if it learns that it is no longer PCI compliant under one of the standards identified above, or if any software applications or encryption solutions are no longer PCI compliant. Revised 5/24/18 Page 8 of 15 ATTACHMENT 1 A. Supplier will develop, implement, and maintain a comprehensive Information Security Plan that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards. The safeguards contained in such program must be consistent with the safeguards for protection of Protected Information and information of a similar character set forth in any state or federal regulations by which the person who owns or licenses such information may be regulated. B. Without limiting the generality of the foregoing, every comprehensive Information Security Plan will include, but not be limited to: i. Designating one or more employees to maintain the comprehensive Information Security Plan; ii. Identifying and assessing internal and external risks to the security, confidentiality, and/or integrity of any electronic, paper or other records containing Protected Information and of UC Information Resources, and evaluating and improving, where necessary, the effectiveness of the current safeguards for limiting such risks, including but not limited to: a. Ongoing employee (including temporary and contract employee) training; b. Employee compliance with policies and procedures; and c. Means for detecting and preventing security system failures. iii. Developing security policies for employees relating to the storage, access and transportation of records containing Protected Information outside of business premises. iv. Imposing disciplinary measures for violations of the comprehensive Information Security Plan rules. v. Preventing terminated employees from accessing records containing Protected Information and/or UC Information Resources. vi. Overseeing service providers, by: a. Taking reasonable steps to select and retain third-party service providers that are capable of maintaining appropriate security measures to protect such Protected Information and UC Information Resources consistent with all applicable laws and regulations; and b. Requiring such third-party service providers by contract to implement and maintain such appropriate security measures for Protected Information. vii. Placing reasonable restrictions upon physical access to records containing Protected Information and UC Information Resources and requiring storage of such records and data in locked facilities, storage areas or containers. viii. Restrict physical access to any network or data centers that may have access to Protected Information or UC Information Resources. Revised 5/24/18 Page 9 of 15 ix. Requiring regular monitoring to ensure that the comprehensive Information Security Plan is operating in a manner reasonably calculated to prevent unauthorized access to or unauthorized use of Protected Information and UC Information Resources; and upgrading information safeguards as necessary to limit risks. x. Reviewing the scope of the security measures at least annually or whenever there is a material change in business practices that may reasonably implicate the security or integrity of records containing Protected Information and of UC Information Resources. xi. Documenting responsive actions taken in connection with any incident involving a Breach, and mandating post-incident review of events and actions taken, if any, to make changes in business practices relating to protection of Protected Information and UC Information Resources. Computer System Security Requirements To the extent that Supplier electronically stores or transmits Protected Information or has access to any UC Information Resources, it will include in its written, comprehensive Information Security Plan the establishment and maintenance of a security system covering its computers, including any wireless system, that, at a minimum, and to the extent technically feasible, will have the following elements: A. Secure user authentication protocols including: i. Control of user IDs and other identifiers; ii. A secure method of assigning and selecting passwords, or use of unique identifier technologies, such as biometrics or token devices; iii. Control of data security passwords to ensure that such passwords are kept in a location and/or format that does not compromise the security of the data they protect; iv. Restricting access to active users and active user accounts only; and v. Blocking access to user identification after multiple unsuccessful attempts to gain access or the limitation placed on access for the particular system. vi. Periodic review of user access, access rights and audit of user accounts. B. Secure access control measures that: i. Restrict access to records and files containing Protected Information and systems that may have access to UC Information Resources to those who need such information to perform their job duties; and ii. Assign unique identifications plus passwords, which are not vendor supplied default passwords, to each person with computer access, which are reasonably designed to maintain the integrity of the security of the access controls. C. Encryption of all transmitted records and files containing Protected Information. D. Adequate security of all networks that connect to UC Information Resources or access Protected Information, including wireless networks. E. Reasonable monitoring of systems, for unauthorized use of or access to Protected Information and UC Information Resources. Revised 5/24/18 Page 10 of 15 F. Encryption of all Protected Information stored on Supplier devices, including laptops or other portable storage devices. G. For files containing Protected Information on a system that is connected to the Internet or that may have access to UC Information Resources, reasonably up-to-date firewall, router and switch protection and operating system security patches, reasonably designed to maintain the integrity of the Protected Information. H. Reasonably up-to-date versions of system security agent software, including intrusion detection systems, which must include malware protection and reasonably up-to-date patches and virus definitions, or a version of such software that can still be supported with up-to-date patches and virus definitions, and is set to receive the most current security updates on a regular basis. I. Education and training of employees on the proper use of the computer security system and the importance of Protected Information and network security. With reasonable notice to Supplier, UC may require additional security measures which may be identified in additional guidance, contracts, communications or requirements. Revised 5/24/18 Page 11 of 15 FIRST AMENDMENT TO APPENDIX – DATA SECURITY AND PRIVACY GENERAL DATA PROTECTION REGULATION DATA PROTECTION AMENDMENT During the course of providing Services to, or on behalf of, UC pursuant to the Agreement between UC and Supplier dated July 1, 2018, Supplier may access or otherwise process personal data as defined below. The Parties agree that with respect to the processing of personal data pursuant to the Agreement or this Data Protection Amendment (“DPA”), UC is the data controller (and shall hereinafter be referred to as the “Controller”), and Supplier is the data processor (and shall hereinafter be referred to as the “Processor”). The Parties have agreed that the Processor will provide the Services to the Controller pursuant to and in accordance with the terms and conditions of the Agreement and this DPA. In the event of a conflict between the terms of this DPA and the Agreement, the terms of this DPA shall govern. Supplier agrees to be bound by the obligations set forth in this DPA. To the extent applicable, Supplier also agrees to impose, by written contract, the terms and conditions contained in this DPA on any third party retained by Supplier to provide services for or on behalf of UC. A. Definitions Capitalized terms used but not defined in this DPA will have the meanings set forth in the Agreement. The following capitalized terms shall have the meanings set forth herein: 1. “Data” means all personal data processed by (or on behalf of) the Processor for the Controller under or in connection with the Agreement, including in the provision of the Services. “Data” as used herein shall also be considered UC Protected Information as defined in Appendix DS; 2. “Data Subjects’ Rights” means the rights of data subjects as provided in the GDPR including, but not limited to, rights of access, rectification, erasure, restriction of processing, data portability, objection, and the right not to be subject to automated decision making (including profiling); 3. “EEA” means European Economic Area; 4. “EU” means the European Union; 5. “GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC; 6. “data subject,” “personal data,” “personal data breach,” “process/processing,” “pseudonymisation,” and “supervisory authority,” shall each have the meaning as in the GDPR; 7. “Subprocessor” means any third party: (i) who is engaged by the Processor to carry out specific processing activities relating to Data for or on behalf of the Controller; or (ii) to whom the Processor subcontracts any of its obligations in connection with the Agreement. B. Scope of Processing Data 1. Processor shall process Data solely for the purposes of performing the Services and for the same duration of the Agreement, except as otherwise agreed to in writing by the Parties. The scope and Revised 5/24/18 Page 12 of 15 further details of Processor’s processing activities of Data pursuant to the Agreement DPA are set forth in Addendum A to this DPA. 2. To the extent any additional information is required to be included in the Addendum pursuant to the GDPR or any other applicable EU Member State or EEA state law, or this Agreement otherwise requires amendment, the Parties will cooperate to amend this DPA in a writing signed by both Parties. C. Subprocessors 1. Except as otherwise set forth in the Addendum, the Processor shall not engage any Subprocessor, or subcontract any of its obligations under or in connection with the Agreement to any Subprocessor, without the prior specific written consent of the Controller. 2. If the Controller approves of any Subprocessor pursuant to the Addendum, the Processor shall give the Controller prior written notice of any intended changes concerning the addition or replacement of such Subprocessors to allow the Controller to approve or object to such changes. Such notice shall include details of the processing activity or activities to be conducted by the applicable Subprocessor and the identity and contact details of such Subprocessor. 3. The Processor shall ensure that any Subprocessor approved by Controller in accordance with this Section C is subject to obligations in a written agreement requiring such Subprocessor to comply with the obligations of this DPA, including, but not limited to, providing sufficient guarantees to implement appropriate technical and organizational measures as required by GDPR. If any Subprocessor fails to fulfill its data protection obligations, the Processor shall remain fully liable to the Controller for the performance or non-performance of such Subprocessor. 4. Upon request, the Processor shall provide a copy of each Subprocessor agreement entered into pursuant to this Section C to the Controller. D. Obligations of the Processor 1. The Processor shall, and shall ensure that each of its employees, approved Subprocessors and any other individual acting under its authority who has access to the Data shall: a. process Data in accordance with the terms of this Agreement, DPA or any other written instructions of the Controller, and only to the extent and in the manner necessary to provide Services, and for no other purpose(s). In the event EU or Member State law requires Processor to process in a manner not expressly authorized by this Agreement or the Controller’s written instructions, the Processor shall promptly inform the Controller of the applicable legal requirement before processing, unless prohibited from doing so on important public interest grounds, consistent with EU or Member State law; b. keep the Data confidential and ensure that any person authorized to process the Data for or on behalf of the Processor (including but not limited to any Processor employees and staff and approved Subprocessors) has agreed to keep the Data confidential, or is otherwise under a statutory obligation to protect the confidentiality of the Data; and Revised 5/24/18 Page 13 of 15 c. upon reasonable request from the Controller, provide an up-to-date copy of the Data in the format requested by the Controller. 2. In carrying out its obligations under the Agreement and this DPA, the Processor shall comply with all applicable laws and regulations relating to privacy or data protection, including, but not limited to, GDPR. 3. In accordance with GDPR, and taking into consideration the state of the art, costs of implementation and the nature, scope, context and purposes of processing the Data pursuant to this Agreement, as well as the risks to the rights and freedoms of natural persons and the risks to processing the Data, the Processor represents and warrants that it shall implement appropriate technical and organizational security measures appropriate to such risks, including, as appropriate: (i) the pseudonymisation and encryption of the Data; (ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (iii) the ability to restore the availability of and access to the Data in a timely manner in the event of a physical or technical incident; and (iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing. 4. The Processor’s technical and organizational security measures to protect Data shall include, without limitation, the measures set forth in Appendix DS. 5. The Processor shall assist the Controller in ensuring compliance with Controller’s obligations as a Controller by: (a) cooperating with Controller’s implementation of appropriate technical and organizational security measures to ensure the security of processing Data; (b) cooperating with Controller notifications to supervisory authorities and/or data subjects, as applicable, of any breaches of Data; (c) cooperating with Controller’s conduct of data protection impact assessments, including but not limited to, any requirements to consult with a supervisory authority as required by GDPR. Processor shall also cooperate with additional obligations of Controller that may be required of it pursuant to GDPR and other applicable data protection laws. 6. In the event of any suspected or actual personal data breach, the Processor shall notify the Controller (via the individual identified by UC in the Agreement to receive Notices relating to Appendix DS on behalf of UC) orally and in writing (including by e-mail) immediately after becoming aware of such breach. All breach reporting of Data shall otherwise be consistent with Article 11 of Appendix DS. 7. Except for transfers of Data to the Controller, the Processor shall not process or transfer any Data to any country outside the EEA except pursuant to prior written approval of the Controller, and at all times in compliance with GDPR and other applicable data protection laws. 8. This section is only applicable if Processor’s Services include the collection of personal data directly from data subjects: In the event Processor’s Services include the collection of personal data directly from data subjects that is to be provided to Controller, unless the parties otherwise agree, the Processor shall be responsible for ensuring that such processing of personal data complies with GDPR requirements, including, but not limited to, obtaining a lawful basis to process the personal data. 9. This section is only applicable if Processor’s Services include the transfer of personal data it has collected or obtained from the EEA to Controller: In the event Processor is transferring personal data it has Revised 5/24/18 Page 14 of 15 collected or otherwise obtained from data subjects in the EEA to Controller for the purposes of performing Services, unless the parties otherwise agree on another transfer mechanism which satisfies GDPR requirements, such transfers shall be governed by the Standard Contractual Clauses set forth in Addendum B to this DPA. Processor acknowledges that Controller is subject to U.S. federal and state laws and regulations, including but not limited to public disclosure laws and regulations that may require the retention and disclosure of information that is the subject of the Agreement. Any liability, claims or damages of Controller shall be limited to the acts or omissions of the Controller. Processor acknowledges that Controller is a U.S. state public institution and is prohibited from assuming liability for the conduct of persons other than Controller’s officers, agents, employees, students, invitees, and/or guests. 10. The Processor shall return or destroy Data consistent with the provisions of Article 9 of Appendix DS. In the event EU, EU Member State law or EEA state law requires the storage of such Data, the Processor shall promptly inform the Controller of such requirement. E. Data Subjects’ Rights 1. Except as otherwise set forth in writing by Controller, the Controller shall be responsible for providing data subjects with any information required under GDPR at the time of collecting such data subjects’ personal data, as well as any information requested by data subjects relating to the processing of their personal data. 2. The Processor shall notify the Controller (via the individual identified by UC in the Agreement to receive Notices relating to Appendix DS on behalf of UC) in writing (including by e-mail) of each and any request that it receives from a data subject relating to a Data Subject Right. Such written notification shall be made promptly no later than two (2) business days following receipt of the request, and shall include any information in the Processor’s custody or control that may assist the Controller to respond to the request. 3. Unless otherwise required by applicable EU, EU Member State law or EEA state law, the Processor shall not respond to any such requests or other communications the Processor receives from data subjects, without the prior written consent of the Controller. 4. The Processor shall assist the Controller in Controller’s obligations to respond to requests for exercising Data Subjects’ Rights by using appropriate technical and organizational measures, to the extent practicable given the nature of the processing of Data. F. Accountability 1. Upon written request from the Controller, the Processor shall make available to the Controller all information necessary to demonstrate compliance with its obligations under this DPA. The Processor shall make its records, documents, facilities, processes and individuals reasonably available to Controller or Controller’s designee for audits or inspections to demonstrate compliance with this DPA. 2. The Processor shall immediately inform the Controller if, in the Processor’s opinion, any instruction from the Controller with respect to the processing of Data pursuant to this Agreement violates or contradicts GDPR, or other applicable EU, EU Member State or EEA state data protection laws or regulations. Addendum A: Scope of Processing Data This Addendum is part of the DPA and includes details of the processing of Data as required by the Agreement. 1. Processor is processing Data on behalf of the Controller for purposes of the performance of Services described in this Agreement. Data shall be processed for the duration of the term of this Agreement, except as otherwise specifically set forth herein. 2. The purposes(s) of the processing of Data to be carried out by the Processor on behalf of the Controller includes: police video evidence. 3. The Data to be processed by the Processor on behalf of the Controller in the performance of Services includes the following: NAME, TITLE, CONTACT INFORMATION, BIRTHDATE, AGE, IDENTIFICATION NUMBERS, if applicable: the Data may also include the following sensitive data – racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, data concerning sex life or sexual orientation, or data relating to criminal convictions or offenses If the Processor becomes aware that additional personal data and/or UC Protected Information not identified above has been received from the Controller, the Processor shall immediately notify the Controller. 4. The Data to be processed by the Processor on behalf of the Controller in the performance of Services relates to the following categories of data subjects: patients, students, donors, employees, vendors, consultants. 5. Controller authorizes the Processor to subcontract the following processing activities to the following Sub processors: Amazon Web Services or Microsoft Azure Cloud Services storing video evidence Revised 5/21/18 Page 1 of 14 ATTACHMENTATOPURCHASINGAGREEMENT#2018.000203 STATEMENTOFWORK ThisStatementofWork#1(“SO W”)isissuedpursuantto PurchasingAgreement#2018.000203dated July 1,2018betweenU CandWatchGuard,Inc.(“Agreement”). 1. TitleandDescriptionoftheScopeofGoodsand/orServices WatchGuardwillfurnishbody worncamera’s,clips,incarcamera hardwareandvideoevidenceserver andEvidenceManagementsoftwarewithcompleteimplementationandremovalofexistingequipment alongwithtrainingforalltencampusPoliceDeparments. 2. TermofSOW ThisSOWwillbeginon July 1,2018(“EffectiveDate”)andcontinuethrough December 30,201 9.This SOWmaynotberenewedorotherwiseamendedexceptthroughaChangeOrderpursuanttotheChange Managementsectionbelow. 3. KeyTasksandActivities,DeliverablesandCompletionTimeframe Theprojectplanisgenerally executedwithin68weeks. SYSTEMIMPLEMENTATIONDETAILEDDESCRIPTION Thefollowingtasklistisbrokendownbyimplementationphase.Duringexecutionofthisproject,thereare multiplestepsthatwillhappe n,someconcurrently. I. PlanningandDesign Theplanninganddesignphasewillbegin afterProjectInitiation,andwilllastforaweektotwoweeksinto theprojectastheworkperformancesiteisexamine dandthefinalplanis putintoplace.Thisphase includesunderstandingthelayoutoftheDepartmentand designingthesolutiontofititsindividualneeds, Revised 5/21/18 Page 2 of 14 including,designingthebackendserversystemtothe customspecificationsoftheDepartment,and designingthenetworktopology.Thefollowingtasks willberequiredtocompetethisphase: 1. Finalagreementonhowmuchvideowill bestoredandwhereitwillbestored. 2. Siteinspection/surveysothattransferstationplac ementandinstallationmaybeplanned. 3. MeetwithITtoplanthenetwork topology,IPaddressingrequirements,andservernaming requirementstheDepartmentwouldlikeWatchGuardVideotoadheretoduringdeployment. 4. Obtainallsystemsettingsandparameters,including:userinformation,securityroles,evidence retention,etc. II. Execution–InformationSystemsandFleetInstallations Allofthesestepswillbeperformedonsiteby theWatchGuardVideoTechnicalServicesteamor agencyapprovedsubcontractors.Projectexecutionstepsinclude: 1. Serverinstallationandconfiguration 2. Transferstationinstallationandconfiguration 3. SystemConfiguration a. Installandruntheclientsoftware locallyandfromthenetwork. b.Configureallthesystemsettingsand parameters,including:userinformation, securityroles,evidenceretention,etc.and exporttheconfigurations. c. Installandrunclientsonanymachines theDepartmentspecifiesandtest. Aroundthesametimethestepsabovearebeing performedbytheWatchGuar dtechnicians,an authorizedinstallerwillbegintooutfitthevehicles.Thisi satacostof$380.00pervehicle.If applicablea$85.00chargewillbeaddedforthe removalofoldsystems.Itis notnecessaryforall vehiclestobeoutfittedwiththe equipmentbeforesoftwareinstallation.Onlyafewvehiclesare neededfortestingpurposes.Allotherinstallationscan bedoneafterthe factandconfigured accordingly. III. Testing AdetailedTestPlanand Checklistarelistedbelow. 1. Begintestingthesolutionassystemsaredeployed. 2. Applyanyupdatesorfixesasnecessary. 3. DeliverthesolutiontotheDepartment. 4. AftertheDepartmentisupandrunning,close monitoringofthesolutionwillbeginandwilllast forseveraldays. Revised 5/21/18 Page 3 of 14 4RETESTPLAN TEST01:FunctionalTesting UponarrivaltheWatchGuardTechnicianswillvisually inspectIncarinstallationsandequipmentthen beginthefollowingteststoverifyfunctionality. InCarChecklist(PreConfiguration) TestIgnitionSensor:DoesDVRpoweronwithignition? TestBulletPower:Isthe BulletPowerLEDlit? TestBulletConnectivity:IstheBulletLANLEDlit? TestInCarSensor–LightBar:ActivateR ecording?VisualIndicatoronDisplayScreen? TestInCarSensor–Brakes:Visual IndicatoronDisplayScreen? TestInCarSensor–Siren:Vis ualIndicatoronDisplayScreen? TestInCarSensor–AUX:Visual IndicatoronDisplayScreen?(ifapplicable) TestWiFiMicrophone:ActivateRecordin g?IndicatoronDisplayScreen? CheckGPScoordinatesandspeedonDisplayScreen TestVideoReco rd,Stop,Review TestRearCameraActivation:Checkforproperorientation TestMicrophoneVolume:WiFiandCabin TestManualPowerOff TestManualPowerOn CheckTouchScreenSensitivityandA ccuracy:Calibrate,ifnecessary TestDisplay:Menu–Settings–DiagnoseDisplay Revised 5/21/18 Page 4 of 14 TheTechnicianswillvisuallyinspecttheAccess Pointlocations,mountingandcablingbyfollowingthe checklistbelow. WirelessCommunicationChecklist CheckAPlineofsightwithparkingareaforcars CheckthatAPmeetsrequirements(i.e.5 Ghz,802.11n,20/40Mhz) CheckthatrecommendedAPChannelrangeis used(i.e.5805,5820,etc…) TestBulletConnectivitywithAP:BulletLEDsshowingfullspectrum? CheckWirelessSettings:Menu–Settings–Diagnose–Wireless CheckAPloginthroughwebinterface CheckBulletcommunicationthroughAPwebinterface CheckBullet/APwirelesscommunicationRX/TXspeed Logintothebulletusingput tyandpingtheDVR TEST02:OperationalTesting Oncethesystemhardwareandsoftwareisinstalled theTechnicianswillbeginOperationalTestingby performingthefollowingtests. PostConfigurationChecklist Checkforsignalindicatorondisplaysc reenwhencariswithinrangeofAP CheckNetworksettingsunderMenu–TransferNetwork TestOfficerLogin:Verifyofficerlistisaccurate Verifyrecordingtriggersareworkingproperly (i.e.lightbar,HiFiMic,etc…) Createtestrecording:VerifyEventCat egorieslistedafterhittingSTOP Test4REWirelessuploadtoserver:Che ckforuploadindicatorondisplayscreen TestsaferemovalofUSBfromDV R:HoldSTOPbuttonfor3seconds Revised 5/21/18 Page 5 of 14 TurnOffIgnition:Checkthat displayscreenshowscountdowntimer Test4REUSBuploadtoservervia ImportScanneronremotePCclient TestEvidenceLibraryClientLogin TestEvidenceLibraryClient Videoplayback:Cameraviews,micvolumes,etc.… TestExportingEvidenceLibraryvideo:To USB,CD/DVD,folderoncomputer Modifyconfigurationandverifychanges werepushedtothecarswirelessly Createa“Test”CaseinCaseManagement TEST03:Performance(Benchmark)Testing ToverifyproperperformancetheWatchGuardTechnicians and/orAgencyStaffcan performthefollowing checks. Checkuploadtransferspeed onDVR:Menu–Transfer QualityofSignalontheAccessPoint/s(TransmitCCQ) SignalStrengthontheIncar WirelessRadioandAccessPoint/s ReceivingandTransmissionRateontheAccessPoint/s(TX/RXRate) TEST04:FinalAcceptanceTesting DuringFinalAcceptanceTestingtheAg encywillevaluatetheperformanceofthecomplete4REsystemfor 30dayswith24/7supportfromWatchGuardVideo’s CustomerServiceTeam.TheAgencyisencouraged tosignupforourWebPortalt oaccessourissuetrackingsystem.An yissuescanbesubmittedoverthe phone,viaemailorthroughtheWebPortal. TESTPLAN VISTATestPlanChecklist TestDesktopDockConfiguration:CheckoutVista;verifyconfigurationvalueschosenare reflectedinunitoperation. TestDesktopDockImport:ImportVideo;verifysuccessfultransfertoserver. Revised 5/21/18 Page 6 of 14 TestDesktopDockAutoImport:Verifyau toimportandtransfertoserver. TestTransferStationConfiguration:CheckoutVista TestTransferStationAutoImport:Verify autoimportandtransfertoserver. TestTransferStationMetadatareporting:Docke dVista’sshouldreportbatteryandimport status. 1. Delivery–Aftersuccessfulcompletionofthesolution,it willbehandedofftotheDepartment. 2. Support a. OncetheDepartmenthastakenoverthe daytodayuseofthevideoandevidence managementsolution,WatchGuardVideowill beginthesupportphase.Inthisphasewe willprovideongoingsupporttotheDepartment asneeded.Support typesinclude: 24/7TelephoneSupport RemoteAccess(IfapprovedbytheDepartment) Onsite(Additionalfeesmayapply) b. AWatchGuardrepresentativewillfollowupwith theDepartmenton the3rd,30th, 45th,and60thdaysafterdelivery. Thetrainingandhandoffphase ofimplementationwilllastapproximatelytwodaysdependingon howtheDepartmentwantstostructuretrainingclassattendance. Revised 5/21/18 Page 7 of 14 Revised 5/21/18 Page 8 of 14 c 4. UCObligations UCwillcoordinatemeetingswiththeInformationT echnologyDepartmentandall personnelthatare neededfortheimplementation. 5. Place(s)ofPerformance No.CaliforniaUClocation Address UCBerkeley 1SproulHall,Berkeley,CA947201199 UCDavis 625KleiberHall,Davis,CA95616 UCMerced 5200N.LakeRoad,Merced,CA95343 UCSantaCruz 1156High Street,SantaCruz95064 UCSanFrancisco 654MinnesotaSt.,SanFrancisco,CA94143 So.CaliforniaUClocation Address UCIrvine 410EPeltasonDrive,Irvine,CA92697 UCLosAngeles 601WestwoodPlz,LosAngeles,CA90095 UCRiverside 3500CanyonCrest DriveRiversideCA92521. UCSantaBarbara PublicSafetyBldg.574,SantaBarbara,CA93106 UCSanDiego 9500GilmanDrive,LaJolla,CA920930017 6. KeyPersonnel Supplier’sAccountManagerislistedbelow,issubjecttoUCapproval,andhas overallresponsibilityfor managingtheUC/Supplierrelationship: Name FranJudge Phone 8006056734 Email FJudge@WatchGuardVideo.com Address 415CenturyParkway Allen,TX75013 Revised 5/21/18 Page 9 of 14 7. ReportingRequirements Supplieragreestoprovideother reportsasreasonablyrequestedbyUCduringtheTermoftheAgreement andanyextension(s)totheTermatnoadditionalcosttoUC. 8. Assumptions a) ThefollowingitemsarenotincludedwithinthescopeofGoodsand/orServicestobeprovided underthisSOW:WirelessAccessPoints 9. ServiceLevelAgreement DuringtheTermoftheAgreement,andanyextension(s)oftheTerm,Supplierwillprovidethefollowing minimumservicestandards: 1. TIER1 a. WhenacustomercallstheWatchGuardVid eosupportline(1866 3843567)during normalbusinesshours(7am6pmCST),thecustomerwillspeaktoa technicianwithin30 minutesofplacingthecall.Ifitisoutsideo fnormalbusinesshours,and itisaMEDIUM PRIORITYorHIGHPRIORITYissue,thecustomer willbeconnectedtoatechnicianwithin 1hour. b. LOWPRIORITYissuesarenotaddressedafterhours. c. Thecustomerwillbe givenaRESOLUTIONortheissue willbeescalatedtoTier2within 4businesshours. d. IfanissueisescalatedtoTier2,th ecustomerwillreceiveanemailnotification. 2. TIER2 a. WhenanissueisescalatedtoTier2,thecustomerwillbecontactedby aTier2 Representativewithin4businesshours. b. ForLOWPRIORITYproblemsthatareescalated toTier2,thecustomerwillbegivena RESOLUTIONortheissuewillbeplaced onENGINEERINGHOLD within3BusinessDays ofinitialcontactwithTier2Representative. c. ForMEDIUMPRIORITY problemsthatareescalatedtoTier 2,thecustomerwillbegiven aRESOLUTIONortheissuewillbeplaced onENGINEERINGHOLD within2BusinessDays ofinitialcontactwithTier2Representative. 3. ForHIGHPRIORITYproblemsthatareescalated toTier2,thecustomerwillbegivena RESOLUTIONortheissuewillbeplacedonENGINEER INGHOLDthesameBusinessDaysofinitial contactwithTier2Representative. 4. ENGINEERINGHOLD a. WhenanissueisplacedonENGINEERINGHOLD,thecustomerwillb enotifiedwithin4 businesshours. b. ForLOWPRIORITYproblemso nENGINEERINGHOLD,customer willbegivendailystatus updatesuntilRESOLUTION. c. ForMEDIUMPRIORITYandHIGH PRIORITYproblemsonENGINEERINGHOLD,customer willbegiven4hourstatusu pdateuntilRESOLUTION. Theminimumservicestandardssetforthaboverecognizethatoccasionalerrorsarelikely;however, Supplierfurtheragreestouseitsbest effortstoachieve100%ofservicelevels.Shouldtheservicelevels fallbelowtheminimumstandardsandSupplierdoes nottakecorrectiveactionwithinfourteen(14)days followingUCwrittennotification,UCreservestherighttoterminatetheAgreementimmediately. Revised 5/21/18 Page 10 of 14 10.ProgramRequirements OrderPackagingandLabeling.Supp lieragreesthateachUCorder willbeindividuallywrappedandlabeled withthefollowinginformation: PurchaseOrdernumber; Productdescription,quantityandcatalognumberofthe productorderedandanopen30character fieldforinternalidentificatione.g.,UCstorehouse catalognumbersand/orinternalcustomerorder numbers;and Otherinformation,asmayberequestedbyorderingUCLocation. PackagingslipswillbeattachedtotheoutsideofthepackagesuchthatitcanbeinspectedbyUCatthe requestingdepartmentand/or receivingdock. ReceivingLocations.SupplieragreestoprovidedesktopanddockdeliverytoallUCcurrentandfuture authorizedpersonneldeliverypoints,asrequestedbyUC. StandardDeliveryRequirements.SupplierwilldeliverMonday throughFriday,excludingUCandSupplier observedholidays.SupplierprovideUCwithascheduleonorbeforeSeptember1ofthefollowingcalendar yearshowingholidaysandotherplannedshutdowns(suchastheannualinventory)thatwouldimpact Supplier’sabilitytodelivertheGoodsand/orServices.Supp lieragreestodeliverallUCordersreceivedby 3:30pmPacific Timethenextbusinessdayasfollows: Campusdirect(desktopdelivery) by 3:30pmPacificTime Storehouse(dropshipdelivery) by10:00amPacificTime DeliveryDelays.SupplierwillreportanydeliverydelaywhatsoevertotheorderingLocation,aswellasits cause,withintwo(2)hoursafterSupplierisabletoreasonablydeterminetherewillbeadelay;thereport willbeprovidedtoUCbytelephone,email,orfacsimile.Supplierwillkeep UCfullyinformedandwilltake allreasonableactionineliminatingthecauseofdelay. RushDeliveryRequirements.SupplieragreestodeliverU Cemergencyorderswithinfour(4)hoursafter receiptoforderatnoadditionalchargetoUC.Rushdeliveryordersforsamedaydeliverymustbe requestedbyUCpriorto1:00pmPacificTime.Suppliercan notguarantee,butagreestousegoodfaith effortstoprovidesamedaydeliveryforrush ordersUCplacesafter1:00pmPacific Time. Returns.SupplieragreestoacceptGoodsreturnedbyUC ifinresalableconditionandifmadewithinthirty (30)daysoforiginalshipment.Suppliermustpick upreturnsfromtheorderingdepartmentlocationwithin twobusinessdays.Servicesunder$20.00donot needtobephysicallyreturnedtoSupplier. Credit.RequestsforcreditcanbetransmittedbytheorderingUCpersonnelviatheestablishedorder managementsystem(telephone,fax,paperreturnform,and webbased).Chargebacksandcreditmemos willbeissuedtoUCorderingdepartmentsinthe currentmonth’sbillingperiod.Returnitemswillbe creditedatcost.IfGoodswerepurchasedviaUCpurchasingcard,creditmustbeissuedtothesame purchasingcard. OutofStockItems.Ifthereisanoutofstock situationofanyorderedinventorieditem(s),theoutofstock itemwillbeaddedtothebackorderfileandwillbedeliveredtoUCwhentheitemisinstockwithouta furtherorderbeingsubmitted. Surveys.Supplierwill,atUC’srequest,conductcustomer surveysofUCordersthroughquestionnaires.The contentofthesesurveyswillbeapprovedbyUC.UCwillberesponsibleforthetabulationofthesesurveys. Revised 5/21/18 Page 11 of 14 11.ChangestotheServices UCmaydesiretochangethe Goodsand/orServicesfollowingexecutionofan SOW.Ifso,UCwillsubmita writtenAmendmenttoSupplierdescribingthechangesinappropriatedetail.IfanAmendmentdoesnot requireSuppliertoincuranyadditionalmaterialcostsor expenses,thenSupplierwillmakethemodification withinten(10)businessdaysofSupplier’sreceiptofUC’sAmendment.IfanAmendmentdoesrequirethat Supplierincuradditionalmaterialcostsorexpenses,thenSup plieringoodfaithwillprovideUCwitha written,highlevel,nonbindingassessmentofthecostsandexpensesandthetimerequiredto performthe modificationsrequiredbytheAmendment,withinten(10)businessdaysofSupplier’sreceiptofUC’s Amendment.UCwillnotifySupplierinwritingwithinten(10)businessdaysafterreceiptofSupplier’s responsetotheAmendmentastowhetherUCwishesSuppliertoimplementtheAmendmentbasedonthe response.UCwillcompensateSupplierforimplementationof anAmendmentinaccordancewiththeterms andconditionsoftherelevantAmendmentandSupplier’sresponsetotheAmendment,ifany.Supplier’s implementationofanAmendmentwillnotdelaytheperformanceofServicesand/orthedeliveryof deliverablesnotreasonablyaffectedbyanAmendment. 12.NoMandatoryUse BecausethereisnomandatoryusepolicyatUC,nothi nginthisStatementofWorkwillbeconstruedto preventUCfromenteringintosimilaragreements withanythirdpartiesincluding,withoutlimitation, suppliersthatmaybein competitionwithSupplier. 13.AdditionalTerms EVIDENCELIBRARYSOFTWAREMAINTENANCEPLAN WatchGuardSoftwareMaintenancePlanforEv idenceLibrary(hereinreferredtoasthe“Software MaintenancePlan”)isgovernedbytheTermsand Conditionslistedbelowandco nstitutesyourcontract withWatchGuard,Inc.forsoftwaremaintenance.SubjecttotheseTermsandConditions, (i) TheSoftwareMaintenancePlanappliestoallcustomerswho signedupforanactiveplanwith WatchGuardafterJuly1,2015. (ii) TheEvidenceLibrarySoftware(“CoveredSoftware”)first soldtotheRegentsoftheUniversityof Californiaisguaranteedtobefreedefectsinmaterial andworkmanshipfortheduratio nofthecoverage period. (iii) TheSoftwareMaintenancePlan providesyouwithaccesstotelephonetechnicalsupportand webbasedsupportresourcesfortheCoveredSoftware. (iv) TheSoftwareMaintenancePlanprovidesyou withaccesstosoftwareservicepacks,minor softwareupdates,majorsoftwareupgrades,and4RE/VISTAFirmwareupdates. (v) TheSoftwareMaintenancePlanincludesthe“Basic”levelof CLOUDSHARE. TheSoftwareMaintenancePlancanbe extendedbeyondthefirstyear,provid edpaymentfortheannual SoftwareMaintenancePlanforeachyear ismadetoWatchGuard priortotheendoftheCoveragePeriod. TheSoftwareMaintenancePlanmustbecarriedconsec utivelywithoutanylapsesinyearlycoverage acrossallpurchased4REInCa r,andVISTAunits.WatchGuardwilltracktheserial numbersofeachunit andassociatecoveragewiththeSoftware MaintenancePlanrespec tively.All4REInCa r,VISTAandIT relatedhardwareisexcludedundertheSoftwareMaintenancePlan. ThedurationoftheSoftwareMaintenancePlan(“Coverage Period”)isfortheperiodspecifiedbyanyand allpaidinvoicesrelatedtothepurchasesofSoftware MaintenancePlans.Wat chGuardmayrestrict serviceprovidedunderthisSoftwareMaintenancePlan totheCoveredSoftware’soriginalcountryof purchase. AllSoftwareMaintenanceplanswillhavea“Common”expirationdatethatwillbe determinedbythe expirationoftheoriginalSoftwareMaintenance fromtheinitialpurchaseinvoice.Thecommon expirationdatewillbethesamefor allunits.Anyadditionalunitspurchase daftertheinitialinvoice,will nothaveSoftwareMaintenanceextendedpast thecommonexpirationdateunless additionalyearsof Revised 5/21/18 Page 12 of 14 SoftwareMaintenancearepurchased.Allunitsmustbeextendedatthe sametimeandthenthenew expirationdatewillbecomethe commonexpirationdateforallcurre ntandfutureunitspurchased. SERVICEOPTIONS: RemoteServicewhichincludescallcenter,onlinechat ,email,willcall,and remotedesktopservice,is providedfreeofchargefortheCoveragePerio d.Ininstanceswhereremotedesktopcapabilityis accessible,WatchGuardwillmakeeveryreasonableefforttoprovideasolutionremotely. OnSiteTechnicalServicemustbe scheduledinadvancean disavailableataminimumdailyrate.Contact WatchGuardforfurtherinformationregarding ratesandavailability. TECHNICALSUPPORT/TELEPHONEANDWEBSUPPORT DuringtheCoveragePeriodWatchGuardwillprovide youwithaccesstotelephonet echnicalsupportand webbasedtechnicalsupportresources.Technicalsuppo rtmayincludethelaunch,configuration, troubleshooting,andrecovery,interpretingsystem errormessages,anddeterminingwhenhardware repairsarerequired.WatchGuard willprovidetechnicalsupportfor theCoveredSoftwareincluding softwareapplicationsthatareinstalledbyWatchGuardora nAuthorizedServiceCenter.WatchGuardwill providesupportforthethencurrentversionofthesoftware. SUPPORTLIMITATIONS TheSoftwareMaintenancePlandoesnotcover: (i) Issuesthatcouldberesolvedbyupgrading thesoftwaretothethencurrentversion. (ii) YouruseoformodificationtotheCoveredSoftware inamannerforwhichtheCoveredSoftware isnotintendedtobeusedormodified. (iii) Thirdpartyproductsortheireffectso norinteractions withtheCoveredSoftware. (iv) Doesnotcover theservicesortimerelatedtothe installationofthesoftware,training,or softwareupgrades. (v) Youruseofacomputeroroperatings ystemthatisunrelatedtoCoveredSoftware. (vi) ConnectivityissueswiththeCoveredSoftwar eovernetworksnotbuiltorsupportedby WatchGuard. (vii) CoveredSoftwarethathas beendeletedoruninstalled. (viii) PreventativemaintenanceontheCoveredSoftware. (ix) Damageto,orlossof,anysoftwareordatar esidingorrecordedonthesamecomputerasthe CoveredSoftware.Thecontentsoftheharddrive maybedeletedinthecourseofservice.WatchGuard mayinstallsystemsoftware updatesaspartofyourservicethat willpreventthesoftwarefromreverting toanearlierversion.Reinstallationofsoftwareprogramsand userdataarenotcoveredunderthisPlan. (x) HardwareWarrantycoverage includes,butisnotlimitedto,servers,computers,DVDburners, JBODonlinestoragedevices,uninterruptablepower supplies,buildingmountedantennas,andallrelated bracketsandmountinghardware(“ITEquipment”). (xi) OnSitetechnicalservice. (xii) Problemscausedbythefunctionofane tworkorvirusesorothersoftwareproblemsintroduced intotheCoveredSoftwareorcomputertheCoveredSoftwareisrunningon. (xiii) Exceptasspecificallyprovided herein,anyotherdamagesthatdonotarisefromdefectsin materialsandworkmanshiporordinaryandcustomary usageoftheCoveredSoftware. AnyIncidentdeemedoutofscopeasdefinedint hisSoftwareMaintenancePlanoranyincidentthat occurswhilenoSoftwareMaintenance PlanAgreementisinplace,shallbesubjecttoadditionalfees and/orcharges.TheCustomerwill bequotedapplicablechargesand ratespriortoanyservice(s)being performed.Approvedservice(s)willcommence uponreceiptofapurchaseorder. OBTAININGTECHNICALSUPPORT Youmayobtaintechnicalsupportbycalling(80 0)6056734.TheCustomerServiceRepresentative will provideyoutechnicalsupport. YOURRESPONSIBILITY ToreceiveserviceorsupportunderthePlan,youagreetocomplywiththefollowing: (i) Provideyouragencynameandserial number(ifrequired)oftheCoveredSoftware. (ii) Provideinformationaboutthesymptomsand causesoftheproblemswiththeCovered Software. Revised 5/21/18 Page 13 of 14 (iii) Respondtorequestsforinformation,includingbut notlimitedtotheassociatedserialnumberof CoveredSoftware,version,model,IThardware,and softwareincludingoperatingsystemanddatabase software,thirdpartysoftwareinstalled,anyperipheralsde vicesconnectedorinstalledwiththeCovered Software,anyerrormessagesdisplayed,actionstaken beforetheCoveredSoftwareexperiencedtheissue andstepstakentoresolvetheissue. (iv) YoushallmaintainallITEquipmentrelatedtoor requiredbytheCoveredSoftware.Anyincident arisingfrominadequatemaintenanceofthesesystemsshall besubjecttoadditionalperincidentcharges (v) Anychangestothehardwareorsoftwareenvironment forboththeCoveredSoftwareandIT EquipmentmadebyCustomerthatresultsinany degradationinperformancewillbetheresponsibilityof youincludinganyrelatedcoststocorrectthe issue.Changesinclude,butarenotlimitedto,incar installationresultinginanonapproved installation,damagedormisalignmentofwirelessantennas causedbythecustomerorweather,untrimmedtreesor addedobstaclesthatdegradewirelesssignal strength,addedvehicleswithoutregardforadding additionalwirelessaccesspointsthatresultsin degradedperformance,addingorchangingvideo storagelocationsinanimpropermanner,addingor updatingserversoftwarewithouttheapprovalofW atchGuard,changestothe4RErelatednetwork topologyorarchitecturewithoutconsultationofWatchGuard. GENERALTERMS (i) WatchGuardmayuponwrittenapprovalo ftheRegentsoftheUniversityofCalifornia, subcontractorassignperformanceofits obligationstothirdpartiesbutwillnot berelievedofits obligations. (ii) WatchGuardisnotresponsibleforany failuresordelaysinperformingunderthePlanthatare duetoeventsoutsideWatch Guard’sreasonablecontrol. (iii) ThisPlanisofferedandvalidonlyinthe UnitedStatesofAmerica.ThisPlanmaynotbeavailable inall states,andisnotavailable whereprohibitedbylaw. (iv) IncarryingoutitsobligationsWat chGuardmay,atitsdiscretionand solelyforthepurposesof monitoringthequalityofWatchGuard’sresponse,re cordpartorallofthecallsbetweenyouand WatchGuard. (v) WatchGuardisnotobligatedtorenew theSoftwareMaintenancePlan aftertermination.Ifanew SoftwareMaintenancePlanisoffered,WatchGuardwilldeterminethepriceandterms. LIMITATIONOFLIABILITYONSOFTWAREPROVIDEDBYWATCHGUARD: EXCEPTFORTHELIMITEDWARRANTIE SANDREMEDIESCONTAI NEDHEREIN,THIS PRODUCTISPROVIDED ONAN“ASIS”BASIS,WITHOUTANYOTHER WARRANTIESORCONDITIONS,EX PRESSEDORIMPLIED, INCLUDINGBUTNOTLIMITEDTO,WARRANTIES OFMERCHANTABLEQUALITY,MERCHANTABILITYOR FITNESSFORAPARTICULARPURPO SE,ORTHOSEARISINGBY LAW,STATUTE,USAGEOFTRADE,OR COURSEOFDEALING. NEITHERWATCHGUARDNORITSDEAL ERSORSUPPLIERSWILL HAVEANYLIABILITYFORANYINDIRECT, INCIDENTAL,SPECIAL,ORCONSEQUENTIALDAMAGESWHATSO EVER,INCLUDINGBUT NOTLIMITEDTO, LOSSOFREVENUEORPROFIT,WHETHERR ESULTINGFROMTHEUSE,MISUS EORINABILITYTOUSETHIS PRODUCTORFROMDEFECTSINTHEPRODUCT,EVENIFWATCHGUARDHASBEEN ADVISEDOFTHE POSSIBLITIYOFSUCHDAMAGES,ORTHEYA REFORESEEABLE.WATCHGUARDISALSONOTRESPONSIBLE FORCLAIMSBYATHIRDPARTY.WATCHGUARD’SMA XIMUMAGGREGATELIABILITYTOYOU,ANDTHAT OFITSDEALERSANDSUPPLIERS,SH ALLNOTEXCEEDTHEAMOUNT PAIDBYYOUFORTHISPRODUCTAS EVIDENCEDBYYOURPURCHASERECEIPT. SUPPORTCONTACTINFORMATION WatchGuard,Inc. Attn:CustomerServiceDepartment 415Century Parkway Allen,Texas75013 (800)6056734TollFreeMainPhone (972)4239777Main (972)4239778Fax Revised 5/21/18 Page 14 of 14 www.watchguardvideo.com support@watchguardvideo.com ThisStatementofWorkissignedbelowby theparties’dulyauthorizedrepresentatives. THEREGENTSOFTHE WATCHGUARDINC. UNIVERSITYOFCALIFORNIA ________________________________ ____________________________________ (Signature)(Signature) WilliamCooper ____________________________________ AssociateVicePresident&ChiefProcurementOfficer (PrintedName,Title) ________________________________ ____________________________________ (Date)(Date) Mike Burridge, Senior VP of Sales 06/14/20186/22/2018 Justin Sullivan Director, Strategic Sourcing CATEGORY ITEM/DESCRIPTION MANUFACTUR ER MANUFACTURER PART NUMBER COMMENTS & DEFINITIONS QTY (UO M) UNIT PRICE Year 1 Year 2 Year 3 Year 4 Year 5 5-Yr Total Body Worn Body Worn Camera WatchGuard VIS-EXT-WIF-001 VISTA WiFi Body Worn Camera 436 ea.898.00 391,528.00 391,528.00 783,056.00 Body Worn Software Maintenance WatchGuard WAR-VIS-HWS-BUN 5 year software bundle with below)436 ea.67.00 0.00 29,212.00 29,212.00 29,212.00 29,212.00 116,848.00 Body Worn Hardware Maintenance WatchGuard WAR-VIS-HWS-BUN 5 year hardware bundle with above)436 ea.138.00 0.00 60,168.00 60,168.00 60,168.00 60,168.00 240,672.00 Body Worn Clips WatchGuard VIS-MNT-KIT-001 Chest Mount is Included with the VISTA WiFi 436 ea.0.00 0.00 0.00 0.00 0.00 0.00 0.00 Body Worn Docking Station WatchGuard VIS-CHG-BSE-KIT USB Dock/Charging Bases 325 ea.86.00 27,950.00 0.00 0.00 27,950.00 0.00 55,900.00 Body Worn Storage Unlimited WatchGuard WGV-CLD-UNL-103 Unlimited Cloud Storage per Year / per Camera Unlimited ea.285.00 124,260.00 124,260.00 124,260.00 124,260.00 124,260.00 621,300.00 In Car In Car Camera forward facing wide angle panoramic camera WatchGuard 4RE-STD-GPS-RV2 4RE In-Car Video System (Price w/Bundle Discount)111 ea.4,422.00 490,842.00 0.00 0.00 0.00 0.00 490,842.00 In Car In Car interior camera with a view of the rear seat WatchGuard CAM-BST-200-NEW Included with above 111 ea.0.00 0.00 0.00 0.00 0.00 0.00 0.00 In Car Software Maintenance WatchGuard SFW-MNT-EL4-001 First Year is Included 111 ea.143.00 0.00 15,873.00 15,873.00 15,873.00 15,873.00 63,492.00 In Car Hardware Maintenance WatchGuard WAR-4RE-CAR-1ST Yr 1-$0; Yr 2-$95; Yr 3-$190; Yr 4-$309; Yr 5-$427 111 ea.0.00 0.00 10,545.00 21,090.00 34,299.00 47,397.00 113,331.00 In Car Installation equipment (all inclusive)WatchGuard SVC-4RE-INS-100 4RE System Installation, In-Car (per Unit Charge*)111 ea.380.00 42,180.00 0.00 0.00 0.00 0.00 42,180.00 In Car Removal of equipment (all inclusive)WatchGuard SVC-4RE-REM-100 Video System Removal (per Unit Charge)ea.85.00 0.00 0.00 0.00 0.00 0.00 0.00 In Car Storage Unlimited WatchGuard WGV-CLD-UNL-103 Unlimited Cloud Storage per Year / per Camera Unlimited ea.285.00 31,635.00 31,635.00 31,635.00 31,635.00 31,635.00 158,175.00 Evidence Mgmt.Video Evidence Management Software WatchGuard KEY-EL4-SRV-001 Evidence Library 4 Web Site License Key 8 ea.950.00 7,600.00 0.00 0.00 0.00 0.00 7,600.00 Evidence Mgmt.On-Site Upload Server WatchGuard HDW-4RE-SRV-102 Server, 4RE, 16 HDD, 3U, 6-15 Concurrent Cars 10 ea.8,597.00 85,970.00 0.00 0.00 0.00 0.00 85,970.00 Evidence Mgmt.Software Maintenance WatchGuard KEY-EL4-DEV-001 4RE Device License Key (x 111 4RE In-Car Systems)111 ea.143.00 15,873.00 0.00 0.00 0.00 0.00 15,873.00 Evidence Mgmt.Software Maintenance WatchGuard KEY-EL4-DEV-003 Evidence Library 4 Web 4RE Combo-Discount Device License Key 111 ea.71.00 7,881.00 0.00 0.00 0.00 0.00 7,881.00 Evidence Mgmt.Hardware Maintenance WatchGuard KEY-EL4-DEV-002 VISTA Device License Key 325 ea.143.00 46,475.00 0.00 0.00 62,348.00 0.00 108,823.00 Evidence Mgmt.Storage Unlimited WatchGuard WGV-CLD-UNL-103 Unlimited Cloud Storage per Year / per Camera Unlimited 0.00 0.00 0.00 0.00 0.00 0.00 0.00 Other Redaction Licensing WatchGuard KEY-WGV-RED-001 Single Seat at $3,995 and Annual Software Maintenance 10 ea.3,795.00 37,950.00 0.00 0.00 0.00 0.00 37,950.00 Other Redaction Licensing WatchGuard WAR-WGR-MNT-001 Software Maintenance, REDACTIVE, $785.00 annual, per seat 10 ea.746.00 0.00 7,460.00 7,460.00 7,460.00 7,460.00 29,840.00 Other Installation Equipment (all inclusive)WatchGuard SVC-4RE-ONS-400 4RE System Setup, Configuration, Testing and Admin Training. First Location - $2500/Each add'l = $1,000 10 ea.950.00 11,500.00 0.00 0.00 0.00 0.00 11,500.00 Other Training (per campus)WatchGuard N/A (incl w/Install)10 job 0.00 0.00 0.00 0.00 0.00 0.00 0.00 Other Implementation WatchGuard N/A (incl w/Install)10 job 0.00 0.00 0.00 0.00 0.00 0.00 0.00 Extended Price PRICING SCHEDULE FOR WATCHGUARD - ATTACHMENT B - PRICING HELD FIRM FOR FIVE YEARS CATEGORY ITEM/DESCRIPTION MANUFACTUR ER MANUFACTURER PART NUMBER COMMENTS & DEFINITIONS QTY (UO M) UNIT PRICE Body Worn Body Worn Camera WatchGuard VIS-EXT-WIF-001 VISTA WiFi Body Worn Camera 1 ea.898.00 Body Worn Software Maintenance WatchGuard WAR-VIS-HWS-BUN 5 year software bundle with below)1 ea.67.00 Body Worn Hardware Maintenance WatchGuard WAR-VIS-HWS-BUN 5 year hardware bundle with above)1 ea.138.00 Body Worn Clips WatchGuard VIS-MNT-KIT-001 Chest Mount is Included with the VISTA WiFi 1 ea. Body Worn Storage Unlimited WatchGuard WGV-CLD-UNL-103 Unlimited Cloud Storage per Year / per Camera Unlimited yr 285.00 VISTA Device License Key 1 ea.143.00 Total Cost of one Body Worn Camera 1,531.00 In Car In Car Camera forward facing wide angle panoramic camera WatchGuard 4RE-STD-GPS-RV2 4RE In-Car Video System (Price w/Bundle Discount)1 ea.4,422.00 In Car In Car interior camera with a view of the rear seat WatchGuard CAM-BST-200-NEW Included with above 1 ea.0.00 In Car Software Maintenance WatchGuard SFW-MNT-EL4-001 First Year is Included 1 ea. In Car Hardware Maintenance WatchGuard WAR-4RE-CAR-1ST Yr 1-$0; Yr 2-$95; Yr 3-$190; Yr 4-$309; Yr 5-$427 1 ea.0.00 In Car Installation equipment (all inclusive)WatchGuard SVC-4RE-INS-100 4RE System Installation, In-Car (per Unit Charge*)1 ea.380.00 In Car Removal of equipment (all inclusive)WatchGuard SVC-4RE-REM-100 Video System Removal (per Unit Charge)ea. In Car Storage Unlimited WatchGuard WGV-CLD-UNL-103 Unlimited Cloud Storage per Year / per Camera Unlimited ea.285.00 4RE Device License Key 1 ea.143.00 Total Cost of one In Car Camera 5,230.00 Evidence Mgmt. Video Evidence Management Software WatchGuard KEY-EL4-SRV-001 Evidence Library 4 Web Site License Key 1 ea.950.00 Evidence Mgmt.On-Site Upload Server WatchGuard HDW-4RE-SRV-102 Server, 4RE, 16 HDD, 3U, 6-15 Concurrent Cars 1 ea.8,597.00 Evidence Mgmt.Software Maintenance WatchGuard KEY-EL4-DEV-001 4RE Device License Key (x 111 4RE In-Car Systems) Evidence Mgmt.Software Maintenance WatchGuard KEY-EL4-DEV-003 Evidence Library 4 Web 4RE Combo-Discount Device License Key 1 ea.71.00 Evidence Mgmt.Hardware Maintenance WatchGuard KEY-EL4-DEV-002 VISTA Device License Key 1 ea.143.00 Evidence Mgmt.Storage Unlimited WatchGuard WGV-CLD-UNL-103 Unlimited Cloud Storage per Year / per Camera Unlimited 0.00 9,761.00 Other Redaction Licensing WatchGuard KEY-WGV-RED-001 Single Seat at $3,995 and Annual Software Maintenance 10 ea.3,795.00 Other Redaction Licensing WatchGuard WAR-WGR-MNT-001 Software Maintenance, REDACTIVE, $785.00 annual, per seat 10 ea.746.00 Other Installation Equipment (all inclusive)WatchGuard SVC-4RE-ONS-400 4RE System Setup, Configuration, Testing and Admin Training. First Location - $2500/Each add'l = $1,000 10 ea.950.00 Other Training (per campus)WatchGuard N/A (incl w/Install)10 job 0.00 Other Implementation WatchGuard N/A (incl w/Install)10 job 0.00 5,491.00 Interview Room Hardware WatchGuard 4RE-200-INT-001 Interview Room w/One Camera 1 ea.4,995.00 Interview Room Hardware WatchGuard 4RE-200-INT-002 Interview Room w/Two Cameras 1 ea.5,195.00 Software Live Streaming WatchGuard SFW-WCM-KIT-100 Watch Commander Site License 1 ea.2,500.00 Software Live Streaming WatchGuard SFW-WCM-LIC-FEE Watch commander License Fee 1 ea.250.00 Body Worn Hardware WatchGuard VIS-VTS-DTC-001 8-Bay Transfer Station for Charging/Docking 1 ea.1,495.00 Robot Hardware WatchGuard HDW-4RE-RBT-RIM Rimage, Catalyst 6000N Disc Publishing 1 ea.9,500.00 Robot Accessoreis WatchGuard DVD-RIM-PRM-002 DVD, Rimage, Professional Media Kit, Color, Includes Ribbon and Media, Qty 1,000 1 ea.759.00 Body Worn Hardware WatchGuard Download Station (32-Bay)1 ea.13,500.00 Body Worn Accessoreis WatchGuard VIS-SHR-CLP-200 Rotatable Shirt Clip 1 ea.30.00 Body Worn Accessoreis WatchGuard VIS-MNT-KIT-001 Locking Chest Mount Clip 1 ea.50.00 Body Worn Accessoreis WatchGuard VIS-BLT-CLP-002 Duty Belt clip 1 ea.20.00 Body Worn Accessoreis WatchGuard VIS-MNT-MOL-002 Molle Loop Mount 1 ea.20.00 Body Worn Accessoreis WatchGuard VIS-MNT-VEL-001 Velcro Plate Mount 1 ea.20.00 Body Worn Accessoreis WatchGuard VIS-MNT-KLK-002 Klick Fast Mount 1 ea.35.00 Body Worn Accessoreis WatchGuard VIS-MNT-TRI-001 Tripod Mount 1 ea.35.00 Body Worn Hardware WatchGuard VIS-M;NT-RAM-002 RAM Mount 1 ea.35.00 Body Worn Hardware WatchGuard VIS-XLT-WIF-001 VISTA XLT w/Body Camera 1 ea.898.00 WatchGuard VIS-XLT-WIF-002 VISTA XLT w/Head Camera 1 ea.898.00 OPTIONAL ITEMS INDIVIDUAL PRICING SCHEDULE FOR WATCHGUARD - ATTACHMENT B - PRICING HELD FIRM FOR FIVE YEARS