Loading...
The URL can be used to link to this page
Your browser does not support the video tag.
Backup Documents 02/28/2023 Item #16C7
ORIGINAL DOCUMENTS CHECKLIST & ROUTING SLIP TO ACCOMPANY ALL ORIGINAL DOCUMENTS SENT TO 7 THE BOARD OF COUNTY COMMISSIONERS OFFICE FOR SIGNATURE Print on pink paper. Attach to original document. The completed routing slip and original documents are to be forwarded to the County Attorney Office at the time the item is placed on the agenda. All completed routing slips and original documents must be received in the County Attorney Office no later than Monday preceding the Board meeting. **NEW** ROUTING SLIP Complete routing lines#1 through#2 as appropriate for additional signatures,dates,and/or information needed. If the document is already complete with the exception of the Chairman's signature,draw a line through routing lines#1 through#2,complete the checklist,and forward to the County Attorney Office. Route to Addressee(s).(List in routing order) Office Initials Date 1. Risk Risk Management ] 4)/2.3 2. County Attorney Office County Attorney Office 40023 4. BCC Office Board of County / Commissioners RL 41,/i /S/ 3/3/23 4. Minutes and Records Clerk of Court's Office ( ( / OW'AN 5. Procurement Services Procurement Services PRIMARY CONTACT INFORMATION Normally the primary contact is the person who created/prepared the Executive Summary. Primary contact information is needed in the event one of the addressees above,may need to contact staff for additional or missing information. Name of Primary Staff Ana Reynoso/PROCUREMENT Contact Information 239-252-8950 Contact/ Department Agenda Date Item was FEBRUARY 28, 2023 Agenda Item Number 16.C.7. Approved by the BCC Type of Document CONTRACT Number of Original 1 Attached Documents Attached PO number or account N/A 22-8022 SpryPoint number if document is SpryPoint Services, Services, Inc. to be recorded Inc. INSTRUCTIONS & CHECKLIST Initial the Yes column or mark"N/A"in the Not Applicable column,whichever is Yes N/A(Not appropriate. (Initial) Applicable) 1. Does the document require the chairman's original signature STAMP OK N/A 2. Does the document need to be sent to another agency for additional signatures? If yes, N/A provide the Contact Information(Name;Agency;Address;Phone)on an attached sheet. 3. Original document has been signed/initialed for legal sufficiency. (All documents to be AR signed by the Chairman,with the exception of most letters,must be reviewed and signed by the Office of the County Attorney. 4. All handwritten strike-through and revisions have been initialed by the County Attorney's N/A Office and all other parties except the BCC Chairman and the Clerk to the Board 5. The Chairman's signature line date has been entered as the date of BCC approval of the AR document or the final negotiated contract date whichever is applicable. 6. "Sign here"tabs are placed on the appropriate pages indicating where the Chairman's AR signature and initials are required. 7. In most cases(some contracts are an exception),the original document and this routing slip N/A should be provided to the County Attorney Office at the time the item is input into SIRE. Some documents are time sensitive and require forwarding to Tallahassee within a certain time frame or the BCC's actions are nullified. Be aware of your deadlines! 8. The document was approved by the BCC on 02/28/2023 and all changes made during N/A is not the meeting have been incorporated in the attached document. The County an option for Attorney's Office has reviewed the changes,if applicable. this line. 9. Initials of attorney verifying that the attached document is the version approved by the N/A is not BCC,all changes directed by the BCC have been made,and the document is ready for the an option for Chairman's signature. this line. :' RECEIVED FEB 2 8 2023 16C7 REQUEST FOR PROPOSAL (RFP) #22-8022 FOR "Backflow Prevention Management Software" BETWEEN COLLIER COUNTY AND SPRYPOINT SERVICES, INC. "Effective Date" ATTACHED: 1. Master Subscription Agreement 12 pages 2. Exhibit A—Statement of Work .9 pages 3. Exhibit B—Pricing Schedule .9 pages 4. Exhibit C—Service Level Agreement .20 pages 5. Exhibit D—Insurance Requirements 3 pages 6. Exhibit E—Security Overview 6 pages 7. Exhibit F—Data Processing Exhibit 6 pages Department/Division Name: Collier County Public Utilities Department Water Division 3339 Tamiami Trail E, Ste 302 Naples, Florida 34112 Contract Administrator: Pamela Libby, Manager-Distribution P: (239)252-6239 E: Pamela.LibbyAcolliercountyfl.gov Spry oint I C7 Master Subscription Agreement This Master Subscription Agreement("Agreement"), effective as of al .s/c)-0. ("Effective Date") by and between SpryPoint Services, Inc. ("SpryPoint" or"Contractor")a Canadian Corporation with offices at 45 Queen Street, Suite 400, Charlottetown, PE C1A 4A4 CA, authorized to do business in the state of Florida and Collier County ("Client" or"County"), a political subdivision of the state of Florida with offices at 3339 E. Tamiami Trail, Suite 303, Naples, FL 34112, United States(collectively the "Parties"). Whereas SpryPoint provides a subscription Service to which Client intends to subscribe, this Agreement establishes the business relationship and allocation of responsibilities regarding the Service and the parties therefore agree as follows. SpryPoint shall provide services in accordance with the terms and conditions of this Agreement and Collier County Request for Proposal (RFP) #22-8022. The exhibits and schedules attached hereto are an integral part of this agreement and are deemed incorporated by reference herein. SpryPoint agrees to perform the services described below in accordance with the terms and conditions of this Agreement.Should there be a conflict of terms or conditions,this Agreement shall control,and the order of precedence shall be as follows: 1. Master Subscription Agreement 2. Exhibit A—Statement of Work 3. Exhibit B—Pricing Schedule 4. Exhibit C—Service Level Agreement 5. Exhibit D— Insurance Requirements 6. Exhibit E—Security Overview 7. Exhibit F—Data Processing Exhibit The exhibits listed below are agreed to be incorporated by reference and made part of this Agreement. 8. Exhibit G-Solicitation 22-8022 - Backflow Prevention Management Software 9. Exhibit H -SpryPoint Response to Solicitation 22-8022 —Backflow Prevention Management Software DEFINITIONS. The following capitalized terms shall have the following meanings whenever used in this Agreement. "Affiliate" means any entity which directly or indirectly controls, is controlled by, or is under common control by either party. For purposes of the preceding sentence, "control" means direct or indirect ownership or control of more than 50%of the voting interests of the subject entity. "Agreement" means this Master Subscription Agreement, including any exhibits or attachments hereto. "Authorized Named User" means an end user of the Client that has been given access by Client to use the Services. "Authorized Parties" means Clients' or an authorized Affiliate's Employees and third-party providers authorized to access Client's Tenants and/or to receive Client Data by Client (i) in writing, (ii) through the Service's security designation, or(iii) by system integration or other data exchange process. "Confidential Information" refers to the following types of material or content one party to this Agreement ("Discloser")discloses to the other("Recipient"):(a)any information Discloser marks or designates as"Confidential" at the time of disclosure; and (b) any other non-public, sensitive information disclosed by Discloser including, but not limited to code,inventions,know-how, business,technical,and financial information,or other information which should reasonably be known by the Recipient to be confidential at the time it is disclosed,due to the nature of the information and the circumstances surrounding such disclosure Confidential Information does not include Page 1 of 12 Master Subscription Agreement coo Spry - pint C 7 ib information that:(i)is in Recipient's possession at the time of disclosure;(ii)is independently developed by Recipient without use of or reference to Confidential Information; (iii) becomes known publicly, before or after disclosure, other than as a result of Recipient's improper action or inaction;or(iv)is rightfully obtained by Recipient from a third party without breach of any confidentiality obligations. "Client Data" means a subset of Confidential Information that is comprised of Client's data obtained, used in, or stored as the result of the use of the Services. Client Data shall include the following: (a) Data collected, used, processed, stored, or generated by the Client as the result of the use of the Service, including any personal identifiable information("Pr)and any information related to payment processing,such as credit card numbers and ACH account numbers. Client Data is and shall remain the sole and exclusive property of Client and all right,title, interest in same is reserved to Client. "Client Input"means suggestions,enhancement requests,recommendations or other feedback provided by Client, its employees and Authorized Parties relating to the operation or functionality of the Service. "Competitor" means any entity that may be reasonably construed as offering competitive functionality or the Service offered by SpryPoint. "Documentation" means the Software's standard user manuals and any other accompanying documents related to the Software delivered to Client during Implementation. "Implementation"means the process for gathering requirements,configuring,testing,training,and integrating the Service for Client's use, as set forth in a Statement of Work. "Intellectual Property Rights" means any and all common law, statutory and other industrial property rights and intellectual property rights, including copyrights, trademarks, trade secrets, patents and other proprietary rights issued,honored or enforceable under any appliable laws anywhere in the world,and all moral rights related thereto. "Implementation Services" means the services provided by Provider to Client for the integration, implementation, and use of the Service, which may include project management, analysis, configuration, data conversion,training, testing, development and ongoing maintenance& support, as outlined in Exhibit A-Statement of Work. "Malicious Code" means viruses,worms,timebombs,trojan horses and other malicious code,files, scripts, agents or programs. "Messaging Service"means SpryPoint's alerts,notifications,communications,campaigns&messaging capabilities provided with the Service. "Parties" Collectively refers to SpryPoint and the Client. "Personal Data" means any information that is related to an identified or identifiable individual and has been provided by Client or its Affiliates as Client Data within the SpryPoint Service to enable SpryPoint to process the data on its behalf. "Production Deployment' means once the Client has provided User Acceptance Testing ("UAT") signoff and the Service has been moved into a production environment. "Security Breach"means(i)any actual or reasonably suspected unauthorized use of,loss of,access to or disclosure of,Client Data;provided that an incidental disclosure of Client Data to an Authorized Party or SpryPoint or incidental access to Client Data by an Authorized Party or SpryPoint, where no reasonable suspicion exists that such disclosure or access involves theft, or is fraudulent, criminal or malicious in nature, shall not be considered a "Security Breach" for purposes of this definition, unless such incidental disclosure or incidental access triggers a notification obligation under any appliable Law and (ii)any security breach(or substantially similar term)As defined by applicable law. Page 2 of 12 Master Subscription Agreement 4 vy Spry - pint 16 C7 "Service" means the combination of SpryPoint's software-as-a service applications as described in the Documentation and subscribed to as set forth in Exhibit B - Pricing Schedule or through an Amendment to the Contract. "Service Level Agreement" (SLA). means SpryPoint's standard Service Level Availability policy which may be updated from time to time. No update shall materially diminish SpryPoint's responsibilities under the SLA. "Subscription Service Fee' means the annual amount invoiced and payable for Client's use of the Service. The Subscription Service Fee does not include the one-time implementation fees for the Services as set forth in Exhibit A Statement of Work. "Tenant" means a unique instance of the Service,with a separate set of Client data held by SpryPoint in a logically separated database. "Term"means the Initial Term of this Agreement which commences on the Effective Date and will continue for five (5)years with one two(2)year renewal option. "Updates" means all updates, improvements,enhancements,error corrections,bug fixes, release notes, upgrades and changes to the Service and Documentation as developed by SpryPoint and made generally available for Production use. 1. Provision of Service. 1.1 SpryPoint Obligations. During the Term of this Agreement, SpryPoint shall make the Service and Updates available to Client in accordance with the Documentation,the SLA and pursuant to the terms of this Agreement. SpryPoint shall not use Client Data except to provide the Service, or to prevent or address service or technical problems, verify Service Updates, in accordance with this Agreement and the Documentation, or in accordance with Client's instructions and shall not disclose Client Data to anyone other than Authorized Parties in accordance with this Agreement. 1.2 Client Obligations. Client may enable access of the Service for use only by Authorized Parties solely for the internal business purposes of Client and its Affiliates in accordance with the Documentation and not for the benefit of any third parties. Client is responsible for all Authorized Party use of the Service and compliance with this Agreement. Client shall: (a) have sole responsibility for the accuracy, quality, and legality of all Client Data and(b)take commercially reasonable efforts to prevent unauthorized access to, or use of, the Service through login credentials of Authorized Parties, and notify SpryPoint promptly of any such unauthorized access or use. Client shall not: (i) use the Service in violation of applicable Laws; (ii) in connection with the Service,send or store infringing,obscene,threatening or otherwise unlawful or tortious material, including material that violates privacy rights; (iii) send or store Malicious Code in connection with the Service or its related systems or networks in a manner not set forth in the Documentation. Client shall designate a maximum number of named contacts as listed in the applicable Order form to request and receive support services from SpryPoint. Named support contacts must be trained on the SpryPoint product(s)for which they initiate support requests. Client shall be liable for the acts and omissions of all Authorized Parties and Client Affiliates relating to this Agreement. 1.3 Acceptable Use. Client acknowledges and agrees that SpryPoint does not police the content of communications or data of Client or its users transmitted through the Service,and that SpryPoint shall not be responsible for the content of any such communications or transmissions.Client shall use the Services exclusively for authorized and legal purposes, consistent with all applicable laws and regulations Client is solely responsible (a) for making sure that the disclosure and use of data, content and information provided to SpryPoint does not violate any applicable law or infringe upon the intellectual property rights of any third party and (b)for the appropriate use of any reports and other materials prepared by Client in a manner that will not violate any applicable law or infringe upon the intellectual property rights of any third party. Client agrees not to post or upload any content or data which (a) is libelous, defamatory, obscene, pornographic, abusive, harassing or threatening; (b)violates the rights of others, such as data which infringes on any intellectual property rights or violates any right of privacy or publicity; or (c) otherwise violates any applicable law. SpryPoint may remove any violating content posted or transmitted Page 3 of 12 Master Subscription Agreement Spry • pint 1 6 C 7 through the Services, without notice to Client. SpryPoint may suspend or terminate any user's access to the Service upon thirty(30)days notice in the event that SpryPoint reasonably determines that such user has violated the terms and conditions of this Agreement. 2. Fees. 2.1 invoices & Payment. SpryPoint will invoice Client the first-year subscription fee for the Service upon execution of this agreement.All fees are quoted and payable in United States Dollars.All invoiced charges are due net 30 days from the invoice date unless otherwise stated on the invoice. Client is responsible for providing SpryPoint complete and accurate billing and contact information including a valid email address prior to the commencement of your subscription. Upon SpryPoint's request, Client will make payments via electronic bank transfer. All remittance and invoice inquiries are to be directed to finance©Sp_ryPoint.com. Payment will be made upon receipt of a proper invoice and upon approval by the County's Contract Administrative Agent/Project Manager, and in compliance with Chapter 218, Fla. Stats., otherwise known as the "Local Government Prompt Payment Act". 2.2 Non-Payment and Suspension of Service. Any late interest fees shall be pursuant to Section 218.74, Fla. Stat. If any amount owing by Client for SpryPoint's services under this or any other agreement is net 30 or more days overdue, SpryPoint, without limiting its other rights and remedies reserves the right to suspend the Service until such amounts are paid in full. 2.3 Taxes. All fees invoiced pursuant to this Agreement do not include any applicable taxes. Client shall be solely responsible in the event any authority imposes a duty,tax, levy, or fee(excluding those based on Provider's net income)directly upon the Client in relation to this Agreement. Collier County, Florida as a political subdivision of the State of Florida, is exempt from the payment of Florida sales tax to its Contractors under Chapter 212, Florida Statutes, Certificate Exemption #85-8015966531C-1. 2.4 Tax Status. SpryPoint's fees do not include any Transaction Taxes. Client agrees that it is exempt from all Transaction Taxes, including but not limited to, any local, state, provincial, federal or foreign taxes, levies, duties or similar governmental assessments of any nature, including value - added, goods and services taxes,excise, use or similar taxes. In the event that Client's tax-exempt status changes such that it is no longer exempt from Transaction Taxes,Client shall become responsible for paying all Transaction Taxes associated with this Agreement. If SpryPoint has a legal obligation to pay or collect Transaction Taxes for which Client is responsible under this section,the appropriate amount shall be invoiced to and paid by Client. If Client itself, as a body entitled to assess taxes or fees, imposes any taxes or fees upon SpryPoint's provision of the Services, the fees in this Agreement are net of any such taxes or fees and SpryPoint will gross up its invoices to include such taxes or fees. 2.5 SALES TAX. Contractor shall pay all sales, consumer, use and other similar taxes associated with the Work or portions thereof, which are applicable during the performance of the Work. Collier County, Florida as a political subdivision of the State of Florida,is exempt from the payment of Florida sales tax to its vendors under Chapter 212, Florida Statutes, Certificate of Exemption#85-8015966531C. 2.6 Additional Services. The Service includes optional variable services such as SMS messaging services and outbound IVR dialer services (collectively "Additional Services"). All Additional Services shall be invoiced by SpryPoint to Client upon the request of such services by Client at the pricing and rates provided in Exhibit B. (a) For SMS text messaging services, an optional SMS Short Code fee shall be invoiced upon request of a Short Code by Client. SMS short code fees shall be invoiced annually, while in- bound and out- bound text message usage fees shall be invoiced monthly for actual amount used. (b) For Outbound IVR services, usage fees shall be invoiced monthly for the actual amount used upon activation and usage of the outbound IVR services. 2.7 Additional Services Cost. Any additional services to the Service beyond the initial scope as outlined in Exhibit A — the Statement of Work will be performed on a time and material basis, at an hourly rate of Page 4 of 12 Master Subscription Agreement t.P. ai Spry pint 16 C7 $200 USD per hour.We will implement enhancements pursuant to the change control process as outlined in Exhibit A. 2.8 Additional Users. SpryPoint will be automatically notified when new users are added to Client's Service. If the number of active users,not including archived users,exceeds Clients current subscription,SpryPoint will invoice client for any incremental user additions during the calendar month. Invoice to client will be prorated to align with the remaining months in Client's subscription period. 3. Proprietary Rights 3.1 SpryPoint Intellectual Property Rights. SpryPoint retains all right,title, and interest in and to the Service, Documentation and other SpryPoint Intellectual Property Rights including any related methodologies, techniques, processes, and instruction developed by SpryPoint and used in the course of delivering the Service. under this Agreement and an applicable Statement of Work. No rights are granted to Client hereunder other than expressly set forth herein. Client shall not(and shall not allow or cause any third party to(i) reverse engineer, modify or copy the Service or Documentation or create any derivative works based on the Service and Documentation; (ii) copy and features, functions, interfaces, integrations or graphics of the Service or Documentation; (iii) access the Service or Documentation in order to build any commercially available product or service. 3.2 Client Rights. SpryPoint hereby grants Client's Authorized Named Users(and those of Client's Affiliates and Authorized Parties) a non-exclusive, non-transferable, non-perpetual limited right to use the Service and Documentation,solely for the internal business purposes of Client and Affiliates and solely during the Term, subject to the terms and conditions of this Agreement. 3.3 License to Host Client's Data. Client grants SpryPoint and SpryPoint's hosting partners a worldwide, limited-term license to host,copy,transmit and display Client's Data,as necessary for SpryPoint to provide the Service in accordance with this Agreement.As between SpryPoint and Client, SpryPoint acquires no right,title or interest from Client under this Agreement in or to Client's Data. 3.4 License to use Client's Feedback. Client grants to SpryPoint and its affiliates a worldwide, perpetual, irrevocable, royalty-free license to use and incorporate into the Service any suggestion, enhancement request, recommendation, correction or other Client feedback relating to the Service. SpryPoint shall have no obligation to make Client Input an Improvement. 3.5 Statistical information. SpryPoint owns all aggregated and statistical data derived from the operation of the Service, including, without limitation,the number of records in the Service,the number and types of transactions, configurations, and performance results for the Service. SpryPoint may anonymously compile statistical information related to the performance of the Service for purposes of improving the SaaS service, provided that such information does not identify Client's data or include Client's name. 4. Confldentiality 4.1 Confidentiality. A party shall not disclose or use any Confidential Information of the other party except as reasonably necessary to perform its obligations or exercise its rights pursuant to this Agreement except with the other party's prior written permission. Confidentiality of information contained in this agreement is subject to the requirements of the Florida Public Records Act, Chapter 119, Fla. Stat., and the Florida Sunshine Law, Chapter 286, Fla. Stat. 4.2 Nondisclosure.A party shall not use Confidential Information for any purpose other than to facilitate this Agreement. A Recipient: (a) shall not disclose Confidential Information to any employee or contractor unless such person needs access in order to facilitate the Agreement and executes a nondisclosure agreement with Recipient (b) shall not disclose Confidential Information to any third party without Discloser's prior written consent. 4.3 Protection. Each party shall protect Confidential Information with the same degree of care it uses to protect its own confidential information, but in no event using less than a reasonable standard of care. 4.4 injunctive Relief. Recipient agrees that breach of Confidentiality would cause irreparable injury,for which monetary damages would be inadequate. If a recipient discloses or uses any Confidential Information of Page 5 of 12 Master Subscription Agreement Spry - pint 16 C 7 the other party in breach of confidentiality protections hereunder,the other party shall have the right, in addition to any other remedies available,to injunctive relief to enjoin such acts. 4.5 Retention of Rights. This Agreement does not transfer ownership of Confidential Information or grant a license or any other right thereto. Discloser will retain all right,title and interest in and to all Confidential Information. 5. Data Privacy&Security 5.1 SpryPoint use of Data. Client hereby grants SpryPoint a limited right to access, process, collect, store, generate,display,and use Client Data for the sole purpose of providing the Service.SpryPoint shall keep and maintain Client Data in strict confidence and shall not allow any third parties to use, disclose, or access Client Data without Client's prior written consent. Notwithstanding the foregoing, SpryPoint may disclose Client Data as required by applicable law or by proper legal or governmental authority.SpryPoint shall give Client notice of any such legal or governmental demand and reasonably cooperate with Client in any effort to seek a protective order or otherwise contest such required disclosure,at Client's expense. 5.2 Data Security. Each Party shall be responsible for establishing and maintaining its own data privacy and information security policies, including physical, technical, administrative, and organizational safeguards to ensure the security and confidentiality of Client Data;protect against any anticipated threats or hazards to the security of Client data, protect against unauthorized disclosure, access to, or use of Client Data, ensure the proper disposal of Client Data, and ensure that all employees, agents, and subcontractors, if any, comply with the above. 5.3 Unauthorized Disclosure. If either Party believes there has been a Security Breach, such party must notify the other party upon the earlier of forty-eight(48) hours after discovery or any time frame required by applicable law unless legally prohibited from doing so. Each Party will reasonably assist the other Party in mitigating or remediating any potential damage where appropriate. Each party shall bear the costs of such remediation or mitigation to the extent the breach or security incident was caused by it. As soon as reasonably practicable after any such Security Breach,upon Client's request,Client and SpryPoint will consult in good faith regarding the root cause analysis and any remediation efforts. 6. Warranties&Disclaimers 6.1 From SpryPoint. a) Function: SpryPoint represents and warrants that, during the Term, the Service will perform materially in accordance with the Documentation. b) intellectual Property Rights: SpryPoint represents and warrants that it owns the Service and has the power and authority to grant the rights in this Agreement without the further consent of any third party. c) Malicious Code: SpryPoint represents and warrants that to the best of its knowledge, the Service does not contain any Malicious code. SpryPoint further warrants that it will not knowingly introduce any Malicious Code into the Service. 6.2 From Both Parties. Each party represents and warrants that it has the full right and authority to enter into, execute, and perform its obligations under this Agreement and that no pending or threatened claim or litigation know to it would have a material adverse impact on its ability to perform as required hereunder. 6.3 Warranty Remedies. In the event of a breach of the warranty as set forth in Section 6.1, or upon the discovery of Malicious Code in the Service, (a) SpryPoint shall correct the non-conforming Service at no additional charge to Client or(b) in the event SpryPoint is unable to correct such deficiencies after good- faith efforts,SpryPoint shall refund Client amounts paid that are attributable to the defective Service from the date SpryPoint received such notice through the date of remedy, if any. At no time shall the refund exceed the subscription fees actually paid by Client in consideration for SpryPoint's service delivery during the immediately preceding twelve(12) month period for the Service. 6.4 Warranty Disclaimer. EXCEPT FOR THE EXPRESS WARRANTIES OUTLINED IN SECTION 6.1 AND 6.2 ABOVE, SPRYPOINT MAKES NO WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE,AND SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING Page 6 of 12 Master Subscription Agreement C) Spry • pint 16 C 7 ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE WITH RESPECT TO THE SERVICE AND/OR RELATED DOCUMENTATION. SPRYPOINT DOES NOT WARRANT THAT THE SERVICE WILL PERFORM WITHOUT ERROR OR THAT IT WILL RUN WITHOUT IMMATERIAL INTERRUPTION. THE LIMITED WARRANTIES PROVIDED HEREIN ARE THE SOLE AND EXCLUSIVE WARRANTIES PROVIDED TO CLIENT IN CONNECTION WITH THE PROVISION OF THE SERVICE. 7. Indemnification 7.1 Indemnification. SpryPoint shall protect, defend, hold harmless and indemnify Client harmless against any loss, damage or costs in connection with claims, demands, suits or proceedings ("Indemnified Claims)" made or brought against Client alleging that the use of the Service infringes any third party's Intellectual Property Rights; provided, however,that Client; (a) promptly gives written notice of the Claim to SpryPoint; (b)gives SpryPoint sole control of the defense and settlement of the Claim; and(c)provides to SpryPoint,at SpryPoint's cost,all reasonable assistance.SpryPoint's obligations set forth in this Section do not apply to the extent that an Indemnified Claim arises out of: (a) Client's breach of this Agreement; (b) revisions to the Service made without SpryPoint's written consent; (c) Client's failure to incorporate Upgrades that would have avoided the alleged infringement; (d) Modification of the Service by Client, its Employees, or Authorized Parties in conflict with Client's obligations (e) Unauthorized use of the service by third parties; or(f) use of the Service in a manner inconsistent with the Documentation. Furthermore, the obligation to indemnify shall not apply if such liability is ultimately adjudicated to have arisen through the sole active negligence or sole willful misconduct of Client. If Client is enjoined from using the Service or SpryPoint reasonably believes it will be enjoined, SpryPoint shall have the right at its sole option, to obtain for Client the right to continue use of the Service or to replace or modify the Service so that it is no longer infringing. If neither of the foregoing options is reasonably available to SpryPoint,then use of the Service may be terminated at either party's option and SpryPoint's sole liability shall be to refund any prepaid fees for the Service that were to be provided after the effective date of termination. 8. Limitation of Liability 8.1 Liability Cap. SpryPoint's liability arising out of or related to this Agreement shall in no event exceed the Subscription Fees paid by Client within the twelve (12) months preceding the claim except as outlined in Section 7.1 above. 8.2 Clarifications & Disclaimer. TO THE MAXIMUM EXTENT PERMITTED BY LAW AND EXCEPT WITH RESPECT TO EITHER PARTY'S INDEMNIFICATION OBLIGATIONS, RECKLESS MISCONDUCT, GROSS NEGLIGENCE, WILLFUL MISCONDUCT AND/OR FRAUD, IN NO EVENT SHALL EITHER PARTY'S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT,WHETHER IN CONTRACT, TORT OR OTHERWISE, EXCEED THE SUBSCRIPTION FEES ACTUALLY PAID BY CLIENT IN CONSIDERATION FOR SPRYPOINT'S SERVICE DELIVERY DURING THE IMMEDIATELY PRECEDING TWELVE (12) MONTH PERIOD FOR THE SERVICE FROM WHICH THE CLAIM AROSE. FOR THE AVOIDANCE OF DOUBT, SPRYPOINT'S LIABILITY LIMITS APPLY TO SPRYPOINT'S AFFILIATES, PROVIDERS,AGENTS, SPONSORS, DIRECTORS, OFFICERS, EMPLOYEES, CONSULTANTS AND OTHER REPRESENTATIVES. 8.3 Exclusion of Damages. EXCEPT WITH RESPECT TO AMOUNTS TO BE PAID BY EITHER PARTY PURSUANT TO A COURT AWARD (OTHER THAN A DEFAULT JUDGMENT) OR SETTLEMENT AS WELL AS THE DEFENSE COSTS UNDER THE INDEMNIFICATION OBLIGATIONS NO MATTER HOW MUCH DAMAGES MAY BE CHARACTERIZED, IN NO EVENT SHALL EITHER PARTY HAVE ANY LIABILITY TO THE OTHER PARTY FOR ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE OR CONSEQUENTIAL DAMAGES, HOWEVER CAUSED, OR FOR ANY LOST PROFITS, LOSS OF US, COST OF DATA RECONSTRUCTION, COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, WHETHER IN CONTRACT, TORT OR OTHERWISE, ARISING OUT OF, OR IN ANY WAY CONNECTED WITH THE SERVICE, INCLUDING BUT NOT LIMITED TO THE USE OR INABILITY TO USE THE SERVICE, ANY INTERRUPTION, INACCURACY, ERROR OR OMISSION, EVEN IF THE PARTY FROM WHICH DAMAGES ARE BEING SOUGHT OR SUCH PARTY'S LICENSORS, OR SUBCONTRACTORS HAVE BEEN PREVIOUSLY ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGES.CLIENT WILL NOT ASSERT THAT ITS PAYMENT OBLIGATIONS ARE EXCLUDED AS SPRYPOINT'S LOST PROFITS. 9. Term &Termination Page 7 of 12 Master Subscription Agreement 0 Spry ' o int 1 6 C 7 9.1 Term of Agreement. The Term of this agreement commences on the Effective Date and will continue for five (5)years. 9.2 Renewal. Client shall have the option to renew for one two year term. 9.3 Annual Escalation. The annual Subscription Service Fee for the Service shall be subject to adjustment on each anniversary of the Effective Date at 5% per year. 9.4 Termination for Convenience. Client shall have the right to terminate this Agreement without cause or penalty,by giving not less than Thirty(30)days'prior written notice to SpryPoint. Upon termination,Client shall pay SpryPoint all fees due up to the time of termination. 9.5 Termination for Default. Either party may terminate this Agreement upon Thirty(30) days prior written notice in the event of a material breach by the other party if such breach remains uncured at the expiration of such notice period. 9.6 Termination for Non-Appropriation of Funds. Notwithstanding any other provision of this Agreement, if funds for the continued fulfillment of this Agreement are not forthcoming or are insufficient, through the failure of any entity to appropriate funds or otherwise, Client will have the right to terminate at no additional cost or penalty by giving Thirty(30)days written prior notice documenting the lack of funding. 9.7 Effect of Termination. Upon any termination of this Agreement, Client shall, as of the date of such termination, immediately cease accessing and otherwise utilizing the applicable Service. Termination for any reason shall not relieve Client of the obligation to pay any fees accrued or due and payable to SpryPoint prior to the effective date of termination. 9.8 Access to Client Data. Upon written request by Client made prior to any expiration or termination of this Agreement,SpryPoint will make Client Data available to Client through the Service solely for purposes of Client retrieving Client Data for a period of up to ninety(90) days. After 90 days, SpryPoint will have no obligation to maintain or provide any Client data and shall thereafter, unless legally prohibited, delete all Client Data and will have no further obligation to make it available to Client. 10. Messaging. 10.1 Supplemental Messaging Terms. If Client elects to use SpryPoint's Alerts, Notifications, Communications, Campaigns & Messaging capabilities (Messaging Service") provided with the Service the following supplemental terms ("Messaging Terms") will apply. For avoidance of doubt, Messaging Terms apply to all SpryPoint applications within the service involving automated phone calls,pre-recorded messages,text messages, emails, in-app notifications and any other bulk communications. 10.2 Responsibility& Risk. Client shall be solely responsible for the content of any communications which Client initiates or authorizes in connection with the Messaging Services. SpryPoint shall have no responsibility or liability with respect to messages or communications initiated or authorized by Client. Client assumes all risks associated with use of the Messaging Service 10.3 Messaging Indemnity. Client shall hold harmless, defend and indemnify SpryPoint and its officers, directors, employees, contractors and representatives from and against all claims, damages, losses and expenses including without limitation any statutory damages, penalties and attorney's fees arising out of or relating to the Messaging Service or any breach by Client of the Agreement including without limitation, these Messaging Terms, except in the event of SpryPoint's willful misconduct. 10.4 Compliance. SpryPoint is limited to delivering the Messaging Service to the Client as part of the Service, accordingly, compliance with applicable laws is strictly Client's responsibility with respect to the Messaging Service notwithstanding any provision to the contrary. 11. Miscellaneous 11.1 Independent Contractor. SpryPoint and all persons(s) employed by or contracted with SpryPoint to furnish labor and/or materials under this Agreement are independent contractors and do not act as agent(S)or employee(s)of Client. SpryPoint has full rights to manage its employees in their performance Page 8 of 12 Master Subscription Agreement Gam" Spry - o int 16G7 of the Service under this agreement. This agreement does not create nor is it intended to create a partnership, franchise,joint venture, agency, fiduciary or employment relationship between the parties. There are no third-party beneficiaries to this Agreement. 11.2 Insurance. SpryPoint will maintain insurance during the entire Term of this Agreement,at its own expense the insurance coverage as outlined in Attachment D. The policies shall name Client as an additional insured with respect to the provision of services provided under this agreement. 11.3 Governing Law. This Agreement shall be governed exclusively by the internal laws of the State of Florida. 11.4 Venue.Any suit or action brought by either party to this Agreement against the other party relating to or arising out of this Agreement must be brought in the appropriate federal and state courts in Collier County, Florida,which courts have sole and exclusive jurisdiction on all such matters and shall apply Florida law. 11.5 Notices. All notices under this Agreement shall be in writing and shall be deemed to have been given upon the third business day after first class mailing. Notices to the Client shall be sent to: Collier County Public Utilities Operations Center Attn: Pamela Libby-Water Distribution Manager 4370 Mercantile Avenue Naples, FL 34104 Phone:(239)252-6239 Email: Pamela.Libby©colliercountyfl.gov Notices to SpryPoint shall be sent to: Kyle Strang Managing Partner 45 Queen Street—Suite#401 Charlottetown, PE C1A 4A4 11.6 Waiver. No failure or delay by either party in exercising any right under this agreement shall constitute a waiver of that right or any other right. Neither Client's review, acceptance nor payments for any of the Service or the Implementation Services shall be constructed to operate as a waiver of any rights under this agreement or of any cause of action arising out of the performance of this Agreement. 11.7 Force Majeure. In no event shall either party be responsible or liable for any failure or delay in the performance of its obligations hereunder arising out of or caused by,directly or indirectly,forces beyond its control, including, without limitation, strikes, work stoppages, accidents, acts of war or terrorism, civil or military disturbances, nuclear or natural catastrophes or acts of God, and interruptions, loss or malfunctions of utilities, communications or computer (software and hardware) services; it being understood that SpryPoint shall use reasonable efforts which are consistent with accepted software industry practices to resume performance as soon as practicable under the circumstances. Dates by which performance obligations are scheduled to be met will be extended for a period of time equal to the time lost due to any delay so caused. 11.8 Conflicts of Interest. SpryPoint certifies that to the best of its knowledge, no Client officer, employee or authorized representative has any financial interest in the business of SpryPoint and that no person associated with SpryPoint r has any interest, direct or indirect, which could conflict with the faithful performance of this Agreement. 11.9 Fair Employment. SpryPoint shall not discriminate against any employee or applicant for employment because of race,sex,color, religion, religious creed, national origin, ancestry,age,gender, marital status, physical disability, mental disability, medical condition, genetic information, sexual orientation, gender expression,gender identity, military and veteran status,or ethnic background,in violation of federal,state or local law. Page 9 of 12 Master Subscription Agreement () Spry - o int i 6 C 7 11.10 Time. Time is of the essence in the performance of this Agreement. 11.11 Assignment. Neither Party may may assign this Agreement or any of its rights or obligations hereunder without the prior written consent of the other party(which consent shall not be unreasonably withheld). Except to the extent forbidden herein,this Agreement will be binding upon and inure to the benefit of the parties' respective successors and assigns. Notwithstanding the foregoing, either party may assign this Agreement in its entirety without consent of the other party in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets so long as the assignee agrees to be bound by all of the terms of this Agreement and all past due fees are paid in full. In no event shall Client have the right to assign this Agreement to a direct Competitor of SpryPoint. Any attempt by a party to assign its rights or obligations under this Agreement other than as permitted by this section shall be void and of no effect. Subject to the foregoing,this Agreement shall bind and inure to the benefit of the parties,their respective successors and permitted assigns. 11.12 Severability.To the extent permitted by the law,the parties waive any provision of law that would render any clause of this Agreement invalid or unenforceable. In the event that a provision herein is held to be invalid or unenforceable,such provision will be interpreted to fulfills its intended purpose to the maximum extent permitted by the law,and the remaining provisions of this Agreement will continue in full force and effect. 11.13 Publicity. Except as set forth herein, SpryPoint shall not use Client's name, logos, or trademarks in any written press releases, advertisements and/or marketing materials without the prior consent of Client, SpryPoint is authorized to use Client's name and logo in lists of Clients and on its website, however,such usage shall not be classified as an advertisement but only identification as an entity who receives the Service from SpryPoint. 11.14 Piggyback. It is understood and agreed by Client and SpryPoint that any governmental entity may purchase the services specified herein in accordance with the prices, terms, and conditions of this agreement. It is also understood and agreed that each local entity will establish its own contract with SpryPoint, be invoiced therefrom and make its own payments to SpryPoint in accordance with the terms of the contract established between the new governmental entity and SpryPoint.It is also hereby mutually understood and agreed that Client is not a legally bound party to any contractual agreement made between SpryPoint and any entity other than Customer. 11.15 Amendment. This Agreement may only be amended in writing by authorized representatives of each party. 11.16 Execution in Counterparts: This Agreement may be executed in one or more counterparts. Each counterpart will be an original, but all such counterparts will constitute a single instrument. 11.17 Dispute Resolution. Prior to the initiation of any action or proceeding permitted by this Agreement to resolve disputes between the parties, the parties shall make a good faith effort to resolve any such disputes by negotiation. The negotiation shall be attended by representatives of Contractor with full decision-making authority and by County's staff person who would make the presentation of any settlement reached during negotiations to County for approval. Failing resolution, and prior to the commencement of depositions in any litigation between the parties arising out of this Agreement, the parties shall attempt to resolve the dispute through Mediation before an agreed-upon Circuit Court Mediator certified by the State of Florida. The mediation shall be attended by representatives of Contractor with full decision-making authority and by County's staff person who would make the presentation of any settlement reached at mediation to County's board for approval. Should either party fail to submit to mediation as required hereunder, the other party may obtain a court order requiring mediation under section 44.102, Fla. Stat. 11.18 Prohibition of Gifts to County Employees.No organization or individual shall offer or give,either directly or indirectly, any favor, gift, loan,fee, service or other item of value to any County employee, as set forth in Chapter 112, Part III, Florida Statutes, Collier County Ethics Ordinance No. 2004-05, as amended, and Count Administrative Procedure 5311. Violation of this provision may result in one or more of the following consequences: a. Prohibition by the individual, firm, and/or any employee of the firm from contact with County staff fora specified period of time; b. Prohibition by the individual and/or firm from doing business Page 10 of 12 Master Subscription Agreement GQ,O Spry o int 1 6C7 with the County for a specified period of time, including but not limited to: submitting bids, RFP, and/or quotes; and, c. immediate termination of any Agreement held by the individual and/or firm for cause. 11.19 Public Entity Crime. By execution of this Agreement, the Contractor acknowledges to comply with the terms of Section 287.133 of the Florida Statutes and inform the County of the conviction of a public entity crime. 11.20 Compliance with Laws. By executing and entering into this Agreement, the Contractor is formally acknowledging without exception or stipulation that it agrees to comply, at its own expense,with all federal, state and local laws, codes, statutes, ordinances, rules, regulations and requirements applicable to this Agreement, including but not limited to those dealing with the Immigration Reform and Control Act of 1986 as located at 8 U.S.C.1324, et seq. and regulations relating thereto,as either may be amended, as well as the requirements set forth in Florida Statute, §448.095; taxation, workers'compensation, equal employment and safety including, but not limited to,the Trench Safety Act, Chapter 553, Florida Statutes, and the Florida Public Records Law Chapter 119, if applicable, including specifically those contractual requirements at F.S. §119.0701(2)(a)-(b) as stated as follows: IF THE CONTRACTOR HAS QUESTIONS REGARDING THE APPLICATION OF CHAPTER 119, FLORIDA STATUTES, TO THE CONTRACTOR'S DUTY TO PROVIDE PUBLIC RECORDS RELATING TO THIS CONTRACT, CONTACT THE CUSTODIAN OF PUBLIC RECORDS AT: Division of Communications, Government and Public Affairs 3299 Tamiami Trail East, Suite 102 Naples, FL 34112-5746 Telephone: (239) 252-8999 Email: PublicRecordRequest©colliercountyfl.gov The Contractor must specifically comply with the Florida Public Records Law to: 1. Keep and maintain public records required by the public agency to perform the service. 2. Upon request from the public agency's custodian of public records, provide the public agency with a copy of the requested records or allow the records to be inspected or copied within a reasonable time at a cost that does not exceed the cost provided in this chapter or as otherwise provided by law. 3. Ensure that public records that are exempt or confidential and exempt from public records disclosure requirements are not disclosed except as authorized by law for the duration of the contract term and following completion of the contract if the Contractor does not transfer the records to the public agency. 4. Upon completion of the contract, transfer, at no cost, to the public agency all public records in possession of the Contractor or keep and maintain public records required by the public agency to perform the service. If the Contractor transfers all public records to the public agency upon completion of the contract, the Contractor shall destroy any duplicate public records that are exempt or confidential and exempt from public records disclosure requirements. If the Contractor keeps and maintains public records upon completion of the contract,the Contractor shall meet all applicable requirements for retaining public records. All records stored electronically must be provided to the public agency, upon request from the public agency's custodian of public records, in a format that is compatible with the information technology systems of the public agency. If Contractor observes that the Contract Documents are at variance therewith, it shall promptly notify the County in writing. Failure by the Contractor to comply with the laws referenced herein shall constitute a breach of this Agreement and the County shall have the discretion to unilaterally terminate this Agreement immediately. Page 11 of 12 Master Subscription Agreement 0 Spry a int 1 6 C 7 IN WITNESS WHEREOF,the Parties have executed this Agreement on the date and year first written above by an authorized agent or person. ATTEST: Crystal K. Kinzel, Clerk of the Circuit Court BOARD OF COUNTY COMMISSIONERS and Comptr*r" ' '-`-'0 COLLIER COUNTY, FLORIDA ) • i-- ' -' r: (---/ :-.7 , By: a • By: - Dated: - -.), Rick LoCastro, Chairman (SEAL) •,%,; . ,,,,,..••''," •" °4•StitAu\'', Contracto ' Witnesse CONTRACTOR: .,. SpryPoInt Services,Inc. :41 First v, tness By: 4e.-6.- 51—e_4"r6- Sign we cAlA , - - ai-A x\.0 if tType/print witness namer ,, A TType/print s gnat e e and titl Second tness to (-•i exi,J i e..9 Date fType/print wirness namel' Appr v-45toTorm and Legality: 641‘461';1,1"111,14el/N -V 45) s.Siet64 County Attorney RCIlqi A T 1 Tcmokr, Print Name )i• Page 12 of 12 \ \: l'' Master Subscription Agreement \\O‘i) \\.\ C .` :+r ' / •�o 1_ r -N , _.,. ,,' , ,. * I , r i t I f J i,' I Exhibit A — Statement of Work 45 Queen Street Charlottetown, PE sprypolnt.com CIA 4A4, Canada 0 Exhibit A-Statement of Work 1 6 C 7 able of Contents Statement of Confidentiality Error! Bookmark not defined. Table of Contents 1 Introduction 2 Definitions 2 General Description 4 Project Management and Project Governance 4 Analysis 4 SpryPoint Activities 4 Client Activities 5 Software Configuration 5 SpryPoint Activities 5 Client Activities 5 Data Load 5 SpryPoint Activities 5 Client Activities 5 Training 5 SpryPoint Activities 6 Client Activities 6 Testing 6 User Acceptance Testing 7 SpryPoint Activities 7 Client Activities 7 Cutover 7 Post Go Live Improvements & Support 7 SpryPoint Activities 7 Client Activities 7 Payment Schedule 8 Confidential/Copyright©2022 SpryPoint Services Inc.All Rights Reserved 1 0 on Exhibit A-Statement of Work 1 6 C 7 0 Introduction OA This Statement of Work is by and between SpryPoint Services, Inc ("SpryPoint) a Canadian Corporation with offices at 45 Queen Street, Charlottetown, PE C1A 4A4 and Collier County ("Client") with offices at 3295 E. Tamiami Trail, Naples, FL 34112, United States. Collier County Public Utilities Department, Water Division monitors over 65,000 backflow devices throughout the County, which are increasing at a rate of 1,200 devices per year. The County's Water Division maintains the Cross Connection Control records for proper reporting to the Florida Department of Environmental Protection, per Rule 62-555.360 Cross- Connection Control for Public Water Systems. The purpose of this project is to replace the County's current XC2 software with SpryBackflow — Cross Connection Control application. SpryPoint Backflow will help Collier manage the following processes: 1. Act as System of Record for Backflow Device Management 2. Provide administrators the ability to manage devices, assemblies, and print labels. 3. Serve as a communication engine for renewal letters and general communication with both customers and testers. 4. Provide an administrative dashboard to allow Client staff to manage assemblies, testers & monitor the overall compliance of the program 5. Provide configurable Test Reports and Forms 6. Provide a Tester Self-Service portal to allow testers to update Certifications & Test Kits. 7. Provide workflow for testers to enter and submit tests electronically thereby eliminating paper & emails test submittal 8. Real-Time reports with interactive Key Performance Indicators on program management Definitions In addition to the definitions contained elsewhere in this SOW, the terms in the table below are defined using the associated descriptions Definition/Term Name Definition Term Description Business Day One regular workday (Monday through Friday). Business Process A defined series of procedures that will identify and document process steps and system transactions. Business Process documentation may be used to facilitate testing and training. Change Management The activities, events, processes and procedures that are employed for handling transformation from one system environment to another; this relates mainly to the people and business processes. Confidential I Copyright©2022 SpryPoint Services Inc.All Rights Reserved 2 efl 1 6 C 7 0 Exhibit A-Statement of Work Definition/Term Nome Definition Term Description Change Order All changes to the SOW must be agreed upon by the parties and evidenced in a written instrument signed by the parties' authorized representatives. Configuration Process of setting up software to perform Client's specific user requirements. Cut Over Includes all activities required to prepare the systems for the transition of SpryBackflow to production processing. Gap Analysis Discovery workshops to document existing business processes and determine new processes using the SpryBackflow. Development Design Documents that outline any changes to the software that Specifications SpryPoint will modify to meet the Client business requirements. Functional Test Singular test of an object, such as a screen, report, or batch program. These tests will focus on specific functions. Interface Passing of data between two separate and distinct systems; can be accomplished in real-time or batch mode. Modification Custom code that is inserted into the standard system. This does not include configuration changes. Performance Testing This testing will exercise the system to ensure the Client will achieve agreed upon performance between Client and SpryPoint. Quality Assurance The process of verifying that the proper processes and procedures have been adhered to on the project from a methodology as well as project management perspective. SpryBackflow The SpryPoint Backflow solution which will be implemented and used by Client to manage their backflow program. Technical A document that describes, in technical terms, how a Functional Specification Specification will be developed. Test Plan Document that outlines a strategy or approach for testing. Test Scripts A series of actions, functions, or commands documented for execution during various phases of testing. User Acceptance Final testing that will be conducted after all Integration testing. Test This phase will test all aspects of the system. Confidential I Copyright©2022 SpryPoint Services Inc.All Rights Reserved 3 0 ) CI � 6C1 0Exhibit A-Statement of Work-FINAL.docx General Description SpryPoint shall use its implementation methodology to deliver SpryBackflow. The methodology encompasses Project Management tasks and the following phases: • Analysis/workshops • Configuration • Training • Testing • Cutover • Post Go-Live Improvements & Support These items define the scope of project activities that will be provided by SpryPoint. Project Management and Project Governance SpryPoint and the Client Project Managers shall be jointly responsible for all project management activities. The SpryPoint Project Manager is ultimately accountable for the project and retains the responsibility of ensuring day-to-day project decisions are made in accordance with the project schedule. The Client Project Manager will hold SpryPoint's Project Manager and assigned resources accountable for the quality of services delivered. Analysis The purpose of the Gap Analysis is to gather information needed to complete the configuration of SpryBackflow. A SpryPoint team member will lead workshops involving appropriate SpryPoint project resources and Client business process experts to identify development requirements and design the configuration of the system. SpryPoint and Client will jointly identify and refine business processes. The SpryPoint configuration methodology also maintains complete documentation around all decisions. Design requirements will be created for any modifications and interfaces. SpryPoint Activities o Develop Workshop agenda with input from Client o Prior to interviews, SpryPoint staff will familiarize themselves with the Client's current processes using available material provided by the Client's, personal interviews, and other such information as needed o Conduct workshops to confirm current business processes and discuss possible organizational changes which will result from implementing SpryBackflow. o Identify modifications or configuration changes required for recommended business changes o Conduct additional interviews to define requirements for: • Interfaces — determine the type and amount of information to be exchanged, the method of exchanging the data, any special processing that is needed, and a schedule for delivery of both sides of the interfaces. Confidential I Copyright©2022 SpryPoint Services Inc.All Rights Reserved 4 ��o 0 1 6 C 7 Exhibit A-Statement of Work ■ Reporting — review the reports that are needed in the operational areas. SpryPoint will provide reports which are already available and identify which reports need to be modified or developed to satisfy business needs. Client Activities • Prior to each session,the Client will research and come prepared with current policy, procedures, and expected system outcomes. • Ensure that required Client staff attend appropriate sessions. • Provide existing process flows and report requirements. Software Configuration This phase involves the setup and configuration of SpryBackflow based on departmental needs. SpryPoint Activities • Work together with Client to configure the solution based on customer input and information gathered during the gap analysis. • It is anticipated that multiple iterations of Configuration will be required. Client Activities • Provide additional information as requested to ensure an accurate understanding of the functionality, as needed. Data Load A successful import of existing backflow assembly data is a major pillar to a successful implementation of the solution. To ensure the integrity of the data to be imported, SpryPoint's methodology provides for a multilayered series of audits and verifications. SpryPoint Activities • This will include a detailed mapping of data fields between the existing XC© Backflow solution and SpryBackflow. • Identify any standard fields where data will be auto generated or predefined Client Activities • Extract, cleanse and prepare existing backflow data. • Provide input into data mapping. • Assist in testing the converted data in the SpryPoint system. Training This phase addresses how training will be conducted, scheduling logistics, and training topics. The end-user training will be performed by SpryPoint staff. SpryPoint will provide Confidential I Copyright©2022 SpryPoint Services Inc.All Rights Reserved 5 0 rdt 16Cl Exhibit A-Statement of Work 0 a Training Plan which will help manage the change process in transitioning to increased automation and a paperless solution. The Training Plan will provide a timeline as well as an outline of the level of training required by end users. SpryPoint Activities • Determine topics for training by group and determine the number of and types of courses needed. • Training will be completed using the Client's business processes and data. • Determine training schedules • Collaborate with the Client to produce a separate training environment and strategy to refresh the data, as needed, to support training. • Conduct Training Sessions with Client staff per Training Plan. • Report to Management any Training Deficiencies Client Activities • Provide a list of staff require training • Schedule staff as needed • Provide functional resources • Assist in preparing Training environment • Provide signoff that training was adequately completed. Testing The primary focus of the Testing phase is testing the configuration of SpryBackflow and assist with on-going familiarization. The key to gain user buy-in and confidence in the new solution is through systematic and thorough testing. SpryPoint's testing methodology adds a layer of thoroughness at each step, building on the success of the previous steps. The main purpose of the Testing is to establish that decisions made during configuration align with Client's business requirements.All Testing will take place using the Client's data. SpryPoint will provide a test plan which is developed in conjunction with the Client. The plan will include resource allocation, scheduling, and testing procedures. All major tasks and the resources responsible will be included in the Test Plan. Testing will include scenarios that are common to Client's. The scenarios are broken into two categories: • Primary Scenarios - These scenarios involve functionality relating to the core business processes and perform the most common end-user and back end functionality. • Secondary Scenarios - These scenarios involve testing a broader spectrum of functionality. These scenarios build on the functionality tested using the primary scenarios. The scenarios are designed to test unique, Client-specific functionality, infrequent or less common processes, and derivatives or combinations of the primary scenarios Confidential/Copyright©2022 SpryPoint Services Inc.All Rights Reserved 6 Exhibit A-Statement of Work 1 6 C 7 0 User Acceptance Testing User Acceptance Testing verifies the operation of the full System in a "Day in the Life" format. This testing is in preparation for of the SpryBackflow as the production system for the Client. Base functionality, modifications, interfaces,data synchronization,and reporting are all tested to ensure the System meets the Client's requirements. SpryPoint Activities • Finalize the Test Plan. • Prepare the System for Testing • Review the results from Testing and resolve any issues. • Provide supplemental training if mutually determine that the Organization's personnel are not properly trained Client Activities • Conduct Testing. • Log and report any issues. • Assist with development of scripts and business processes for testing. • Conduct User Acceptance Testing. Log and report any issues. Cutover Cutover includes the transition to using SpryBackflow as the system of record to manage Client's backflow program. SpryPoint uses a soft cutover and Client can continue to use paper if preferred, although it is highly encouraged to completely transition to using SpryBackflow for all aspects of program management. Post Go Live Improvements & Support The purpose of this phase is to ensure complete and successful transfer to SpryBackflow and to continue to refine processes and identify areas for improvement. SpryPoint implementation team will work directly with the Client to ensure SpryBackflow is well understood and functioning properly. SpryPoint Activities • One-on-one system assistance • Small group training, as needed • Trouble-shooting issues, failures, and questions • Management reporting • Any reasonable activity needed to improve the productivity of Client while using the new system Client Activities • Log and report any inconsistencies or issues when operating the system Confidential I Copyright©2022 SpryPoint Services Inc.All Rights Reserved 7 Exhibit A-Statement of Work 1 6 G 7 0 Sign off on Project Close Out Payment Schedule Milestone Deliverable Deliverable Criteria Amount No. Name 01 PM 1 • Project Kickoff, 2,800 • Initial Project Schedule • Deploy Environments 02 PM 2 • Project Meeting Notes $2,400 • Updated Project Schedule • Updated Risk& Issues Log • Monthly Status Report 03 Project • Prepare discovery questions $2,400 Discovery • Conduct Workshops • Deliver report to client for review 04 Data Import • Work with client to import data into $3,200 solution 05 Reports & • Configure required reports and $3,200 Dashboards dashboards 06 Configuration • Complete month 1 of configuration $4,800 Month 1 07 Configuration • Complete month 2 of configuration $4,800 Month 2 08 Configuration • Finalize configuration based on $4,800 Month 3 testing results 09 User Training • Complete User Training $1,600 10 Plumber • Complete Plumber Training $1,600 Training 11 In Person • Complete On-Site Training for Staff $2,600 Training 12 Testing • Complete Testing, Client signoff on $3,200 testing 13 Go Live • Cut over to live $1,000 • Client using SpryBackflow as system of record 14 Project • Client signoff on project $600 Closeout Total $39,000 Confidential I Copyright©2022 SpryPoint Services Inc.All Rights Reserved 8 0 GR • ;-~` / / wiiiii.: Ior.f � � / -16 C ? tLJ - TT g' I F , � 7 s ,,,,,.. ,^4-- . =, 4* . i I Exhibit B — Pricing Schedule 45 Queen Street Charlottetown,PE sprypolnt.com CIA 4A4, Canada 0 xhibit B-Pricing Schedule 1 6 C 7 Table of Contents Statement of Confidentiality Error! Bookmark not defined. Table of Contents 1 Introduction 2 SpryPoint SaaS Products 3 SpryBackflow— Cross Connection Control 3 SaaS Pricing Schedule 4 SaaS Software Usage Metrics 4 Usage Metric Definitions 4 Subscription Initial Term 5 Estimated Subscription Pricing for Term 5 Renewal 6 Annual Escalation 6 Implementation Fees 6 Billing/Invoicing 6 Additional Terms 7 Integrated Notification Services. 7 Confidential I Copyright©2022 SpryPoint Services Inc.All Rights Reserved 1 0 Exhibit B-Pricing Schedule j 6 C 7 Introduction This Pricing Schedule is made by and between the Parties identified below on the date indicated as of the execution of the Master Subscription Agreement("Effective Date"). SpryPoint Services Inc. Collier County 45 Queen Street 3295 E. Tamiami Trail Suite #401 Naples, FL 34112 Charlottetown, PE C1A 4A4 United States Ryan Cawley Managing Partner 902-940-6830 rcawley©SpryPoint.com The contents within this document will be governed by the terms and conditions of the Master Agreement between the Parties. This Pricing Schedule is governed by and incorporates the following documents in effect as of the effective date. All documents are listed in order of precedence, and collectively referred to as "The Agreement". Capitalized terms used but not defined herein have the meanings ascribed to them in the Master Agreement. Document 1 Master Subscription Agreement 2 Exhibit A- Statement of Work 3 Exhibit B - Pricing Schedule 4 Exhibit C- Service Level Agreement 5 Exhibit D — Insurance Coverage 6 Exhibit E — Security Overview 7 Exhibit F — Data Processing Confidential/Copyright©2022 SpryPoint Services Inc.All Rights Reserved 2 0 Exhibit B-Pricing Schedule 1 6 C 7 SpryPoint SaaS Products The business scope of SpryPoint's software-as-a-service application(s) are defined as follows: SpryBackflow — Cross Connection Control SpryBackflow will, at a minimum, provide the functions and processes to support the business process related to the maintenance of a cross connection program including: • Synchronization of customers and locations with SpryCIS • Maintain and manage backflow assemblies including physical location • Generate and deliver notices of requirement for test to customers • Track all correspondence with customers and testers • Allow administrators to review, approve or deny electronically submitted tests • Maintain list of testers including profiles • Provide self-service portal for testing community to update profiles and certifications • Facilitate electronic submission of tests from tester portal Confidential 1 Copyright©2022 SpryPoint Services Inc.All Rights Reserved 3 ' ,O 0 Exhibit B-Pricing Schedule 1 6 ` 7 SaaS Pricing Schedule The table below provides the details of the SpryPoint Software-as-a-Service products purchased, the usage metrics and amounts, and the annual fees for the initial subscription term. SpryPoint SaaS Environments Environments Usage Quantity Price per Annual Application Included during included after Metric Subscribed metric Subscription Name/Module implementation* go-live* Amount for Initial term SpryBackflow — Production (1), Production(1) Testable 69,000 '.1.00 per '.69,000 Cross Connection Sandbox(1) Assemblies testable Control assembly per ear Total Annual Fee .9,10. * Upon mutual agreement between SpryPoint and Client, other environments may be established for specific purposes throughout the implementation (Eg, Test&Train) and will not result in additional cost to Client. If additional dedicated environments are required post go-live there may be additional fees required. SaaS Software Usage Metrics Usage Metric Limitations stated above represent the maximum annual quantity of Usage Metrics over a 12-month period and are for Production Environment only. Client is licensed "up to" the Usage Metric Limitation. Usage Metric Definitions Testable Assembly Testable Assembly is defined as an assembly which is associated with a location and is subject to test notices and test entry submission, regardless of the frequency of notices and entry. Usage Metric Verification Process Client has access to self-service metric usage on demand and within the Service. Client System Administrators can add or remove Testable Assemblies as needed SpryPoint may verify metrics through a quarterly audit and will bill any changes annually. Audit results will be shared with Client. Any use exceeding or decreasing from the usage metrics within scope and defined above will be subject to fee adjustments as indicated above. Fees accrue in the calendar month the excess use began and accordingly fees decrease from the calendar month of decreased use. For example, if in the first subscription year: Annual Subscription Invoicing of 69,000 Testable Assemblies = $69,000 Confidential I Copyright©2022 SpryPoint Services Inc.All Rights Reserved 4 0 Exhibit B-Pricing Schedule I 6 7 • Quarter 1 Audit = An average of 68,900 Testable Assemblies during the quarter = $0.00 increase or decrease. • Quarter 2 Audit indicates an average of 69,300 Active Accounts during the quarter = $500 increase ($1 per Testable Assembly x block of 500) prorated for the remaining term of the active subscription period (6 months), to be added to the subsequent renewal period. • Quarter 3 Audit indicates an average of 68,443 Testable Assemblies during the quarter = $1,000 decrease ($1 per Testable Assembly x block of 500) prorated for the remaining term of the active subscription period (3 months), to be applied as a credit against the subsequent renewal period. • Quarter 4 Audit indicates an average of 68,900 Testable Assemblies during the quarter. Next Annual Subscription Invoicing for 69,000 Testable Assemblies: ($65,000* Renewal Year Escalation Rate of 5%) + (($500* Previous Year Escalation Rate of 0%) * (2/4)) (($500* Previous Year Escalation Rate of 0%) * (1/4)) $68,375 Upon expiry of the Term or upon termination by Client, if required a final invoice will be provided reconciling amounts due based on this usage metric verification process. Subscription Initial Term The Initial Term of this agreement shall be for a period of five (5) years. Estimated Subscription Pricing for Term Annual pricing within the initial term may be adjusted based on the usage metrics outlined above. For representative purposes, the expected pricing throughout the term is as follows: Product Year 1 Year 2 Year 3 Year 4 Year 5 SpryBackflow $69,000 $72,450 $76,073 79,876 $83,870 Total $69,000 $72,450 $76,073 $79,876 $83,870 Confidential 1 Copyright©2022 SpryPoint Services Inc.All Rights Reserved 5 0 Exhibit B-Pricing Schedule 1 y C 7 Renewal 6 Unless stated otherwise, the Initial Term and any subsequent renewal will automatically renew for terms of 24 months, unless Client notifies SpryPoint of their intention not to renew. Annual Escalation When the initial term comes to an end,each subsequent renewal will be subject to a pricing adjustment which will occur at 5% per year. Implementation Fees The description of the initial Implementation is included within Exhibit A - Statement of Work (SOW). All invoicing, fees and payment Milestone schedules associated with the SOW are incorporated within Exhibit A. Those summarized Implementation fees are represented below: Implementation Cost Project Management $4,800 Deployment $400 Analysis $2,400 Data Import Assistance $3,200 Configuration $14,400 Training $5,800 Testing & Mock Cutover $3,200 Cutover $1,600 Total $39,000 Billing/Invoicing Annual SaaS fees are due upon contract execution and will be invoiced in US Dollars at the yearly anniversary each subsequent year including any metric usage updates. Any Statement of Work or Change Order Fees will be billed according to the Payment Schedule determined within the associated Statement of Work. Below is the client contact information for the administration of all invoicing administration: Attn: Accounts Payable Confidential I Copyright©2022 SpryPoint Services Inc.All Rights Reserved 6 { 0 �r 0 16Ci Exhibit B-Pricing Schedule 3299 Tamiami TrI E Ste 700 Naples FL 34112-5749 email to: bccapclerk@collierclerk.com Payment will be made upon receipt of a proper invoice and upon approval by the County's Contract Administrative Agent/Project Manager, and in compliance with Chapter 218, Fla. Stats., otherwise known as the "Local Government Prompt Payment Act". SALES TAX: Contractor shall pay all sales, consumer, use and other similar taxes associated with the Work or portions thereof,which are applicable during the performance of the Work. Collier County, Florida as a political subdivision of the State of Florida, is exempt from the payment of Florida sales tax to its vendors under Chapter 212, Florida Statutes, Certificate of Exemption # 85-8015966531C. Additional Terms Additional Services: Any additional services beyond the initial scope as outlined in Exhibit A—the Statement of Work will be performed on a time and material basis, at an hourly rate of$200 USD per hour. We will implement enhancements pursuant to the change control process as outlined in Exhibit A. Integrated Notification Services: The SpryPoint platform includes integrated notification services which can be enabled by Client for the purposes of customer alerts and notifications. SpryPoint's Notification services include: • Inbound & outbound SMS text messaging • Outbound voice messaging • Inbound & outbound email messaging The ongoing usage costs will be invoiced quarterly based on actual usage according to the following table._ Service Rate Inbound & Outbound SMS Messaging p $0.02 / Message segment Local Outbound Voice Messaging $0.03 per minute Toll-Free Outbound Voice Messaging $0.03 per minute Confidential I Copyright©2022 SpryPoint Services Inc.All Rights Reserved 7 0 Exhibit B-Pricing Schedule 1 6 C 7 All fees are exclusive of any applicable communications service or telecommunication provider (e.g., carrier) fees or surcharges. Client will pay all communications surcharges associated with your use of the Integrated Notification Services. Communications Surcharges will be shown as a separate line item on an invoice. The character limit for a single SMS message is technically 160 characters. However, most modern phones and networks support message concatenation which means they split large messages into individual SMS messages (called "segments") and then re-create the large message at the receiving end. When Client sends an SMS message containing more than 160 characters, the message will be split into smaller messages for transmission. Large messages are split into 153- character `segments' and sent individually, then re-assembled by the recipient's device. For example, a 161-character message will be sent as two messages: one with 153 characters and a second with eight characters. SpryPoint will invoice Client for every segment sent. Confidential/Copyright©2022 SpryPoint Services Inc.All Rights Reserved 8 t 0 r--! ;_ g - 11, C ? . .. • iir -- -- . :11:ti d. V. "� 4 _ : ,_- IIr- r , _,,k, , i : 1 ' .,/ i e) Exhibit C — Service Level Agreement Confidential I Copyright©2022 SpryPoint Solutions Inc.All Rights Reserved 1 Exhibit C-Service Level Agreement-FINAL.docx 1 6 C 7 1 Introduction and Overview SpryPoint's platform is built in the cloud and delivered as a service. Integrating software development and support is the optimal way to serve customers. SpryPoint's Customer Success Team consists of professionals who work alongside the product engineers that build, implement,test,and maintain our applications. The team is empowered to work with you to solve your problems. This Service Agreement defines the general technology and Ongoing Production Support Services scope of SpryPoint's software-as-a-service offering. At a high level,this includes: • Application Support and Maintenance • Management of Updates and Enhancements • Technology Infrastructure Management • Backup and Recovery • High Availability, Disaster Recovery, and Business Continuity • Database Management • Network Configuration and Monitoring • Security • Operations and Service Delivery Management • Help Desk/Support • Reporting/Performance Measurement Tools These Services may be supplemented by change requests agreed upon by the parties in writing. This Agreement describes the responsibilities of all parties, the scope, and approach to the delivery of the services specified herein ("the Services"). This Service Agreement becomes effective when the client has been transitioned to the Customer Success Team.This will take place after the post go live period has been completed and all severity 1 and 2 issues identified in the post go live period have been resolved. Once the transition to the Customer Success team has occurred the SpryPoint implementation team will continue to be accountable for the resolution of all items on the punch list and the Customer Success Team will be accountable for any new issues. This Agreement is specific to SpryPoint's software-as-a-service applications operating in a production environment as described in the current Pricing Schedule incorporated as part of this Agreement. Any non-production or test environments are expressly excluded from this or any other Service Agreement. Confidential/Copyright©2022 SpryPoint Solutions Inc.All Rights Reserved 2 Exhibit C-Service Level Agreement-FINAL.docx C 2 Definitions These terms shall have the following meanings whenever used in this Agreement. "Assist" means the party which may provide input into a task and/or be consulted before a decision or action is performed. "Demarcation Point" means the outer most point of connectivity to the Service(s) public or private endpoints such as the data centers, infrastructure, and applications provided by SpryPoint. "Lead" means the party which has final decision-making authority, accountability, and responsibility for task completion;this party needs to make sure the work gets done. "Outage" means the total minutes the service is unavailable outside the scheduled maintenance window. "Scheduled Maintenance" means the total minutes of planned maintenance activities per month. Currently, scheduled maintenance is 4 hours for weekly maintenance and 4 hours for monthly maintenance. Maintenance windows are defined further in System Maintenance and are subject to change on 30 days' notice from SpryPoint. "Total" means the total minutes the service is available less those exceptions listed under Service Availability. 3 Scope of Service and Responsibilities 3.1 Ongoing Support and Subscription Services 3.1.1 Application Support The table below describes the application support functions provided in the service and the responsibility assignment of each item. Item Responsibility SpryPoint Client Provide Tier 1 help desk support as the first point of application support Assist Lead Provide application, user password management including reset management as Assist Lead part of Tier support Attempt to resolve Tier 1 support calls using existing knowledge base Assist Lead Maintain and update the Tier 1 system knowledge base Lead Assist Make determination to escalate Tier 1 issues to Tier 2 and log incident Assist Lead Service Request Management Provide technical and functional troubleshooting for Tier 2 issues Lead Assist Work with Client to determine if a support case is for new system functionality Lead Assist (change)or requires assistance(bug,incident) Provide a web-based system for support cases to be logged Lead Assist Work with Client to assign proper severity of incident based on definitions Lead Assist Provide support case tracking and reporting Lead Assist Work with client to resolve Tier 2/3 support cases Lead Assist Monitor,measure,and report on the status of Tier 2/3 support cases Lead Assist Resolve Tier 2/3 support cases/incidents Lead Assist Provide analysis of recurring incidents and work to establish a resolution or work Lead Assist around for such incidents. Work with Client in reporting and resolving unplanned outages of any component or Lead Assist environment. Provide root cause feedback for all Severity Level 1 incidents/issues Lead Assist Confidential l Copyright©2022 SpryPoint Solutions Inc.All Rights Reserved 3 G�,O Exhibit C-Service Level Agreement-FINAL.docx 1 6 C 7 Escalate issues as needed Lead Assist Promptly report outages and service interruptions Lead Assist Monitor and administer client environments Lead Assist Application Support Provide application support to the functional process owners Lead Assist Address functional issues and questions involving"how to"raised by end-users Assist Lead Work with departments to leverage software to streamline business processes Assist Lead Assist with system functionality and process flow questions for software and reports Assist Lead Provide functional support for first time processing of critical client business Lead Assist processes Focused functional process support(i.e.,end of year processing) Assist Lead Maintain application releases of the current software in the production environment Lead Assist Assist in reporting product issues to software vendor support and obtaining Assist Lead resolution Provide availability management and support Lead Assist Provide maintenance and support for all custom and standard interfaces Lead Assist Provide maintenance and support for all forms Lead Assist Provide maintenance and support for all custom and standard reports Lead Assist Provide batch program maintenance and support Lead Assist Develop,manage,and maintain application workflows Lead Assist Provide functional testing support Assist Lead Deploy required application software Lead Assist Provide post-deployment verification testing of required software Lead Assist Generate and analyze customer satisfaction surveys related to application Assist Lead maintenance and support Provide maintenance and support of any ETL services Lead Assist Security Administration Provide application security maintenance and administration Assist Lead Conduct user access management and review Assist Lead Maintain and support firewall subsystem software components where applicable Lead Assist (e.g.,patches and software upgrades). Monitor virus/security alerts and vulnerabilities from manufacturers and determine Lead Assist appropriate action per procedure. SpryPoint is responsible for IT Security Services from the point of utility demarcation into the proposed solution data centers back through the infrastructure and applications provided by SpryPoint. IT Security Services include the evaluation, Lead Assist selection, deployment, and on-going management of Industry Standard security applications and tools. Notification to designated representative(s) of Client of service interruption and or Lead Assist Breach General Data Protection Regulation-SpryPoint shall comply with national legislation based upon the EU Data Protection Directive 95/46/EC,and effective May 25,2018, the EU General Data Protection Regulation ("GDPR"), in relation to any "personal data"received by or originating from Client.For clarification purposes,SpryPoint will be the Data "Processer" as defined by the EU Data Protection Directive 95/46/EC Lead Assist and GDPR when it receives personal data originating from Client, who is the "Controller". SpryPoint will promptly notify Client if it becomes aware of any breach of"personal data"." 3.1.2 Operational Support The table below describes the operational support functions provided in the service and the responsibility assignment of each item. Item Responsibility SpryPoint Client Hosting Services Confidential/Copyright©2022 SpryPoint Solutions Inc.All Rights Reserved 4 Exhibit C-Service Level Agreement-FINAL.docx 16 C Provide hosting services Lead N/A Provide for a replicated system architecture Lead N/A Provide disaster recovery services including system and data restoration Lead N/A Conduct periodic testing of the disaster recovery solution Lead N/A High availability and continuity of the service including load balancing to redirect traffic, multi-zone databases, auto-scaling instances based on application and processing Lead N/A load Provide for secure transmission of data being stored and/or archived Lead N/A Provide toll-free support line. Lead N/A Database Management Perform database administration Lead N/A Perform database monitoring Lead N/A Perform database tuning Lead N/A Perform database security Lead N/A Perform database procedures Lead N/A Perform scheduled maintenance procedures Lead N/A Perform database patching and updates/service packs Lead N/A Communicate patch and update impact analysis Lead N/A Perform database capacity planning Lead N/A Perform database refresh/clones Lead N/A Perform database backup and recovery Lead N/A Perform any data purging or archiving as required. Lead N/A Rcicesc Management Provide guidance to Client on release planning Lead Assist Assess impacts of new releases to the environment Lead Assist Perform Client-requested periodic refreshes of the non-production environments from Lead Assist the production environment up to twice per calendar month Perform application upgrades Lead Assist Perform maintenance pack installations Lead Assist Perform Emergency Release updates as needed. Lead Assist Requests an enhancement/change in functionality/modification Assist Lead Classify enhancement/change in functionality/modification Lead Assist Provide an estimate for enhancement/change in functionality/modification Lead Assist Provide written approval for enhancement/change in functionality/modification Lead Access Management Manage administrative user access to the environments Assist Lead Manage user access at the operating level Assist Lead Manage application users and their access to the various environments Assist Lead Pcrforniance Mannc_wmcnt Monitor system performance Lead N/A Monitor application performance Lead N/A Monitor batch job performance Lead Assist Analyze performance related incidents to identify factors impacting performance Lead Assist Work with Client infrastructure area to ensure that network connectivity and bandwidth Lead Assist requirements are being satisfied. Collect and provide or provide access to metrics and compliance reports on agreed Lead Assist upon aspects of the service. 3.1.3 Technology Infrastructure Services The table below describes the Technology Infrastructure functions provided in the service and the responsibility assignment of each item. Item Responsibility SpryPoint Client Review and resolve technical issues with the system Lead Assist Confidential l Copyright©2022 SpryPoint Solutions Inc.All Rights Reserved 5 Exhibit C-Service Level Agreement-FINAL.docx 1 6 C 7 Assist with system debugging and issue resolution Lead Assist Resolve system technical issues with batch programs,reports,workflows,etc. Lead Assist Answer technical questions for day-to-day maintenance Lead Assist Perform system administration Lead Assist Provide system monitoring and tuning Lead Assist Networking and integration between the SpryPoint applications Lead Assist Provide system capacity planning Lead Assist Provide storage capacity planning Lead Assist Provide workload management and support Lead Assist Perform infrastructure maintenance and support Lead Assist Manage the testing of all application and system changes prior to applying to Lead Assist production Perform updates/service packs Lead Assist Perform system software patching and updates/service packs Lead Assist Perform system patching and updates/service packs(desktop) Assist Lead Provide change bundling analysis to reduce the frequency and length of time required Lead Assist to apply changes Provide a back-out plan for changes to the various environments Lead Assist Apply code patches for application software Lead Implement minor technology updates Lead Provide system maintenance scheduling and coordination Lead Assist Report system outages and service interruptions Lead Assist Provide infrastructure monitoring and alerting Lead Provide environment set-up, maintenance, and support to include the following environments: Production Lead Staging Lead Sandbox Lead 3.2 Billable Services There will be instances where a client request is beyond the scope of the original contract. Any out- of-scope item is considered an enhancement or a change to the service and should be directed to our Customer Success team through regular support request options. Enhancement requests would include new functionality and features. Change requests would include changes to the services or responsibilities of the service. Examples of billable services that require a quote: • Requests for new reports • Requests for changes to current reports • New configuration/setup • Rate changes • Changes to bill print/template • Changes to forms or letters • Extended telephone training 3.2.1 Rate Card Any billable services to the Service beyond go-live will be performed at the then prevailing rate as published by SpryPoint on an annual basis. Any enhancements will be implemented pursuant to the change control process as outlined in section 4.3. Confidential l Copyright©2022 SpryPoint Solutions Inc.All Rights Reserved 6 J fQ' Exhibit C-Service Level Agreement-FINAL.docx I 6 C / 4 Performance Measurement 4.1 Support Level Definitions & Responsible Parties Client agrees to follow escalation procedures and is responsible for Tier 0 and Tier 1 Support desk functions before new application or functionality related to SpryPoint services is installed into production. 4.1.1 Client Responsibilities Tier Definition Description 0-1 First-line support, which shall be the first Self-help, training issues, basic application level of utility contact, such as customer navigation, functionality explanation, user and interactions with utility customer service password management, preliminary technical representatives, or customer interactions troubleshooting, locked IP address resets, and with utility field office representatives. other elevated administrative functions and preliminary troubleshooting and issue analysis. 4.1.2 SpryPoint Responsibilities Tier Definition Description 0-1 First-line support, which shall be the first Maintain documentation for Client to resolve level of utility contact, such as customer most Tier 0 and Tier 1 issues without requiring a interactions with utility customer service transfer to specialized application support. representatives, or customer interactions with utility field office representatives. 2-3 Experienced and knowledgeable Provide Tier 2 and 3 support for all SpryPoint technicians and technical resources applications which includes: available to: • Support for SpryPoint applications • Assess issues including advanced technical and system administration responsibilities • Provide solutions which may require application log, • Problem resolution database access, or other code-related troubleshooting • New feature creation • Clearly defined points-of-contact, available to receive and appropriately respond to notice of incidents from Tier 1 • Advice and assistance for the applications and non-programming activities in direct support of users Confidential/Copyright©2022 SpryPoint Solutions Inc.All Rights Reserved 7 e Exhibit C-Service Level Agreement-FINAL.docx 1 6 C 7 • Advise Client personnel of estimated time required to resolve an incident after root cause diagnosis • Provide status updates during incident resolution. 4.2 Incident Reporting The client shall designate a maximum number of named contacts to request and receive support services from SpryPoint. These named contacts must be trained on the SpryPoint services for which they initiate support requests. To report an incident, submit a support request by: • Phone - 855.TRY.SPRY • E-mail —support©sprypoint.com • SpryPoint support portal - support.sprypoint.com. Incident reporting shall be available twenty-four (24) hours a day, seven (7) days a week, and 365 days a year. Before reporting an incident, Client's personnel must collect as much of the following information possible: Criteria Description (Examples) Date&Time: When the issue started Product& Function: e.g. SpryCIS— Meter Reading General Description: Description of the issue/incident Replication: How to replicate the issue Severity: Per the severity levels defined below Operating System: iOS,Android,Windows Device: iPad, Samsung Tab, Microsoft Surface, Google Pixel Browser: Chrome, Safari, Internet Explorer, Firefox Screenshots: Provide screenshots of error if available Support tickets are submitted to report incidents. Once submitted, Client will receive an automated response indicating the request has been received as well as the ticket number assigned by our system. SpryPoint's Customer Success Team will address tickets according to the Severity Level. The SpryPoint team will determine the cause of the incident and begin the process for correction and/or remediation. Some possible causes of an incident to be reported are: Confidential I Copyright©2022 SpryPoint Solutions Inc.All Rights Reserved 8 r�O Exhibit C-Service Level Agreement-FINAL.docx 1 6 C 7 1! • Bug/Problem — an error, flaw, or fault in the application that causes it to produce an incorrect or unexpected result or behave in unintended ways. • Configuration Request—a change or update to the behaviour of an application through a setting in the user interface. • New Feature Request—an update to the behaviour of an application to provide new functionality or a new feature. • Training Issue/Question —Client did not understand how or why something is behaving the way it is or needs to understand options to change the base behaviour. • Performance/Service Issue— generally a high priority, high severity item that includes outages, downtime, and other issues affecting the usability of SpryPoint applications. Additional detail on the ticket submission process may be found in Appendix A. 4.3 Incident Prioritization, Definitions, Responsible Parties, and Targets Severity Example of Severity Level Response Resolution Update Level Target Target Frequency 1. Client's business is not operational due to significant 1 Hour 4 hours 1 hour performance issues or outage, creating a substantial Urgent financial impact and/or number of customers impacted. Critical business function(s) cannot be performed and/or a key component is unavailable or is non- functional.There is no immediate work around. Urgent incidents get top priority until resolved Examples of Severity 1 incidents include but are not limited to: • System is unavailable(outage), • Unable to perform a key function such as calculation of bills or billing process, • A key function is malfunctioning creating a severe financial/customer impact • Any event that impacts more than 20%of the customer base. • Severity Level 1 issues are subject to an Incident Post-mortem by SpryPoint 2. Client's business is operational but the ability to 2 16 4 perform business functions is severely Hours Business Business Critical disabled/impacted, Hours Hours A critical business function or functions are partially operational or operating by use of a workaround only sustainable for a short period of time.A critical business function or functions is operating at limited capacity or Confidential l Copyright©2022 SpryPoint Solutions Inc.All Rights Reserved 9 16G ? Exhibit C-Service Level Agreement-FINAL.docx has a defect which creates errors or atypical results to customer records,transactions,or financials. Examples of Severity 2 incidents include but are not limited to: • 10%-20%of the customer base are affected by bills which are calculating or rendering incorrectly • Response times on transactions or screens are 3 times the normal response times (response times must be tracked at go-live for benchmark) • Processes take 3 times as long to complete or error out(response times must be tracked at go-live for benchmark) 3. The service is experiencing an issue that can be 4 120 40 worked around but is impacting client's efficient use of Hours Business Business Restricted the service. The business is operational but with Hours Hours Use reduced efficiency. Examples of Severity 3 incidents to include but not limited to: • Single account issue • Business function has a slight restriction of function of non-critical nature • A work around is required to maintain normal operations • Non-performance impacting defect creates errors or incorrect results 4. The service is fully functional but may contain a 8 10 Upon cosmetic flaw, a misspelling, or a cryptic message. A Hours Business Resolution Not Urgent misinterpretation of the documentation or Client has Days questions on configuration or functionality. No operational,financial,or customer impact. Examples of Severity 4 incidents to include but not limited to: • How Do I...? • General inquiries 5. Enhancement requests 16 As Defined Hours in Change Process Confidential/Copyright©2022 SpryPoint Solutions Inc.All Rights Reserved 10 0 01' $ 6Cl Exhibit C-Service Level Agreement-FINAL.docx 4.4 Triage Based on the severity level of the support request, Client can expect a response from the SpryPoint support desk as indicated in the table above. During this initial contact,the team has several objectives: 1. Confirm and/or clarify our understanding of the support request. Adjust reported severity level if necessary. 2. Document the use case where the issue occurs. 3. Document the variables involved. i.e., browser and version, device type, user, etc. 4. Establish a resolution plan and provide an estimated resolution time if possible. 5. If an estimated resolution time cannot be provided during the initial contact, Client will be provided with an estimate on the timeframe. 6. If the support request is Level 5 (Enhancement request), Client will be contacted to discuss the use case and scope of the enhancement. Enhancement specification and quotation will be delivered. 7. Resolution 4.5 Resolution An Incident Resolution will indicate that the issue has been addressed and resolved, pending confirmation from Client's designated contact. If for any reason Client is not satisfied with the resolution, Client may request the issue to be re-opened. 4.6 System Maintenance The primary contact for the ongoing maintenance and support of the application is SpryPoint's Customer Success team. Although rare, SpryPoint may, at its discretion, schedule a system maintenance window, during which time normal production services may not be available. Planned system maintenance windows are mutually agreed upon with the Client. Whenever possible, SpryPoint will attempt to plan Scheduled Maintenance to coincide with Client's IT system maintenance windows and outside the hours of 8:00 a.m. and 5:00 p.m. Eastern Standard Time. There may be some instances where updates may be required immediately or within a short timeframe to maintain the integrity or functionality of SpryPoint applications. In such cases, SpryPoint will notify Client's designated contact of an unplanned system maintenance requirement and will work with Client to deploy the necessary changes during the earliest, mutually favorable time. SpryPoint will promptly notify Client's designated contact of any downtime and provide confirmation once full functionality is restored. In extraordinary circumstances, it may be necessary to take the system offline or otherwise prevent access to applications. This would be the result of an exceptional situation (i.e., a zero-day vulnerability)where SpryPoint would take preventive action to mitigate any potential adverse impact to our clients. Confidential I Copyright©2022 SpryPoint Solutions Inc.All Rights Reserved 11 Exhibit C-Service Level Agreement-FINAL.docx 16C ? 4.7 Device and Operating System Support SpryPoint shall use commercially reasonable efforts to identify a root cause and provide technical solutions therein for any reported bugs, defects, issues, etc., provided that the Software or Services are not otherwise impaired at the start of the then-current Service Term and has been properly maintained by Client in accordance with SpryPoint's policies. SpryPoint is not required to support its applications in the following circumstances: • Hardware that is no longer supported by its manufacturer. • Operating systems or versions of operating systems which are no longer supported or updated by their authors (e.g.,Apple, Google, Microsoft, etc.). • Errors that are a result of product misuse, negligence, or improper utilization of any or all part of the Software or Services. • Issues that are a result of electrical failure, internet connections problems, and all data issues deemed to be under Client's exclusive control and responsibility including but not limited to: data input and output are outside the scope of this service level agreement. Maintenance for unsupported operating systems and/or hardware may be available to clients at an additional charge. 4.8 Incident Post-mortem Process The Incident Post-mortem Process at SpryPoint includes the following: Action Objective Summary of What Happened • Which services and customers were affected? • How long and severe was the issue? • Who was involved in the response? • How was the issue resolved? Root Cause Analysis • What were the origins of failure? • Why do we think this happened? Steps Taken to Diagnose, • What actions were taken? Assess and Resolve • Which were effective? • Which were detrimental? Timeline of Significant Activity • Centralize key activities from monitoring tools,ticket management, incident details, and internal and external communications. Confidential f Copyright©2022 SpryPoint Solutions Inc.All Rights Reserved 12 Exhibit C-Service Level Agreement-FINAL.docx 1 6 C Learnings and Next Steps • What went well? • What didn't go well? • How do we prevent this issue from happening again? Summarize Findings • Circulate summary to affected Clients upon request 4.9 Support Hours Client support is provided during SpryPoint business hours, 8:00 a.m. to 8:00 p.m. Eastern Standard Time, Monday through Friday(excluding holidays). After-hours, on-call support is available when requested.This provides extra support when migrating, updating, or upgrading integrated line of business applications.After-hours, on-call support rates are negotiated on a project-by-project basis. 4.10 Holidays Response to requests other than Severity Level 1 may be delayed up to 24 hours during holidays observed by SpryPoint as outlined below. Holiday Date (On or Around) New Year's Day* January 1st Provincial Holiday Third Monday in February Good Friday Late March/Early April Victoria Day Third Monday in May Canada Day* July 1st Civic Holiday First Monday in August Labour Day First Monday in September National Day of Truth and Reconciliation September 30 Thanksgiving (Canadian) Second Monday in October Remembrance Day* November 11th Christmas Day* December 25th Boxing Day* December 26th *If a holiday falls on a weekend, it will be observed the following Monday. Confidential/Copyright©2022 SpryPoint Solutions Inc.All Rights Reserved 13 Exhibit C-Service Level Agreement-FINAL.docx 16 C 7 5 Service Level Agreements Service Level Agreements (SLAs) provide clarity around the commitments to deliver the Service and set expectations for both parties relative to the Client's business and the impact/role of the Service within the Client's business. 5.1 Service Availability SpryPoint will use commercially reasonable efforts to make our Services available with an uptime percentage of at least 99.5%within a given calendar month. 5.1.1 Exclusions, Exceptions and Limitations This does not apply to any Service performance issues caused by factors; (i) outside of SpryPoint's reasonable control, including any force majeure event or Internet access or related problems beyond the demarcation point of SpryPoint; (ii) that result from Client's equipment software or other technology such as metering technology, payment and data processing services, networking technology and/or third party equipment, software, integration services or other technology (other than third party equipment within our direct control); (iii)that result from any scheduled maintenance as provided for pursuant to this Agreement;or(iv)arising from SpryPoint's suspension and termination of Customer's right to use Software. 5.2 Incident Resolution Time Adherence SpryPoint will use commercially reasonable efforts to hit the Resolution Targets defined by Severity Level in Section 4, above. 5.3 Service Credits In the event of a failure by SpryPoint to meet the Service Availability and Incident Resolution Targets as defined in this SLA, as the Client's sole and exclusive remedy, at Client's request, SpryPoint will provide Service Credits in accordance with the following: a. First month of missed service availability or incident resolution target,SpryPoint and Client will meet to discuss possible corrective actions b. Second consecutive month: 10% of the Subscription Fee paid for the applicable month of the affected SpryPoint application c. Third consecutive month: 20% of the Subscription Fee paid for the applicable month of the affected SpryPoint application d. Fourth consecutive month: 30% of the Subscription Fee paid for the applicable month of the affected SpryPoint application e. Fifth consecutive month: 40% of the Subscription Fee paid for the applicable month of the affected SpryPoint application f. Sixth consecutive month: 50% of the Subscription Fee paid for the applicable month of the affected SpryPoint application g. More than six consecutive months:Within thirty(30) days of such failure Client shall have the option to terminate the entire Agreement and upon termination Client shall receive a refund of all prepaid subscription fees that are unearned as of the date such termination becomes effective. h. Service Credits shall be deducted from subsequent invoices for Subscription Fees, or upon the termination or expiration of the Agreement the Service Credits would be paid directly to the Client. Confidential/Copyright©2022 SpryPoint Solutions Inc.All Rights Reserved 14 Exhibit C-Service Level Agreement-FINAL.docx 16C7 6 Periodic Service Reviews 6.1 Periodic Review of Open Tickets and Outstanding issues Such reviews are offered by SpryPoint upon client request and may be held either monthly or quarterly as agreed by both parties. Reviews are led by a member of the SpryPoint Customer Success Team and commonly include: • Discussion and review of open or recently closed tickets • Discussion and review of recent or forthcoming product releases 6.2 Periodic Review of Service Level Agreement Performance Such reviews will be held annually(or on a periodic basis as agreed by both parties). Either party may request the review. The review will be led by the Manager of Customer Success and shall include: • Discussion and resolution of any issues that may arise under an SLA • Service delivery since last review • Major deviations from service targets • Negotiate proposed changes to the SLA • Resolve concerns about service delivery • Discuss any staffing changes for SpryPoint or Client The review mechanism shall include an escalation procedure under which any unresolved issues are escalated for immediate resolution.Disagreements shall initially be handled by means of the following escalation provision: 6.2.1 Escalation In the unlikely event that a customer needs to escalate an issue beyond the Support Analyst in charge, the following is the path of that escalation: Confidential I Copyright©2022 SpryPoint Solutions Inc.All Rights Reserved 15 16Cl Exhibit C-Service Level Agreement-FINAL.docx Managing Partner Manager, Customer Success r � Senior Support Analyst Senior Support Analyst Platform Engineer Support Analyst Support Analyst If the Client is unable to get appropriate support from the assigned support analyst or senior support analyst, the client may escalate first to Shelley MacLeod, Manager of Customer Success and then to any Managing Partner at SpryPoint, however Kyle Strang is the Managing Partner responsible for Customer Success-related escalations. Contact information for the Customer Success Management Team: Shelley MacLeod, Kyle Strang Customer Success Manager Managing Partner smacleod@sprypoint.com kstrang©sprypoint.com Office: 902.510.1770 Office: 617.939.9016 Mobile: 902.213.0950 Mobile: 902.476.7930 7 Appendix A— Support Process Supplemental Information 7.1 Creating a Ticket 1. Log into support.sprypoint.com 2. Choose New Support Ticket Confidential/Copyright©2022 SpryPoint Solutions Inc.All Rights Reserved 16 Exhibit C-Service Level Agreement-FINAL.docx 1 C7 Spryibint Home Solutions Tickets How can we help you today? © New Support Ticket © Check Ticket Status Q 8558797779 Provide as much information as you can in the required fields. Submit a ticket Requester* smacleod@sprypoint.com Subject* TEST CASE-Ignore Priority* Low Description * B 1 L' _ �_• 1 © co Q !x Test Case.Ignore +Attach a file sow. CANCEL Confidential/Copyright©2022 SpryPoint Solutions Inc.All Rights Reserved 17 hh ��V CExhibit C-Service Level Agreement-FINAL.docx 1 6 *The Description Field could include: • Walkthrough of question/issue • Steps to reproduce • Sample accounts • Actual vs. expected outcome • Supporting documentation (i.e., error message, as attachment) Once submitted, Client will receive an automated response indicating the request has been received as well as the ticket number assigned by our system 7.2 Check ticket status 1. Log into support.sprypoint.com 2. Search by Open or Pending tickets 3. Sort by date created or last modified 4. Click on the ticket to view current status, agent 7.3 Release Management SpryPoint provides releases for all applications on a regular basis. Releases are deployed after standard business hours and are live in the systems the next morning. Release Notes are provided with each release and highlight new features, enhancements, and fixes. The Customer Success Team will assist in reviewing, evaluating, and adopting the new features and functionality found in the new releases. Primary contacts from each organization are included on the distribution list for the Release Notes. If you would like to be included, please submit a ticket with your contact information to the support desk. 7.4 Account Management SpryPoint works to ensure that your applications stay running to support your business predictably and efficiently. Our Customer Success Team provides more than just support for reported issues. We are also focused on Customer Satisfaction and Customer Enablement. We will work with you to assist in adopting and maximizing your SpryPoint applications through: 7.5 Training/Help Implementing a new system takes time and there is a lot to learn when processes and software changes. Our team is here to help you make the most of your investment with SpryPoint. Confidential f Copyright©2022 SpryPoint Solutions Inc.All Rights Reserved 18 Exhibit C-Service Level Agreement-FINAL.docx I 6 C 7 Throughout the implementation, SpryPoint provides training for administrators and end-users to prepare them for system go-live. After the organization has been live in the production environment and staff have been using the application, it is helpful to schedule some refresher training to review processes and functionality and answer any questions. As we continue to grow, clients will see more self-directed training and webinars. SpryPoint Help Files (Knowledge Base) are available in-app. We have attempted to address issues and questions in advance of you asking, but it is inevitable that some have been missed. If you have searched the Knowledge Base and did not find an answer, please submit a ticket. 7.6 Best Practices Is there something slowing a process down? Talk to us about it, we may have heard about it from another customer, or through industry contacts. Through conversations with customers, we discover new and innovative solutions to common problems. We collect the information and add it to our experience and knowledge to provide best practices that can be used in your organization. The Customer Success Team is always available to discuss any challenges you are facing, brainstorm solutions, and take part in the innovation process. 7.7 Check-ins We are more than a support team. We are your partners, invested in your success. We reach out to clients on a regular basis to check in and make sure that everything is going well, and you are happy with your SpryPoint applications. The call is usually informative for us and the customer as we learn a lot by asking if there is any way we can help or anything we can do better. When we ask you questions about your organization and the way you use our applications, it is so we can better understand your environment, business goals, and future initiatives, and provide recommendations to any issues that you may have. At your request, we will schedule regular meetings with the Customer Success team and your team using the application.This time can be used to review open items, discuss future initiatives,or answer questions. 7.8 Monitoring SpryPoint applications are monitored for uptime and performance 24/7 using the latest technology. If unexpected conditions or performance degradation is detected, the team is notified automatically and instantly. The Customer Success Team watches for performance issues in real-time and applies updates to fix issues within minutes, often before customers have even noticed a problem. 7.9 Auditing SpryPoint's monitoring tools provide us with Service Level Agreement reports to ensure that we maintain availability and performance standards. We review the reports monthly to ensure you are getting the best experience possible. Confidential/Copyright©2022 SpryPoint Solutions Inc.All Rights Reserved i 0 Exhibit C-Service Level Agreement-FINAL.docx 1 C 7 7.10 Integrated Quality Assurance Quality assurance is a critical component of customer success.A customer encountering an issue indicates that quality can be improved,either through documentation,training, product improvement, or more comprehensive testing. For the product team to deliver software,the last internal step, before going to the customer, is to run it through with QA resources to fully understand, experience, verify documentation, and create release notes and customer adoption process. Confidential/Copyright©2022 SpryPoint Solutions Inc.All Rights Reserved 20 limiwir d-4r, 4 _ c f %e fr P r_-- , , , . . i) ; , ,.., , A f, :') \ .., i _ . \ • Exhibit D - Insurance Coverage 45 Queen Street Charlottetown, PE sprypo%n t.com CIA 4A4, Canada STh .r" l 0 Insurance ExhibitExhibit D-Insurance Coverage-FINAL.docx 1 6 C 7 SpryPoint will maintain during the entire Term of this Agreement, at its own expense, the insurance coverage below which meets or exceeds the coverages and limits as specified in the Client's RFP. The policies shall include an endorsement naming Client as an additional insured with respect to the provision of services provided under this agreement. Insurance coverage for this agreement will be at a minimum as follows: 1. COMMERCIAL GENERAL LIABILITY INSURANCE SpryPoint shall maintain Commercial General Liability Insurance covering all operations by or on behalf of SpryPoint on a per occurrence basis against claims for personal injury and property damage. Policy limits are subject to review, but shall in no event be less than, the following: $3,000,000 Each Occurrence $6,000,000 General Aggregate $3,000,000 Personal and Advertising Injury $2,000,000 Products/Completed Operations Aggregate $2,000,000 Non-Owned Automobile Coverage Includes: (a) Separation of Insureds, Cross Liability (b) Contractual Liability (c) Products-completed Operations (d) Contingent Employer's Liability 2. COMMERCIAL AUTOMOBILE LIABILITY INSURANCE SpryPoint shall maintain Commercial Automobile Liability Insurance covering liability arising out of the operation of any vehicle(including owned, non-owned and hired vehicles). $2,000,000 Each Occurrence $2,000,000 Annual Aggregate 3. ERRORS AND OMISSIONS AND CYBER INSURANCE SpryPoint shall maintain Errors and Omissions and Cyber Insurance covering liability third party claims and losses with respect to network risks (such as data breaches, transmission of virus/malicious code; unauthorized access or criminal use of third party, ID/data theft) and invasion of privacy regardless of the type of media involved in the loss of private information. $3,000,000 Per Claim 4. WORKERS' COMPENSATION SpryPoint shall maintain Workers Compensation Insurance through the Workers Compensation Board of Prince Edward Island (WCBPEI). The Workers Compensation Board (WCBPEI) is a Provincial Government Organization that is Confidential I Copyright©2022 SpryPoint Services Inc.All Rights Reserved 1 C) 0 Exhibit D-Insurance Coverage-FINAL.docx 1 6 C responsible for all Workers Compensation related incidents for employees of companies based on Prince Edward Island. As an employer based in Prince Edward Island, SpryPoint is legally required to maintain Workers Compensation insurance through WCBPEI. If there is a workplace incident related to SpryPoint employees, coverage is provided by the WCBPEI regardless of the location. SpryPoint will provide Client with a copy of the Workers Compensation Clearance letter issued by WCBPEI which confirms SpryPoint's coverage and that our account is in good standing. 5. ADDITIONAL INSURANCE RELATED PROVISIONS 6.1 SUBCONTRACTORS. SpryPoint agrees to ensure that subcontractors, and any other party involved with the Services who is brought onto or involved in the performance of the Services by SpryPoint, provide the same minimum insurance coverage required of SpryPoint, except as with respect to limits. SpryPoint agrees to monitor and review all such coverage and assumes all responsibility for ensuring that such coverage is provided in conformity with the requirements of this Agreement. SpryPoint agrees that upon request by Client, all agreements with, and insurance compliance documents provided by, such subcontractors and others engaged in the project will be submitted to Client for review. 6.2 EVIDENCE OF COVERAGE. Prior to commencement of any Services under this Agreement, SpryPoint, and each and every subcontractor shall, at its sole cost and expense, provide and maintain not less than the minimum insurance coverage as indicated in this Agreement. Such insurance coverage shall be maintained with insurers, and under forms of policies, satisfactory to the Client and as described in this Agreement.SpryPoint shall file with the Client all certificates and endorsements for the required insurance policies for Client's approval as to adequacy of the insurance protection. 6.3 TERMINATION.All policies shall contain an endorsement providing that written notice be given to the Client at least thirty (30) calendar days prior to termination, cancellation or reduction in coverage policy. Insurance policies shall remain in force until all work has been completed. If a policy does expire during the life of the Contract, a renewal certificate of the required coverage will be sent to the Client not less than ten (10) workdays prior to expiration date. SpryPoint will maintain during the entire Term of this Agreement, at its own expense, the insurance coverage below which meets or exceeds the coverages and limits as specified in the Client's RFP. The policies shall include an endorsement naming Client as an additional insured with respect to the provision of services provided under this agreement. Insurance coverage for this agreement will be at a minimum as follows: Confidential I Copyright©2022 SpryPoint Services Inc.All Rights Reserved 2 f 0 _ wil a...e," . I - •.146 am.....I.,- ii4k..... il•cr 1 6-‘, .1.4 /' -- ' •§ / 4 V. ••... _ ft f • ,4 v, ---- /,.. _. - 4..ill"%ittik \-' ... .iklm . 40. t Exhibit E — Security Overview 0 C.) " 0 Exhibit E-Security Overview-FINAL.docx 1 6 C 7 Table of Contents Table of Contents 1 1. Overview 2 2. Personnel 2 2.1. Personnel Overview 2 2.2. Security Awareness & Training 2 2.3. End User Devices 2 2.4. Access Control 3 2.5. Physical Security 3 2.6. Monitoring 4 2.7. Control Assessments 4 3. Data Integrity & Privacy 4 3.1. Data 4 3.2. Personally Identifiable Information (PII) 4 3.3. Secure Disposal 4 4. Secure Application & Infrastructure Development 4 4.1. Least Privilege 4 4.2. Peer Code Reviews 5 4.3. Vulnerability Management 5 4.4. Configuration Management 5 4.5. Incident Response Procedures 5 4.6. Contingency Planning 5 Confidential I Copyright©2022 SpryPoint Services Inc.All Rights Reserved 1 0 Exhibit E-Security Overview 1 b C7 1. Overview This security document("Exhibit")details the security policy, procedures, and technologies used to protect client data. This document applies to SpryPoint's production software-as- a-service (SaaS) offering ("The Service"), client data stored in the service, and work performed by SpryPoint implementing, maintaining, and supporting the service. SpryPoint has established a comprehensive Written Information Security Program ("WISP") which includes defining, documenting, and supporting the implementation and maintenance of the administrative, technical, and physical safeguards the firm has selected to protect the information it collects, creates, uses, and maintains. This program uses both technologies and business policies to • Ensure the confidentiality of client's data from any unauthorized parties; • Protect the integrity of data; and • Maintain availability of the service by using scalable hosting with fault tolerance. SpryPoint's security program is based on the NIST SP 800-53 standard and the concepts of Zero Trust. The program may evolve over time as the standard is revised. These evolutions will never degrade the strength of the program. 2. Personnel 2.1. Personnel Overview 2.1.1.All SpryPoint employees are subject to background screening prior to being employed, and employment agreements cover confidentiality, non-disclosure, and other key protections. 2.1.2. SpryPoint has a dedicated information security officer who is responsible for managing and continuously improving SpryPoint's security posture. The information security officer can be reached at security©sprypoint.com. 2.2.Security Awareness &Training 2.2.1. Employees receive security awareness training during their onboarding, and SpryPoint employees are subject to mandatory ongoing cybersecurity and phish awareness training on a regular basis. All employees are encouraged to attend security conferences where practicable. 2.2.2. Employees must read and adhere to the Information Security Policies and must re-certify each year. 2.3.End User Devices Employees agree to the Asset Management Policy with regards to acceptable use. All end user devices provisioned by SpryPoint are hardened and equipped with: Confidential I Copyright©2022 SpryPoint Services Inc.All Rights Reserved 2 GAO 0 Exhibit E-Security Overview 6 C 7 • Mobile Device Management (MDM) software. • Full Disk Encryption. • Anti-Malware Software. • Strong Password policies. • Secure Password Vault. 2.4.Access Control 2.4.1. To ensure only authenticated users access data they are authorized to access, SpryPoint maintains policies and procedures regarding the following areas: • Access Control Policy • Asset Management Policy • Business Continuity and Disaster Recovery Plan • Code of Conduct • Cryptography Policy Data Management Policy • Human Resources Security Policy • Incident Response Plan • Information Security Policy • Information Security RACI • Operations Security Policy • Physical Security Policy • Risk Management Policy • Secure Development Policy • Third-Party Management Policy 2.4.2. User accounts on SpryPoint's Services use role-based security to enable least privilege authorization. Passwords on the service are protected by industry best practices, using industry-standard encryption algorithms.Access to systems can be configured to use Single-Sign-On identity providers such as Azure Active Directory, Okta, or other identity providers. 2.4.3. Where possible, services are whitelisted to specific IP ranges rather than the open internet. SpryPoint staff use VPN services to connect to SpryPoint services where appropriate. 2.4.4. Policies cover data classification and protection of classified and restricted data. 2.5. Physical Security The SpryPoint office is alarmed with unique codes per employee, and is protected via electronic key cards & fobs. The SpryPoint office does not provide physical access to production systems from inside the office. Confidential/Copyright©2022 SpryPoint Services Inc.All Rights Reserved 3 G�� 0 Exhibit E-Security Overview 1 C 2.6. Monitoring 2.6.1. SpryPoint collects application and infrastructure logs to validate service uptime and operational status, to assist with troubleshooting system issues, and to protect and secure our networks and Client Data. Events are maintained for a period of at least one year. 2.6.2. Logs may include login ID, timestamps, login authorization granted or denied, number of denied login attempts, system load data such as CPU% and free memory, data changes within the system, or other relevant information and activity. 2.7.Control Assessments SpryPoint maintains a documented risk management program that includes an annual risk assessment. 3. Data Integrity& Privacy 3.1. Data 3.1.1. The Service is provided through secure data centers operated by an ISO 27017:2015 certified third party. 3.1.2. Data is encrypted at rest and in transit. 3.1.3. Data backups are performed daily, and tests to restore the data are run regularly 3.1.4. Questions regarding data privacy may be directed to privacy@sprypoint.com. 3.2. Personally Identifiable Information (PII) Confidential PII is compartmentalized and encrypted with unique record-level keys and an additional level of encryption. 3.3.Secure Disposal SpryPoint policies mandate secure disposal or destruction of personal information, whether in paper or electronic form, when it is no longer to be retained in accordance with applicable laws or defined policies. 4. Secure Application & Infrastructure Development 4.1. Least Privilege Only authorized Personnel with a specific business purpose are allowed access to production and development environments and/or resources. Confidential I Copyright©2022 SpryPoint Services Inc.All Rights Reserved 4 Ge' 0 Exhibit E-Security Overview v 4.2. Peer Code Reviews �M All code changes require a code review before allowing a merge. 4.3.Vulnerability Management 4.3.1. SpryPoint uses automated tools to check for vulnerabilities in the software and any framework dependencies. 4.3.2. Vulnerabilities are triaged and remediation timelines are managed as per a Service Level Agreement. 4.4. Configuration Management 4.4.1. SpryPoint has embraced infrastructure as code to ensure repeatability, and to streamline the application of security patches and updates. Deployment is managed via a Cl/CD pipeline. 4.4.2. Infrastructure changes are documented and scheduled and contain approval chains and rollback plans. 4.5. Incident Response Procedures SpryPoint's incident response policy includes well-defined procedures to be followed in the event of a breach or threat of any application or system associated with the accessing, processing or storage of data. 4.6. Contingency Planning SpryPoint has a program to test and improve disaster recovery run books and business continuity plans. The security and DevOps teams perform BC/DR testing, conduct simulations, and request feedback to improve the plan. Confidential l Copyright©2022 SpryPoint Services Inc.All Rights Reserved 5 T• 6u Exhibit F SpryPoint Data Processing Exhibit This Data Processing Exhibit ("DPE") forms a part of and is subject to the SpryPoint Master Subscription Agreement("Agreement"), applicable Pricing Schedule or Statement of Work or other written subscription agreement(together with any attachments issued thereunder,the"Agreement")between SpryPoint Services Inc.("SpryPoint")and the Party identified as the"Client" in the Agreement,where Client is using SpryPoint's Software and Services.This DPE reflects the Parties'agreement with regards to the applicable Privacy/Data Protection Laws and governs the data processing related obligations of SpryPoint and Client for any applicable Subscription or Statement of Work involving the processing of Client's Personal Information. In the event of any inconsistency or conflict between this DPE and the Agreement,the terms and conditions of the DPE shall prevail. In delivering the Software or Services under the Agreement, SpryPoint may Process Personal Information/Personal Data as a Data Processor on behalf of Client,which is the data controller. It is hereby agreed as follows: Definitions Unless otherwise defined below, all capitalized terms have the meaning given to them in the applicable Agreement and/or exhibits thereto. "Covered Data" means (i) Client Data, (ii) Technical Services Data, and (iii) any other electronic data or information submitted by or on behalf of Client to a Covered Service. "Covered Service" means (i) any Service provided that specifically refers to this DPE, and/or, (ii) any Technical Services. "Data Controller" means the entity which,alone or jointly with others,determines the purposes and means of the Processing of Personal Data. "Data Processors means the entity which Processes Personal Data on behalf of the Data Controller. "Data Protection Laws" means all data protection laws applicable to the Processing of Personal Data under this DPE,including local,state, national and/or foreign laws,treaties,and/or regulations. "Data Subject" means the person to whom the Personal Data relates. "Personal Data" means any Covered Data that relates to an identified or identifiable natural person. "Personal Data Breach" means (i) a 'personal data breach' or (ii) any Security Breach affecting Personal Data. "Processing"or"Process" means any operation or set of operations performed on Personal Data or sets of Personal Data,such as collecting, recording,organizing,structuring,storing,adapting or altering, retrieving, consulting, using, disclosing by transmission, disseminating or otherwise making available, aligning or combining, restricting,erasing or destroying. "Subprocessor"means a SpryPoint Affiliate or third-party entity engaged by SpryPoint or a SpryPoint Affiliate as a Data Processor under this DPE. "Subprocessor List" means the subprocessor list identifying the Subprocessors that are authorized to Process Personal Data for the relevant Covered Service. 1. Subject and Scope .e p .. 4. 0 . 1.1. Scope and Role of the Parties. This DPE applies to the Processing of Personal Data by SpryPoint to provide the Covered Service. For the purposes of this DPE, Client and its Affiliates are the Data Controller(s) and SpryPoint is the Data Processor. SpryPoint shall Process Personal Information/ Personal Data under the Agreement(s) only as a processor acting on behalf of Client where Client is the Data Controller, SpryPoint agrees that it will Process Personal Information/Personal Data for the sole purpose of providing the Services as described in the Agreement(s). 1.2. Purpose. Client discloses Personal Information/ Personal Data to SpryPoint solely for: (i) a valid business purpose; and (ii) SpryPoint to perform the Services. 1.3. Instructions for Processing. SpryPoint shall Process Personal Data in accordance with Client's documented instructions. Client instructs SpryPoint to Process Personal Data to provide the Covered Service in accordance with the Agreement(including this DPE).Client may provide additional instructions to SpryPoint to Process Personal Data, however SpryPoint shall be obligated to perform such additional instructions only if they are consistent with the terms and scope of the Agreement and this DPE. 1.4. Prohibitions. SpryPoint is prohibited from:(i) selling Personal Information/Personal Data; (ii) retaining, using, or disclosing Personal Information/ Personal Data for a commercial purpose other than providing the Services; and (iii) retaining, using, or disclosing the Personal Information/ Personal Data outside of the Agreement between SpryPoint and Client. 1.5. Warranty. Client warrants and represents that it is and will at all relevant times remain duly and effectively authorized to give such instruction. 1.6. Sole Responsibility. Client is solely responsible for obtaining all necessary consents, licenses and approvals for the collection and Processing of any Personal Information/Personal Data. 1.7. Compliance with Laws. SpryPoint shall comply with all Data Protection Laws applicable to SpryPoint in its role as a Data Processor Processing Personal Data. For the avoidance of doubt, SpryPoint is not responsible for complying with Data Protection Laws applicable to Client or Client's industry such as those not generally applicable to online service providers. Client shall comply with all Data Protection Laws applicable to Client as a Data Controller and shall obtain all necessary consents, and provide all necessary notifications, to Data Subjects to enable SpryPoint to carry out lawfully the Processing contemplated by this DPE. 2. Technical,Organizational Measures and Security 2.1. Security Measures. SpryPoint implements and maintains appropriate technical and organizational measures to ensure a level of security appropriate to the risk. The parties agree that the security measures are appropriate to protect Personal Information/Personal Data against a Personal Information/ Personal Data Security Incident, and that these measures ensure a level of security appropriate to the risks presented by the Processing and the nature of the Personal Information/Personal Data to be protected having regard to the state of the art and the cost of their implementation and the nature,scope,context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. 2.2. Confidentiality.SpryPoint shall ensure that any person authorized to Process the Personal Information/Personal Data is subject to a strict duty of confidentiality and that they Process I C ? the Personal Information/ Personal Data only for the purpose of delivering the Services under the Agreement to Client. 2.3. SOC 2 Compliance. SpryPoint is currently undergoing an audit for SOC 2 Compliance. Upon successful completion, at a minimum, SpryPoint agrees to maintain SOC2 Type 2 compliance.SpryPoint may modify its Security Measures from time to time and at any time, provided, however, that it will not materially reduce the level of protection as provided in this DPE. 2.4. Processing Terms. At all times that SpryPoint Processes, and/or has access to Personal Information/Personal Data,SpryPoint shall (a)Process such Personal Information/Personal Data only in accordance with Client's documented instructions(b)not Sell(as defined under CCPA) Personal Information/ Personal Data, or retain, use, or disclose such Personal Information/ Personal Data (i) for any purpose other than for the specific purpose of performing the Services or(ii) outside the direct business relationship between Client and SpryPoint. 2.5. Acknowledgement. Acknowledging that Client (and not SpryPoint): (i) controls the nature and contents of Client Data(including any Personal Information/Personal Data therein);and (ii) acts as its own system administrator and controls user access to Client Data (including any Personal Information/Personal Data therein),Client represents and warrants that on the date of this DPE and during the Term: 2.5.1. Personal Information/Personal Data has been and will be collected and Processed by Client in accordance with applicable Privacy/Data Protection Laws; 2.5.2. Client will take all steps necessary to ensure it achieves the foregoing, including without limitation, by providing Data Subjects with appropriate privacy notices, obtaining any required consent, and ensuring that there is a lawful basis for Contracted Processors to Process Personal Information/ Personal Data. 3. Subprocessors 3.1. Use of Subprocessors.Client hereby agrees and provides a general prior authorization that SpryPoint and SpryPoint Affiliates may engage Subprocessors. SpryPoint or the relevant SpryPoint Affiliate engaging a Subprocessor shall ensure that such Subprocessor has entered into a written agreement that is no less protective than this DPE.SpryPoint shall be liable for the acts and omissions of any Subprocessors to the same extent as if the acts or omissions were performed by SpryPoint. 3.2. Notification of New Subprocessors. SpryPoint shall make available to Client a Subprocessor List and provide Client with a mechanism to obtain notice of any updates to the Subprocessor List.At least thirty(30)days prior to authorizing any new Subprocessor to Process Personal Data, SpryPoint shall provide notice to Client by updating the Subprocessor List. 3.3. Approved SpryPoint's Sub-Processors Sub-Processor Country Website Service Provided Amazon Web Services United tates aws.amazon.com Cloud Infrastructure Freshdesk United States www.freshworks.com Customer Service Heroku United States www.heroku.com Cloud Infrasturcture 1 C Twtllo United States www.twilio.com SMS Delivery (service Twillo Sendgrid " United States www.twilio.com/sendgrid/email-api Email Delivery Service Solarwinds Papertrall United States www.papertrail.com Log Management Service Raygun United States www.raygun.com Application Management Service 4. Rights of Data Subjects 4.1. Assistance with Data Subject Requests. SpryPoint will, in a manner consistent with the functionality of the Covered Service and SpryPoint's role as a Data Processor, provide reasonable support to Client to enable Client to respond to Data Subject requests to exercise their rights under applicable Data Protection Laws("Data Subject Requests"). 4.2. Handling of Data Subject Requests. For the avoidance of doubt, Client is responsible for responding to Data Subject Requests.If SpryPoint receives a Data Subject Request or other complaint from a Data Subject regarding the Processing of Personal Data, SpryPoint will promptly forward such request or complaint to Client, provided the Data Subject has given sufficient information for SpryPoint to identify Client. 5. Cooperation To the extent SpryPoint is required under Privacy/Data Protection Laws, SpryPoint will assist Client to comply with Privacy/Data Protection Laws;in particular(i)SpryPoint will assist Client in responding to any request from a data subject exercising his or her rights under the Privacy/Data Protection Laws; (ii) it will assist Client in responding to any request from regulatory or judicial bodies relating to the Processing of Personal Information/Personal Data under the Agreement(s);(iii)it will promptly notify Client if its Processing of Personal Information/Personal Data is likely to result in a high risk to the privacy rights of data subjects or is unable to comply with Client's instructions for any reason,(iv) and upon reasonable request,will assist Client to carry out data protection impact assessments. 6. SpryPoint Personnel SpryPoint shall require screening of its personnel who may have access to Personal Data and shall require such personnel (i)to Process Personal Data in accordance with Client's instructions as set forth in this DPE, (ii)to receive appropriate training on their responsibilities regarding the handling and safeguarding of Personal Data; and (iii)to be subject to confidentiality obligations which shall survive the termination of employment. 7. Personal Data Breach In the event SpryPoint becomes aware of a Personal Data Breach it shall without undue delay notify Client in accordance with the Security Breach provisions of the Master Subscription Agreement.To the extent Client requires additional information from SpryPoint to meet its Personal Data Breach notification obligations under applicable Data Protection Laws, SpryPoint shall provide reasonable assistance to provide such information to Client taking into account the nature of Processing and the information available to SpryPoint. 8. Security Program SpryPoint shall implement appropriate technical and organizational measures designed to protect Personal Data against accidental or unlawful destruction,loss,alteration,unauthorized disclosure of, or access to, Personal Data as set forth in the Security Exhibit. If SpryPoint becomes aware of a 16 Ci security incident or has a reasonable suspicion of a Personal Information/Personal Data breach in respect of the Personal Information/Personal Data being Processed under the Agreement(s), it will inform Client without undue delay and will provide reasonable information and cooperation to Client so that Client can fulfill any Personal Information/ Personal Data Security Incident reporting obligations it may have under the applicable Privacy/Data Protection Laws. SpryPoint will take reasonably necessary measures to remedy and mitigate the effects of the Security Incident as set forth in the Security Exhibit. 9. Audit Upon completion of our SOC2 in the first half of 2023,SpryPoint will use external auditors to verify the adequacy of its security measures and controls for the Software and Services provided under the Agreement. The resulting audit will: (i) be performed according to AICPA SOC2 standards or such other alternative standards that are substantially equivalent to AICPA SOC2;(ii) be performed by independent third-party security professionals at SpryPoint's selection and expense; and (iii) result in the generation of a SOC 2 Type 2 report ("Audit Report"), which will be SpryPoint's Confidential Information.The Audit Report can be made available to Client upon written request no more than annually subject to the confidentiality obligations of the Agreement or a mutually agreed non-disclosure agreement covering the Audit Report.For the avoidance of doubt,each Audit Report will only discuss Software and Services in existence at the time the Audit Report was issued. Client agrees that,to the extent applicable,SpryPoint's then-current SOC 2 audit reports will be used to satisfy any audit or inspection requests by or on behalf of Client. In the event that Client, a regulator, or supervisory authority requires additional information, including information necessary to demonstrate compliance with this DPE,or an audit related to the Covered Service, SpryPoint will (i)make available to Client on request all information necessary to demonstrate compliance with this DPE, and (ii) allow for and contribute to audits, including inspections, by an auditor mandated by Client in relation to the Processing of the Personal Information/Personal Data by SpryPoint. 10. Return and Deletion of Client Data and Personal Data Upon written request by Client made prior to or upon any expiration or termination of this Agreement, SpryPoint will make Client Data available to Client through the Service solely to allow Client to retrieve Client Data for a period of up to a total of sixty(60) days after such expiration or termination (the"Retrieval Period").After such Retrieval Period,SpryPoint will have no obligation to maintain or provide any Client Data and shall thereafter, unless legally prohibited, delete all Client Data by deleting Client's Tenant. provided, however,that SpryPoint will not be required to remove copies of the Client Data from its backup media and servers until such time as the backup copies are scheduled to be deleted,provided further that in all cases SpryPoint will continue to protect the Client Data in accordance with this Agreement. Client Data will be made available in a SpryPoint- supported format mutually agreed upon between the parties (for example, CSV, delimited text or Microsoft Excel). The foregoing deletion obligation will be subject to any retention obligations imposed on SpryPoint by Law.Additionally, during the Term of the Agreement,Clients may extract Client Data using SpryPoint's standard web services. Upon termination of the Covered Service, SpryPoint shall return and delete Personal Data in accordance with the relevant provisions of the Agreement. 11. General Provisions 11.1. Client Affiliates. Client is responsible for coordinating all communication with SpryPoint on behalf of its Affiliates with regard to this DPE.Client represents that it is authorized to issue instructions as well as make and receive any communications or notifications in relation to this DPE on behalf of its Affiliates. 1 11.2. Termination. The term of this DPE will end simultaneously and automatically at the later of (i)the termination of the Agreement or,(ii)when all Personal Data is deleted from SpryPoint's systems. 11.3. Conflict. This DPE is subject to the non-conflicting terms of the Agreement.With regard to the subject matter of this DPE,in the event of inconsistencies between the provisions of this DPE and the Agreement,the provisions of this DPE shall prevail with regard to the parties' data protection obligations. 11.4. Client Affiliate Enforcement. Client's Affiliates may enforce the terms of this DPE directly against SpryPoint,subject to the following provisions: 11.4.1. Client will bring any legal action,suit,claim or proceeding which that Affiliate would otherwise have if it were a party to the Agreement (each an "Affiliate Claim") directly against SpryPoint on behalf of such Affiliate, except where the Data Protection Laws to which the relevant Affiliate is subject require that the Affiliate itself bring or be party to such Affiliate Claim;and 11.4.2. for the purpose of any Affiliate Claim brought directly against SpryPoint by Client on behalf of such Affiliate in accordance with this Section, any losses suffered by the relevant Affiliate may be deemed to be losses suffered by Client. 11.5. Remedies. Client's remedies(including those of its Affiliates)with respect to any breach by SpryPoint or its Affiliates of the terms of this DPE and the overall aggregate liability of SpryPoint and its Affiliates arising out of,or in connection with the Agreement(including this DPE) will be subject to any aggregate limitation of liability that has been agreed between the parties under the Agreement (the "Liability Cap"). For the avoidance of doubt, the parties intend and agree that the overall aggregate liability of SpryPoint and its Affiliates arising out of, or in connection with the Agreement (including this DPE) shall in no event exceed the Liability Cap. 11.6. Miscellaneous.The section headings contained in this DPE are for reference purposes only and shall not in any way affect the meaning or interpretation of this DPE. 16 C SpryPoint February 1, 2022 To whom it may concern: On behalf of the board of directors, please be advised that Ryan Cawley, Managing Partner at SpryPoint Services, Inc. is authorized to sign contracts, contract amendments, and other related contract documents, and to review and submit invoices on behalf of the Board of Directors of SpryPoint Services, Inc. Thank you, K9(/ Kyle Strang, MBA, CPA, CMA Secretary and Treasurer SpryPoint Office: 617-939-9016 Mobile: 902-476-7930 Email: kstrang@sprypoint.com Web:www.sprypoint.com SPRYPOINT•45 QUEEN STREET, SUITE 400 • CHARLOTTETOWN, PE • http://www.sprypoint.com 1 C Safety Matters @ Wor www.wcb.pe.ca Workers Compensation Board of PEI January 11, 2023 Matthew Catoe Collier County 3295 E. Tamiami Trail Naples FL 34112 RE: SPRYPOINT SOLUTIONS INC Employer Number: 24362 Dear Sir/Madam: This is to confirm that SPRYPOINT SOLUTIONS INC is registered with the Workers Compensation Board of Prince Edward Island and has compensation coverage for the 2023 year. Assessment has been paid and the account is in good standing. This letter is valid for 60 days from the date it was issued. Employer Services 14 Weymouth Street, P.O. Box 757 Charlottetown, Prince Edward Island, CIA 7L7 Telephone: 902-368-5680 Toll-Free in Atlantic Canada: 1-800-237-5049 Fax: 902-368-5696 CP0 I 6 C7 Collier County This certificate provides the above Named Insured with coverage under the aforementioned policy on file with the Insurers subject to the terms and conditions thereof and the above limits of insurance and deductible. The Insurers have duly authorized Victor Insurance Managers Inc. to execute and sign this Certificate of Insurance. /dC(361L----- Dated: 10 January 2023 David G. Cook, President Authorized Representative C iffr Victor Canada 500-1400 Blair Towers Place VICTOR Ottawa,Ontario K1J 9B8 Telephone 613-786-2000 Facsimile 613-786-2001 Toll Free 800-267-6684 www.victorinsurance.ca Certificate of Insurance Issued to: Collier County 3295 Tamiami Trail E C-2 Naples FL 34412 Commercial General Liability Insurance Policy TGL599074 Reference: Contract No. 22-8022 1. Named Insured: SPRYPOINT SOLUTIONS INC.; SPRYPOINT SERVICES INC. 2. Insured's Address: 400-45 QUEEN ST CHARLOTTETOWN PE CIA 4A4 3. Policy Period: from 01 July 2022 to 01 July 2023 at 00:01 local time at the insured's address shown above without tacit renewal 4. Limits of Insurance: Each Occurrence Limit $3,000, 000 Aggregate Limit $6, 000, 000 Personal and Advertising Injury $3, 000, 000 Medical Payments - per person $5,000 Medical Payments - per accident $25,000 Tenants' Legal Liability $500,000 Non-owned Automobile $2, 000,000 Coverage Includes: (a) Separation of Insureds, Cross Liability (b) Contractual Liability (c) Products-completed Operations (d) Contingent Employer's Liability 5. Deductibles: Property Damage $1,000 Tenants' Legal Liability $1,000 * All amounts shown in US dollars 6. Insurers: Aviva Insurance Company of Canada 25.00% Temple Insurance Company 20.00% Everest Insurance Company of Canada 20.00% Arch Insurance Canada Ltd. 17.50% XL Reinsurance America Inc. 17.50% 7. Endorsement (s) : - Additional Insured I C 7 Victor Canada 500-1400 Blair Towers Place VICTOR Ottawa,Ontario K1J 9B8 Telephone 613-786-2000 Facsimile 613-786-2001 Toll Free 800-267-6684 www.victorinsurance.ca • Certificate of Insurance Issued to: Collier County 3295 Tamiami Trail E C-2 Naples FL 34412 Errors and Omissions and Cyber Insurance Policy TIP599074 Reference: Contract No. 22-8022 1. NAMED INSURED: SPRYPOINT SOLUTIONS INC.; SPRYPOINT SERVICES INC. 2. INSURED'S Address: 400-45 QUEEN ST CHARLOTTETOWN PE CIA 4A4 3. Policy Period: from 01 July 2022 to 01 July 2023 at 00:01 local time at the INSURED'S address shown above without tacit renewal 4. LIMITS OF LIABILITY: $ 3,000,000 per CLAIM $ 3,000, 000 per policy period Coverage Includes: (a) NETWORK AND SECURITY BREACH (b) PRIVACY BREACH (c) ADVERTISING INJURY (d) DATA PERSONAL INJURY (e) INFRINGEMENT 5. Deductible: $ 10,000 per CLAIM * All amounts shown in US dollars 6. INSURERS: Aviva Insurance Company of Canada 25.00% Temple Insurance Company 20.00% Everest Insurance Company of Canada 20.00% Arch Insurance Canada Ltd. 17.50% XL Reinsurance America Inc. 17.50% This certificate provides the above NAMED INSURED with coverage under the aforementioned policy on file with the INSURERS subject to the terms and conditions thereof and the above LIMITS OF LIABILITY and deductible. 16C7 The INSURERS have duly authorized Victor Insurance Managers Inc. to execute and sign this Certificate of Insurance. k5aL"--- Dated: 11 January 2023 David G. Cook, President Authorized Representative