The URL can be used to link to this page

Home My Public Portal About22-9994 - Piggyback GSA Contract for cyber security detection and responseSponsored by: City Manager RESOLUTION NO. 22-9994 A RESOLUTION OF THE CITY COMMISSION OF THE CITY OF OPA-LOCKA, FLORIDA, AUTHORIZING THE CITY MANAGER TO PIGGYBACK GENERAL SERVICE ADMINISTRATION (GSA) CONTRACT 47QTCA19DOOGE FOR 24/7 MANAGED CYBER SECURITY DETECTION AND RESPONSE FOR THE CITY'S NETWORK, IN AN AMOUNT NOT TO EXCEED FORTY-ONE THOUSAND, ONE HUNDRED THIRTY DOLLARS AND FIFTY-TWO CENTS ($41,130.52) ANNUALLY; PROVIDING FOR INCORPORATION OF RECITALS; PROVIDING FOR AN EFFECTIVE DATE. WHEREAS, In order to provide a higher level of cyber-security protection and the ability to properly respond to an incidents of cybersecurity, the Interim City Manager is recommending that a third party provide 24/7 monitoring of the City of Opa-locka's network; and WHEREAS, this new layer of protection would be in addition to the current cyber security training, spam and networking filtering, and continuous software/firmware updates; and WHEREAS, the recommended vendor will have the ability to terminate suspicious network traffic until staff can verify if the traffic was valid. Numerous local municipal data breaches have occurred in the area in the last few years which could have been avoided if such technology was implemented at the time; and WHEREAS, Section 2-318 (3) of the City of Opa-locka's Code of Ordinances exempts procurement by formal competitive bidding requirements when an agreement is based on a Federal Government (GSA) contract; and WHEREAS, SECNAP Network Security Corporation is a managed security service provider (MSSP) and a cybersecurity research and development company and holds GSA contract 47QTCA19DOOGE under a Multiple Award Schedule providing Term Software License services and Order -Level Materials (OLM); and Resolution No. 22-9994 WHEREAS, the City Commission hereby authorize the Interim City Manager to execute an agreement with SECNAP Network Security Corporation for an annual charge of Forty -One Thousand, One Hundred Thirty Dollars and Fifty -Two Cents ($41,130.52) to provide additional IT monitoring and security; and WHEREAS, the City Commission finds that it is the best interest of the City to benefit from already negotiated rates and piggyback on the GSA contract 47QTCA19DOOGE with SECNAP Network Security Corporation, attached hereto as Exhibit "A", for Term Software License services, and enter into an agreement with SECNAP Network Security Corporation, attached hereto as Exhibit "B", for CloudJacketX, Dark Web Monitoring, Internal Vulnerability Scanning, External Vulnerability Scanning and CJX-SIEM Services for the Opa-locka Network, in amount not to exceed Forty -One Thousand, One Hundred Thirty Dollars and Fifty -Two Cents ($41,130.52) annually. NOW, THEREFORE, BE IT DULY RESOLVED BY THE CITY COMMISSION OF THE CITY OF OPA-LOCKA, FLORIDA: Section 1. Adoption of Representations. The above recitals are true and correct and are incorporated into this Resolution by reference. Section 2. Authorization. The City Commission hereby authorizes the City Manager to piggyback the GSA contract 47QTCA19DOOGE contract with SECNAP Network Security Corporation, attached hereto as Exhibit "A", Term Software License services, and enter into an agreement with SECNAP Network Security Corporation, attached hereto as Exhibit "B", for CloudJacketX, Dark Web Monitoring, Internal Vulnerability Scanning, External Vulnerability Scanning and CJX-SIEM Services for the Opa-locka Network, in amount not to exceed Forty -One Thousand, One Hundred Thirty Dollars and Fifty -Two Cents (S41,130.52) annually. Section 3. Scrivener's Errors. Sections of this Resolution may be renumbered or re - lettered and corrections of typographical errors which do not affect the intent may be authorized by the City Manager, following approval by the City Attorney and without need of public hearing, by filing a corrected copy of same with the City Clerk. Section 5. Effective Date. This Resolution shall take effect immediately upon adoption and is subject to the approval of the Governor or his designee. 2 Resolution No. 22-9994 PASSED AND ADOPTED this 22nd day of June, 2022. TTEST: nna Flores, City Clerk APPROVED AS TO FORM AND LEGAL _• : CIENCY: Bur . det - orris -Weeks, P.A. City Attorney Moved by: Mayor Williams Seconded by: Commissioner Bass VOTE: 5-0 Commissioner Bass YES Commissioner Davis YES Commissioner Dominguez YES Vice -Mayor Taylor YES Mayor Williams YES Veronica J. Williams, Mayor 3 City of Opa-locka Agenda Cover Memo Department Director: Lubotes Dauphin Department Director Signature: City Manager: Darvin Williams CM Signature: Commission Meeting Date: 06/22/2022 Item Type: (EnterX in box) Resolution .4 Ordinan Other X Fiscal Impact: (Enter X in box) Yes No Ordinance Reading: (Enter X in box) 15t Reading 2nd Reading X Public Hearing: (Enter X in box) Yes No Yes No X X Funding Source: Account# • ' 85-512340 (Enter Fund & Dept) Ex: Advertising Requirement: (Enter X in box) Yes No X Contract/P.O. Required: (EnterX in box) Yes No RFP/RFQ/Bi#: X Strategic Plan Related (Enter X in box) Yes No Strategic Plan Priority Area: Strategic Plan Obj./Strategy: (list the specific objective/strategy this item will address) X Enhance Organizational Bus. & Economic Dev Public Safety Quality of Education Qual. of Life & City Image Communication NI • • • Sponsor Name City Manager Department: Information Technology City Manager Short Title: A RESOLUTION OF THE CITY COMMISSION OF THE CITY OF OPA-LOCKA, FLORIDA AUTHORIZING THE CITY MANAGER TO PIGGYBACK GSA CONTRACT 47QTCA19DOOGE FOR 24/7 MANAGED CYBER SECURITY DETECTION AND RESPONSE IN AN AMOUNT NOT TO EXCEED $41,130.52; PROVIDING FOR INCORPORATION OF RECITALS; PROVIDING FOR AN EFFECTIVE DATE. Staff Summary: The Information Technology department recognizes that Florida local governments are under cyber attack. In order to provide a high level of protection and the ability to properly respond to an incident, the IT Department is recommending a third party to provide 24/7 monitoring of our network. This new layer of protection will be in addition to the current cyber security training, spam and networking filtering, and continuous software/firmware updates. The recommended vendor will have the ability to terminate suspicious network traffic until staff can verify if the traffic was valid. Numerous local municipal data breaches have occurred in our area in the last few years which could have been avoided if technology such as this was implemented at the time. Analysis Pricing Product Contract Cost Annual/One-time Dark Web Monitoring, Internal Vulnerability Scanning, External Vulnerability Scanning, CDC-SIEM GSA Contract - 47QTCA19DOOG (3 -year term) $41,130.52 Annual Total $41,130.52 Financial Impact Account Description Available Project Remaining Balance 85-512340 Other Contracted Services $54,445.00 $41,130.52 $13,314.48 Proposed Action: Staff recommends the City Commission authorize the City Manager to sign an agreement with SECNAP Network Security for an annual charge of $41,130.52 to provide additional IT monitoring and security. Attachments: Exhibit 1- GSA Contract 47QTCA19DOOG Exhibit 2 - SECNAP Proposal and Documentation Exhibit 3 - Quality Cities Article 1 SECNAP NETWORK SECURITY Master Service Agreement Structure of Agreement 3250 West Commercial Blvd Suite 345 Fort Lauderdale, FL 33309 844.638.7328 1 www.secnap.com We use the words you, your or Customer to mean the Customer indicated below. In addition to our company name, the words we, us, and our, refer to SECNAP Network Security Corporation ("SECNAP"). This Master Services Agreement ("MSA") and one or more of the Attachments, including but not limited to Statement of Services, Statement of Work etc (each an "SOW'), each fully incorporated herein, together comprise the complete agreement between the parties (collectively, the "Agreement") regarding those products and services defined within an SOW. When signed on behalf of SECNAP and Customer, each such SOW shall become part of this Agreement effective as of the effective date of such SOW. From time to time, additional terms governing the products and services to be provided under this Agreement may be contained in a subsequent SOW. If there is a conflict between the terms of this MSA and any SOW, the terms of the SOW shall prevail over the terms of this MSA. Other than any executed SOW, this Agreement replaces any prior oral or written communication between the parties. 1. Services We shall provide the product(s) and/or perform the services described in the initial SOW during the applicable period and upon the terms and conditions specified in this MSA and any applicable SOW. Specifications, prices and additional applicable terms shall be set forth in the SOW for the applicable products or services. 2. Billing Prices: You agree to pay the fees specified in each SOW for the corresponding products and/or services. Payment schedules shall be as specified in the applicable SOW. Taxes: Prices are exclusive of all sales, use or similar taxes. Customer is responsible for paying the amount of any applicable sales, use, or service tax fees or charges for Services delivered and invoiced to Customer ( except for any franchise tax, withholding tax or any tax imposed on SECNAP's net income), which SECNAP may be required to collect because of its performance of this Agreement. Invoices:Payment will be due without offset within 30 days after the date of the invoice. We may accept any payment without prejudice to our right to recover any remaining balance or to pursue any other remedy provided in this Agreement, or by applicable law. Any amount you owe us that is not paid when due shall bear interest at 18% per annum. Dispute Resolution: You must notify us in writing of any dispute concerning any payment within 30 days after receipt of the invoice. SECNAP and Customer will use their good faith efforts to resolve any disputed sales order or refusal of payment. We may, in addition to asserting any of our other rights, suspend any further services and your use of the SECNAP (as defined in Section 4) if your non-payment continues beyond 30 days. Failure to timely pay any amount due hereunder shall be a breach of this Agreement. You agree to pay our reasonable attorney's fees arising from your failure to pay any amount when due hereunder. 3. Term and Termination Term and Termination: This Agreement shall become effective on the date written in the signature page below, and shall continue in effect until terminated as specified in this Section (the Term). Either party shall have the right to terminate this Agreement in the event of a material breach by the other party, unless such breach is cured SECNAP Network Security - Master Service Agreement 1 V19.4 Page 1 of 7 within 30 days of receipt of written notice of such breach. Either party may terminate this Agreement by written notice to the other party following the expiration or termination of its obligations under the SOW(s). The obligations of the parties under this Agreement that by their nature would continue beyond expiration, termination, or cancellation of this Agreement shall survive any such expiration. This Agreement shall immediately terminate upon the commencement of any voluntary or involuntary bankruptcy or insolvency proceeding by or against Customer under any bankruptcy or similar law. Suspension of Services for Non-payment: If any time Customer is more than 30 days delinquent in making payments due under this MSA or any related SOW, SECNAP shall have the right to suspend providing products, services, or both, upon 72 hours' prior notice to Customer. 4. Intellectual Property Ownership: Each party agrees that except as provided below, it shall acquire no right, title or interest in or to the other party's information, database rights, data tools, processes or methods, or any copyrights, trademarks, service marks, trade secrets, patents or any other intellectual or intangible property or property rights of the other by virtue of the service provided or materials delivered pursuant to this agreement. SECNAP shall own all right title and interest in and to SECNAP trade secrets, confidential information or other material used by SECNAP or presented to Customer ("Technical Elements") including, but not limited to: data software, modules, components designs utilities, databases subsets, objects, program listings, tools, models, methodologies, programs, systems analysis framework, leading practices, report formats manner of data expression and specifications. SECNAP grants Customer a nonexclusive, royalty free license to use only the Technical Elements integrated into any deliverable for Customer's internal purposes only. We authorize you to use any of the Technical Elements so long as such use is not to create derivative works and is for your internal business purpose and if, disclosed to a third party, is subject to a written nondisclosure agreement requiring such third party to maintain the confidentiality of the Technical Element and use such Technical Element only for your benefit. Marks: Neither party shall use the other party's trademarks, service marks, trade names or product names other than as explicitly set forth in this Agreement. During the term of this Agreement unless you opt out in writing, we may include your name in a list of customers on our website or in promotional materials or as a reference in sales presentations. If you are granted the right to use any of our certification seals or logos under the terms of this Agreement, you may use the SECNAP Marks only during the period specified and subject to the then -current Logo Guidelines provided to you. 5. Representations ALL SERVICES AND DELIVERABLES PROVIDED BY US ARE PROVIDED "AS IS". WE DISCLAIM ALL WARRANTIES EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. WE DO NOT GUARANTEE THAT ANY PRODUCT, APPLICATION, SERVICE AND OR SOLUTION, OR ANY PORTIONS THEREOF ARE SECURE. YOU ACKNOWLEDGE THAT IMPENETRABLE SECURITY CANNOT BE ATTAINED IN REAL WORLD ENVIRONMENTS AND THAT WE DO NOT GUARANTEE PROTECTION AGAINST BREACHES OF SECURITY. NEITHER PARTY MAKES ANY WARRANTY HEREUNDER TO ANY THIRD PARTY ON BEHALF OF THE OTHER PARTY. THIS AGREEMENT IS NOT INTENDED TO CREATE ANY THIRD PARTY BENEFICIARY RELATIONSHIP. 6. Indemnity Each party (the "Indemnifying Party") agrees to indemnify, defend and hold harmless the other, and any of its parent and affiliated companies, and the present and former officers, members, shareholders, directors, employees, representatives, attorneys, insurers and agents of any of these, and their successors, heirs and assigns (each an "Indemnified Party") from and against any and all losses liabilities, claims, damages, and expenses ( including reasonable attorney's fees and costs of litigation) incurred by the Indemnified Party as the result of any claim by a third party arising out of the Indemnifying Party's breach of its obligations of this Agreement, gross negligence or willful misconduct. The Indemnified Party shall promptly notify the Indemnifying Party of any potential claim covered by this indemnity, cooperate with the Indemnifying Party in the investigation SECNAP Network Security — Master Service Agreement 1 V19.4 Page 2 of 7 and defense of the same, and allow the Indemnifying Party to control the negotiation, litigation and settlement of the claim. We shall defend or settle (at our expense and discretion) any action or proceeding brought against you based upon a claim that the Technical Elements violate or infringe any existing patent, copyright, trademark, or trade secret provided you notify us promptly in writing and give us all necessary information and authority required for the defense or settlement of such action or proceeding, but we shall not be responsible for any cost or expense incurred or compromise made by you without our prior written consent or for any expenses incurred by you (including legal fees and expenses) in investigation or participation in any such action or proceeding. Our undertaking to indemnify and hold harmless shall not apply if the infringement or violation of rights is due to any modification or alteration of the Technical Elements that was not provided to you by us, by your use of a non current copy or by combination of a Technical Element or portion thereof with an element owned by any third party that is not specifically authorized. Our undertaking to defend, indemnify and hold harmless shall be limited to the extent that any delay by you in giving notice to us adversely affects our defense of, or ability to settle, such claim. If any Technical Element or portion thereof is, in our opinion, likely to be or becomes the subject of a claim of infringement of any patent, copyright, trade secret or proprietary right of any third party, we may at our option and expense, procure for you the right to continue using that portion affected, modify it to become non infringing ( so long as the Technical Element, as modified, has functionality substantially equivalent to that provided at the time of such modification) or substitute a Technical Element of functionality substantially equivalent to that provided at the time of substitution; if we are reasonably unable to modify, substitute or procure the right to continue using the subject Technical Element, we may require that you remove the Technical Element, and you shall promptly return or destroy all copies of such Technical Element and receive a pro -rata refund of the fee paid thereof, less accumulated depreciation calculated on a straight line method over a useful life of four (4) years from the Effective Date. You agree, as a material term of this Agreement, that your rights and remedies for any breach of any representation or warranty by us herein shall be provided in this Agreement as your exclusive remedy and that we shall have no liability to you or others except as provided herein. 7. Terms of Liability TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, NEITHER PARTY SHALL BE LIABLE FOR ANY SPECIAL, INDIRECT, PUNITIVE OR CONSEQUENTIAL DAMAGES OF THE OTHER PARTY OR ANY THIRD PARTY, OR FOR LOSS OF DATA, REGARDLESS OF WHETHER SUCH PARTY RECEIVES NOTICE OF THE POTENTIAL FOR SUCH DAMAGES. IN NO EVENT SHALL OUR AGGREGATE LIABILITY FOR ANY CLAIM OR ACTION RELATING TO OR ARISING OUT OF THIS AGREEMENT, REGARDLESS OF THE FORM OF ACTION (INCLUDING, WITHOUT LIMITATION, CONTRACT, TORT, PRODUCT LIABILITY OR STRICT LIABILITY) EXCEED THE AMOUNTS PAID TO US FOR THE CURRENT TERM'S SERVICE FEE FOR THE SERVICE GIVING RISE TO SUCH CLAIM OR ACTION BY CUSTOMER. WITH REGARD TO OUR SERVICES WHICH PROVIDE INFORMATION SHARING AND/OR INDUSTRY ALERTS, WE DISCLAIM ANY LIABILITY TO YOU AND YOU ASSUME THE ENTIRE RISK FOR (A) THIRD PARTY INFORMATION PROVIDED TO CUSTOMER FOR WHICH WE HAD NO REASON TO KNOW CONTAINED FALSE, MISLEADING, INACCURATE OR INFRINGING INFORMATION DESPITE REASONABLE EFFORTS USING ESTABLISHED VALIDATION METHODOLOGY; (B) YOUR ACTIONS OR FAILURE TO ACT IN RELIANCE ON ANY INFORMATION FURNISHED AS PART OF THE SERVICES; (C) THE SECURITY OF YOUR TRANSMISSION OF INFORMATION RECEIVED AS A RESULT OF THE SERVICES TO OTHERS WITHIN YOUR ORGANIZATION BY MEANS OF AN EMAIL FEATURE OF THE SERVICE; AND (D) THE USE OF ANY THIRD PARTY LINKS, UPDATES, UPGRADES ENHANCEMENTS, NEW RELEASES, NEW VERSION OR ANY OTHER REMEDY SUGGESTED BY ANY THIRD PARTY AS PART OF THE SERVICE. THIS AGREEMENT ALLOCATES RISK BETWEEN THE PARTIES AND OUR PRICING REFLECTS THIS ALLOCATION OF RISK AND THE LIMITATION OF LIABILITY SPECIFIED IN THIS SECTION. SECNAP Network Security - Master Service Agreement 1 V19.4 Page 3 of 7 8. Dispute Resolution and Escalation Policy The parties shall make good faith effort to resolve without resort to binding arbitration or litigation, any dispute arising under or related to this Agreement. If the parties do not agree upon a resolution of the dispute either party may elect to abandon negotiations. At such time, the parties may pursue any remedy available to them at applicable law or equity. 9. Confidential Information Each party acknowledges that it and its employees or agents may, in the course of the Agreement, be exposed to acquire information that is proprietary or confidential to the other party. Definition: "Confidential Information" shall include (a) any information relating to a party's research, development, trade secrets, processes, procedures, formulas, business practices, business plans, strategies, budgets, customer and vendor relationships, financial information and other similar business information of a confidential nature; (b) other proprietary information, technical guides, technical data or know how, including, but not limited to, that which relates to your hardware, software, screens, specifications, designs, plans, drawings, data prototypes, discoveries, security policies, passwords, access codes and the like; (c) the methods, systems, data and materials used or provided by us in the performance of services pursuant to this Agreement. The term "Confidential Information" shall not include information that is (a) known to the receiving party prior to disclosure by the disclosing party or its personnel; (b) publicly available through no act or omission of the receiving party; (c) lawfully received by the receiving party from a third party ( other than the disclosing party's former or current personnel) that is not under any confidentiality obligation to the disclosing party; or (d) comprised of statistical information, or other aggregated information regarding security vulnerabilities, security configurations, testing discovery results and the like insofar as such information does not identify your company and/or its products, applications or services. Use: Each party agrees to use Confidential Information received from the other party pursuant to this Agreement solely in connection with the performance of such party's obligations under this Agreement. Each party agrees to use reasonable measures, no less stringent than those measures used by the party to protect its own confidential and proprietary information, to protect the Confidential Inforrnation of the other party from disclosure to any third party. Unless authorized to do so in writing by the other party, neither party, nor any third party acting on either's behalf, will for any reason use or disclose to any person any of the other party's Confidential Information. The term "person" as used in this section shall be interpreted to include, without limitation, any individual, partnership, corporation or other entity. Nothing in this Agreement shall be construed as granting any rights to the receiving party, by license or otherwise, to any of the disclosing party's Confidential Information, except as expressly stated in this Agreement. In the event that a party is required to disclose Confidential Information to a court or government agency or pursuant to any applicable law, such party shall, to the extent practicable prior to such disclosure, and as soon as practicable and by the best available means, notify the other party to allow it an adequate opportunity to object to the disclosure order or to take other actions to preserve the confidentiality of the information. Prior to any disclosure pursuant to this Section, a party required to disclose Confidential Information shall cooperate with the party claiming confidentiality of the information in such party's reasonable efforts to limit the disclosure by means of a protective order or a request for confidential treatment. Privacy Statement: SECNAP maintains strict confidential and security of records in compliance with Family Educational Rights and Privacy Act of 1974 (FERPA), the Health Insurance Portability and Accountability Act (HIPAA), Sarbanes Oxley Act (SOX) and the Gramm -Leach -Bliley Act (GLBA), in addition to other federal and state laws. SECNAP will not be accessing, processing or recording any Confidential Information as part of this Agreement. 10. Non -Solicitation of Employees Except with the prior written consent of the other party, both parties to this Agreement agree that, during the term of this Agreement and for a period of twelve (12) months thereafter, they shall not directly solicit, divert or recruit any employee of the other, who is or was an employee of either party at any time during the term of the Agreement, to leave such employment. SECNAP Network Security - Master Service Agreement 1 V19.4 Page 4 of 7 11. Cooperation You shall coordinate and manage your employees, contractors or agents to facilitate the performance of the SOW by us. You shall be responsible for, and we may rely upon, the accuracy, timeliness and completeness of all data, reports and other information you supply us. You agree that prompt review and acceptance of any part of the SOW requiring acceptance is required to ensure compliance with any milestones or other specified deadlines. Any commitments we make in this Agreement or any SOW are contingent upon you meeting your obligations, as defined here. You will make management and technical personnel who will work with us and will perform those activities described as your responsibility in the SOW reasonably available to us. Each party will designate and maintain during the term of the Agreement a point of contact, and will notify the other party of the name of such point of contact who will have the authority and power to make decisions with respect to actions to be taken in connection with this Agreement and all documentation included in a SOW. You will make available to us hardware, software, data, services and documentation required by us to perform the SOW. We agree to treat this information with confidentiality as provided in this Agreement and to only use this information as required to provide products and services indicated in the SOW. You shall obtain all government approvals, licenses, and permits necessary for completion of the Statement of Services, if any. If required by the SOW you shall prepare any installation site in accordance with our instructions ensuing that any equipment that interfaces with your computer system operates in accordance with the manufacturer's specifications. If you fail to make any preparations required by an SOW, and this failure causes us to incur costs during our service, you agree to reimburse us for these costs. 12. General Provisions Severabllity & Waiver: The invalidity or unenforceability of any provision of this Agreement shall not affect the validity or enforceability of any other provision of this Agreement. In the event that any provision of this Agreement is determined to be invalid, unenforceable or otherwise illegal, such provision shall be deemed restated, in accordance with applicable law, to reflect as nearly as possible the original intentions of the parties, and the remainder of this Agreement shall remain in full force and effect. No term or condition of this Agreement shall be deemed waived, and no breach shall be deemed excused, unless such waiver or excuse in writing and is executed by the party from whom such waiver or excuse is claimed. No such waiver shall be deemed a waiver of any preceding or succeeding breach or right in the same or in any other provisions hereof. Headings: Section numbers and headings are used for convenience and are not to be construed as limitations of the substance of any provisions. Applicable Law and Language: This Agreement shall be governed by and construed in accordance with the laws of the state of Florida without regard for its conflicts of law provisions. In the event of any litigation concerning the terms of this Agreement, exclusive jurisdiction and venue shall reside in the State courts located in Broward County, Florida, and the parties hereto consent to such jurisdiction and venue. The language for all communications regarding this Agreement shall be English. Attorneys' Fees: Should any party hereto reasonably retain counsel for the purpose of preserving, determining, enforcing, or preventing the breach of any rights hereunder, including, but not limited to, instituting any action or proceeding to enforce any provision hereof, for a declaration of any alleged breach of any obligations hereunder or for any other judicial remedy; then if said matter is settled by judicial determination (which term includes arbitration), the prevailing party whether at trial or on appeal) shall be entitled, in addition to such other relief as may be granted, to be reimbursed by the losing party for all costs and expenses incurred thereby, including, but not limited to, all attorneys' fees and costs actually incurred for the services rendered to such prevailing party. Further, the prevailing party shall be entitled to additional awards of attorneys' fees for services reasonably rendered in aid of enforcing such judgment or award or in collecting any monies awarded therein Force Majeure: With the exception of a party's obligation to make payments properly due to the other party, neither party shall be deemed in default or otherwise liable under this Agreement due to its inability to perform it obligations by reason of fire, earthquake, flood or any failure or delay of any transportation, power, computer or communication system or any other or similar cause beyond that party's control. SECNAP Network Security - Master Service Agreement V19.4 Page 5 of 7 Assignment: Neither this Agreement nor any right or obligation arising hereunder may be assigned (voluntarily, by operation of law, or otherwise), in whole or in part, by either party without the prior written consent of the other party, such consent not to be unreasonably withheld; provided, however that either party shall not have the right, upon written notice to the other party, to assign this Agreement to any person or entity that acquires all or substantially all of such party's business or assets. This Agreement shall be binding upon, and inure to the benefit of, the parties and their respective successors and permitted assigns. Entire Agreement & Amendment: This Agreement states the entire understanding of the parties relating to the subject matter thereto and supersedes all prior discussions and negotiations and may only be modified in writing signed by both parties. This Agreement may be executed in two or more counterparts, each of which shall be deemed an original, but all of which together shall constitute one and the same document. The parties may sign facsimile or electronic copies of this Agreement that shall be deemed originals. Any amendment of this Agreement shall be in writing signed by duly authorized personnel of each party. Communication by electronic mail shall not be construed as an effective amendment to the Agreement. Notice: Any notice or communication required to be given hereunder may be delivered by hand, deposited with an overnight courier, sent by confirmed facsimile, or mailed postage prepaid, if to SECNAP to the above address, and if to the customer to the address above or at such other address as may hereafter be furnished in writing by either party hereto to the other. Such notice shall be deemed to have been given as of the date it is delivered, mailed or sent, whichever is earlier. Independent Contractors: The parties to the Agreement are independent contractors and the Agreement will not establish any relationship of partnership, joint venture, employment, franchise or agency between SECNAP and Customer. Neither party shall have the power to bind the other or incur obligations on the other's behalf without the other's prior written consent, except as otherwise expressly provided herein. SECNAP Network Security - Master Service Agreement 1 V19.4 Page 6 of 7 Signatures Intending to be legally bound and having reviewed this Agreement in its entirety, SECNAP and Customer have caused this Agreement to be executed by their authorized representatives effective as of the date written below. Effective Date SECNAP Network Security Corp. Customer Information Authorized Signature Printed Name Title Company Name SECNAP Network Security Address 3250 West Commercial Blvd Suite 345 City, State Zip Fort Lauderdale, FL 33309 Telephone 844.638.7328 SECNAP Network Security - Master Service Agreement j V19.4 Page 7 of 7 SECNAP NETWORK SECURITY 3250 West Commercial Blvd #345, Ft Lauderdale, FL 33028 1.844.638.7328 1 www.secnap.com Contract Number: 47QTCA19DOOGE Period Covered by Contract: 08/01/2019 — 08/01/2024 AUTHORIZED INFORMATION TECHNOLOGY SCHEDULE PRICELIST GENERAL PURPOSE COMMERCIAL INFORMATION TECHNOLOGY EQUIPMENT, SOFTWARE AND SERVICES Schedule Title: MAS — Multiple Award Schedule SIN 511210 -Term Software License - SUBJECT TO COOPERATIVE PURCHASING NAICS 511210 Page 1 of 10 00 SECNAP NETWORK SECURITY la. TABLE OF AWARDED SPECIAL ITEM NUMBERS (SINS) SIN 511210 -Term Software License lb. LOWEST PRICED MODEL NUMBER AND PRICE FOR EACH SIN: See attached Pricelist lc. HOURLY RATES (Services Only): N/A 2. MAXIMUM ORDER*: The Maximum Order for the following Special Item Numbers (SINS) is $500,000 3. MINIMUM ORDER: $500 4. GEOGRAPHIC COVERAGE: Domestic and overseas delivery. 5. POINT(S) OF PRODUCTION: N/A 6. DISCOUNT FROM LIST PRICES: Net GSA pricing is listed in the attached Pricelist 7. QUANTITY DISCOUNT(S): See attached Pricelist 8. PROMPT PAYMENT TERMS: 0%, Net 30 Days 10. FOREIGN ITEMS: None l la. TIME OF DELIVERY: Installation of CloudJacketX is typically dependent on the client's service windows otherwise solution can be turned on in less than 5 business days depending on shipping times if device is needed. 11 b. EXPEDITED DELIVERY: Contact SECNAP 11c. OVERNIGHT AND 2 -DAY DELIVERY: Contact SECNAP 11d. URGENT REQUIREMENTS: Call SECNAP if there are urgent time requirements. 12. FOB POINT: Destination 13a. ORDERING ADDRESS: SECNAP Network Security Corp 3250 West Commercial Blvd #345 Fort Lauderdale, FL 33309 13b. ORDERING PROCEDURES: Ordering activities shall use the ordering procedures of Federal Acquisition Regulation (FAR) 8.405 when placing an order or establishing a BPA for supplies or services. These procedures apply to all schedules. a. FAR 8.405-1 Ordering procedures for supplies, and services not requiring a statement of work. b. FAR 8.405-2 Ordering procedures for services requiring a statement of work. Page 2 of 10 @oQ ISECNAP NETWORK SECURITY 14. PAYMENT ADDRESS: SECNAP Network Security Corp 3250 West Commercial Blvd #345 Fort Lauderdale, FL 33309 15. WARRANTY PROVISION: Unless specified otherwise in this contract, the Contractor's standard commercial warranty as stated in the contract's commercial pricelist will apply to this contract. 16. EXPORT PACKING CHARGES: N/A 17. TERMS AND CONDITIONS OF GOVERNMENT PURCHASE CARD ACCEPTANCE: N/A 18. TERMS AND CONDITIONS OF RENTAL, MAINTENANCE, AND REPAIR (if applicable). N/A 19. TERMS AND CONDITIONS OF INSTALLATION (IF APPLICABLE): N/A 20. TERMS AND CONDITIONS OF REPAIR PARTS INDICATING DATE OF PARTS PRICE LISTS AND ANY DISCOUNTS FROM LIST PRICES (IF AVAILABLE): N/A 20a. TERMS AND CONDITIONS FOR ANY OTHER SERVICES (IF APPLICABLE): N/A 21. LIST OF SERVICE AND DISTRIBUTION POINTS (IF APPLICABLE): N/A 22. LIST OF PARTICIPATING DEALERS (IF APPLICABLE): N/A 23. PREVENTIVE MAINTENANCE (IF APPLICABLE): N/A 24a. SPECIAL ATTRIBUTES SUCH AS ENVIRONMENTAL ATTRIBUTES (e.g. recycled content, energy efficiency, and/or reduced pollutants): N/A 24b. Section 508 Compliance for EIT: N/A 25. DUNS NUMBER: 131760675 26. NOTIFICATION REGARDING REGISTRATION IN SYSTEM FOR AWARD MANAGEMENT (SAM) DATABASE: Active in SAM Page 3 of 10 SECNAP NETWORK SECURITY 1. MATERIAL AND WORKMANSHIP All equipment furnished hereunder must satisfactorily perform the function for which it is intended. 2. ORDER Written orders, EDI orders (GSA Advantage! and FACNET), credit card orders, and orders placed under blanket purchase agreements (BPA) agreements shall be the basis for purchase in accordance with the provisions of this contract. If time of delivery extends beyond the expiration date of the contract, the Contractor will be obligated to meet the delivery and installation date specified in the original order. For credit card orders and BPAs, telephone orders are permissible. 3. TRANSPORTATION OF EQUIPMENT FOB DESTINATION. Prices cover equipment delivery to destination, for any location within the geographic scope of this contract. 4. INSTALLATION AND TECHNICAL SERVICES a. INSTALLATION. When the equipment provided under this contract is not normally self -installable, the Contractor's technical personnel shall be available to the ordering activity, at the ordering activity's location, to install the equipment and to train ordering activity personnel in the use and maintenance of the equipment. The charges, if any, for such services are listed below, or in the price schedule: b. INSTALLATION, DE -INSTALLATION, RE -INSTALLATION. The Davis -Bacon Act (40 U.S.C. 276a -276a- 7) provides that contracts in excess of $2,000 to which the United States or the District of Columbia is a party for construction, alteration, or repair (including painting and decorating) of public buildings or public works with the United States, shall contain a clause that no laborer or mechanic employed directly upon the site of the work shall receive less than the prevailing wage rates as determined by the Secretary of Labor. The requirements of the Davis -Bacon Act do not apply if the construction work is incidental to the furnishing of supplies, equipment, or services. For example, the requirements do not apply to simple installation or alteration of a public building or public work that is incidental to furnishing supplies or equipment under a supply contract. However, if the construction, alteration or repair is segregable and exceeds $2,000, then the requirement of the Davis -Bacon Act applies. The ordering activity issuing the task order against this contract will be responsible for proper administration and enforcement of the Federal labor standards covered by the Davis -Bacon Act. The proper Davis -Bacon wage determination will be issued by the ordering activity at the time a request for quotations is made for applicable construction classified installation, de -installation, and reinstallation services under SIN 33411. c. OPERATING AND MAINTENANCE MANUALS. The Contractor shall furnish the ordering activity with one (1) copy of all operating and maintenance manuals which are normally provided with the equipment being purchased Page 4 of 10 SECNAP NETWORK SECURITY 5. INSPECTION/ACCEPTANCE The Contractor shall only tender for acceptance those items that conform to the requirements of this contract. The ordering activity reserves the right to inspect or test any equipment that has been tendered for acceptance. The ordering activity may require repair or replacement of nonconforming equipment at no increase in contract price. The ordering activity must exercise its post acceptance rights (1) within a reasonable time after the defect was discovered or should have been discovered; and (2) before any substantial change occurs in the condition of the item, unless the change is due to the defect in the item. 6. WARRANTY a. Unless specified otherwise in this contract, the Contractor's standard commercial warranty as stated in the contract's commercial pricelist will apply to this contract. Please see pricelist for warranty details. b. The Contractor warrants and implies that the items delivered hereunder are merchantable and fit for use for the particular purpose described in this contract. c. Limitation of Liability. Except as otherwise provided by an express or implied warranty; the Contractor will not be liable to the ordering activity for consequential damages resulting from any defect or deficiencies in accepted items. d. If inspection and repair of defective equipment under this warranty will be performed at the Contractor's plant, the address is as follows: N/A 7. PURCHASE PRICE FOR ORDERED EQUIPMENT The purchase price that the ordering activity will be charged will be the ordering activity purchase price in effect at the time of order placement, or the ordering activity purchase price in effect on the installation date (or delivery date when installation is not applicable), whichever is less. 8. RESPONSIBILITIES OF THE CONTRACTOR The Contractor shall comply with all laws, ordinances, and regulations (Federal, State, City or otherwise) covering work of this character, and shall include all costs, if any, of such compliance in the prices quoted in this offer. 9. TRADE-IN OF INFORMATION TECHNOLOGY EQUIPMENT When an ordering activity determines that Information Technology equipment will be replaced, the ordering activity shall follow the contracting policies and procedures in the Federal Acquisition Regulation (FAR), the policies and procedures regarding disposition of information technology excess personal property in the Federal Property Management Regulations (FPMR) (41 CFR 101-43.6), and the policies and procedures on exchange/sale contained in the FPMR (41 CFR part 101-46). Page 5 of 10 SECNAP NETWORK SECURITY CLOUDJACKET::< CloudJacketX is a managed security solution developed to address the major pain points of IT teams such as alert fatigue, lack of resources and the shortfall of vulnerability visibility. Our patented and patent pending solution manages, detects and responds to ongoing cybersecurity threats. We protect against data breaches by leveraging our technology and highly trained security experts who monitor your network around the clock and in real-time. Our security analysts are dedicated to reviewing every alert and identifying, confirming and blocking threats. The team will get to know your business policies and tailor our service to ensure that security does not interrupt legitimate business. Less than 1% of alerts will actually need any intervention from your team. This frees up your inbox from unread alerts and eliminates labor intensive log analysis. Our real-time dashboards and reports provide visibility and facilitate regulatory compliance. CloudJacketX is a SOC 2 compliant solution and based out of a datacenter in the US. We value customer service and consider our SOC experts as an extension of your team. CLOUDJACKET::< r Intrusion Prevention System Intrusion Detection System J Security Information and Event Management Internal Threat Detection Lateral Threat Detection' Vulnerability Management Endpoint Detection Data Loss Prevention MANAGED 24/7 BY SECURITY OPERATIONS CENTER Detection and Prevention Technology works in -line to actively detect and block based on severity, source, reputation, geography and custom tuning. Advanced heuristics and deep packet inspection detect anomalous activity before it enters the network. Internal Threat Detection is designed to mimic legitimate services, such as servers and file shares, in order to attract and detect unauthorized access, which provides effective protection against Advanced Persistent Threats, Ransomware, and Insider Threats. Lateral Threat Detection can be enabled in CloudJacketX by utilizing our LAN sensors in your network. This allows our SOC to detect events between hosts and working locations. *Availability based on configurations. Flexible Deployment Options that will easily evolve with your company's technology. We are ready to protect your data in Google Cloud, AWS, Azure, on -premise or a hybrid combination. CloudJacketX is affordable and can scale with your company without needing to hire additional personnel. Page 6 of 10 e®® SECNAP NETWORK SECURITY CLOUDJACKET::< CloudJacketX Tier Description SIN UNIT OF ISSUE GSA PRICE (inclusive of the IFF) CloudJacketX at 5Mb/s @ 95th (P) — Managed Network Security - 2 yr commitment 511210 Pe°r Month based on 95 /o Throughput $905.84 CloudJacketX at 20Mb/s @ 95th (P) — Managed Network Security - 2 yr commitment 511210 Per Month based on 95% Throughput $2,312.21 CloudJacketX at 50Mb/s @ 95th (P) — Managed Network Security - 2 yr commitment 511210 Per Month based on 95% Throughput $2,970.51 CloudJacketX at 100Mb/s @ 95th (P) —Managed Network Security -2 yr commitment 511210 Per Month based on ° 95% Throughput $3,427.52 CloudJacketX at 250Mb/s @ 95th (P) —Managed Network Security -2 yr commitment 511210 Per Month based on 95% Throughput $5,204.75 CloudJacketX at 500Mb/s @ 95th (P) —Managed Network Security -2 yr commitment 511210 Per Month based on 95% Throughput $5,730.66 CloudJacketX at 1Gb/s @ 95th (P) — Managed Network Security - 2 yr commitment 511210 Per Month based on 95% Throughput $7,020.06 CloudJacketX at 10Gb/s @ 95th (P) — Managed Network Security - 2 yr commitment 511210 Per Month based on 95% Throughput $12,730.77 Page 7 of 10 aSECNAP NETWORK SECURITY TERMS AND CONDITIONS APPLICABLE TO TERM SOFTWARE LICENSES (SPECIAL ITEM NUMBER 511210) 1. INSPECTION/ACCEPTANCE The Contractor shall only tender those items that conform to the requirements of this contract. Acceptance shall occur on the day of proof of delivery of the product to the ordering activity. 2. GUARANTEE/WARRANTY a. Warranty/License i. SECNAP Network Security. This subparagraph covers all software that is distributed with the SECNAP Network Security product and services, for which there is no separate license agreement between the buyer and the manufacturer or owner of the software. b. Limitation of Liability. Except as otherwise provided by an express or implied warranty, the Contractor will not be liable to the ordering activity for consequential damages resulting from any defect or deficiencies in accepted items. c. Return Policy. The ordering activity may return products to SECNAP Network Security up to 30 days from the day they are delivered. To return products, you must call SECNAP Network Security Customer Service (844) 638.7328. If applicable, you must ship the products to SECNAP Network Security in their original packaging or equivalent, prepay the shipping charges, and you must insure the shipment or accept the risk of loss or damage during shipment. Returned products must be in as new condition, and all of the manuals, diskettes, power cords and other items included with a product must be returned with it. 3. SOFTWARE MAINTENANCE a. Software Maintenance as a Product (SIN 511210) Software maintenance as it is defined: Software maintenance as a product includes the publishing of bug/defect fixes via patches and updates/upgrades in function and technology to maintain the operability and usability of the software product. It may also include other no charge support that is included in the purchase price of the product in the commercial marketplace. No charge support includes items such as user blogs, discussion forums, on-line help libraries and FAQs (Frequently Asked Questions), hosted chat rooms, and limited telephone, email and/or web -based general technical support for user's self - diagnostics. Software maintenance as a product does NOT include the creation, design, implementation, integration, etc. of a software package. These examples are considered software maintenance as a service. 4. TECHNICAL SERVICES The Contractor, without additional charge to the Government, shall provide a point of contact the purpose of which is to provide user assistance and guidance in the implementation of the operating system software for the first 30 days from the date of acceptance. Technical Assistance is available 24/7/365 through SECNAP Network Security which can be reached at 1.844.638.7328. Page 8 of 10 SECNAP NETWORK SECURITY 5. PERIODS OF TERM LICENSES (SIN 511210) a. The Contractor shall honor orders for periods for the duration of the contract period or a lessor period of time. b. Term Licenses and/or maintenance may be discontinued by the ordering activity on thirty (30) calendar day's written notice to the Contractor. c. Annual Funding. When annually appropriated funds are cited on an order for maintenance, the period of maintenance shall automatically expire on September 30 of the contract period, or at the end of the contract period, whichever occurs first. Renewal of the maintenance orders citing the new appropriation shall be required, if the maintenance is to be continued during any remainder of the contract period. d. Cross -Year Funding Within Contract Period. Where an ordering activity's specific appropriation authority provides for funds in excess of a 12 month (fiscal year) period, the ordering activity may place an order under this schedule contract for a period up to the expiration of the contract period, notwithstanding the intervening fiscal years. e. Ordering activities should notify the Contractor in writing thirty (30) calendar days prior to the expiration of an order, if the maintenance is to be terminated at that time. Orders for the continuation of maintenance will be required if the maintenance is to be continued during the subsequent period. 6. UTILIZATION LIMITATIONS - (SIN 511210 AND SIN 54151) a. Software acquisition is limited to commercial computer software defined in FAR Part 2.101. b. When acquired by the ordering activity, commercial computer software and related documentation so marked shall be subject to the following: i. Title to and ownership of the software and documentation shall remain with the Contractor, unless otherwise specified. ii. Software licenses are by site and by ordering activity. An ordering activity is defined as a cabinet level or independent ordering activity. The software may be used by any subdivision of the ordering activity (service, bureau, division, command, etc.) that has access to the site the software is placed at, even if the subdivision did not participate in the acquisition of the software. Further, the software may be used on a sharing basis where multiple agencies have joint projects that can be satisfied by the use of the software placed at one ordering activity's site. This would allow other agencies access to one ordering activity's database. For ordering activity public domain databases, user agencies and third parties may use the computer program to enter, retrieve, analyze and present data. The user ordering activity will take appropriate action by instruction, agreement, or otherwise, to protect the Contractor's proprietary property with any third parties that are permitted access to the computer programs and documentation in connection with the user ordering activity's permitted use of the computer programs and documentation. For purposes of this section, all such permitted third parties shall be deemed agents of the user ordering activity. iii. Except as is provided in paragraph 6.b(2) above, the ordering activity shall not provide or otherwise make available the software or documentation, or any portion thereof, in any form, to any third party without the prior written approval of the Contractor. Third parties do not include prime Contractors, subcontractors and agents of the ordering activity who have the ordering activity's permission to use the licensed software and documentation at the facility, and who have agreed to use the licensed software and documentation only in accordance with these restrictions. This provision does not limit the right of the ordering activity to use software, documentation, or information therein, which the ordering activity may already have or obtains without restrictions. iv. The ordering activity shall have the right to use the computer software and documentation with the computer for which it is acquired at any other facility to which that computer may be transferred, or in cases of disaster recovery, the ordering activity has the right to transfer the software to another site if the ordering activity site for which it is acquired is deemed to be unsafe for ordering activity personnel; to use the computer software and documentation with a backup computer when the primary computer is inoperative; to copy computer programs for safekeeping (archives) or backup purposes; to transfer a copy of the software to another site for purposes of Page 9 of 10 SECNAP g NETWORK SECURITY benchmarking new hardware and/or software; and to modify the software and documentation or combine it with other software (to the extent that the ordering activity otherwise has been provided access to the software or documentation), provided that the unmodified portions shall remain subject to these restrictions. v. "Commercial Computer Software" may be marked with the Contractor's standard commercial restricted rights legend, but the schedule contract and schedule pricelist, including this clause, "Utilization Limitations" are the only governing terms and conditions, and shall take precedence and supersede any different or additional terms and conditions included in the standard commercial legend. Page 10 of 10 CLOUDJACKET::@o CloudlacketX Platform Statement of Work SECNAP NETWORK SECURITY This CloudiacketX Platform Statement of Work ("Agreement") is a part of the Master Service Agreement that has been entered into between SECNAP and the Client identified below. This Agreement consists of the form contained on this page (which must be si gned by both parties for this Agreement to become effective) and the following 7 pages attached to this cover page. The date of this Agreement is the later of the dates in the signature panel. Client Company/Organization Name City of 0pa-Locka Client Company/Organization Address 780 Fisherman Street, 4th floor, O'a-Locka, FL 33054 Phone 305-953-2868 (0) Ext a 1802 Name Email Main Contact Lubotes Dauphin (dauphin@opalockafl.gov Technical Contact Lubotes Dauphin Idauphin@opalockafl.gov 305-953-2868 (0) Ext a 1802 Billing Contact ❑ #Cloud Instance(s) Setup Fee ■ #VM(s) Monthly Cost CA Physical Location(s) Annual Cost (1) ►ii CloudlacketX MDR Infrastructure Type(s) CloudJacket X Platform Fees - Service Level 100 Mbps $5,000 $4,500 $54,000 GSA Applied Discounts 47QTCA19DOOGE ($1,072.48) ($12,869.76) Subtotal - CloudJacket X Platform Fees $5`00,0 Setup Fee N/A $3,427,52. Monthly Cost $100 $41,130,24,. Annual Cost $1200 ►Z� DX MDR - Additional Service Modules Monitoring e Dark Web Monitoring Single Domain N/A N/A N/A ■ Security Awareness Training Scanning Less than 200 IPs (Annual) waived $425 $5,100 ►'_ Internal Vulnerability Scanning Up to 16 IPs (Quarterly Scan) waived $315 $3,780 Cl External Vulnerability Up to 5 Devices ingest waived $1,500 $18,000 ►_ CJX-SIEM Discounts waived ($2,340 (28,080) SubTotal - CloudJacket X Additional Service Modules waived , ,,. . ;:, , 0,,,. „ z 0 Summary & Totals Term Start Date End Date Setup Fee Monthly Cost Annual Cost CONTRACT TERM 3 Year 05/26/2022 05/25/2025 $5,000 $3,427.51 $41,130.24 Comments: CloudJacketX GSA Schedule Contract Number 470TCA19DOOGE SECNAP Network Security Corporation City of Opa-Locka Print Name: Richard Duman Print Signer's Name: Title: Vice President Title: Signature: Signature: Date: Date: 1.844.638.73281 sales@secnap.com ICJX-SE-V22.2 1 of 8 Section 1. Services A. Services Provided. During the "Term" of this Agreement (as specified in Section 3 of this Agreement), SECNAP will provide to Client those CloudJacketX Platform services and/or products that are marked with an "X" or checkmark in the boxes on the first page of this Agreement (collectively, the "Services"). The Services are subject to the terms and conditions of this Agreement. B. Description of Services. The following is a description of the CloudJacketX Platform services and products. (a) CloudJacketX Services which includes the following: • CloudJacketX on inline device(s) ("SECNAP Equipment") or within virtual environments • 24x7x365 monitoring and escalation of network intrusion alarms and events • Real-time security incident response and forensics • Real-time notification, via Worldwide Edge Attack Sensor Network, of any attack directed at specific Client network versus regional or more general attack • Escalation in accordance with Client preference (PDA, pager, email, telephone) • Automatic back -tracing of events • First -Alert priority vulnerability email service • Reporting via email daily, weekly and/or monthly • Real-time metrics available on demand through robust customer dashboard • Technical consultation as needed regarding the Services. (b) Dark Web Monitoring: SECNAP provides threat intelligence and identity monitoring solutions for organizations. SECNAP will scour the Dark Web to identify, analyze and monitor for compromised or stolen employee data. If data is identified, our Security Operations Center will alert your point of contact. SECNAP will also provide a monthly report of findings. (c) Security Awareness Training & Phishing Exercises: Security Awareness Training SECNAP will provide easy -to -understand, short and visually engaging training videos directed to employee emails. Training will end with an online quiz to verify the employee's retention of the training. Phishing simulations test employees on how they would respond to a real -life phishing attack. SECNAP will send mock attacks at staggered times to track employee behaviors reporting on which employees ignored, clicked or completed the object of the simulated attack. (d) Vulnerability Scanning: Internal vulnerability scans are run from the internal client network to determine if known vulnerabilities can be detected. The automated scanning incorporates a series of tests that address more than 100,000 known vulnerabilities and weaknesses. These tests can be scheduled during pre -agreed upon times and be throttled in such a way as to minimize any impact to the network. If not pre -coordinated, testing will be executed at SECNAP's discretion. SECNAP recommends internal testing be conducted during peak business hours. The external penetration testing component consists of remote scans and tests generated from the SECNAP Secure Operations Center (SOC) to determine if known vulnerabilities can be detected in Internet -facing hosts. Managed Security Information Event Management (STEM): Provides customers an effective real-time analysis and response to Security -Related Logs pulled from various customer devices, and Network Infrastructure Elements. Managed & Monitored 24/7/365 by SECNAP Security Operations Center, customers are alerted on anomalous activity tuned to customers' environment and thresholds. Observed systems may include network devices, clients, servers, domain controllers, as well as user and privileged user behavioral analytics. • Real-time security monitoring by 24/7 Security Operations Center • Threat intelligence and Behavior profiling (e) 1.844.638.73281 sales@secnap.com 1 CJX-SE-V22.2 2 of • Data & end user monitoring • Event collection rate suited for very large-scale deployments • Efficient query performance, even during high event collection • Highly intuitive log search • Native support for log sources • Log storage & search for entire log retention period • Log data search & display capabilities (t) Endpoint Detection and Response (EDR): Utilizing a lightweight agent installed on client endpoints, EDR service is designed to achieve the following objectives for covered endpoints. • Collect system logs and Event Data and forward for SIEM Analysis • Monitor File and Registry Key integrity • Inventory Running processes and installed Applications • Monitor Open Ports and Network Configuration • Provide Configuration Assessment and Policy Monitoring • Execute Active SOC Responses such as Host Quarantine to Isolate infected host. C. Other Matters related to the Services. (a) Provided Equipment. Any malfunction or manufacturer's defects of equipment or software provided by SECNAP to Client or purchased directly by Client used in connection with SECNAP's Services provided hereunder will not be deemed a breach of SECNAP's obligations under this Agreement so long as SECNAP replaces malfunctioning equipment and software as quickly as reasonably possible. Client shall not resell, transfer, export or re-export any SECNAP Equipment, software provided by SECNAP, or any technical data derived therefrom. Client shall not use or transfer any SECNAP Equipment, software provided by SECNAP, or any technical data derived therefrom in a manner that would violate any applicable United States or foreign law. (b) Scope of Use. "Licensed Software" means the following computer software provided by SECNAP: the Client -facing user interface that provides dashboard features and functions to Client, including the ability to run reports, block or unblock specified network and internet traffic, and other similar features as set forth in the SECNAP documentation provided to Client; and the SECNAP secure portal designed to enable secure transmission of sensitive data between SECNAP and Client. Subject to the terms and conditions of this Agreement, SECNAP hereby grants Client a limited license to install and use the Services, Licensed Software and SECNAP Equipment. Client's use of the Services, Licensed Software and SECNAP Equipment shall be for Client's internal business purposes only. Client specifically acknowledges and agrees that it shall not sell, resell, act as a service bureau or otherwise use the Services, Licensed Software (or any other software provided by SECNAP) or the SECNAP Equipment to compete with SECNAP or to provide substantially similar services and products to third parties in competition with SECNAP. Place where the SECNAP Equipment and Related Software will be installed. Prior to the delivery and installation of the SECNAP Equipment and software provided by SECNAP, Client and SECNAP will mutually agree on the exact location where the SECNAP Equipment and related software will be installed and connected to Client's network (the "Client's Data Center"). (d) Resources. Client is responsible for the accuracy and content of any information provided to SECNAP. During the Term, Client is responsible for providing 24/7 Internet access for its network as well as normal environment for operation of personal computers. Client hereby authorizes SECNAP and its employees, agents, contractors and representatives to enter Client's premises in order to install, maintain, inspect, repair, replace and/or remove devices and software at mutually agreeable times. SECNAP retains full ownership of the CloudJacketX devices and related software to be installed on Client network and has no intent to convey any ownership of such hardware or software to Client as part of this Agreement. Client consents to SECNAP's use of third -party (c) 1.844.638.7328 1 sales@secnap.com 1 CJX-SE-V22.2 3 of 8 subcontractors in connection with the performance of the Services; however, SECNAP shall manage and remain responsible for performance of any subcontractors. Section 2. Fees and Billing. (a) Fees. Client will pay SECNAP the fees listed on the first page of this Agreement. If fees are not stated on the first page of this Agreement for a certain class of services that Client requests or requires, those additional services shall be the subject of a separate written agreement between Client and SECNAP. (b) Billing. Charges for fees indicated on the first page of this Agreement as being due at the commencement of the Term shall be due and payable when billed on the execution and delivery of this Agreement ("Effective Date"). All other fees for Services rendered and expenses incurred shall be payable as indicated on the first page of this Agreement, and shall be invoiced by SECNAP on a periodic basis as described on the first page of this Agreement. Payments shall be due upon receipt within fifteen (15) days of the date of each SECNAP invoice. All payments shall be made in U.S. dollars. Invoices not paid when due shall be subject to a late charge of 1.5% per month or the highest rate permitted by law, whichever is less. (0) Taxes. SECNAP may invoice and Client shall pay all taxes, fees or assessments and other charges imposed on or required to be collected by SECNAP by any governmental agency that may result from this Agreement, or any of the activities contemplated hereunder. Client shall also be responsible for paying all taxes, fees or assessments and other charges imposed on Client by any governmental agency that may result from this Agreement or any of the activities contemplated hereunder. Section 3. Term, Termination. (a) Term of the Agreement. The initial term of this Agreement shall begin on the "Service Commencement Date" (as defined below) and shall continue until the "End Date" (as set forth on the first page of this Agreement). Thereafter, this Agreement shall be renewed automatically in one-year intervals (with the initial automatic renewal date being on the End Date, and thereafter on each annual anniversary of the End Date in each year), unless either Party terminates this Agreement by written notice given to the other Party during the 30 -day period prior to an automatic renewal date (the "Term"). This Agreement also may be terminated in accordance with section 3(b) hereof. (b) Termination. This Agreement also may be terminated in any of the following ways: i. Client may, in its sole discretion, terminate this Agreement immediately, in the event that SECNAP has materially breached a material provision of this Agreement and not cured such default within 30 days after receipt of written notice of such default. In this event, SECNAP shall be entitled: to retain any fees that previously have been paid; and to be paid for all work performed through the date of termination for which fees were not previously paid. Client shall not be entitled to any refund of fees previously paid in the event of termination of this Agreement under this Section 3(b)(i). ii. SECNAP may, in its sole discretion, discontinue performance hereunder or terminate this Agreement on written notice to Client in the event: (A) that Client is in default of its payment obligations hereunder; or (B) that Client has materially breached a material provision of this Agreement, and such breach is not cured within thirty (30) days after written notice thereof. 1.844.638.7328 1 sales@secnap.com 1 CJX-SE-V22.2 4 of 8 (c) Effectiveness of Agreement. Notwithstanding any termination of this Agreement or reaching the end of the Term, this Agreement shall continue to govern the rights and duties of the parties hereto with respect to the subject matter of this Agreement, until six months after the latest to occur of: the end of the Term; termination of this Agreement in accordance with subparagraph (b) above; or the date as of which all SECNAP Equipment has been returned to SECNAP and all copies of the Licensed Software and any other software provided by SECNAP has been deleted. Notwithstanding the foregoing, the confidentiality provisions of this Agreement, and the matters described under the paragraph entitled "Survival" below, shall each continue in full force and effect for the time periods stated therein. (d) "Service Commencement Date" means that date that is identified on the first page of this Agreement as the "Start Date" as of which the Services are provided. Return of Equipment on Termination of Agreement. At the end of the Term of this Agreement, or in the event this Agreement terminates earlier under Section 3(b), then Client shall return the SECNAP Equipment (and any other SECNAP equipment in its possession, including the Licensed Software and any other software provided by SECNAP) no later than 30 days after the date of termination. Client shall deliver, or cause to be delivered or returned, to SECNAP all physical property and electronic media that contains any of SECNAP's Intellectual Property, and to delete from its networks, hardware, and cloud implementations, all copies of the Licensed Software and any other software provided by SECNAP, and to provide SECNAP with appropriate confirmations that all such software has been deleted. If Client fails to timely return the SECNAP Equipment and provide appropriate confirmation that the software has been deleted (together with any other SECNAP equipment in its possession), then Client shall pay SECNAP the sum of actual damages SECNAP incurs, which amount shall be due and payable on the 30th day after the date of termination of the Agreement. Section 4. Representations and Warranties. (a) Client Warranties. Client represents and warrants to SECNAP: (i) that it owns or has the legal right and authority, and will continue to own or maintain the legal right and authority during the term of this Agreement, to install and authorize SECNAP to use the SECNAP Equipment and related software in the Client's Data Center; and (ii) that Client will not use the SECNAP Equipment and related software in any manner that would violate any applicable law or regulation. (e) (b) SECNAP Warranties. SECNAP represents and warrants to SECNAP that it possesses the right to license the Services. (c) Disclaimers by SECNAP. THE SERVICES ARE PROVIDED "AS IS." EXCEPT FOR THOSE WARRANTIES EXPRESSLY MADE IN THIS AGREEMENT, SECNAP DOES NOT MAKE, AND HEREBY DISCLAIMS, ANY AND ALL EXPRESS AND/OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND ANY WARRANTIES ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. EXCEPT FOR THOSE WARRANTIES EXPRESSLY MADE IN THIS AGREEMENT, SECNAP DOES NOT WARRANT THAT THE SERVICES WILL BE AVAILABLE UNINTERRUPTED, ERROR -FREE OR ON A COMPLETELY SECURE BASIS. SECNAP MAKES NO REPRESENTATION OR WARRANTY WITH RESPECT TO, AND SPECIFICALLY DISCLAIMS ANY WARRANTY AGAINST INFRINGEMENT WITH RESPECT TO, ANY EQUIPMENT OWNED, LEASED OR USED BY CLIENT, OR OTHER HARDWARE OR SOFTWARE DELIVERED IN CONNECTION HEREWITH. CLIENT HEREBY WAIVES ALL RIGHTS NOW OR HEREAFTER CONFERRED BY STATUTE TO MAKE REPAIRS OR ALTERATIONS TO THE SECNAP EQUIPMENT AND ANY OTHER SOFTWARE OR HARDWARE PROVIDED TO CLIENT BY SECNAP. 1.844.638.7328 1 sales@secnap.com 1 CJX-SE-V22.2 5 of 8 Section 5. Limitation of Liability. CLIENT'S RIGHTS AND REMEDIES HEREUNDER ARE EXCLUSIVE AND IN LIEU OF ALL OTHER RIGHTS AND REMEDIES. IN NO EVENT WILL SECNAP BE LIABLE TO CLIENT, ANY EMPLOYEE, AGENT OR CONTRACTOR OF CLIENT, OR ANY THIRD PARTY FOR ANY CLAIMS ARISING OUT OF OR RELATED TO THIS AGREEMENT, INCLUDING, IN RELATION TO THE CLIENT'S DATA CENTER, ANY EQUIPMENT, ANY SERVICES, ANY SOFTWARE, CLIENT'S BUSINESS OR OTHERWISE, WHICH CLAIMS INVOLVE PUNITIVE OR EXEMPLARY DAMAGES OR LOST PROFITS, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, WHETHER UNDER THEORY OF CONTRACT, TORT, STRICT LIABILITY OR OTHERWISE. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THIS AGREEMENT AND EXCEPT FOR INTENTIONAL MISCONDUCT OR GROSS NEGLIGENCE, SECNAP'S LIABILITY TO CLIENT, WHETHER ARISING IN CONTRACT, TORT (INCLUDING, WITHOUT LIMITATION, NEGLIGENCE AND STRICT LIABILITY) OR OTHERWISE, SHALL NOT EXCEED THE AMOUNT PAID BY CLIENT TO SECNAP DURING THE PRECEDING TWELVE (12) MONTHS. Section 6. General Provisions. (a) Relationship with MSA. This Agreement constitutes a "Statement of Work" or "SOW", as those terms are defined/referred to in the Master Service Agreement entered into between SECNAP and Client. For the purposes of this Agreement, the Master Service Agreement shall be considered to be the most recent such document that has been entered into between SECNAP and Client, and if a revised, amended, or amended and restated Master Service Agreement is entered into between Client and SECNAP in the future, then the Master Service Agreement for purposes of this Agreement shall be considered the then -current version of the Master Service Agreement. (b) No Third -Party Beneficiary. It is the explicit intention of the parties hereto, that no person or entity other than the parties to this Agreement and their respective successors and assigns is or shall be entitled to bring any action to enforce any provision of this Agreement against either of the parties. (c) Relationship of the Parties. Neither party will have the authority to make any representations, claims or warranties of any kind on behalf of the other party or on behalf of such party's licensors or suppliers. Neither party hereto is an employee, agent, joint venturer or partner of the other party. Nothing in this Agreement shall be interpreted or construed as creating or establishing the relationship of employer and employee between Client and either SECNAP or any employee or agent of SECNAP. Neither party shall have the power or authority to bind or obligate the other. (d) Force Majeure. Neither party shall be deemed in default of this Agreement to the extent that performance of its obligations or attempts to cure any breach are delayed or prevented by reason of any act of God, act of terrorism, fire, natural disaster, accident, act of government, strikes, unavailability of material, facilities, telecommunications services or supplies or any other cause beyond the reasonable control of such party. (e) Assignment. This Agreement and the rights and obligations hereunder shall not be assigned (including, without limitation, by way of merger, consolidation, sale of assets or change in control involving Client or SECNAP, or otherwise) or otherwise transferred by either party without the prior written consent of the other party, which consent may be unreasonably withheld, and no assignment shall relieve the assigning party of its obligations hereunder. This Agreement will inure to the benefit of and be binding upon the parties and their respective successors and permitted assigns. (f) Notices. All notices required hereunder shall be delivered by one or more of the following methods: i. personally; 1.844.638.73281sales@secnap.com 1 CJX-SE-V22.2 6 of 8 ii. by overnight courier (e.g. Federal Express or UPS); iii. by certified or registered mail, return receipt requested; or iv. sent by telecopy or facsimile transmission, answer back requested; in each such case addressed to the party to be notified at the respective addresses set forth above, and to the attention of the person or persons who have executed this Agreement on page 8 hereof. (g) Waiver. Any waiver of any right or default hereunder shall be effective only if given in writing and shall not operate as or imply a waiver of any similar right or default on any subsequent occasion. (h) Severability. No determination by a court of competent jurisdiction that any term or provision of this Agreement is invalid or otherwise unenforceable shall operate to invalidate or render unenforceable any other term or provision of this Agreement and all remaining provisions shall be enforced in accordance with their terms. (i) Counterparts and Signatures. This Agreement and any amendment thereto may be executed in any number of counterparts, each of which shall be deemed an original but all of which together shall constitute one and the same single document, and any such counterpart containing an electronically scanned or facsimile signature will have the same effect as original manual signatures. (j) Governing Law. This Agreement will be governed by and construed under, and the legal relations between the parties hereto will be determined in accordance with, the laws of the State of Florida, without giving effect to such state's conflict of law principles. (k) Headings. The section headings are for reference and convenience only and will not be considered in the interpretation of this Agreement. (1) Entire Agreement. This Agreement, including any other attachments, exhibits and schedules hereto, which are hereby incorporated by reference into this Agreement, constitutes the entire agreement between the parties with respect to its subject matter and supersedes all other agreements, oral or written, relating to its subject matter. There are no other representations, understandings or agreements between the parties relative to such subject matter. This Agreement may not be amended, altered or modified except by a writing signed by the parties. (m) Due Authority. Each party represents to the other that it is duly authorized to execute this Agreement and to perform its obligations hereunder according to the terms set forth herein. Each party further represents that its execution of this Agreement and performance of its obligations hereunder are not and will not be in violation of any obligations it may have to any third party. (n) SECNAP Intellectual Property. Client covenants, represents and warrants, notwithstanding any other provision of this Agreement, that it shall in no way interfere with, impair, disseminate or cause dissemination of, or decompile, disassemble or reverse engineer, copy, modify or translate any SECNAP Intellectual Property (as defined below). Client shall have no right, title, claims or interest in or to the SECNAP Intellectual Property and no license of SECNAP Intellectual Property is intended or implied, beyond the limited use license and restrictions on use stated herein. Client may not use the SECNAP Intellectual Property or related documentation, other than in connection with the Services and in accordance with this Agreement, or grant any other person or entity the right to do so. Upon the expiration or termination of this Agreement for any reason, Client shall deliver, or cause to be delivered or returned, to SECNAP all physical property and electronic media that contains any of SECNAP's Intellectual Property. "SECNAP Intellectual Property" means any and all "Inventions" (as defined below) and other information (whether conveyed visually, orally or in writing) owned by SECNAP or in which SECNAP has "Rights" (as defined below), 1.844.638.7328 j sales@secnap.com 1 CJX-SE-V22.2 7 of 8 about algorithms, trade secrets, computer software, designs, technology, ideas, know-how, show - how, products, services, processes, data, techniques, improvements, inventions (whether or not patentable), works of authorship, and other information concerning SECNAP's actual or anticipated business, technologies, research or development, or which is received in confidence by or for SECNAP from any third party. "Rights" means any and ail patent rights, copyright rights, trade secret rights, sui generis database rights and all other intellectual property, industrial property and proprietary rights recognized anywhere in the world, now or in the future. "Inventions" means any and all improvements, inventions (whether or not patentable), works of authorship, derivative works, trade secrets, technology, computer software, algorithms, formulas, compositions, ideas, designs, processes, techniques, know-how and data made, conceived, reduced to practice or developed (in whole or in part, either alone or jointly with others). (o) Survival. The parties agree that the provisions herein regarding intellectual property ownership, confidentiality, indemnification and limitation on liability shall survive any termination, expiration or cancellation of either this Agreement or the license to use the Services, Licensed Software and equipment granted herein. (P) (q) Certain Interpretations. The Section and Paragraph headings in this Agreement are inserted only as a matter of convenience, and in no way define, limit, or extend or interpret the scope of this Agreement or of any particular Section or Paragraph. Pronouns, wherever used, and whatever gender, shall include natural persons, companies, partnerships, trusts, corporations, and associations of every kind and character, and the singular shall include the plural wherever and as often as may be appropriate. Whenever the terms "hereof', "hereby", "herein", "hereunder" or words of similar import are used in this Agreement, they shall be construed as referring to this Agreement in its entirety rather than to a particular section, paragraph or provision. References in this Agreement to articles, sections, paragraphs, subsections, schedules or exhibits are to articles, sections, subsections, paragraphs, schedules or exhibits in or to this Agreement unless otherwise stated. The term "person" shall mean any governmental authority or any individual, firm, partnership, corporation, limited liability company, joint venture, trust, unincorporated organization or other entity or organization. In construing this Agreement, a defined term has its defined meaning throughout this Agreement, regardless of whether it appears before or after the place where it is defined. The language used in this Agreement shall be deemed language chosen by the parties to express their mutual intent, each having an equal opportunity to participate in the drafting of the provisions hereof; accordingly, in construing this Agreement, no party shall be presumed or deemed to be the "drafter" or "preparer" hereof and no rule of strict construction shall be applied against any party. NO JURY TRIAL. EACH PARTY HERETO WAIVES HIS, HER OR ITS RIGHT TO A JURY TRIAL IN THE EVENT OF ANY DISPUTE OR LITIGATION ARISING HEREUNDER OR UNDER ANY RELATED TRANSACTION OR DOCUMENT EXECUTED IN CONNECTION HEREWITH. IN WITNESS WHEREOF, the parties hereto have executed this Agreement on the first page above, entitled "Statement of Work — "CloudJacketX Platform Statement of Work". This Statement of Work for "CloudJacketX Platform Statement of Work" ("Agreement") is a part of the Master Service Agreement that has been entered into between SECNAP and the Client identified on the first page. 1.844.638.7328 1 sales@secnap.com 1 CJX-SE-V22.2 8 of 8 Local Government:s Are Under Attack Hackers commonly breach municipal IT systems by Sandy Reeser VC3 Can you imagine how more than 600,000 residents would feel about not being able to call an ambulance, a fire truck or a police officer? That happened in Baltimore when its 311 and 911 systems were hacked in 2018. The city lost its 311 and 911 services for 17 hours. Also in 2018, Atlanta, a city with almost half a million people, was without many city services for a week due to hacking. Police were handwriting reports of crimes. The courts were backlogged. People couldn't pay their municipal bills. Even more recently, in March 2019, Jackson County, Ga., paid $400,000 in ransom to hackers to recover its encrypted data. These cyber incidents not uncommon. Local government has become one of the top hacker targets. Many cities are attacked every day, and some of them are attacked on an hourly basis, according to the ICMA Cybersecurity Research Report. (To ac- cess the information in the report, go to icma.org/documents/ cybersecurity-survey-snapshot.) Municipalities face two significant challenges in fightingthis battle. First, unlike commercial businesses, local governments are required by law to publish a lot of information about their daily operations. This requirement is certainly positive from the per- spective of transparency to your citizens, but unfortunately, it also provides hackers with information that they can exploit to gain access to your data and your cash. Additionally, most local governments cannot af- ford to hire full-time security experts, and current staff are not equipped or have the time to become security experts or to maintain a working knowl- edge of this rapidly changing landscape. No city is immune. Most hacking attempts go un- detected unless the hackers deliberately set out to make their feat obvious. Breaches sometimes aren't discovered for months. Many cities are stuck with aging infrastructure, outdated software and ancient technology, along with weak security policies and limited budgets. They are fighting a battle against hackers who are incredibly skilled in their field, possess the latest hardware and technology, and are determined to demonstrate their computer prowess in the most extravagant fashion possible. Many more hackers are in it strictly for the money. Hourly or more At least once a day Less than daily Don't know BUStI SS WATCH Business Watch connects businesses and local government elected officials, leaders and management, and it provides a unique network to share knowledge necessary to both the public and private sectors. Together, Business Watch government and corporate members are a powerful coalition to better our economy, Influence public policy and strengthen our communities. Visit businesswatchinc.com to learn more. PROTECTION FROM HACKERS Your email system is a prime target for attack. The following steps will help you protect it from hackers. Educate your employees. Employees shouldn't open any attach- ment that isn't expected or isn't from a known source. If there is anything suspicious about it, they should call the sender and ask if he or she sent it or contact their technology staff person. Incorporate anti-spam filtering on your email system. Anti-spam filtering will rid your system of most of the threats, but filtering is meant to supplement the education of your workers. You must teach employees not to assume that everything in email is safe. Have up-to-date software. Even if you have the latest operating system, it is essential that regular updating and patching is per- formed to ensure your system stays secure and minimizes your exposure to hackers. The security of your software and email are only part of the equation. If you believe your city needs outside assistance, con- sider engaging with a technology partner that specializes in local government security analysis. Sandy Reeser is CEO of VC3 Inc., an IT services and computer con- sultant. For more information, call Christie Williams with VC3 at (404) 790-3885. Oc ICMA REPORTED ATTACK RATES Attacks Incidents 27.7% 4.8% 19.4% 23.8% 29.1% Breaches 4.3% 3.4% 29.9% 162.4% Attacks are attempts to gain unauthorized access to cause mischief or do harm. Incidents are events that compromise confidentiality, integrity or availability of a computer system. Breaches are incidents that result in confirmed disclosure of information to an unauthorized person. Source: 2016 Cybersecurity Survey conducted by ICMA, the International City/ County Management Association, and the University of Maryland, Baltimore County. MAY/JUNE 2019 1 QUALITY CITIES 33