No preview available
HomeMy WebLinkAboutC22-217 Revize Software Systems AGREEMENT FOR SERVICES BETWEEN EAGLE COUNTY, COLORADO AND REVIZE SOFTWARE SYSTEMS THIS AGREEMENT (“Agreement”) is effective as of _________________ by and between Revize Software Systems (hereinafter “Vendor”, “Contractor” or “Consultant”) and Eagle County, Colorado, a body corporate and politic (hereinafter “County” or “Client”). RECITALS WHEREAS, Eagle County is in need of a redesigned website, www.eaglecounty.us, (the “Project”); and WHEREAS, Contractor is authorized to do business in the State of Colorado and has the time, skill, expertise, and experience necessary to provide the Services as defined below in paragraph 1 hereof; and WHEREAS, this Agreement shall govern the relationship between Contractor and County in connection with the Services. AGREEMENT NOW, THEREFORE, in consideration of the foregoing and the following promises Contractor and County agree as follows: 1. Services or Work. Contractor agrees to diligently provide all services, labor, personnel and materials necessary to perform and complete the services or work described in Exhibit A (“Services” or “Work”) which is attached hereto and incorporated herein by reference. The Services shall be performed in accordance with the provisions and conditions of this Agreement. a. Contractor agrees to furnish the Services no later than December 1, 2022 and in accordance with the schedule established in Exhibit A. If no completion date is specified in Exhibit A, then Contractor agrees to furnish the Services in a timely and expeditious manner consistent with the applicable standard of care. By signing below Contractor represents that it has the expertise and personnel necessary to properly and timely perform the Services. b. In the event of any conflict or inconsistency between the terms and conditions set forth in Exhibit A and the terms and conditions set forth in this Agreement, the terms and conditions set forth in this Agreement shall prevail. 2. County’s Representative. The Communications Department’s designee shall be Contractor’s contact with respect to this Agreement and performance of the Services. 3. Term of the Agreement. This Agreement shall commence upon the date first written above, and subject to the provisions of paragraph 11 hereof, shall continue in full force and effect for one year. 4. Extension., Renewal, or Modification. This Agreement shall commence upon the date first written above, and subject to the provisions of paragraph 11 hereof, shall continue for one year. Thereafter, this agreement shall be automatically renewed for successive periods of 12 months (each a “Renewal Term”), unless either party notifies the other party of termination, in writing, at least sixty (60) days before the end of the initial Term or any Renewal Period. Any amendments or modifications shall be in writing signed by both parties. No additional services or work performed DocuSign Envelope ID: F5EF3A65-879C-49B3-ABA2-33214BC0632D 6/10/2022 by Contractor shall be the basis for additional compensation unless and until Contractor has obtained written authorization and acknowledgement by County for such additional services in accordance with County’s internal policies. Accordingly, no course of conduct or dealings between the parties, nor verbal change orders, express or implied acceptance of alterations or additions to the Services, and no claim that County has been unjustly enriched by any additional services, whether or not there is in fact any such unjust enrichment, shall be the basis of any increase in the compensation payable hereunder. In the event that written authorization and acknowledgment by County for such additional services is not timely executed and issued in strict accordance with this Agreement, Contractor’s rights with respect to such additional services shall be deemed waived and such failure shall result in non-payment for such additional services or work performed. 5. Compensation. County shall compensate Contractor for the performance of the Services in a sum computed and payable as set forth in Exhibit A. The performance of the Services under this Agreement shall not exceed $75,000. Contractor shall not be entitled to bill at overtime and/or double time rates for work done outside of normal business hours unless specifically authorized in writing by County. a. Fee’s will be made for Services satisfactorily performed per Exhibit A. All invoices shall include detail regarding the hours spent, tasks performed, who performed each task and such other detail as County may request. b. If, at any time during the term or after termination or expiration of this Agreement, County reasonably determines that any payment made by County to Contractor was improper because the Services for which payment was made were not performed as set forth in this Agreement, then upon written notice of such determination and request for reimbursement from County, Contractor shall forthwith return such payment(s) to County. Upon termination or expiration of this Agreement, unexpended funds advanced by County, if any, shall forthwith be returned to County. c. County will not withhold any taxes from monies paid to the Contractor hereunder and Contractor agrees to be solely responsible for the accurate reporting and payment of any taxes related to payments made pursuant to the terms of this Agreement. d. Notwithstanding anything to the contrary contained in this Agreement, County shall have no obligations under this Agreement after, nor shall any payments be made to Contractor in respect of any period after December 31 of any year, without an appropriation therefor by County in accordance with a budget adopted by the Board of County Commissioners in compliance with Article 25, title 30 of the Colorado Revised Statutes, the Local Government Budget Law (C.R.S. 29-1-101 et. seq.) and the TABOR Amendment (Colorado Constitution, Article X, Sec. 20). 6. Subcontractors. Contractor acknowledges that County has entered into this Agreement in reliance upon the particular reputation and expertise of Contractor. Contractor shall not enter into any subcontractor agreements for the performance of any of the Services or additional services without County’s prior written consent, which may be withheld in County’s sole discretion. County shall have the right in its reasonable discretion to approve all personnel assigned to the subject Project during the performance of this Agreement and no personnel to whom County has an objection, in its reasonable discretion, shall be assigned to the Project. Contractor shall require each subcontractor, as approved by County and to the extent of the Services to be performed by the subcontractor, to be bound to Contractor by the terms of this Agreement, and to assume toward Contractor all the obligations and responsibilities which Contractor, by this Agreement, assumes toward County. County shall have the right (but not the obligation) to enforce the provisions of this Agreement against any subcontractor hired by Contractor and Contractor shall cooperate in such process. The Contractor shall be responsible for the acts and omissions of its agents, employees and subcontractors. DocuSign Envelope ID: F5EF3A65-879C-49B3-ABA2-33214BC0632D 7. Insurance. Contractor agrees to provide and maintain at Contractor’s sole cost and expense, the following insurance coverage with limits of liability not less than those stated below: a. Types of Insurance. i. Workers’ Compensation insurance as required by law. ii. Auto coverage with limits of liability not less than $1,000,000 each accident combined bodily injury and property damage liability insurance, including coverage for owned, hired, and non-owned vehicles. iii. Commercial General Liability coverage to include premises and operations, personal/advertising injury, products/completed operations, broad form property damage with limits of liability not less than $1,000,000 per occurrence and $1,000,000 aggregate limits. iv. Professional Liability (Errors and Omissions) including Cyber Liability with prior acts coverage for all deliverables, Services and additional services required hereunder, in a form and with insurer or insurers satisfactory to County, with limits of liability of not less than $2,000,000 per claim and $2,000,000 in the aggregate. The insurance shall provide coverage for (i) liability arising from theft, dissemination and/or use of confidential information stored or transmitted in electronic form; (ii) Network Security Liability arising from unauthorized access to, use of or tampering with computer systems including hacker attacks, inability of an authorized third party to gain access to your Software or Services including denial of access or Services unless caused by a mechanical or electrical failure; (iii) liability arising from the introduction of a computer virus into, or otherwise causing damage to, County or a third person’s computer, computer system, network or similar computer related property and the data, software and programs thereon. v. Crime Coverage shall include employee dishonesty, forgery or alteration and computer fraud. If Consultant is physically located on County premises, third party fidelity coverage extension shall apply. The policy shall include coverage for all directors, officers and employees of the Consultant. The bond or policy shall include coverage for extended theft and mysterious disappearance. The bond or policy shall not contain a condition requiring an arrest or conversion. Limits shall be a minimum of $1,000,000 per loss. b. Other Requirements. i. The automobile and commercial general liability coverage shall be endorsed to include Eagle County, its associated or affiliated entities, its successors and assigns, elected officials, employees, agents and volunteers as additional insureds. A certificate of insurance consistent with the foregoing requirements is attached hereto as Exhibit B. ii. Contractor’s certificates of insurance shall include subcontractors, if any as additional insureds under its policies or Contractor shall furnish to County separate certificates and endorsements for each subcontractor. iii. The insurance provisions of this Agreement shall survive expiration or termination hereof. iv. The parties hereto understand and agree that the County is relying on, and does not waive or intend to waive by any provision of this Agreement, the monetary limitations or rights, immunities and protections provided by the Colorado Governmental Immunity Act, as from time to time amended, or otherwise available to County, its affiliated entities, successors or assigns, its elected officials, employees, agents and volunteers. v. Contractor is not entitled to workers’ compensation benefits except as DocuSign Envelope ID: F5EF3A65-879C-49B3-ABA2-33214BC0632D provided by the Contractor, nor to unemployment insurance benefits unless unemployment compensation coverage is provided by Contractor or some other entity. The Contractor is obligated to pay all federal and state income tax on any moneys paid pursuant to this Agreement. 8. Indemnification. The Contractor shall indemnify and hold harmless County, and any of its officers, agents and employees against any losses, claims, damages or liabilities for which County may become subject to insofar as any such losses, claims, damages or liabilities arise out of, directly or indirectly, this Agreement, or are based upon any performance or nonperformance by Contractor or any of its subcontractors hereunder; and Contractor shall reimburse County for reasonable attorney fees and costs, legal and other expenses incurred by County in connection with investigating or defending any such loss, claim, damage, liability or action. This indemnification shall not apply to claims by third parties against the County to the extent that County is liable to such third party for such claims without regard to the involvement of the Contractor. This paragraph shall survive expiration or termination hereof. 9. Ownership of Documents. All documents (including electronic files) and materials obtained during, purchased or prepared in the performance of the Services shall remain the property of the County and are to be delivered to County before final payment is made to Contractor or upon earlier termination of this Agreement. 10. Notice. Any notice required by this Agreement shall be deemed properly delivered when (i) personally delivered, or (ii) when mailed in the United States mail, first class postage prepaid, or (iii) when delivered by FedEx or other comparable courier service, charges prepaid, to the parties at their respective addresses listed below, or (iv) when sent via facsimile so long as the sending party can provide facsimile machine or other confirmation showing the date, time and receiving facsimile number for the transmission, or (v) when transmitted via e-mail with confirmation of receipt. Either party may change its address for purposes of this paragraph by giving five (5) days prior written notice of such change to the other party. COUNTY: Eagle County, Colorado Attention: Justin Patrick 500 Broadway Post Office Box 850 Eagle, CO 81631 Telephone: 970-328-8614 E-Mail: Justin.Patrick@eaglecounty.us With a copy to: Eagle County Attorney 500 Broadway Post Office Box 850 Eagle, Co 81631 Telephone: 970-328-8685 E-Mail: atty@eaglecounty.us CONTRACTOR: Revise Software Systems Attention: Thomas J. Jean 150 Kirts Blvd. Troy, MI 48084 Ph: 248-269-9263 x8035 DocuSign Envelope ID: F5EF3A65-879C-49B3-ABA2-33214BC0632D Thomas.Jean@revize.com 11. Termination. County may terminate this Agreement, in whole or in part, at any time and for any reason, with or without cause, and without penalty therefor with thirty (30) calendar days’ prior written notice to the Vendor. a. Either party may terminate this Agreement in the event that the other party commits a material breach of this Agreement and fails to cure such material breach within twenty (20) days after receiving written notice of the same. b. In the event of a termination of the contract, the vendor shall implement an orderly return of County Data in a CSV or another mutually agreeable format at a time agreed to by the parties and the subsequent secure disposal of County Data. c. In the event that the contract is terminated, for any reason, Revize will provide the latest version of the Revize CMS to the CLIENT. This system will then have the ability to be hosted and used by the CLIENT as long as they wish. Revize will provide reasonable support in transferring the CMS system to the CLIENT’s decided upon hosting architecture. d. In the event of a termination of this Agreement, County will cease use of the Services, except as needed for the orderly return of County Data. e. During any period of service suspension, the vendor shall not take any action to intentionally erase any County Data. f. In the event of termination of any services or agreement in entirety, the vendor shall not take any action to intentionally erase any County Data for a period of 60 days after the effective date of termination. After such period, the vendor shall have no obligation to maintain or provide any County Data and shall thereafter, unless legally prohibited. After the 60 day period, unless otherwise agreed upon by Vendor and County in writing, Vendor will securely dispose all County Data in its systems or otherwise in its possession or under its control. g. The County shall be entitled to any post-termination technical assistance generally made available with respect to the services. h. The vendor shall securely dispose of all requested data in all of its forms, such as but not limited to; disk, CD/ DVD, backup tape, electronic backups and paper, when requested by the County. Data shall be permanently deleted and shall not be recoverable, according to National Institute of Standards and Technology (NIST)- approved methods. Certificates of destruction shall be provided to the County. 12. Venue, Jurisdiction and Applicable Law. Any and all claims, disputes or controversies related to this Agreement, or breach thereof, shall be litigated in the District Court for Eagle County, Colorado, which shall be the sole and exclusive forum for such litigation. This Agreement shall be construed and interpreted under and shall be governed by the laws of the State of Colorado. 13. Execution by Counterparts; Electronic Signatures. This Agreement may be executed in two or more counterparts, each of which shall be deemed an original, but all of which shall constitute one and the same instrument. The parties approve the use of electronic signatures for execution of this Agreement. Only the following two forms of electronic signatures shall be permitted to bind the parties to this Agreement: (i) Electronic or facsimile delivery of a fully executed copy of the signature page; (ii) the image of the signature of an authorized signer inserted onto PDF DocuSign Envelope ID: F5EF3A65-879C-49B3-ABA2-33214BC0632D format documents. All documents must be properly notarized, if applicable. All use of electronic signatures shall be governed by the Uniform Electronic Transactions Act, C.R.S. 24-71.3-101 to 121. 14. Other Contract Requirements and Contractor Representations. a. Contractor has familiarized itself with the nature and extent of the Services to be provided hereunder and the Property, and with all local conditions, federal, state and local laws, ordinances, rules and regulations that in any manner affect cost, progress, or performance of the Services. b. Contractor will make, or cause to be made, examinations, investigations, and tests as he deems necessary for the performance of the Services. c. To the extent possible, Contractor has correlated the results of such observations, examinations, investigations, tests, reports, and data with the terms and conditions of this Agreement. d. To the extent possible, Contractor has given County written notice of all conflicts, errors, or discrepancies. e. Contractor shall be responsible for the completeness and accuracy of the Services and shall correct, at its sole expense, all significant errors and omissions in performance of the Services. The fact that the County has accepted or approved the Services shall not relieve Contractor of any of its responsibilities. Contractor shall perform the Services in a skillful, professional and competent manner and in accordance with the standard of care, skill and diligence applicable to contractors performing similar services. Contractor represents and warrants that it has the expertise and personnel necessary to properly perform the Services and shall comply with the highest standards of customer service to the public. Contractor shall provide appropriate supervision to its employees to ensure the Services are performed in accordance with this Agreement. This paragraph shall survive termination of this Agreement. f. Contractor agrees to work in an expeditious manner, within the sound exercise of its judgment and professional standards, in the performance of this Agreement. Time is of the essence with respect to this Agreement. g. This Agreement constitutes an agreement for performance of the Services by Contractor as an independent contractor and not as an employee of County. Nothing contained in this Agreement shall be deemed to create a relationship of employer-employee, master-servant, partnership, joint venture or any other relationship between County and Contractor except that of independent contractor. Contractor shall have no authority to bind County. h. Contractor represents and warrants that at all times in the performance of the Services, Contractor shall comply with any and all applicable laws, codes, rules and regulations. i. This Agreement contains the entire agreement between the parties with respect to the subject matter hereof and supersedes all other agreements or understanding between the parties with respect thereto. j. Contractor shall not assign any portion of this Agreement without the prior written consent of the County. Any attempt to assign this Agreement without such consent shall be void. k. This Agreement shall be binding upon and shall inure to the benefit of the parties hereto and their respective permitted assigns and successors in interest. Enforcement of this Agreement and all rights and obligations hereunder are reserved solely for the parties, and not to any third party. DocuSign Envelope ID: F5EF3A65-879C-49B3-ABA2-33214BC0632D l. No failure or delay by either party in the exercise of any right hereunder shall constitute a waiver thereof. No waiver of any breach shall be deemed a waiver of any preceding or succeeding breach. m. The invalidity, illegality or unenforceability of any provision of this Agreement shall not affect the validity or enforceability of any other provision hereof. n. The signatories to this Agreement aver to their knowledge no employee of the County has any personal or beneficial interest whatsoever in the Services or Property described in this Agreement. The Contractor has no beneficial interest, direct or indirect, that would conflict in any manner or degree with the performance of the Services and Contractor shall not employ any person having such known interests. o. The Contractor, if a natural person eighteen (18) years of age or older, hereby swears and affirms under penalty of perjury that he or she (i) is a citizen or otherwise lawfully present in the United States pursuant to federal law, (ii) to the extent applicable shall comply with C.R.S. 24-76.5-103 prior to the effective date of this Agreement. 15. Definitions: a. “Authorized Persons” means Vendor’s employees, contractors, subcontractors or other agents who need to access the County Data to enable the Vendor to perform the services required. b. “Data Breach” means the unauthorized access by a non-Authorized Person(s) that results in the use, disclosure or theft of a County Data. c. “County Data” means all data created or in any way originating with the County, and all data that is the output of computer processing of or other electronic manipulation of any data that was created by or in any way originated with the County or was shared with the County by another law enforcement agency, whether such data or output is stored on the County’s hardware, the vendor’s hardware or exists in any system owned, maintained or otherwise controlled by the County or by the vendor. d. “County Identified Contact” means the person or persons designated in writing by the County to receive security incident or breach notification. e. “Security Incident” means the potentially unauthorized access by non-authorized persons to personal data or non-public data the vendor believes could reasonably result in the use, disclosure or theft of a County Data within the possession or control of the vendor. A security incident may or may not turn into a data breach. f. “Go Live” means the first productive use of the Software after cutover to the System. 16. Authentication and Authorization. A documented authentication and authorization policy including multi- factor authentications requirements must cover all applicable systems. That policy must include password provisioning requirements, password complexity requirements, password resets, thresholds for lockout attempts, thresholds for inactivity, and assurance that no shared accounts are utilized. 17. Compatibility: Contractor will provide browser compatibility and test compatibility within 30 days of any new release on web browsers. Contractor will ensure that older versions of browsers that are used by more than 5% of the Customers are supported. Contractor shall not require any plug-ins in order to access any Services functionality. 18. Support Services Response Times. Table 1 shows the priority assigned to faults according to the perceived importance of the reported situation. The priority assignment is to refer to the initial telephone response to the client as per fault matrix. DocuSign Envelope ID: F5EF3A65-879C-49B3-ABA2-33214BC0632D Table 1 Client Guide for Support (Report Method Details) - Fault Matrix Crisis: • Crisis issues are issues that make your website completely inoperable. In this case you should call our tech support team immediately at 248-269-9263 • Example(s) include: Entire website not accessible from multiple devices/browsers Urgent: • Urgent issues are issues that render your system partially inoperable. These requests can be submitted to our tech support team through phone or within our customer portal www.support.revize.com • Example(s) include: Partial portion of website not accessible from multiple devices/browsers, unapproved information on the website, or time sensitive information not available on live website. Critical: • Critical Issues are issues that deny you the ability to perform a core function of the system. These requests should be submitted to the customer portal www.support.revize.com • Example(s) include: CMS not publishing to live site, perceived slow load time, content updates not appearing as intended in live site. Normal: • Normal issues are issues that deny usability of limited functions of the system. These requests should be submitted to the customer portal www.support.revize.com • Example(s) include: General site irregularities, login issues, photo resizing, or image/graphic requests. 19. Website Application Availability Monitoring. Website application availability monitoring will be performed by Contractor and Client using monitoring tool of their choice. If Client suspects or Contractor monitoring reveals that DocuSign Envelope ID: F5EF3A65-879C-49B3-ABA2-33214BC0632D website availability exceeds the agreed upon threshold of 99.99% in any one month, they agree to immediately open a support ticket in the customer portal to notify Revize Software Systems, LLC. of the issue. Upon resolution of downtime issue, if Client suspects the 99.99% threshold was exceeded, Client agrees to provide information to Revize Software Systems, LLC. which includes SCOM report and a written narrative describing any details of the perceived downtime issue. Upon Revize Software Systems, LLC. review and concurring thereof Revize Software Systems, LLC. County will be eligible for a credit equal to the monthly portion of annual services fee as set forth in table 2 below. This credit would be applied to the next invoice due. The credit will not be provided if support ticket was not opened or for issues caused by Client. Table 2 19. Data Ownership -Vendor acknowledges and agrees that County owns all rights, title and interest in the County Data. The vendor shall not access County user accounts or County Data, except (1) in the course of data center operations, (2) in response to service or technical issues, (3) for proactive service and problem resolution, (4) as required by the express terms of this contract or (5) at the County’s written request. 20. Data Confidentiality - Vendor agrees to keep confidential all County Data, and agrees not to sell, assign, distribute, or disclose any such confidential information to any other person or entity without seeking written permission from the County. 21. Data Protection - Protection of County Data shall be an integral part of the business activities of the Vendor to ensure there is no inappropriate or unauthorized use of County Data at any time. To this end, the vendor shall safeguard the confidentiality, integrity and availability of County Data and comply with the following conditions: a. The vendor shall implement and maintain commercially reasonable and appropriate administrative, technical and organizational security measures to safeguard against unauthorized access, disclosure or theft of County Data. Such security measures shall be in accordance with recognized industry practice. DocuSign Envelope ID: F5EF3A65-879C-49B3-ABA2-33214BC0632D b. The vendor shall enforce separation of job duties, require commercially reasonable non-disclosure agreements, and limit staff knowledge of County Data to that which is absolutely necessary to perform job duties. c. All data obtained by the vendor in the performance of this contract shall become and remain the property of the County. d. All County Data shall be encrypted in transit with controlled access, with the level of protection and encryption identified for County upon request. Unless otherwise stipulated, the vendor is responsible for encryption of the County data. e. At no time shall any data or processes — that either belong to or are intended for the use of a County or its officers, agents or employees — be copied, disclosed or retained by the vendor or any party related to the vendor for subsequent use in any transaction that does not include the County. f. The vendor shall not use any information collected in connection with the service issued from this proposal for any purpose other than fulfilling this agreement. 22. Security Incident or Data Breach Notification - The vendor shall inform the County of any security incident or data breach. a. Incident Response: The vendor may need to communicate with outside parties regarding a security incident, which may include contacting law enforcement, fielding media inquiries and seeking external expertise as mutually agreed upon, defined by law or contained in the contract. Discussing security incidents with the County should be handled on an urgent as-needed basis, as part of vendor communication and mitigation processes as mutually agreed upon, defined by law or contained in the contract. b. Security Incident Reporting Requirements: The vendor shall report a security incident to the appropriate County identified contact immediately. c. Breach Reporting Requirements: If the vendor has actual knowledge of a confirmed data breach that affects the security of any County content that is subject to applicable data breach notification law, the vendor shall (1) promptly notify the appropriate County identified contact within 24 hours or sooner, unless shorter time is required by applicable law, and (2) take commercially reasonable measures to address the data breach in a timely manner. In the case of a data breach originating from the County’s responsibilities, the vendor will work with the County to identify and resolve the Breach, but the County will be responsible for any remediation steps as required by law. 23. Data Breach Responsibilities - The vendor, unless stipulated otherwise, shall immediately notify the appropriate County identified contact by telephone and email in accordance with the agreed upon security plan or security procedures if it reasonably believes there has been a security incident. a. In the case of a Data Breach originating from the County, the vendor will provide assistance to the County for identification and resolution, but the County will have sole responsibility for any remediation actions necessary as a result of the Breach. b. The vendor, unless stipulated otherwise, shall promptly notify the appropriate County identified contact within 24 hours or sooner by telephone and email, unless shorter time is required by applicable law, if it confirms that there is, or reasonably believes that there has been a data breach. The vendor shall (1) cooperate with the County as reasonably requested by the County to investigate and resolve the data breach, (2) promptly implement necessary remedial measures, if necessary, and (3) document responsive actions taken related to the data breach, including any post-incident review of events and actions taken to make changes in business practices in providing the services, if necessary. c. Unless otherwise stipulated, if a data breach is a direct result of the vendor’s breach of its contract obligation to encrypt personal data or otherwise prevent its release, the vendor shall bear the costs associated with (1) the investigation and resolution of the data breach; (2) notifications to individuals, regulators or others required by state law; (3) a credit monitoring service required by state (or federal) law; (4) a website or a toll-free number and call center for affected individuals required by state law — all not to exceed the average per record per DocuSign Envelope ID: F5EF3A65-879C-49B3-ABA2-33214BC0632D person cost calculated for data breaches in the United States; and (5) complete all corrective actions as reasonably determined by vendor based on root cause; all [(1) through (5)] subject to this contract’s limitation of liability. 24. Notification of Legal Requests - The vendor shall contact the County upon receipt of any electronic discovery, litigation holds, discovery searches and expert testimonies related to the County’s Data under this contract, or which in any way might reasonably require access to the County’s Data. The vendor shall not respond to subpoenas, service of process and other legal requests related to the County without first notifying the County, unless prohibited by law from providing such notice. 25. Access to Security Logs and Reports- Upon request the Vendor shall provide the County within a timely manner, access to Security Logs and Reports, Data Center Audit or Vulnerability Scanning reports. 26. Data Center Audit or Vulnerability Scanning - To ensure the security of County Data maintained by Vendor, the Vendor shall engage an independent third party or utilize independent third-party software services to perform an independent audit or vulnerability scanning of its data centers at least annually at its expense, and provide a redacted version of the audit report upon request. The vendor may remove its proprietary information from the redacted version. This audit or vulnerability scanning shall include at minimum a scan of the organization’s internet perimeter, web application firewall, physical access to data center, crawling and testing web applications to identify vulnerabilities including for cross-site scripting and SQL injection. Any items that don’t meet standards or are marked as critical must be addressed and corrected by Vendor in a timely manner, as mutually agreed upon by the Parties. 27. Change Control and Advance Notice -The vendor shall give 10 business days advance notice and detailed release notes regarding changes to the services to the County of any upgrades that may impact service availability and performance. 28. Export of Data - The County shall have the ability to export data in piecemeal or in entirety at its discretion without interference from the vendor. This includes the ability for the County to export data to/from other vendors or service providers in a CSV format and image file format or other mutually agreeable format. 30. Business Continuity and Disaster Recovery - As a part of the Services, vendor is responsible for maintaining a backup of County Data and for an orderly and timely recovery of such data in the event that the Services may be interrupted. Vendor shall maintain a contemporaneous backup of County Data that can be recovered within one day (24 hours) at any point in time. Additionally, vendor shall store a backup of County Data in an off-site “hardened” facility no less than weekly, maintaining the security of County Data, the security requirements of which are further described herein. 31. PCI compliance - If, in the course of its engagement by County, Contractor has access to or will collect, access, use, store, process, dispose of or disclose credit, debit or other payment cardholder information, Contractor shall at all times remain in compliance with the Payment Card Industry Data Security Standard (“PCI DSS”) requirements, including remaining aware at all times of changes to the PCI DSS and promptly implementing all procedures and practices as may be necessary to remain in compliance with the PCI DSS, in each case, at Contractor's sole cost and expense. 32. HIPAA compliance - Contract agrees to meet all requirements under the federal Health Insurance Portability and Accountability Act for all Personal Health Information (“HIPAA”), if applicable. The Contractor shall submit to the County, within fifteen (15) days of the County’s written request, copies of the Contractor’s policies and procedures to DocuSign Envelope ID: F5EF3A65-879C-49B3-ABA2-33214BC0632D maintain the confidentiality of protected health information to which the Contractor has access, and if applicable, Contractor shall comply with all HIPAA requirements. [REST OF PAGE INTENTIONALLY LEFT BLANK] DocuSign Envelope ID: F5EF3A65-879C-49B3-ABA2-33214BC0632D IN WITNESS WHEREOF, the parties have executed this Agreement the day and year first set forth above. COUNTY OF EAGLE, STATE OF COLORADO, By and Through Its COUNTY MANAGER By: ______________________________ Jeff Shroll, County Manager CONSULTANT Revise Software Systems By: _____________________________________ Print Name: ______________________________ Title: ____________________________________ DocuSign Envelope ID: F5EF3A65-879C-49B3-ABA2-33214BC0632D CTO Akshaya Ray 1 Eagle County Professional Services IT Final 4/28/2022 EXHIBIT A SCOPE OF SERVICES, SCHEDULE, FEES Revize Web Services Sales Agreement This Sales Agreement is between Eagle County, Colorado (“CLIENT”) and Revize LLC, aka Revize Software Systems, (“Revize”). Federal Tax ID# 20-5000179 Date: 5-23-2022 CLIENT INFORMATION: REVIZE LLC: Company Name: Eagle County Revize Software Systems Company Address: 500 Broadway 150 Kirts Blvd. Company City/State/Zip: Eagle, CO 81631 Troy, MI 48084 Contact Name: Justin Patrick 970.328.8614 248-269-9263 Billing Dept. Contact: Justin.patrick@eaglecounty.us CLIENT Website Address: www.eaglecounty.us The CLIENT agrees to purchase the following products and services provided by REVIZE: Quantity Description Price 1 Phase 1: Project Planning and Analysis, SOW, onetime fee: $2,500.00 1 Phase 2 – Discovery & Design from Scratch, onetime fee: • 1 mockup with Unlimited rounds of changes • Home page template and inner page design and layout. • Includes Responsive Web Design $9,500.00 1 Phase 3 & 4 – HTML Development & Revize CMS Integration, onetime fee: • Set-up all CMS modules listed in this agreement • Integration with all 3rd party web applications $13,200.00 1 Phase 5 – Quality Assurance Testing & Accessibility, onetime fee: $1,900.00 1 Phase 6 – Sitemap Development and Content Migration, onetime fee: • Sitemap development and content migration from old website including spell checking and style corrections – Full Migration of all webpages and documents $7,700.00 1 Phase 7 –Content Editing Training, onetime fee: $2,900.00 1 Phase 8 – Go Live: Included DocuSign Envelope ID: F5EF3A65-879C-49B3-ABA2-33214BC0632D 2 Eagle County Professional Services IT Final 4/28/2022 1 Revize Annual Software Subscription, Tech Support, CMS Updates, Website Hosting, Unlimited Users, Unlimited GB website storage, 100GB/Month Bandwidth, SSL Certificate pre-paid annual fee: $6,900.00 1 Grand Total First Year $44,600.00 Payment Schedule Payment Amount Payment Date Includes $ 33,450.00 On or about effective date for contract 75% 1st Year Project Costs $ 11,150.00 On or about website Launch 25% 1st Year Project Costs $ 6,900.00 6/1/2023 Year 2 of Annual Hosting & Maintenance $ 6,900.00 6/1/2024 Year 3 of Annual Hosting & Maintenance $ 6,900.00 6/1/2025 Year 4 of Annual Hosting & Maintenance Terms: 1. Payments: All Invoices are due upon receipt. Work begins upon receiving initial payment. 2. Revize requires a check for the amount listed above to start this project. 3. Additional content migration, if requested, is available for $3 per web page or document. 4. Additional bandwidth is available at $360 per year for each additional 50GB per month. 5. Additional website storage is available at $500 per year for each additional 10GB website storage. 6. Both parties must agree in writing to any changes or additions to this Sales Agreement. 7. CLIENT understands that project completion date is highly dependent on their timely communication with Revize. CLIENT also agrees and understands that; a. The primary communication tool for this project and future tech support is the Revize customer portal found at https://support.revize.com. b. During the project, CLIENT will respond to Revize inquiries within 48 hours of the request to avoid any delay in the project timeline. c. CLIENT understands that project timelines will be delayed if they do not respond to Revize inquiries in a timely manner. 8. Revize will provide a free redesign of the website in year 4 of the agreement. This assumes the CLIENT agrees to 4 consecutive years of annual software subscription, tech support, CMS updates, and hosting. DocuSign Envelope ID: F5EF3A65-879C-49B3-ABA2-33214BC0632D 3 Eagle County Professional Services IT Final 4/28/2022 9. CLIENT owns design, content, and will receive periodic updates to the CMS for the life of the contract. 10. Unless otherwise agreed, Revize does not migrate irrelevant records, irrelevant calendar events, irrelevant news items, irrelevant bid results, irrelevant low quality images, or irrelevant data that can reasonably be considered non-conforming to new website layout. 11. Storage is limited only to relevant website data. Unreasonably large folders of documents or images are not permitted. Examples include, but are not limited to, plat/property maps, tax records, GIS data, etc. 12. After content migration, CLIENT is responsible for any additional content cleanup. This includes, but is not limited to, resizing photos, reformatting text, replacing photos/icons, consolidating unwanted content, adding future calendar events, and general prep of the site before go live. CLIENT will also have the ability to add new photos, content, and pages. Enterprise Revize CMS License As part of this agreement Revize Software Systems, LLC. will provide to the CLIENT a full Enterprise Revize CMS Software license. This software is a proprietary software built and maintained by Revize Software Systems LLC. and is intended to allow for the CLIENT to easily update the content of their website. CLIENT agrees that this license will only be used to maintain the websites included in this agreement. Sharing of the content management system, by the CLIENT, with other entities not identified in this agreement is prohibited. Revize will maintain, update, and host the Revize CMS during the contract period. In the event that the contract is terminated, for any reason, Revize will provide the latest version of the Revize CMS to the CLIENT provided all payments for the entire length of the contract is fully paid. This system will then have the ability to be hosted and used by the CLIENT as long as they wish. Revize will provide reasonable support in transferring the CMS system to the CLIENT’s decided upon hosting architecture. Products CLIENT Owns Include: · Revize CMS License · Hosted Website · Source Files · All Included Revize Web Applications · Design & Page Content DocuSign Envelope ID: F5EF3A65-879C-49B3-ABA2-33214BC0632D 4 Eagle County Professional Services IT Final 4/28/2022 Revize will integrate the following web applications into your website The Following Applications & Features will be integrated into Your Website: In addition to the Government Content Management System that enables non- technical staff to easily and quickly create/update content in the new web site, Revize provides a suite of applications and features specifically designed for municipalities. All of those apps and features are fully described in the following section. The applications and features are grouped into five categories: Citizen’s Communication Center Apps • Notification Center with Text/Email Alerts • Bid Posting • Document Center • Email Notify • FAQs • Job Posting • Multi-use Business Directory • News Center with Facebook/Twitter Integration • Online Forms • Photo Gallery • Quick Link Buttons • Revize Web Calendar • “Share This” Social Media Flyout App • Sliding Feature Bar • Language Translator Citizen’s Engagement Center Apps • Citizen Request Center with Captcha • Public Service Request • Online Interactive Forms (Public Records Request App) • Citizen Connect (Community Blog) • Online Bill Pay • RSS Feed Staff Productivity Apps • Agenda Posting Center • Job Posting App • Image Manager • iCal Integration • Intranet • Link Checker • Menu Manager DocuSign Envelope ID: F5EF3A65-879C-49B3-ABA2-33214BC0632D 5 Eagle County Professional Services IT Final 4/28/2022 • Online Form Builder • Staff Directory • Website Content Archiving • Website Content Scheduling Site Administration and Security Features • Audit Trail • Auto Site Map Generator • History Log • URL Redirect Setup • Roles and Permission-based Security Mode • Secure Site Gateway • Unique Login/Password for each Content Editor • Web Statistics and Analytics • Workflows by Department Mobile Device and Accessibility Features • Font Size Adjustment • Alt-Tags • Responsive Website Design (RWD) DocuSign Envelope ID: F5EF3A65-879C-49B3-ABA2-33214BC0632D EXHIBIT B INSURANCE CERTIFICATE DocuSign Envelope ID: F5EF3A65-879C-49B3-ABA2-33214BC0632D SHOULD ANY OF THE ABOVE DESCRIBED POLICIES BE CANCELLED BEFORE THE EXPIRATION DATE THEREOF, NOTICE WILL BE DELIVERED IN ACCORDANCE WITH THE POLICY PROVISIONS. INSURER(S) AFFORDING COVERAGE INSURER F : INSURER E : INSURER D : INSURER C : INSURER B : INSURER A : NAIC # NAME:CONTACT (A/C, No):FAX E-MAILADDRESS: PRODUCER (A/C, No, Ext):PHONE INSURED REVISION NUMBER:CERTIFICATE NUMBER:COVERAGES IMPORTANT: If the certificate holder is an ADDITIONAL INSURED, the policy(ies) must have ADDITIONAL INSURED provisions or be endorsed. If SUBROGATION IS WAIVED, subject to the terms and conditions of the policy, certain policies may require an endorsement. A statement on this certificate does not confer rights to the certificate holder in lieu of such endorsement(s). THIS CERTIFICATE IS ISSUED AS A MATTER OF INFORMATION ONLY AND CONFERS NO RIGHTS UPON THE CERTIFICATE HOLDER. THIS CERTIFICATE DOES NOT AFFIRMATIVELY OR NEGATIVELY AMEND, EXTEND OR ALTER THE COVERAGE AFFORDED BY THE POLICIES BELOW. THIS CERTIFICATE OF INSURANCE DOES NOT CONSTITUTE A CONTRACT BETWEEN THE ISSUING INSURER(S), AUTHORIZED REPRESENTATIVE OR PRODUCER, AND THE CERTIFICATE HOLDER. OTHER: (Per accident) (Ea accident) $ $ N / A SUBRWVDADDLINSD THIS IS TO CERTIFY THAT THE POLICIES OF INSURANCE LISTED BELOW HAVE BEEN ISSUED TO THE INSURED NAMED ABOVE FOR THE POLICY PERIOD INDICATED. NOTWITHSTANDING ANY REQUIREMENT, TERM OR CONDITION OF ANY CONTRACT OR OTHER DOCUMENT WITH RESPECT TO WHICH THIS CERTIFICATE MAY BE ISSUED OR MAY PERTAIN, THE INSURANCE AFFORDED BY THE POLICIES DESCRIBED HEREIN IS SUBJECT TO ALL THE TERMS, EXCLUSIONS AND CONDITIONS OF SUCH POLICIES. LIMITS SHOWN MAY HAVE BEEN REDUCED BY PAID CLAIMS. $ $ $ $PROPERTY DAMAGE BODILY INJURY (Per accident) BODILY INJURY (Per person) COMBINED SINGLE LIMIT AUTOS ONLY AUTOSAUTOS ONLY NON-OWNED SCHEDULEDOWNED ANY AUTO AUTOMOBILE LIABILITY Y / N WORKERS COMPENSATION AND EMPLOYERS' LIABILITY OFFICER/MEMBER EXCLUDED?(Mandatory in NH) DESCRIPTION OF OPERATIONS belowIf yes, describe under ANY PROPRIETOR/PARTNER/EXECUTIVE $ $ $ E.L. DISEASE - POLICY LIMIT E.L. DISEASE - EA EMPLOYEE E.L. EACH ACCIDENT EROTH-STATUTEPER LIMITS(MM/DD/YYYY)POLICY EXP(MM/DD/YYYY)POLICY EFFPOLICY NUMBERTYPE OF INSURANCELTRINSR DESCRIPTION OF OPERATIONS / LOCATIONS / VEHICLES (ACORD 101, Additional Remarks Schedule, may be attached if more space is required) EXCESS LIAB UMBRELLA LIAB $EACH OCCURRENCE $AGGREGATE $ OCCUR CLAIMS-MADE DED RETENTION $ $PRODUCTS - COMP/OP AGG $GENERAL AGGREGATE $PERSONAL & ADV INJURY $MED EXP (Any one person) $EACH OCCURRENCE DAMAGE TO RENTED $PREMISES (Ea occurrence) COMMERCIAL GENERAL LIABILITY CLAIMS-MADE OCCUR GEN'L AGGREGATE LIMIT APPLIES PER: POLICY PRO-JECT LOC CERTIFICATE OF LIABILITY INSURANCE DATE (MM/DD/YYYY) CANCELLATION AUTHORIZED REPRESENTATIVE ACORD 25 (2016/03) © 1988-2015 ACORD CORPORATION. All rights reserved. CERTIFICATE HOLDER The ACORD name and logo are registered marks of ACORD HIREDAUTOS ONLY Eagle, Colorado 81631 500 Broadway P.O. Box 850 Eagle County, CO Eagle County, CO is named as additional insured. $10,000DEDUCTIBLE $2,000,000AGGREGATE $2,000,000PER CLAIM 9/10/20229/10/20216021626488PROFESSIONAL LIABILITY/ CYBER LIABILITYC 1,000,000 1,000,000 1,000,0009/10/20229/10/20216021635689YB 1,000,000 1,000,000 9/10/20225/2/20227033934528 10,000 A 1,000,000 9/10/20229/10/20216021635658A 4,000,000 4,000,000 2,000,000 10,000 300,000 2,000,000 9/10/20229/10/20216021635658A 20508CNA 20508CNA 20508CNA Troy, MI 48084 150 Kirts Blvd Ste B Revize LLC ivan@insurcomi.com (248) 886-9091(248) 862-2127 Ivan Kilano West Bloomfield, MI 48322 5600 W Maple Ste C310 Insurco Insurance Agency, Inc. 5/12/2022 DocuSign Envelope ID: F5EF3A65-879C-49B3-ABA2-33214BC0632D