No preview available
HomeMy WebLinkAboutC23-302 UTAPage 1 of 32 AGREEMENT FOR PROFESSIONAL SERVICES BETWEEN EAGLE COUNTY AND UTA THIS AGREEMENT (“Agreement”) is effective as of the____________ by and between Urban Transportation Associates, Inc, an Ohio corporation (hereinafter “Consultant” or “Contractor”) and Eagle County, Colorado, a body corporate and politic (hereinafter “County”). RECITALS WHEREAS, County desires to enter into a contract with Contractor to furnish a hosted Auto Passenger Counting software system and support services (the “Project”) at the ECO Transit Maintenance Service Center located at 3289 Cooley Mesa Road, Gypsum, CO 81637; and WHEREAS, Consultant is authorized to do business in the State of Colorado and has the time, skill, expertise, and experience necessary to provide the Services as defined below and in paragraph 16 hereof; and WHEREAS, this Agreement shall govern the relationship between Consultant and County in connection with the Services. NOW, THEREFORE, in consideration of the foregoing and the following promises Consultant and County agree as follows: AGREEMENT 1. DEFINITIONS. Whenever used herein, any schedules, exhibits, order forms, or addenda to this Agreement, the following terms shall have the meanings assigned below unless otherwise defined therein. Other capitalized terms used in this Agreement are defined in the context in which they are used. 1.1. “Agreement” means this cloud computing Agreement between County and Contractor, inclusive of all schedules, exhibits, attachments, addenda and other documents incorporated by reference between the County and Contractor. 1.2. “Confidential Information” means any and all records or data not subject to disclosure under CORA”). Confidential Information shall include, but is not limited to, PII, PHI, PCI, Tax Information, CJI, and personnel records not subject to disclosure under CORA. Confidential Information also means any information or data that a disclosing party treats in a confidential manner and that is marked “Confidential Information” or is considered “proprietary” prior to disclosure to the other party. Confidential Information does not include information which: (a) is public or becomes public through no breach of the confidentiality obligations herein; (b) is disclosed by the party that has received Confidential Information (the "Receiving Party") with the prior written approval of the other party; (c) was known by the Receiving Party at the time of disclosure; (d) was developed independently by the Receiving Party without use of the Confidential DocuSign Envelope ID: D1778235-A825-4267-961A-840C6BFE7517 9/13/2023 Page 2 of 32 Information; (e) becomes known to the Receiving Party from a source other than the disclosing party through lawful means; (f) is disclosed by the disclosing party to others without confidentiality obligations; or (g) is required by law to be disclosed. 1.3. “CORA” means the Colorado Open Records Act, §§24-72-200.1, et. seq., C.R.S. 1.4. “County Data” means all information, whether in oral or written (including electronic) form, created by or in any way originating with County and End Users, and all information that is the output of any computer processing, or other electronic manipulation, of any information that was created by or in any way originating with County and End Users, in the course of using and configuring the Software provided under this Agreement, and includes all records relating to County’s use of Contractor Services and Protected Information. 1.5. “Data Incident” means any accidental or deliberate event that results in or constitutes an imminent threat of the unauthorized access, loss, disclosure, modification, disruption, or destruction of any communications or information resources of the County. Data Incidents include, without limitation (i) successful attempts to gain unauthorized access to a County system or County information regardless of where such information is located; (ii) unwanted disruption or denial of service; (iii) the unauthorized use of a County system for the processing or storage of data; or (iv) changes to County system hardware, firmware, or software characteristics without the County’s knowledge, instruction, or consent. It shall also include any actual or reasonably suspected unauthorized access to or acquisition of computerized County Data that compromises the security, confidentiality, or integrity of the County Data, or the ability of County to access the County Data. 1.6. “Deliverable” means the outcome to be achieved or output to be provided, in the form of a tangible object or software that is produced as a result of Contractor’s Work that is intended to be delivered to the County by Contractor. 1.7. "Documentation" means, collectively: (a) all materials published or otherwise made available to County by Contractor that relate to the functional, operational and/or performance capabilities of the Software ; (b) all user, operator, system administration, technical, support and other manuals and all other materials published or otherwise made available by Contractor that describe the functional, operational and/or performance capabilities of the Software; (c) any Requests for Information and/or Requests for Proposals (or documents of similar effect) issued by County, and the responses thereto from Contractor, and any document which purports to update or revise any of the foregoing; and (d) the results of any Contractor “Use Cases Presentation”, “Proof of Concept” or similar type presentations or tests provided by Contractor to County. 1.8. “Downtime” means any period of time of any duration that the Softwareis not DocuSign Envelope ID: D1778235-A825-4267-961A-840C6BFE7517 Page 3 of 32 made available by Contractor to County for any reason, including scheduled maintenance or Enhancements. 1.9. “Effective Date” means the date on which this Agreement is fully approved and signed by the County as shown on the Signature Page for this Agreement. The Effective Date for Services may be set out in an order form or similar exhibit. 1.10. “End User” means the individuals (including, but not limited to employees, authorized agents, students and volunteers of County; Third Party consultants, auditors and other independent contractors performing services for County; any governmental, accrediting or regulatory bodies lawfully requesting or requiring access to any Services; customers of County provided services; and any external users collaborating with County) authorized by County to access and use the Software and the Services provided by Contractor under this Agreement. 1.11. “End User Data” includes End User account credentials and information, and all records sent, received, or created by or for End Users, including email content, headers, and attachments, and any Protected Information of any End User or Third Party contained therein or in any logs or other records of Contractor reflecting End User’s use of Contractor Services. 1.12. "Enhancements" means any improvements, modifications, upgrades, updates, fixes, revisions and/or expansions to the Software that Contractor may develop or acquire and incorporate into its standard version of the Software or which the Contractor has elected to make generally available to its customers. 1.13. “Intellectual Property Rights” includes without limitation all right, title, and interest in and to all (a) Patent and all filed, pending, or potential applications for Patent, including any reissue, reexamination, division, continuation, or continuation-in-part applications throughout the world now or hereafter filed; (b) trade secret rights and equivalent rights arising under the common law, state law, and federal law; (c) copyrights, other literary property or authors rights, whether or not protected by copyright or as a mask work, under common law, state law, and federal law; and (d) proprietary indicia, trademarks, trade names, symbols, logos, and/or brand names under common law, state law, and federal law. 1.14. “PCI” means payment card information including any data related to credit card holders’ names, credit card numbers, or other credit card information as may be protected by state or federal law. 1.15. “PII” means personally identifiable information including, without limitation, any information maintained by the County about an individual that can be used to distinguish or trace an individual’s identity, such as name, social security number, date and place of birth, mother’s maiden name, or biometric records. PII includes, but is not limited to, all information defined as personally identifiable information in §§24-72-501 and 24-73-101, C.R.S. DocuSign Envelope ID: D1778235-A825-4267-961A-840C6BFE7517 Page 4 of 32 1.16. “PHI” means any protected health information, including, without limitation any information whether oral or recorded in any form or medium: (i) that relates to the past, present, or future physical or mental condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; and (ii) that identifies the individual or with respect to which there is a reasonable basis to believe the information can be used to identify the individual. PHI includes, but is not limited to, any information defined as Individually Identifiable Health Information by the federal Health Insurance Portability and Accountability Act. 1.17. “Protected Information” includes, but is not limited to, personally-identifiable information, student records, protected health information, criminal justice information or individual financial information and other data defined under §24- 72-101 et seq., and personal information that is subject to local, state or federal statute, regulatory oversight or industry standard restricting the use and disclosure of such information. The loss of such Protected Information would constitute a direct damage to the County. 1.18. “Service” or “Services” means Contractor’s computing solutions, provided to County pursuant to this Agreement, that provide the functionality and/or produce the results described in the Documentation, including without limitation all Enhancements thereto and all interfaces. 1.19. “Subcontractor” means any third party engaged by Contractor to aid in performance of the work or the Service. 1.20. "Third Party" means persons, corporations and entities other than Contractor, County or any of their employees, contractors or agents. 1.21. “Third Party Host” means that the servers where the Contractor’s software resides is at physical location which is not controlled by the Contractor, sometimes called “managed hosting”, for example, Amazon Web Service. 2. RIGHTS AND LICENSE IN AND TO DATA 2.1. The parties agree that as between them, all rights in and to County Data shall remain the exclusive property of County, and Contractor has a limited, nonexclusive license to access and use County Data as provided in this Agreement solely for the purpose of performing its obligations hereunder. 2.2. All End User Data and County Data created and/or processed by the Service is and shall remain the property of County and shall in no way become attached to the Service, nor shall Contractor have any rights in or to the County Data without the express written permission of the County and may not include Protected Information. DocuSign Envelope ID: D1778235-A825-4267-961A-840C6BFE7517 Page 5 of 32 2.3. This Agreement does not give a party any rights, implied or otherwise, to the other’s data, content, or intellectual property, except as expressly stated in the Agreement. 2.4. County retains the right to use the Service to access and retrieve data stored on Contractor’s Service infrastructure at any time during the term of this Agreement at its sole discretion. 3. DATA PRIVACY 3.1. Contractor will use County Data and End User Data only for the purpose of fulfilling its duties under this Agreement and for County’s and its End User’s sole benefit and will not share County Data with or disclose it to any Third Party without the prior written consent of County or as otherwise required by law. By way of illustration and not of limitation, Contractor will not use County Data for Contractor’s own benefit and, in particular, will not engage in “data mining” of County Data or communications, whether through automated or human means, except as specifically and expressly required by law or authorized in writing by County. 3.2. Contractor will provide access to County Data only to those Contractor employees, contractors and subcontractors (“Contractor Staff”) who need to access the County Data to fulfill Contractor’s obligations under this Agreement. Contractor will ensure that, prior to being granted access to the County Data, Contractor Staff who perform work under this Agreement have all undergone and passed criminal background screenings; have successfully completed annual instruction of a nature sufficient to enable them to effectively comply with all data protection provisions of this Agreement; and possess all qualifications appropriate to the nature of the employees’ duties and the sensitivity of the County Data they will be handling. 3.3. If Contractor receives personal identifying information of a Colorado resident under this Agreement, Contractor shall implement and maintain reasonable written security procedures and practices that are appropriate to the nature of the personal identifying information and the nature and size of Contractor’s business and its operations. Unless Contractor agrees to provide its own security protections for the information it discloses to a third-party service provider, Contractor shall require all its third-party service providers to implement and maintain reasonable written security procedures and practices that are appropriate to the nature of the personal identifying information disclosed and reasonably designed to help protect the personal identifying information subject to this Agreement from unauthorized access, use, modification, disclosure, or destruction. Contractor and its third-party service providers that maintain electronic or paper documents that contain personal identifying information under this Agreement shall develop a written policy for the destruction of such records DocuSign Envelope ID: D1778235-A825-4267-961A-840C6BFE7517 Page 6 of 32 by shredding, erasing, or otherwise modifying the personal identifying information to make it unreadable or indecipherable when the records are no longer needed. 3.4. Contractor may provide County Data to its agents, employees, assigns, and Subcontractors as necessary to perform the work, but shall restrict access to Confidential Information to those agents, employees, assigns, and subcontractors who require access to perform their obligations under this Agreement. Contractor shall ensure all such agents, employees, assigns, and Subcontractors sign agreements containing nondisclosure provisions at least as protective as those in this Agreement, and that the nondisclosure provisions are in force at all times the agent, employee, assign, or Subcontractor has access to any Confidential Information. Contractor shall provide copies of those signed nondisclosure provisions to the County upon execution of the nondisclosure provisions if requested by the County. 4. DATA SECURITY AND INTEGRITY 4.1. All facilities, whether Contractor hosted or Third Party Hosted, used to store and process County Data will implement and maintain administrative, physical, technical, and procedural safeguards and best practices at a level sufficient to provide the requested Service availability and to secure County Data from unauthorized access, destruction, use, modification, or disclosure. Such measures include, but not limited to all applicable laws, rules, policies, publications, and guidelines including, without limitation: (i) the most recently promulgated IRS Publication 1075 for all Tax Information, (ii) the most recently updated PCI Data Security Standard from the PCI Security Standards Council for all PCI, (iii) the most recently issued version of the U.S. Department of Justice, Federal Bureau of Investigation, Criminal Justice Information Services Security Policy for all CJI, (iv) the Colorado Consumer Protection Act, (v) the Children’s Online Privacy Protection Act (COPPA), (vi) the Family Education Rights and Privacy Act (FERPA), (vii) §24-72-101 et seq., (viii) the Telecommunications Industry Association (TIA) Telecommunications Infrastructure Standard for Data Centers (TIA-942); (ix) the federal Health Insurance Portability and Accountability Act for all PHI and the HIPAA Business Associate Addendum attached to this Agreement, if applicable. The Contractor shall submit to the County, within fifteen (15) days of the County’s written request, copies of the Contractor’s policies and procedures to maintain the confidentiality of protected health information to which the Contractor has access, and if applicable, Contractor shall comply with all HIPAA requirements contained herein or attached as an Exhibit. 4.2. Contractor warrants that all County Data and End User Data will be encrypted in transmission (including via web interface) and in storage by a mutually agreed upon National Institute of Standards and Technology (NIST) approved strong encryption method and standard. DocuSign Envelope ID: D1778235-A825-4267-961A-840C6BFE7517 Page 7 of 32 4.3. Contractor shall at all times use industry-standard and up-to-date security tools, technologies and procedures including, but not limited to anti-virus and anti- malware protections and intrusion detection and reporting in providing Services under this Agreement. 4.4. Contractor shall, and shall cause its Subcontractors, to do all of the following: 4.4.1. Provide physical and logical protection for all hardware, software, applications, and data that meets or exceeds industry standards and the requirements of this Agreement. 4.4.2. Maintain network, system, and application security, which includes, but is not limited to, network firewalls, intrusion detection (host and network), annual security testing, and improvements or enhancements consistent with evolving industry standards. 4.4.3. Comply with State and federal rules and regulations related to overall security, privacy, confidentiality, integrity, availability, and auditing. 4.4.4. Provide that security is not compromised by unauthorized access to workspaces, computers, networks, software, databases, or other physical or electronic environments. 4.4.5. Promptly report all Data Incidents, including Data Incidents that do not result in unauthorized disclosure or loss of data integrity. 4.4.6. Upon reasonable prior notice, Contractor shall provide the County with scheduled access for the purpose of inspecting and monitoring access and use of County Data, maintaining County systems, and evaluating physical and logical security control effectiveness. 4.4.7. Contractor shall perform current background checks in a form reasonably acceptable to the County on all of its respective employees and agents performing services or having access to County Data provided under this Agreement, including any Subcontractors or the employees of Subcontractors. A background check performed within 30 days prior to the date such employee or agent begins performance or obtains access to County Data shall be deemed to be current. 4.4.8. Upon request by the County, Contractor will provide notice to the County IT Department confirming that background checks have been performed. Such notice will inform the County of any action taken in response to such background checks, including any decisions not to take action in response to negative information revealed by a background check. 4.4.9. If Contractor will have access to Federal Tax Information under the Agreement, Contractor shall comply with the background check DocuSign Envelope ID: D1778235-A825-4267-961A-840C6BFE7517 Page 8 of 32 requirements defined in IRS Publication 1075 and §24-50-1002, C.R.S. 4.5. Contractor shall use, hold, and maintain Confidential and Protected Information in compliance with any and all applicable laws and regulations only in facilities located within the United States, and shall maintain a secure environment that ensures confidentiality of all Confidential and Protected Information. 4.6. Prior to the Effective Date of this Agreement, Contractor, will at its expense conduct or have conducted the following, and thereafter, Contractor will at its expense conduct or have conducted the following at least once per year, and immediately after any actual or reasonably suspected Data Incident: 4.6.1. A SSAE 16/SOC 2 or other mutually agreed upon audit of Contractor’s security policies, procedures and controls; 4.6.2. A quarterly external and internal vulnerability scan of Contractor’s systems and facilities, to include public facing websites, that are used in any way to deliver Services under this Agreement. The report must include the vulnerability, age and remediation plan for all issues identified as critical or high; 4.6.3. A formal penetration test, performed by a process and qualified personnel of Contractor’s systems and facilities that are used in any way to deliver Services under this Agreement. 4.7. Contractor will provide County the reports or other documentation resulting from the above audits, certifications, scans and tests within seven (7) business days of Contractor’s receipt of such results. 4.8. Based on the results and recommendations of the above audits, certifications, scans and tests, Contractor will, within thirty (30) calendar days of receipt of such results, promptly modify its security measures in order to meet its obligations under this Agreement and provide County with written evidence of remediation. 4.9. County may require, at its expense, that Contractor perform additional audits and tests, the results of which will be provided to County within seven (7) business days of Contractor’s receipt of such results. 5. RESPONSE TO LEGAL ORDERS, DEMANDS OR REQUESTS FOR DATA 5.1. Except as otherwise expressly prohibited by law, Contractor will: 5.1.1. If required by a court of competent jurisdiction or an administrative body to disclose County Data, Contractor will notify County in writing immediately upon receiving notice of such requirement and prior to any such disclosure; DocuSign Envelope ID: D1778235-A825-4267-961A-840C6BFE7517 Page 9 of 32 5.1.2. Consult with County regarding its response; 5.1.3. Cooperate with County’s reasonable requests in connection with efforts by County to intervene and quash or modify the legal order, demand or request; and 5.1.4. Upon County’s request, provide County with a copy of its response. 5.2. If County receives a subpoena, warrant, or other legal order, demand or request seeking data maintained by Contractor, County will promptly provide a copy to Contractor. Contractor will supply County with copies of data required for County to respond within forty-eight (48) hours after receipt of copy from County and will cooperate with County’s reasonable requests in connection with its response. 6. DATA INCIDENT RESPONSE 6.1. The Contractor shall maintain documented policies and procedures for Data Incident and breach reporting, notification, and mitigation. If the Contractor becomes aware of any Data Incident, it shall notify the County immediately and cooperate with the County regarding recovery, remediation, and the necessity to involve law enforcement, as determined by the County. The Contractor shall cooperate with the County to satisfy notification requirements as currently defined in either federal, state, or local law. Unless Contractor can establish that none of Contractor or any of its agents, employees, assigns or subcontractors are the cause or source of the Data Incident, Contractor shall be responsible for the cost of notifying each person who may have been impacted by the Data Incident. After a Data Incident, Contractor shall take steps to reduce the risk of incurring a similar type of Data Incident in the future as directed by the County, which may include, but is not limited to, developing and implementing a remediation plan that is approved by the County at no additional cost to the County. 6.2. Contractor shall report, either orally or in writing, to County any Data Incident involving County Data, or circumstances that could have resulted in unauthorized access to or disclosure or use of County Data, not authorized by this Agreement or in writing by County, including any reasonable belief that an unauthorized individual has accessed County Data. Contractor shall make the report to County immediately upon discovery of the unauthorized disclosure, but in no event more than forty-eight (48) hours after Contractor reasonably believes there has been such unauthorized use or disclosure. Oral reports by Contractor regarding Data Incidents will be reduced to writing and supplied to County as soon as reasonably practicable, but in no event more than forty-eight (48) hours after oral report. 6.3. Immediately upon becoming aware of any such Data Incident, Contractor shall fully investigate the circumstances, extent and causes of the Data Incident, and DocuSign Envelope ID: D1778235-A825-4267-961A-840C6BFE7517 Page 10 of 32 report the results to County and continue to keep County informed daily of the progress of its investigation until the issue has been effectively resolved. 6.4. Contractor’s report discussed herein shall identify: (i) the nature of the unauthorized use or disclosure, (ii) the data used or disclosed, (iii) who made the unauthorized use or received the unauthorized disclosure (if known), (iv) what Contractor has done or shall do to mitigate any deleterious effect of the unauthorized use or disclosure, and (v) what corrective action Contractor has taken or shall take to prevent future similar unauthorized use or disclosure. 6.5. Within five (5) calendar days of the date Contractor becomes aware of any such Data Incident, Contractor shall have completed implementation of corrective actions to remedy the Data Incident, restore County access to the Services as directed by County, and prevent further similar unauthorized use or disclosure. 6.6. Contractor, at its expense, shall cooperate fully with County’s investigation of and response to any such Data Incident. 6.7. Except as otherwise required by law, Contractor will not disclose or otherwise provide notice of the incident directly to any person, regulatory agencies, or other entities, without prior written permission from County. 6.8. Notwithstanding any other provision of this Agreement, and in addition to any other remedies available to County under law or equity, Contractor will promptly reimburse County in full for all costs incurred by County in any investigation, remediation or litigation resulting from any such Data Incident, including but not limited to providing notification to Third Parties whose data were compromised and to regulatory bodies, law-enforcement agencies or other entities as required by law or contract; establishing and monitoring call center(s), and credit monitoring and/or identity restoration services to assist each person impacted by a Data Incident in such a fashion that, in County’s sole discretion, could lead to identity theft; and the payment of legal fees and expenses, audit costs, fines and penalties, and other fees imposed by regulatory agencies, courts of law, or contracting partners as a result of the Data Incident.. 7. DATA RETENTION AND DISPOSAL 7.1. Contractor will retain Data in an End User’s account, including attachments, until the End User deletes them or for the time period mutually agreed to by the parties in this Agreement. 7.2. Using appropriate and reliable storage media, Contractor will regularly backup Data and retain such backup copies consistent with the County’s data retention policies. 7.3. At the County’s election, Contractor will either securely destroy or transmit to DocuSign Envelope ID: D1778235-A825-4267-961A-840C6BFE7517 Page 11 of 32 County repository any backup copies of County and/or End User Data. Contractor will supply County a certificate indicating the records disposed of, the date disposed of, and the method of disposition used. 7.4. Contractor will retain logs associated with End User activity consistent with the County’s data retention policies. 7.5. Contractor will immediately preserve the state of the data at the time of the request and place a “hold” on data destruction or disposal under its usual records retention policies of records that include data, in response to an oral or written request from County indicating that those records may be relevant to litigation that County reasonably anticipates. Oral requests by County for a hold on record destruction will be reduced to writing and supplied to Contractor for its records as soon as reasonably practicable under the circumstances. County will promptly coordinate with Contractor regarding the preservation and disposition of these records. Contractor shall continue to preserve the records until further notice by County. 8. DATA TRANSFER UPON TERMINATION OR EXPIRATION 8.1. Upon expiration or earlier termination of this Agreement or any Services provided in this Agreement, Contractor shall accomplish a complete transition of the Services from Contractor to the County or any replacement provider designated solely by the County without any interruption of or adverse impact on the Services or any other services provided by third parties in this Agreement. Contractor shall cooperate fully with the County or such replacement provider and promptly take all steps required to assist in effecting a complete transition of the Services designated by the County. All services related to such transition shall be performed at no additional cost beyond what would be paid for the Services in this Agreement. 8.2. In the event of termination of any Services or this Agreement in entirety, the Contractor shall not take any action to intentionally erase any County Data for a period of 60 days after the effective date of termination. After such period, the Contractor shall have no obligation to maintain or provide any County Data. After the 60 day period, unless otherwise agreed upon by Contractor and County in writing, Contractor will securely dispose all County Data in its systems or otherwise in its possession or under its control. 8.3. During any period of service suspension, the Contractor shall not take any action to intentionally erase any County Data. 9. ACCESS TO SECURITY LOGS AND REPORTS. 9.1. Upon request the Contractor shall provide the County within a timely manner, access to Security Logs and Reports, Data Center Audit or Vulnerability Scanning reports. DocuSign Envelope ID: D1778235-A825-4267-961A-840C6BFE7517 Page 12 of 32 10. SERVICE LEVELS. See Exhibit A, attached hereto and incorporated herein by this reference. 11. INTERRUPTIONS IN SERVICE; SUSPENSION AND TERMINATION OF SERVICE; CHANGES TO SERVICE. See Exhibit A, attached hereto and incorporated herein by this reference. 12. COMPLIANCE WITH APPLICABLE LAWS AND COUNTY POLICIES. Contractor will comply with all applicable laws, codes, rules and regulations in performing the Services under this Agreement. Any Contractor personnel visiting County’s facilities will comply with all applicable County policies regarding access to, use of, and conduct within such facilities. County will provide copies of such policies to Contractor upon request. 13. WARRANTIES, REPRESENTATIONS AND COVENANTS. Contractor represents and warrants that: 13.1. The Software will conform to applicable specifications, and operate and produce results substantially in accordance with the Documentation and the Exhibits attached hereto, and will be free from deficiencies and defects in materials, workmanship, design and/or performance during the Term of this Agreement; 13.2. The SOW and all Services will be performed by qualified personnel in a professional and workmanlike manner, consistent with industry standards; 13.3. Contractor has the requisite ownership, rights and licenses to perform its obligations under this Agreement fully as contemplated hereby and to grant to the County all rights with respect to the Software and Services free and clear from all liens, adverse claims, encumbrances and interests of any Third Party; 13.4. There are no pending or threatened lawsuits, claims, disputes or actions: (i) alleging that any software or service infringes, violates or misappropriates any Third Party rights; or (ii) adversely affecting any software, service or supplier's ability to perform its obligations hereunder; 13.5. The Software will not violate, infringe, or misappropriate any patent, copyright, trademark, trade secret, or other intellectual property or proprietary right of any Third Party; 13.6. The Software shall not contain malicious or disabling code that is intended to damage, destroy or destructively alter software, hardware, systems or data. Contractor shall be responsible for the completeness and accuracy of the Services, including all supporting data or other documents prepared or compiled in performance of the Services, and shall correct, at its sole expense, all significant errors and omissions therein. The fact that the County has accepted or approved DocuSign Envelope ID: D1778235-A825-4267-961A-840C6BFE7517 Page 13 of 32 the Services shall not relieve Consultant of any of its responsibilities. If Contractor is unable to correct any breach in the Services warranty by the date which is sixty (60) calendar days after County provides notice of such breach, County may, in its sole discretion, either extend the time for Contractor to cure the breach or terminate this Agreement and receive a full refund of all amounts paid to Contractor under this Agreement. 13.7. Disabling Code Warranty. Contractor represents, warrants and agrees that the Software does not contain and County will not receive from Contractor any virus, worm, trap door, back door, timer, clock, counter or other limiting routine, instruction or design, or other malicious, illicit or similar unrequested code, including surveillance software or routines which may, or is designed to, permit access by any person, or on its own, to erase, or otherwise harm or modify any County system or Data (a "Disabling Code"). In the event a Disabling Code is identified, Contractor shall take all steps necessary, at no additional cost to County, to: (a) restore and/or reconstruct any and all Data lost by County as a result of Disabling Code; (b) furnish to County a corrected version of the Software without the presence of Disabling Codes; and, (c) as needed, re- implement the Software at no additional cost to County. This warranty shall remain in full force and effect as long as this Agreement remains in effect. 13.8. Third Party Warranties and Indemnities. Contractor will assign to County all third party warranties and indemnities that Contractor receives in connection with any products provided to County. To the extent that Contractor is not permitted to assign any warranties or indemnities through to County, Contractor agrees to specifically identify and enforce those warranties and indemnities on behalf of County to the extent Contractor is permitted to do so under the terms of the applicable third party agreements. 13.9. THE WARRANTIES SET FORTH ABOVE ARE IN LIEU OF ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, WITH REGARD TO THE SERVICES PURSUANT TO THIS AGREEMENT, INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES OF MERCHANTABILITY. 14. CONFIDENTIALITY 14.1. Contractor shall keep confidential, and cause all Subcontractors to keep confidential, all County Data, unless the County Data are publicly available. Contractor shall not, without prior written approval of the County, use, publish, copy, disclose to any third party, or permit the use by any third party of any County Data, except as otherwise stated in this Agreement, permitted by law, or approved in writing by the County. Contractor shall provide for the security of all Confidential Information in accordance with all applicable laws, rules, policies, publications, and guidelines. If Contractor or any of its Subcontractors will or may receive the following types of data, Contractor or its Subcontractors shall provide for the security of such data according to the following: (i) the most DocuSign Envelope ID: D1778235-A825-4267-961A-840C6BFE7517 Page 14 of 32 recently promulgated IRS Publication 1075 for all Tax Information and in accordance with the Safeguarding Requirements for Federal Tax Information, attached to this Contract as an Exhibit if applicable; (ii) the most recently updated PCI Data Security Standard from the PCI Security Standards Council for all PCI; (iii) the most recently issued version of the U.S. Department of Justice, Federal Bureau of Investigation, Criminal Justice Information Services Security Policy for all CJI; and (iv) the federal Health Insurance Portability and Accountability Act for all PHI and in accordance with the HIPAA Business Associate Agreement attached to this Agreement as an Exhibit if applicable. 14.2. The Contractor agrees to exercise the same degree of care and protection with respect to the Confidential Information that it exercises with respect to its own similar Confidential Information and not to directly or indirectly provide, disclose, copy, distribute, republish or otherwise allow any Third Party to have access to any Confidential Information without prior written permission from the disclosing party. However: (a) either party may disclose Confidential Information to its employees and authorized agents who have a need to know; (b) either party may disclose Confidential Information if so required to perform any obligations under this Agreement; and (c) either party may disclose Confidential Information if so required by law (including court order or subpoena). Nothing in this Agreement shall in any way limit the ability of County to comply with any laws or legal process concerning disclosures by public entities. Contractor acknowledges that any responses, materials, correspondence, documents or other information provided to County are subject to applicable state and federal law, including CORA, and that the release of Confidential Information in compliance with those acts or any other law will not constitute a breach or threatened breach of this Agreement. 14.3. Contractor will inform its employees and officers of the obligations under this Agreement, and all requirements and obligations of the Receiving Party under this Agreement shall survive the expiration or earlier termination of this Agreement. Contractor shall not disclose County Data or Confidential Information to subcontractors unless such subcontractors are bound by non-disclosure and confidentiality provisions at least as strict as those contained in this Agreement. 15. COLORADO OPEN RECORDS ACT. The parties understand that all the material provided or produced under this Agreement, including items marked Proprietary or Confidential, may be subject to the Colorado Open Records Act., § 24-72-201, et seq., C.R.S. In the event of a request to the County for disclosure of such information, the County shall advise Contractor of such request in order to give Contractor the opportunity to object to the disclosure of any of its documents which it marked as proprietary or confidential material. In the event of the filing of a lawsuit to compel such disclosure, the County will tender all such material to the court for judicial determination of the issue of disclosure and Contractor agrees to intervene in such lawsuit to protect and assert its claims of privilege against disclosure of such material or waive the same. Contractor further agrees to defend, indemnify and save and hold harmless the County, DocuSign Envelope ID: D1778235-A825-4267-961A-840C6BFE7517 Page 15 of 32 its officers, agents and employees, from any claim, damages, expense, loss or costs arising out of Contractor’s intervention to protect and assert its claim of privilege against disclosure under this Article including but not limited to, prompt reimbursement to the County of all reasonable attorney fees, costs and damages that the County may incur directly or may be ordered to pay by such court. 16. SOFTWARE AS A SERVICE, SUPPORT AND SERVICES TO BE PERFORMED: 16.1. Contractor, under the general direction of, and in coordination with, the County’s IT Department or other designated supervisory personnel (the “Manager”) agrees to provide the software (the “Software”) listed on Exhibit A, attached hereto and incorporated herein by this reference, and to perform the technology related services described on Exhibit A (the “Scope of Work” or “SOW”). 16.2. As the Manager directs, the Contractor shall diligently undertake, perform, and complete the SOW and produce the Software and all the deliverables set forth on Exhibit A to the County’s satisfaction. 16.3. By signing below, Contractor represents that it has the expertise and personnel necessary to properly and timely perform the SOW and the Services required by this Agreement. 16.4. The Contractor shall faithfully perform the SOW in accordance with the standards of care, skill, training, diligence, and judgment provided by highly competent individuals performing services of a similar nature to those described in the Agreement and in accordance with the terms of the Agreement. 16.5. User ID Credentials. County user account credentials shall be restricted as per the following, ensuring appropriate identity, entitlement, and access management and in accordance with established policies and procedures: 16.5.1. Identity trust verification and service-to-service application (API) and information processing interoperability (e.g., SSO and Federation) 16.5.2. Account credential lifecycle management from instantiation through revocation 16.5.3. Account credential and/or identity store minimization or re-use when feasible 16.5.4. Adherence to industry acceptable and/or regulatory compliant authentication, authorization, and accounting (AAA) rules (e.g., strong/multi-factor, expire able, non-shared authentication secrets) 16.6. Vendor Supported Releases. The Contractor shall maintain the currency all third- DocuSign Envelope ID: D1778235-A825-4267-961A-840C6BFE7517 Page 16 of 32 party software used in the development and execution or use of the Software including, but not limited to: all code libraries, frameworks, components, and other products (e.g., Java JRE, code signing certificates, .NET, jQuery plugins, etc.), whether commercial, free, open-source, or closed-source; with third-party vendor approved and supported releases. 16.7. Azure AD. The County’s Identity and Access Provider system is an integrated infrastructure solution that enables many of the County’s services and online resources to operate more efficiently, effectively, economically and securely. All new and proposed applications must utilize federated single sign-on via Azure AD. Strong authentication is required for privileged accounts or accounts with access to sensitive information. This technical requirement applies to all solutions, regardless to where the application is hosted. 17. GRANT OF LICENSE; RESTRICTIONS: 17.1. Contractor hereby grants to County during the Term hereof and any Renewal Term a right and license to: (a) display, perform, and use the Software; and (b) use all intellectual property rights necessary to use the Software as authorized in subparagraph (a). 17.2. Title to and ownership of the Software will remain with Contractor. County will not reverse engineer or reverse compile any part of the Software. County will not remove, obscure or deface any proprietary notice or legend contained in the Software or Documentation without Contractor's prior written consent. 18. DELIVERY AND ACCEPTANCE: 18.1. During the implementation of the Software, the County may test and evaluate the Software to ensure that the Software conforms, in the County’s reasonable judgment, to the specifications outlined in the SOW or the Documentation. If at any time the Software does not conform to said specifications, the County will notify Contractor in writing within sixty (60) days. Contractor will, at its expense, repair or replace the nonconforming Software within fifteen (15) days after receipt of the County’s notice of deficiency. The foregoing procedure will be repeated until the County accepts or finally rejects the Software, in whole or part, in its sole discretion. In the event that the Software does not perform to the County’s satisfaction, the County reserves the right to repudiate acceptance and terminate this Agreement in its sole discretion. In the event that the County finally rejects the Software, or repudiates acceptance of it and terminates this Agreement, Contractor will refund to the County all fees paid, if any, by the County with respect to the Software. 18.2. If the County is not satisfied with the Contractor’s performance of the SOW the County will so notify Contractor within thirty (30) days after Contractor’s performance thereof. Contractor will, at its own expense, re-perform the DocuSign Envelope ID: D1778235-A825-4267-961A-840C6BFE7517 Page 17 of 32 applicable service set forth in the SOW within fifteen (15) days after receipt of County's notice of deficiency. The foregoing procedure will be repeated until County accepts or finally rejects the SOW service in its sole discretion. In the event that County finally rejects any technology related service set forth in the SOW, Contractor will refund to County all fees paid by County with respect to such technology related service. 19. TERM: This Agreement shall commence upon the date first written above, and subject to the provisions of paragraph 19 hereof, shall continue for a one-year period (the “Term”). Thereafter, this Agreement shall be automatically renewed for successive one- year periods (each a “Renewal Term”), unless either party notifies the other party of termination, in writing, at least sixty (60) days before the end of the initial Term or any Renewal Term. 20. COMPENSATION AND PAYMENT: 20.1. Compensation: The compensation to be paid to Contractor for the Software and the SOW described in Exhibit A is thirteen thousand and NO/100 dollars ($13,000.00) with a one-time data backup fee of three thousand five hundred and NO/100 dollars ($3,500.00), for a total amount not to exceed sixteen thousand five hundred and NO/100 dollars ($16,500.00) for the Term hereof. In the event of any Renewal Term, the parties agree that the compensation for the first Renewal Term shall not exceed eight thousand six hundred and NO/100 ($8,600.00), and that the compensation for the second Renewal Term shall not exceed nine thousand and NO/100 dollars ($9,000.00). Thereafter, compensation for a Renewal Term, if any, shall not exceed the sum that is equal to a three percent (3%) increase over the prior year’s not to exceed amount. County will not withhold any taxes from monies paid to the Consultant hereunder and Consultant agrees to be solely responsible for the accurate reporting and payment of any taxes related to payments made pursuant to the terms of this Agreement. 20.2. Reimbursement Expenses: Any out-of-pocket expenses to be incurred by Contractor and reimbursed by County shall be identified on Exhibit A. Out-of- pocket expenses will be reimbursed without any additional mark-up thereon and are included in the not to exceed amount set forth above. Out-of-pocket expenses shall not include any payment of salaries, bonuses or other compensation to personnel of Contractor. Contractor shall not be reimbursed for expenses that are not set forth on Exhibit A unless specifically approved in writing by County. 20.3. Invoicing: Contractor must submit an invoice which shall include clear identification of the deliverable that has been completed, and other information reasonably requested by the County. Payment will be made for the Software and the SOW satisfactorily performed within thirty (30) days of receipt of a proper and accurate invoice from Contractor. DocuSign Envelope ID: D1778235-A825-4267-961A-840C6BFE7517 Page 18 of 32 20.3.1. No additional services or work performed by Consultant shall be the basis for additional compensation unless and until Consultant has obtained written authorization and acknowledgement by County for such additional services in accordance with County’s internal policies. Accordingly, no course of conduct or dealings between the parties, nor verbal change orders, express or implied acceptance of alterations or additions to the Services, and no claim that County has been unjustly enriched by any additional services, whether or not there is in fact any such unjust enrichment, shall be the basis of any increase in the compensation payable hereunder. In the event that written authorization and acknowledgment by County for such additional services is not timely executed and issued in strict accordance with this Agreement, Consultant’s rights with respect to such additional services shall be deemed waived and such failure shall result in non-payment for such additional services or work performed. 20.3.2. Notwithstanding anything to the contrary contained in this Agreement, County shall have no obligations under this Agreement after, nor shall any payments be made to Consultant in respect of any period after December 31 of any year, without an appropriation therefor by County in accordance with a budget adopted by the Board of County Commissioners in compliance with Article 25, title 30 of the Colorado Revised Statutes, the Local Government Budget Law (C.R.S. 29-1-101 et. seq.) and the TABOR Amendment (Colorado Constitution, Article X, Sec. 20). 20.4. If, at any time during the term or after termination or expiration of this Agreement, County reasonably determines that any payment made by County to Consultant was improper because the Software or SOW for which payment was made were not performed as set forth in this Agreement, then upon written notice of such determination and request for reimbursement from County, Consultant shall forthwith return such payment(s) to County. Upon termination or expiration of this Agreement, unexpended funds advanced by County, if any, shall forthwith be returned to County. 21. STATUS OF CONTRACTOR: This Agreement constitutes an agreement for performance of the Services by Contractor as an independent contractor and not as an employee of County. Nothing contained in this Agreement shall be deemed to create a relationship of employer-employee, master-servant, partnership, joint venture or any other relationship between County and Contractor except that of independent contractor. Contractor shall have no authority to bind County. 22. TERMINATION: 22.1. County may terminate this Agreement, in whole or in part, at any time and for any reason, with or without cause, and without penalty therefor with thirty (30) calendar days’ prior written notice to the Contractor. DocuSign Envelope ID: D1778235-A825-4267-961A-840C6BFE7517 Page 19 of 32 22.2. Notwithstanding the preceding paragraph, the County may terminate the Agreement if the Contractor or any of its officers or employees are convicted, plead nolo contendere, enter into a formal agreement in which they admit guilt, enter a plea of guilty or otherwise admit culpability to criminal offenses of bribery, kick backs, collusive bidding, bid-rigging, antitrust, fraud, undue influence, theft, racketeering, extortion or any offense of a similar nature in connection with Contractor’s business. Termination for the reasons stated in this paragraph is effective upon receipt of notice. 22.3. Upon termination of the Agreement, with or without cause, the Contractor shall have no claim against the County by reason of, or arising out of, incidental or relating to termination, except for compensation for work duly requested and satisfactorily performed as described in the Agreement and shall refund to the County any prepaid cost or expenses. 23. WHEN RIGHTS AND REMEDIES NOT WAIVED: In no event shall any action by either Party hereunder constitute or be construed to be a waiver by the other Party of any breach of covenant or default which may then exist on the part of the Party alleged to be in breach, and the non-breaching Party’s action or inaction when any such breach or default shall exist shall not impair or prejudice any right or remedy available to that Party with respect to such breach or default; and no assent, expressed or implied, to any breach of any one or more covenants, provisions or conditions of the Agreement shall be deemed or taken to be a waiver of any other breach. 24. INSURANCE: 24.1. General Conditions: Contractor agrees to secure, at or before the time of execution of this Agreement, the following insurance covering all operations, Software or Services provided pursuant to this Agreement. Contractor shall keep the required insurance coverage in force at all times during the term of the Agreement, or any extension thereof, during any warranty period, and for three (3) years after termination of the Agreement. The required insurance shall be underwritten by an insurer licensed or authorized to do business in Colorado and rated by A.M. Best Company as “A-”VIII or better. Each policy shall contain a valid provision or endorsement requiring notification to the County in the event any of the required policies is canceled or non-renewed before the expiration date thereof. Such written notice shall be sent to the parties identified in the Notices section of this Agreement. Such notice shall reference the County contract number listed on the signature page of this Agreement. Said notice shall be sent thirty (30) days prior to such cancellation or non-renewal unless due to non- payment of premiums for which notice shall be sent ten (10) days prior. If such written notice is unavailable from the insurer, contractor shall provide written notice of cancellation, non-renewal and any reduction in coverage to the parties identified in the Notices section by certified mail, return receipt requested within three (3) business days of such notice by its insurer(s) and referencing the DocuSign Envelope ID: D1778235-A825-4267-961A-840C6BFE7517 Page 20 of 32 County’s contract number. If any policy is in excess of a deductible or self- insured retention, the County must be notified by the Contractor. Contractor shall be responsible for the payment of any deductible or self-insured retention. The insurance coverages specified in this Agreement are the minimum requirements, and these requirements do not lessen or limit the liability of the Contractor. The Contractor shall maintain, at its own expense, any additional kinds or amounts of insurance that it may deem necessary to cover its obligations and liabilities under this Agreement. 24.2. Proof of Insurance: Contractor shall provide a copy of this Agreement to its insurance agent or broker. Contractor may not commence Services or work relating to the Agreement prior to placement of coverages required under this Agreement. Contractor certifies that the certificate of insurance attached as Exhibit C, preferably an ACORD certificate, complies with all insurance requirements of this Agreement. The County’s acceptance of a certificate of insurance or other proof of insurance that does not comply with all insurance requirements set forth in this Agreement shall not act as a waiver of Contractor’s breach of this Agreement or of any of the County’s rights or remedies under this Agreement. 24.3. Additional Insureds: For Commercial General Liability, Auto Liability and Excess Liability/Umbrella (if required), Contractor and subcontractor’s insurer(s) shall include the County, its elected and appointed officials, employees and volunteers as additional insured. 24.4. Waiver of Subrogation: Consultant’s insurance coverage shall be primary and non-contributory with respect to all other available sources. Consultant’s policy shall contain a waiver of subrogation against Eagle County. 24.5. Subcontractors and Subconsultants: All subcontractors and subconsultants (including independent contractors, suppliers or other entities providing Software or Services required by this Agreement) shall be subject to all of the requirements herein and shall procure and maintain the same coverages required of the Contractor. Contractor shall include all such subcontractors as additional insured under its policies (with the exception of Workers’ Compensation) or shall ensure that all such subcontractors and subconsultants maintain the required coverages. Contractor agrees to provide proof of insurance for all such subcontractors and subconsultants upon request by the County. 24.6. Workers’ Compensation/Employer’s Liability Insurance: Contractor shall maintain the coverage as required by statute for each work location and shall maintain Employer’s Liability insurance with limits of $100,000 per occurrence for each bodily injury claim, $100,000 per occurrence for each bodily injury caused by disease claim, and $500,000 aggregate for all bodily injuries caused by disease claims. Contractor expressly represents to the County, as a material representation upon which the County is relying in entering into this Agreement, DocuSign Envelope ID: D1778235-A825-4267-961A-840C6BFE7517 Page 21 of 32 that none of the Contractor’s officers or employees who may be eligible under any statute or law to reject Workers’ Compensation Insurance shall affect such rejection during any part of the term of this Agreement, and that any such rejections previously affected, have been revoked as of the date Contractor executes this Agreement. 24.7. Commercial General Liability: Contractor shall maintain a Commercial General Liability insurance policy with limits of $1,000,000 for each occurrence, $1,000,000 for each personal and advertising injury claim, $2,000,000 products and completed operations aggregate, and $2,000,000 policy aggregate. 24.8. Business Automobile Liability: Contractor shall maintain Business Automobile Liability with limits of $1,000,000 combined single limit applicable to all owned, hired and non-owned vehicles used in performing Services under this Agreement. 24.9. Technology Errors & Omissions: Contractor shall maintain Technology Errors and Omissions insurance including cyber liability, network security, privacy liability and product failure coverage with limits of $1,000,000 per occurrence and $1,000,000 policy aggregate. 24.10. Additional Provisions: 24.10.1. For Commercial General Liability, the policy must provide the following: 24.10.1.1. That this Agreement is an Insured contract under the policy; 24.10.1.2. Defense costs are outside the limits of liability; 24.10.1.3. A severability of interests or separation of insureds provision (no insured vs. insured exclusion); and 24.10.1.4. A provision that coverage is primary and non-contributory with other coverage or self-insurance maintained by the County. 24.10.2. For claims-made coverage: 24.10.2.1. The retroactive date must be on or before the Agreement date or the first date when any goods or Services were provided to the County, whichever is earlier. 24.10.2.2. Contractor shall advise the County in the event any general aggregate or other aggregate limits are reduced below the required per occurrence limits. At their own expense, and where such general aggregate or other aggregate limits have been reduced below the required per occurrence limit, the Contractor will procure such per occurrence limits and furnish a new certificate of insurance showing such coverage is in force. DocuSign Envelope ID: D1778235-A825-4267-961A-840C6BFE7517 Page 22 of 32 24.10.3. Consultant is not entitled to workers’ compensation benefits except as provided by the Consultant, nor to unemployment insurance benefits unless unemployment compensation coverage is provided by Consultant or some other entity. The Consultant is obligated to pay all federal and state income tax on any moneys paid pursuant to this Agreement. 24.10.4. If Consultant fails to secure and maintain the insurance required by this Agreement and provide satisfactory evidence thereof to County, County shall be entitled to immediately terminate this Agreement. 24.10.5. The insurance provisions of this Agreement shall survive expiration or termination hereof. 25. DEFENSE AND INDEMNIFICATION: 25.1. Contractor hereby agrees to defend, indemnify, reimburse and hold harmless County, and any of its appointed and elected officials, agents and employees (“Indemnified Parties”) for, from and against all liabilities, claims, judgments, suits or demands for damages to persons or property arising out of, resulting from, or relating to the Services or work performed under this Agreement or are based on any performance or nonperformance by Contractor or any of its subcontractors hereunder (“Claims”). This indemnity shall be interpreted in the broadest possible manner to indemnify County for any acts or omissions of Contractor or its subcontractors either passive or active, irrespective of fault, including County’s concurrent negligence whether active or passive, except for the sole negligence or willful misconduct of County. This indemnification shall not apply to claims by third parties against the County to the extent that County is liable to such third party for such claims without regard to the involvement of the Consultant. 25.2. Contractor’s duty to defend and indemnify County shall arise at the time written notice of the Claim is first provided to County regardless of whether claimant has filed suit on the Claim. Contractor’s duty to defend and indemnify County shall arise even if County is the only party sued by claimant and/or claimant alleges that County’s negligence or willful misconduct was the sole cause of claimant’s damages. 25.3. Contractor will defend any and all Claims which may be brought or threatened against County and will pay on behalf of County any expenses incurred by reason of such Claims including, but not limited to, court costs and attorney fees incurred in defending and investigating such Claims or seeking to enforce this indemnity obligation. Such payments on behalf of County shall be in addition to any other legal remedies available to County and shall not be considered County’s exclusive remedy. DocuSign Envelope ID: D1778235-A825-4267-961A-840C6BFE7517 Page 23 of 32 25.4. Insurance coverage requirements specified in this Agreement shall in no way lessen or limit the liability of the Contractor under the terms of this indemnification obligation. The Contractor shall obtain, at its own expense, any additional insurance that it deems necessary for the County’s protection. 25.5. Contractor shall indemnify, save, and hold harmless the Indemnified Parties, against any and all costs, expenses, claims, damages, liabilities, and other amounts (including attorneys’ fees and costs) incurred by the Indemnified Parties in relation to any claim that any Deliverable, Service, software, or work product provided by Contractor under this Agreement (collectively, “IP Deliverables”), or the use thereof, infringes a patent, copyright, trademark, trade secret, or any other intellectual property right. 25.6. This defense and indemnification obligation shall survive the expiration or termination of this Agreement. 26. COLORADO GOVERNMENTAL IMMUNITY ACT: The parties hereto understand and agree that the County is relying upon, and has not waived, the monetary limitations and all other rights, immunities and protection provided by the Colorado Governmental Act, § 24-10-101, et seq., C.R.S. (2003). 27. TAXES, CHARGES AND PENALTIES: The County shall not be liable for the payment of taxes, late charges or penalties of any nature other than the compensation stated herein. 28. ASSIGNMENT; SUBCONTRACTING: The Contractor shall not voluntarily or involuntarily assign any of its rights or obligations, or subcontract performance obligations, under this Agreement without obtaining the County’s prior written consent. Any assignment or subcontracting without such consent will be ineffective and void and shall be cause for termination of this Agreement by the County. The County has sole and absolute discretion whether to consent to any assignment or subcontracting, or to terminate the Agreement because of unauthorized assignment or subcontracting. The parties agree that upon the creation of the Eagle Valley Transit Authority (“EVTA”), the County shall assign this Agreement to the EVTA, and the EVTA will thereafter assume and perform all obligations of the County as described herein. Following such assignment, the County shall not be responsible for any obligations under this Agreement, except for compensation for work duly requested and satisfactorily performed by Contractor as described in the Agreement and Contractor shall refund to the County any prepaid cost or expenses. In the event of any subcontracting or unauthorized assignment: (i) the Contractor shall remain responsible to the County; and (ii) no contractual relationship shall be created between the County and any sub- consultant, subcontractor or assign. 29. NO THIRD PARTY BENEFICIARY: Enforcement of the terms of the Agreement and all rights of action relating to enforcement are strictly reserved to the parties. Nothing contained in the Agreement gives or allows any claim or right of action to any third DocuSign Envelope ID: D1778235-A825-4267-961A-840C6BFE7517