The URL can be used to link to this page

Home My WebLink AboutContract 50054-A6CSC No. 50054-A6 AMENDMENT NO. 6 TO CITY OF FORT WORTH CONTRACT 50054 This Sixth Amendment is entered into by and between the City of Fort Worth (hereafter "Buyer"), a home rule municipality, with its principal place of business at 200 Texas Street, Fort Worth, Texas, and Motorola Solutions, Inc. ("Vendor"), Buyer and Vendor may be referred to individually as a Party and collectively as the Parties. WHEREAS, on December 18, 2017, the Parties entered into City Secretary Contract 50054 to provide Communication System and related services ("Agreement/Contract"); WHEREAS, the Parties wish to amend the Agreement to add the attached Cybersecurity services as set forth in Exhibit A-3 for an internal and external penetration testing to the City's Radio Communications System in the amount of $62,700.00. NOW, THEREFORE, the Parties, acting herein by and through their duly authorized representatives, enter into the following agreement: 1. AMENDMENTS The Agreement is hereby amended to add the attached Cybersecurity services as set forth in Exhibit A-3 for an internal and external penetration testing to the City's Radio Communications System in the amount of $62,700.00. The total contract amount for year 3 shall not exceed $1,769,988.00. 2. ALL OTHER TERMS SHALL REMAIN THE SAME All other provisions of the Agreement which are not expressly amended herein shall remain in full force and effect. 3. ELECTRONIC SIGNATURE This Amendment may be executed in multiple counterparts, each of which shall be an original and all of which shall constitute one and the same instrument. A facsimile copy or computer image, such as a PDF or tiff image, or a signature, shall be treated as and shall have the same effect as anoriginal. OFFICIAL RECORD CITY SECRETARY FT. WORTH, TX Sixth Amendment to Fort Worth City Secretary Contract No. 50054 Page 1 of 2 WkellD)91tl04I17:1QI„Tel30110113 CITY OF FORT WORTH: By: Valerie Washington (Sep 26, 2023 09:38 CDT) Name: Valerie Washington Title: Assistant City Manager Sep 26, 2023 Date: APPROVAL RECOMMENDED: By: Name: Kevin Gunn Title: Director, IT Solutions Department FOHT�nn Fie,,, 40aoo V �nnn,ez9�aa By: Name: Jannette Goodall Title: City Secretary VENDOR: Motorola Solutions, Inc. /j By: /U ��j L Name: Brad Rice Title: Area Sales Manager Date: September 20, 2023 CONTRACT COMPLIANCE MANAGER: By signing I acknowledge that I am the person responsible for the monitoring and administration of this contract, including ensuring all performance and reporting requirements. By: Lawrence Crockett (Sep 20, 202314:50 CDT) Name: Lawrence Crockett Title: Sr. IT Solutions Manager APPROVED AS TO FORM AND LEGALITY: By: Name: Taylor Paris Title: Assistant City Attorney CONTRACT AUTHORIZATION: M&C: 22-0496 Approved: 06/28/2022 1295: 2022-867694 ATTEST: IN Name: Title: Casey C. Moore Sr. Account Manager OFFICIAL RECORD CITY SECRETARY FT. WORTH, TX Sixth Amendment to Fort Worth City Secretary Contract No. 50054 Page 2 of 2 W -qwl Firm Fixed Price Proposal City of Fort Worth Cybersecurmity P Test 22-133944/ Cybersecurity Services August 14, 2023 The design, technical, and price information furnished with this proposal is proprietary information of Motorola Solutions, Inc. (Motorola). Such information is submitted with the restriction that it is to be used only for the evaluation of the proposal, and is not to be disclosed publicly or in any manner to anyone other than those required to evaluate the proposal, without the express written permission of Motorola Solutions, Inc. MOTOROLA, MOTO, MOTOROLA SOLUTIONS, and the Stylized M Logo are trademarks or registered trademarks of Motorola Trademark Holdings, LLC and are used under license. All other trademarks are the property of their respective owners. © 2022 Motorola Solutions, Inc. All rights reserved. PS-000133944 City of Fort Worth October 21, 2022 Cybersecurity Penetration Test 22-133944/ Cybersecurity Services Table of Contents Section 1 ExecutiveSummary.............................................................................................................. 1-1 Section 2 SolutionDescription............................................................................................................. 2-1 2.1 Site Information...................................................................................................................2-1 2.2 Service Description.............................................................................................................2-1 Section 3 Statementof Work................................................................................................................ 3-1 3.1 Penetration Testing Service...............................................................................................3-1 3.2 Coordination & Assumptions.............................................................................................3-4 3.3 Estimated Project Timeline................................................................................................3-5 3.4 Responsibilities...................................................................................................................3-6 3.5 Scope Limitations & Clarifications....................................................................................3-7 Section 4 ProposalPricing................................................................................................................... 4-1 4.1 Pricing Summary.................................................................................................................4-1 4.2 Payment Terms & Conditions............................................................................................4-1 4.3 Payment Schedule..............................................................................................................4-1 Section 5 Contractual Documentation................................................................................................. 5-1 Table of Contents Maror+a�a sot.ur+aws Use or disclosure of this proposal is subject to the restrictions on the cover page. Motorola Solutions Confidential Restricted Page aMOTOROLA SOLUTIONS Motorola Solutions, Inc. 500 W Monroe Street, Ste 4400 Chicago, IL 60661-3781 USA August 14, 2023 Lawrence Crockett Senior Manager, Radio Services 1515 111" Avenue Fort Worth, TX 76102 RE: Cybersecurity Penetration Test Dear Mr. Crockett, Motorola Solutions, Inc. (Motorola Solutions) appreciates the opportunity to provide the City of Fort Worth quality cybersecurity equipment and services. Motorola Solutions' project team has taken great care to propose a solution to address your needs and provide exceptional value. Motorola Solution's proposal is conditional upon the City of Fort Worth's acceptance of the terms and conditions included in this proposal (i.e., Motorola's Cyber Addendum, or a negotiated version thereof) as an addendum to the Houston -Galveston Area Council (H-GAC) Master Agreement, executed September 28. 2021. Pricing will remain valid for 90 days from the date of this proposal. Any questions City of Fort Worth has regarding this proposal can be directed to Andrew Gretencord, Cybersecurity Account Manager at cell 872-242-5370or by email at Andrew.gretencord@motorolasolutions.com. Our goal is to provide City of Fort Worth with the best products and services available in the cybersecurity industry. We thank you for the opportunity to present our proposed solution, and we hope to strengthen our relationship by implementing this project. Sincerely, Paul Hill Area Sales Manager, Cybersecurity — North America MOTOROLA SOLUTIONS, INC. City of Fort Worth Cybersecurity Penetration Test August 14, 2022 22-133944/ Cybersecurity Services Section 1 Executive Summary As cybersecurity attacks are increasing in number and sophistication, costing billions of dollars in a matter of minutes, Motorola Solutions has evolved into a holistic mission critical technology provider, placing Information Technology (IT), as well as cybersecurity, at the forefront of importance in order to protect our customers against threats to the confidentiality, integrity and availability of their operation. In 2020, Motorola Solutions acquired two cybersecurity companies: Delta Risk and Lunarline. These two leading cyber organizations provide services to over 1000 partners. Motorola has expanded our cybersecurity offering to include proven solutions that include Monitor, Audit, Response, Recovery and Training capabilities. These services together provide a comprehensive security approach for public safety and enterprise systems when it comes to today's cyber threats. Based on our experience with cybersecurity for public safety and enterprise, and now on behalf of numerous states and local, municipal, and federal partners, we have insight into countless cyber events, and qualified personnel to disseminate actionable information to counteract operational and cyber threats. Our clients depend on Motorola Solutions to assist in the dissemination of threat information to their respective sectors and more importantly, seek our guidance on how to effectively address these threats --from the ground up through technology, and from the top down through governance and training. Public safety is at the core foundation of our business. Our products and services are secured and designed with the specific cyber threats to public safety at the forefront of our decision making. It is with this in mind that we are delighted to offer this cybersecurity professional services proposal to City of Fort Worth. Cybersecurity Advisory Services Motorola's Solutions' Cybersecurity Advisory Services provides recommendations for our customers to leverage processes and systems to achieve a lower risk profile and increased cyber resilience. Our services deliver this through assessments utilizing the NIST Cybersecurity Framework, vulnerability scanning, and system configuration reviews. Cybersecurity Advisory Services recommendations are in alignment with the following control sets: NIST SP800-53r5 for security and privacy CIS CSC COBIT 5 I SA 62443 H I PAA ISO 27001 Public Safety Threat Alliance Cyber threats to public safety agencies are increasing in scope, scale, and complexity; however, most agencies lack the cybersecurity capabilities required to mitigate risk and ensure continuity of public safety operations. To address this critical need, Motorola Solutions has established a cyber threat information sharing and analysis organization (ISAO) for public safety called The Public Safety Threat Executive Summary 10 Morc-aLA Sol.0 Tom, - Use or disclosure of this proposal is subject to the restrictions on the cover page. Motorola Solutions Confidential Restricted Page 1-1 City of Fort Worth Cybersecurity Penetration Test August 14, 2022 22-133944/ Cybersecurity Services Alliance (PSTA). The PSTA is recognized by the U.S. Cybersecurity and Infrastructure Security Association (CISA), and highlights Motorola Solutions' commitment to public safety agencies and the communities they serve. The PSTA will leverage cybersecurity risk information from across Motorola Solutions' Cybersecurity Services. This, paired with information from members and trusted partners including CISA, other ISAOs, and nonprofits dedicated to sharing cyber threat intelligence, will help generate actionable intelligence to improve members' cybersecurity posture, defense, and resilience against evolving threats to their public safety missions. Membership in the PSTA is open to all public safety agencies. While initial efforts are focused on U.S. public safety, the Alliance will include global public safety agencies in the future. Learn more about the Public Safety Threat Alliance at: httios:Hmotorolasolutions.com/public-safetv- threat-alliance ABOUT MOTOROLA SOLUTIONS Founded in 1928, Motorola Solutions has a history of innovation that has revolutionized communications. From pioneering mobile communications in the 1930s and making equipment that carried the first words from the moon in 1969, to supporting modern-day emergency response equipment for disaster relief efforts around the world, Motorola Solutions has a global footprint. Motorola Solutions' Corporate Headquarters is located at 500 West Monroe Street, Chicago, Illinois, USA. Over the previous five years Motorola Solutions has continued to expand with key acquisitions such as Delta Risk and Lunarline for cybersecurity services, VESTA E9-1-1, Flex CAD/RMS, video (body, ALPR, fixed), and analytic solutions employing over 16,000 employees. Our suite of solutions provides an ecosystem of integrated applications providing value through automation of data sharing, reducing the workflow between disparate applications into a common platform, which saves time and ultimately lives. The expertise gained allows us to best address City of Fort Worth's needs in the evolving frontiers of cybersecurity. SECURING OUR CUSTOMERS IN THE MOMENTS THAT MATTER Motorola understands the importance which cybersecurity plays in the successful operation of our customers' mission. The intention is to provide the essential services required to protect the confidentiality, integrity, and availability of public safety communications from emerging cybersecurity threats. Motorola Solutions' cybersecurity services are built on cyber threat intelligence focused on public safety and the threats we know our customers face daily. We have over 10 years' experience in providing cybersecurity services to over 1000 public safety customers globally. Recent investments have Industries and Key Customers strengthened the team to over 0-IQ°`` .kl.g.9p..d rh tyheraecuriry • 115 Federal 200 cybersecurity personnel SCHAf Me IBG,ILLIN0IS UHS, OoP, ggJ • Fieeeciei.xee1Mcer¢,Uga RP i1 dedicated to protecting the 3,pgai W mission and objectives of our Achievements tengi¢d customers. T.PMMa.n. . Top 50 aged Secunry Service PmvMer by MSSPAIen • FedAAMPAc dired3PAe Executive Summary QMCWC—OA.A SOL U TrONS Use or disclosure of this proposal is subject to the restrictions on the cover page. Motorola Solutions Confidential Restricted Page 1-2 City of Fort Worth Cybersecurity Penetration Test August 14, 2022 22-133944/ Cybersecurity Services Section 2 Solution Description Motorola Solutions ("Motorola") is pleased to present the proposed cybersecurity services for City of Fort Worth (hereinafter referred to as "Customer"). Motorola's proposal is conditional upon the Customer's acceptance of the terms and conditions included in this proposal (i.e., Motorola's Cyber Addendum, or a negotiated version thereof) as an addendum to the Houston -Galveston Area Council (H-GAC) Master Agreement, executed September 28. 2021. The following cybersecurity services are included in our proposal: Penetration Testing Service - Internal Penetration Testing - External Penetration Testing 2.1 Site Information The following site information is included in the scope of our proposal: Table 2-1. Customer Site Information Organization Level I Internal Penetration Test External Penetration Test Backhaul environments are not included in the scope of our proposal. 2.2 Service Description 2.2.1 Penetration Testing Service Information security follows a continuous cycle of design, deploy, test, and improve. Policies and guidelines, implementation processes and procedures, and testing form the basis for this process. While policies and procedures may be formalized and well -understood, breakdowns in processes or simple human error can lead to unknown vulnerabilities that can only be discovered through testing processes. For information security, one of the best ways to accomplish these objectives is through a process referred to as penetration testing during which a security professional employs tools and techniques that both test configurations as well as simulate steps that could be taken by real -world attackers. Leveraging their technical knowledge of architecture, operating systems, and applications as well as Solution Description 10 Morc—aLa SOLUTIONS Use or disclosure of this proposal is subject to the restrictions on the cover page. Motorola Solutions Confidential Restricted Page z-1 City of Fort Worth Cybersecurity Penetration Test August 14, 2022 22-133944/ Cybersecurity Services publicly available or well-known information, these experts are often able to crack systems and networks —revealing important vulnerabilities within an infrastructure. Motorola's experienced security team will utilize techniques and tools commonly used by attackers to attempt to exploit the in -scope systems. This process goes beyond automated scanning and follows an approach as outlined in the Methodology section below. 2.2.1.1 Internal Penetration Testing While most initially think of defending their sensitive data and systems from external attack, successful attacks can come from within the network boundary as well. These attacks can take the form of viruses brought in on mobile devices or removable media, an internal employee committing fraud by exceeding their assigned privileges, or an attack from a malicious visitor, such as a hacker or a rogue consultant. With Internal Penetration Testing, Motorola will simulate an attack from within the Customer's network, testing safeguards using a set of common attack scenarios. The tests will follow a risk -based approach, with testers attempting to exploit systems they suspect contain high -value information. Testing will also include "Targets of Opportunity" found in the Customer's network. The following is a high level diagram that provides an overview representation of an Internal Penetration Test. � ZONE CORE - ° a i y L --__ Ci rOMERENTERPRMENETWORR .1--__ i - rr ZI - REPEATERSUE h- l�� -- mmcsnE —8 Figure 2-1. Internal Penetration Testing Overview 2.2.1.2 External Penetration Testing Motorola's External Penetration Testing simulates an external attempt to breach security using techniques and tools commonly used by attackers. This helps the Customer to determine which policies, processes, and technologies are effective under real conditions. For this testing, Motorola experts combine their technical knowledge of architecture, operating systems, and applications with publicly available information to find security vulnerabilities in externally accessible infrastructure. The tests will follow a risk -based approach, with testers attempting to exploit Solution Description ® -Oa C O -a Sol l"'ONS Use or disclosure of this proposal is subject to the restrictions on the cover page. Motorola Solutions Confidential Restricted Page z-2 City of Fort Worth August 14, 2022 Cybersecurity Penetration Test 22-133944/ Cybersecurity Services systems they suspect contain high -value information. Testing will also include "Targets of Opportunity" found in the Customer's network. The following is a high level diagram that provides an overview representation of an External Penetration Test. Solution Description An I ZDN€ CORE �- CUSTOMER ENTERPRME14ETWORK ___ _ 9 P I I T • , ,� -i AEfunikSrm bISPdTCHSITE -r�IMF SITE Figure 2-2. External Penetration Testing Overview aWOTVIMOLA SOLUTIONS Use or disclosure of this proposal is subject to the restrictions on the cover page. Motorola Solutions Confidential Restricted Page z-3 City of Fort Worth Cybersecurity Penetration Test August 14, 2022 22-133944/ Cybersecurity Services Section 3 Statement of Work In accordance with the terms and conditions of the Agreement, this Statement of Work (SOW), including all of its subsections and attachments, defines the principal activities and responsibilities of all parties for the delivery of Motorola Solutions ("Motorola") Cybersecurity services as presented in this proposal to City of Fort Worth (hereinafter referred to as "Customer"). 3.1 Penetration Testing Service Penetration Testing services are described in the subsections below. 3.1.1 Internal Penetration Testing 3.1.1.1 Methodology Penetration Testing follows a three -step methodology of: Reconnaissance Enumeration Fingerprinting, Exploit Selection (and where appropriate Exploitation / Compromise) Step One: Reconnaissance This phase uses public sources of information such as Google searching, public web sites, USENET and Blog communities, domain naming and registration information, and other information to determine as much information about potential targets as possible. This information is then integrated with any information provided by the Customer to build as complete a picture as possible about the target systems and network. Step Two: Enumeration During the enumeration phase, the tester actively tries to confirm or expand the information he has regarding the system. This can involve additional tools that actively attempt to map networks, systems, and configuration settings. Step Three: Fingerprinting, Exploit Selection (and Compromise) Once active and passive information gathering is complete, testers begin to narrow in on potential attack paths. During the fingerprinting phase, testers gather additional detailed information about a specific target. This can include an operating system or software versions, allowed encryption methods, and other specific information that leads to identifying a weakness or vulnerability and selecting the appropriate exploit technique to leverage that vulnerability. During testing, it may be sufficient to identify vulnerabilities and use a limited exploit to confirm their existence. However, whether for proof or confirmation, many times exploits will be leveraged to gain access and show system weaknesses. Motorola follows a "Do No Harm" approach to testing and will not conduct tests or exploits that would purposely take down a system or cause other operational harm to a system or data. Statement of Work ® Morcwoca s0LUTfGNS Use or disclosure of this proposal is subject to the restrictions on the cover page. Motorola Solutions Confidential Restricted Page 3-1 City of Fort Worth Cybersecurity Penetration Test August 14, 2022 22-133944/ Cybersecurity Services Internal penetration testing applies these techniques to systems, servers, and applications within the boundaries of an organization's internal network. This typically means within the public -private boundary created by an external -facing firewall. While most organizations initially think of defending their sensitive data and systems from external attack, 50% or more of successful attacks against an organization come from within the network boundary. These attacks can take the form of viruses brought in on mobile devices or removable media, an internal employee committing fraud by exceeding their assigned privileges, or a full attack from a malicious visitor (such as a hacker compromising an internal wireless network or a rogue consultant). These internal penetration tests typically target these types of systems and services: Switches Routers Directory Servers (Active Directory, LDAP, Novell) Core infrastructure services (DNS, DHCP, WINS) File and Print Sharing Services Database Servers Internal Client -Server Applications Internal Web Applications - typically at the operating system and web server levels. Dynamic web applications are tested by a scan and validate web application testing approach outside the scope of a standard external penetration test unless requested. 3.1.1.2 Scope of Activity Reconnaissance, Enumeration, Exploitation & Remediation Recommendations Internal testing of up to 1,000 active IPs. Customer will confirm IP addresses to be tested once reconnaissance phase is complete and may provide 3 to 5 high value targets which Motorola will attempt to acquire. Unless otherwise specified Motorola will follow a risk -based approach attempting to exploit systems that are suspected to contain high -value information as well as any "Targets of Opportunity" within the project timeline allotted. Service deliverables are described in Section 3.1.3. 3.1.2 External Penetration Testing 3.1.2.1 Methodology Penetration Testing follows a three -step methodology of: Reconnaissance Enumeration Fingerprinting, Exploit Selection (and where appropriate Exploitation / Compromise) Statement of Work 10 -Oa C O -a Sol ur'ONS Use or disclosure of this proposal is subject to the restrictions on the cover page. Motorola Solutions Confidential Restricted Page 3-2 City of Fort Worth Cybersecurity Penetration Test August 14, 2022 22-133944/ Cybersecurity Services Step One: Reconnaissance This phase uses public sources of information such as Google searching, public web sites, USENET and Blog communities, domain naming and registration information, and other information to determine as much information about potential targets as possible. This information is then integrated with any information provided by the Customer to build as complete a picture as possible about the target systems and network. Step Two: Enumeration During the enumeration phase, the tester actively tries to confirm or expand the information he has regarding the system. This can involve additional tools that actively attempt to map networks, systems, and configuration settings. Step Three: Fingerprinting, Exploit Selection (and Compromise) Once active and passive information gathering is complete. Testers begin to narrow in on potential attack paths. During the fingerprinting phase, testers gather additional detailed information about a specific target. This can include an operating system or software versions, allowed encryption methods, and other specific information that leads to identifying a weakness or vulnerability and selecting the appropriate exploit technique to leverage that vulnerability. During testing, it may be sufficient to identify vulnerabilities and use a limited exploit to confirm their existence. However, whether for proof or confirmation, many times exploits will be leveraged to gain access and show system weaknesses. Motorola follows a "Do No Harm" approach to testing and will not conduct tests or exploits that would purposely take down a system or cause other operational harm to a system or data. External penetration testing applies these techniques to Internet -facing systems where "external" refers to tests performed from outside the organization's infrastructure. These tests target the following types of systems and services: Firewalls External Routers Web Servers -typically at the operating system and web server levels. Dynamic web applications are penetration tested by a comprehensive web application penetration testing approach outside the scope of a standard external penetration test unless requested. Domain Naming Service Servers (DNS) Remote Access (VPN's, SSL VPN's, etc.) Secure encrypted connections (site -to -site or B2B VPN's) Email Systems File Transfer Servers 3.1.2.2 Scope of Activity Reconnaissance, Enumeration, Exploitation & Remediation Recommendations Up to 50 live IP addresses tested Service Deliverables are described in Section 3.1.3. Statement of Work Maro++a�a snt.ur+ows Use or disclosure of this proposal is subject to the restrictions on the cover page. Motorola Solutions Confidential Restricted Page 3-3 City of Fort Worth August 14, 2022 Cybersecurity Penetration Test 22-133944/ Cybersecurity Services 3.1.3 Service Deliverables The following service deliverables will be provided by Motorola: Table 3-1. Service Deliverables Electronic Reports After the assessment is complete, Motorola will provide Customer with a formal report that contains: Executive Summary: This is a concise summary of the findings and associated recommendations targeted to a non -technical, executive audience. Operational Findings Matrix and Action Plan: A findings matrix summarizing items that Motorola determines to pose a risk to the Customer along with risk ratings and remediation recommendations. Technical overview of critical and high level findings from the assessment. Draft Review Conference A formal conference call debriefing based on the draft report before marking the report Call or Presentation as final. Customer participants will be able to have interim question -and -answer conversations with the testers regarding their findings as well. 3.2 Coordination & Assumptions Coordination & Engagement Planning Call Motorola recognizes the value and necessity of effective communication and ongoing collaboration with our customers throughout the life of an engagement. To ensure engagements get started off on the right track, we have found it very useful to begin with a structured engagement planning meeting (typically via conference call). During the planning call, Motorola will facilitate a discussion of the following topics along with other engagement -specific items: Introduce key engagement participants at the Customer and at Motorola. Exchange contact information (for regular reporting and emergencies). Review scope of services and expected timelines for the delivery of services. Review communication, notification, and issue -escalation expectations and procedures. Determine the frequency of method of project status meetings (i.e., in -person, conference call, online meeting, etc.). Discuss other Customer requests and rules of engagement. Discuss the involvement of the Customer's staff in the project for knowledge transfer and security. Review the deliverables required at completion of the project, the designated recipient, and the manner in which Motorola will forward those deliverables. Statement of Work Maror+a�a sot.ur+aws Use or disclosure of this proposal is subject to the restrictions on the cover page. Motorola Solutions Confidential Restricted Page 3-4 City of Fort Worth Cybersecurity Penetration Test August 14, 2022 22-133944/ Cybersecurity Services Roles, Responsibilities, & Assumptions Motorola used the following assumptions during development of this SOW. Any changes to these assumptions may affect the price and schedule commitments. Customer will assign a knowledgeable single point of contact for all issues that require escalation/resolution. Customer will provide Motorola access to the Customer's business, customer, and technical information and facilities necessary to execute this engagement. Customer will ensure that appropriate personnel are available to meet with Motorola, as necessary, and provide timely response to all requests for information, revisions, and resources. The Motorola professional working day is eight and a half hours, including reasonable time for meals. Motorola understands that occasions arise during engagements that require a longer or shorter working day. Motorola will perform the work between 8:30am and 5:00pm (Customer's local time). After-hours and weekend must be explicitly identified in the Statement of Work or be otherwise specifically agreed to in writing by the parties. Motorola will request approval from Customer for any dates and times in which work will be performed. While Motorola will always attempt to be flexible to meet Customer needs, we will not extend engagements to our detriment when such delays result from the Customer's inability to reasonably meet stated prerequisites agreed to prior to an engagement, nor when delays result from Customer personnel not being reasonably available to provide required support. 3.3 Estimated Project Timeline Penetration Testing Service Internal Penetration Testing External Penetration Testing Begin based on Customer authorization Phase 1 — Information Exchange Week One Motorola and Customer will set specific assessment & deliverable dates, review information on infrastructure required for assessment, and exchange contact information. Phase 2 — Active Assessment Active assessment will take place based on agreed to schedule. Phase 3 — Report Writing & QA Draft reports written and QA of reports performed prior to delivery to Customer. Phase 4 — Draft Reports Delivered Draft report delivered to Customer. Reviewed by Customer prior to Draft Report review call. Phase 5 — Draft Report Review & Final Report Delivered Motorola and Customer discuss findings, recommendations, and review reports. Motorola will make any required adjustments to the draft report and return to Customer as a final report. Statement of Work Weeks Two, Three Weeks Four, Five Week Six. Seven Week Eight Maror+a�a sot.ur+aws Use or disclosure of this proposal is subject to the restrictions on the cover page. Motorola Solutions Confidential Restricted Page 3-5 City of Fort Worth August 14, 2022 Cybersecurity Penetration Test 22-133944/ Cybersecurity Services 3.4 Responsibilities Motorola Responsibilities Project Lead. Motorola will assign a project lead to oversee the engagement, interface with Customer's project management team and provide project status as needed during the assessment. Experienced and Senior Security Professional. Motorola will provide one Cybersecurity subject matter expert who will: - Conduct a kick-off meeting with Customer to identify the scope of the assessment. - Conduct the on -site elements of the in -scope activities with the assistance of Customer's technical point of contact. - Conduct an off -site analysis of the data collected and generate the final report. Motorola will provide one (1) hard copy and one (1) PDF electronic copy of the report to the customer. - Create a final summary presentation of the results and conduct a review of the assessment results with Customer. Motorola will provide one (1) hard copy and one (1) PDF electronic copy of the presentation to Customer. Recommended Assessment Sites/Locations. All site locations must be within a 150-mile radius or additional charges will be assessed. Motorola resources will perform a physical inspection and technical evaluation of up to five (5) locations. - Motorola may perform inspections and technical evaluations of additional sites if they can be completed within the time allotted for the in -scope site visit. Deliverables. Motorola will provide the following deliverables as an output of the in -scope activity: - Cybersecurity assessment report and accompanying presentation - The report and accompanying presentation outlines the findings of the cybersecurity assessment and provides an overview of the cybersecurity risk posture Customer Responsibilities Confirmation of Scope. Customer will receive and must acknowledge in writing the Cybersecurity Professional Service Statement of Work provided by Motorola prior to initiating the service. Kickoff Support. Customer will participate in the kickoff meeting, which identifies the scope of the assessment. Contacts. Customer will appoint at least one (1) primary contact (Customer project manager) and one (1) technical point of contact that are trained and knowledgeable of the project objectives to assist Motorola's project lead and Motorola's security specialist and answer any technical or business process questions. Customer's partners, consultants or any third parties involved in the project shall likewise provide access to their resources, and shall not restrict access by Motorola to Customer resources. Reasonable Access to Resources. Customer will provide reasonable access to necessary resources as requested by the project manager, including access to the applicable facilities, network equipment and systems. Where access directly by the Motorola engineer is not permissible, customer must provide the necessary technical expertise to acquire the necessary data or information for Motorola. Reasonable Access to Information. Customer will provide Motorola with reasonable access to any information necessary to facilitate the project. Such requests may include site plans, facility layout, network topography or other documentation. Where access directly by the Motorola engineer is not Statement of Work ® wrvrvr+v�a soi.ur+a+vs Use or disclosure of this proposal is subject to the restrictions on the cover page. Motorola Solutions Confidential Restricted Page 3-6 City of Fort Worth Cybersecurity Penetration Test August 14, 2022 22-133944/ Cybersecurity Services permissible, customer must provide the necessary technical expertise to acquire the necessary data or information for Motorola. Site Conditions. Customer will ensure that all work sites it provides will be safe, secure, and in compliance with all applicable industry and OSHA standards. Customer Review. Customer will review project documentation as it is received to provide feedback for appropriate and timely discussions and/or changes. On -Site Services. Customer and Motorola will agree on the dates and times associated with Motorola's on -site activities. Customer will provide the necessary access and resources, as described above, throughout those periods. Access to Workspace, Telephone and Internet. Customer will provide access to workspace, telephone and Internet connectivity to Motorola during the project. This access will be used solely for purposes of project execution. Physical Access on -Site. Customer will provide any escort, badges, security personnel, labor resources or other necessary assistance to enable Motorola's access to required work areas on site. Customer is responsible for all costs associated with availability and use of these resources. Third -Party Equipment, Software and Services. Unless specifically provided by Motorola's service delivery team described herein, Customer is responsible for all third -party services, equipment and software associated with this service. Project Changes. Customer will communicate schedule changes for tasks or phase events to the Motorola project manager. Customer understands such changes may lead to additional costs for which Customer will be responsible. 3.5 Scope Limitations & Clarifications Service Limitations Cybersecurity services are inherently limited and will not guarantee that the Customer's system will be error - free or immune to security breaches as a result of any or all of the services described in this proposal. Motorola does not warrant or guarantee that this service will identify all cybersecurity incidents that occur in the Customer's system. Services and deliverables are limited by, among other things, the evolving and often malicious nature of cyber threats, conduct/attacks, as well as the complexity/disparity and evolving nature of Customer computer system environments, including supply chains, integrated software, services, and devices. Processing of Customer Data in the United States and/or other Locations Customer understands and agrees that data obtained, accessed or utilized in the performance of the services may be transmitted to, accessed, monitored, and/or otherwise processed by Motorola in the United States (US) and/or other Motorola operations globally. Customer consents to and authorizes all such processing and agrees to provide, obtain, or post any necessary approvals, consents, or notices that may be necessary to comply with applicable law. Customer and Third Party Information The Customer understands and agrees that Motorola may obtain, use and/or create and use anonymized, aggregated and/or generalized Customer data, such as data relating to actual and potential security threats and vulnerabilities, for its lawful business purposes, including improving its services and sharing and leveraging such information for the benefit of Customer, other customers, and other interested parties. For Statement of Work lNvrvr+vr-a sot.unarvs Use or disclosure of this proposal is subject to the restrictions on the cover page. Motorola Solutions Confidential Restricted Page 3-7 City of Fort Worth Cybersecurity Penetration Test August 14, 2022 22-133944/ Cybersecurity Services purposes of this engagement, so long not specifically identifying the Customer, Customer Data shall not include, and Motorola shall be free to use, share and leverage security threat intelligence and mitigation data generally, including without limitation, third party threat vectors and IP addresses, file hash information, domain names, malware signatures and information, information obtained from third party sources, indicators of compromise, and tactics, techniques, and procedures used learned or developed in the course of providing services. Statement of Work Mororraca snt.ur+ows Use or disclosure of this proposal is subject to the restrictions on the cover page. Motorola Solutions Confidential Restricted Page 3-8 City of Fort Worth Cybersecurity Penetration Test August 14, 2022 22-133944/ Cybersecurity Services Section 4 Proposal Pricing 4.1 Pricing Summary Motorola pricing is based on the services presented. The addition or deletion of any component(s) may subject the total solution price to modifications. Internal Penetration Test (APC 847) External Penetration Test (APC 847) NOTE: Travel and expenses are included. 4.2 Payment Terms & Conditions $34,650.00 $34,650.00 H-GAC Discount ($6,600.00) Customer will make payments to Motorola within thirty (30) days after receipt of each invoice. Customer will make payments when due in the form of a check, cashier's check, or wire transfer drawn on a United States financial institution. Unless otherwise noted, this proposal excludes sales tax or other applicable taxes (such as Goods and Services Tax, sales tax, Value Added Tax and other taxes of a similar nature). Any tax the customer is subject to will be added to invoices. 4.3 Payment Schedule The fixed price service fee to provide the deliverables listed below will be due and payable on the following schedule: Proposal Pricing aMO�C-aLA SOLUTIONS Use or disclosure of this proposal is subject to the restrictions on the cover page. Motorola Solutions Confidential Restricted Page 4-1 City of Fort Worth Cybersecurity Penetration Test August 14, 2022 22-133944/ Cybersecurity Services Section 5 Contractual Documentation Cyber Addendum Motorola Solutions Inc. ("Motorola") and the customer named in this Agreement ("Customer") hereby agree as follows: Section 1. APPLICABILITY 1.1 This Addendum sets out additional and superseding terms applicable to Customer's purchase of cyber security services, including (i) Remote Security Update Service, Security Update Service, and Managed Detection & Response subscription services, among other subscription services,(ii) professional services, and/or (iii) retainer services (i.e., professional services when expressly purchased as a block of pre -paid hours for use, subject to expiration, within a specified period across certain offered service categories ("Retainer Services") (all collectively herein, "Services"). Section 2. ADDITIONAL DEFINITIONS AND INTERPRETATION 2.1. "Customer Contact Data" means data Motorola collects from Customer, its Authorized Users, and their end users for business contact purposes, including marketing, advertising, licensing and sales purposes. 2.2 "Customer Data" means Customer data, information, and content, provided by, through, or on behalf of Customer, its Authorized Users, and their end users through the use of the Services. Customer Data does not include Customer Contact Data, Service Use Data, or information from publicly available sources or other Third - Party Data or Motorola Data or anonymized or generalized data. For avoidance of doubt, so long as not specifically identifying the Customer, Customer Data shall not include, and Motorola shall be free to use, share and leverage security threat intelligence and mitigation data generally, including without limitation, third -party threat vectors and IP addresses, file hash information, domain names, malware signatures and information, information obtained from third -party sources, indicators of compromise, and tactics, techniques, and procedures used, learned or developed in the course of providing Services. 2.3 "Feedback" means comments or information, in oral or written form, given to Motorola by Customer or Authorized Users, including their end users, in connection with or relating to the Services. Any Feedback provided by Customer is entirely voluntary. Motorola may use, reproduce, license, and otherwise distribute and exploit the Feedback without any obligation or payment to Customer or Authorized Users. Customer represents and warrants that it has obtained all necessary rights and consents to grant Motorola the foregoing rights. 2.4 "Motorola Data" means data owned or licensed by Motorola. 2.5 "Process" or "Processing" means any operation or set of operations which is performed on personal information or on sets of personal information, whether or not by automated means, such as collection, recording, copying, analyzing, caching, organization, structuring, storage, adaptation, or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. 2.6 "Service Use Data" means data generated by Customer's use of the Services or by Motorola's support of the Services, including personal information, threat data, security threat intelligence and mitigation data, Contractual Documentation Maror+a�a sot.ur+aws Use or disclosure of this proposal is subject to the restrictions on the cover page. Motorola Solutions Confidential Restricted Page 5-1 City of Fort Worth Cybersecurity Penetration Test August 14, 2022 22-133944/ Cybersecurity Services vulnerability data, threat scenarios, malicious and third -party IP information, malware, location, monitoring and recording activity, product performance and error information, threat signatures, activity logs and date and time of use. 2.7 "Statement(s) of Work" or "SOW(s)" as used in this Addendum means a statement of work, ordering document, accepted proposal, or other agreed upon engagement document issued under or subject to this Addendum. Mutually agreed upon SOWs may be attached hereto as Exhibit(s) A-1, A-2, A-3, etc., and/or are respectively incorporated by reference, each of which will be governed by the terms and conditions of this Addendum. Statements of Work may set out certain "Deliverables," which include all written information (such as reports, specifications, designs, plans, drawings, or other technical or business information) that Motorola prepares for Customer in the performance of the Services and is obligated to provide to Customer under a SOW and this Addendum. The Deliverables, if any, are more fully described in the Statements of Work. 2.8 "Third -Party Data" means information obtained by Motorola from publicly available sources or its third - party content providers and made available to Customer through the products or Services. Section 3. LICENSE, DATA AND SERVICE CONDITIONS 3.1 Delivery of Cyber Services 3.1.1 All Professional Services will be performed in accordance with the performance schedule included in a Statement of Work ("SOW"). Delivery of hours purchased as Retainer Services is at the onset of the applicable retainer period. Hours purchased as Retainer Services expire and are forfeited if not used within the Retainer period, subject to terms of use, expiration and extension, if any, as set out in the applicable SOW or ordering document. Professional Services described in a SOW will be deemed complete upon Motorola's performance of such Services or, if applicable, upon exhaustion or expiration of the Retainer Services hours, whichever occurs first. 3.1.2 Subscription Services. Delivery of subscription services will occur upon Customer's receipt of credentials required for access to the Services or upon Motorola otherwise providing access to the Services platform. 3.1.3 To the extent Customer purchases equipment from Motorola ("Supplied Equipment"), title and risk of loss to the Supplied Equipment will pass to Customer upon installation (if applicable) or shipment by Motorola. Customer will take all necessary actions, reimburse freight or delivery charges, provide or obtain access and other rights needed and take other requested actions necessary for Motorola to efficiently perform its contractual duties. To the extent Supplied Equipment is purchased on an installment basis, any early termination of the installment period will cause the outstanding balance to become immediately due. 3.2 Motorola may use or provide Customer with access to software, tools, enhancements, updates, data, derivative works, and other materials which Motorola has developed or licensed from third parties (collectively, "Motorola Materials"). The Services, Motorola Data, Third -Party Data, and related documentation, are considered Motorola Materials. Notwithstanding the use of such materials in Services or deliverables, the Motorola Materials are the property of Motorola or its licensors, and Motorola or its licensors retain all right, title and interest in and to the Motorola Materials. Motorola grants Customer and Authorized Users a limited, non -transferable, non-sublicensable, and non-exclusive license to use the Services and associated deliverables solely for Customer's internal business purposes. 3.3 To the extent Customer is permitted to access, use, or integrate Customer or third -party software, services, content, or data that is not provided by Motorola (collectively, "Non -Motorola Content") with or through the Services, or will use equipment or software not provided by Motorola, which may be required for use of the Services ("Customer -Provided Eauioment"), Customer will obtain and continuously maintain all Contractual Documentation Maror+a�a sot.ur+aws Use or disclosure of this proposal is subject to the restrictions on the cover page. Motorola Solutions Confidential Restricted Page 5-2 City of Fort Worth Cybersecurity Penetration Test August 14, 2022 22-133944/ Cybersecurity Services rights and licenses necessary for Motorola to efficiently perform all contemplated Services under this Addendum and will assume responsibility for operation and integration of such content and equipment. 3.4 Ownership of Customer Data. Customer retains all right, title and interest, including intellectual property rights, if any, in and to Customer Data. Motorola acquires no rights to Customer Data except those rights granted under this Addendum including the right to Process and use the Customer Data as set forth in Section 3.5 — Processing Customer Data, below. The Parties agree that with regard to the Processing of personal information which may be part of Customer Data, Customer is the controller and Motorola is the processor, and Motorola may engage sub -processors pursuant to Section 3.5.3 — Sub -processors and Third -Party Providers. 3.5 Processing Customer Data. 3.5.1. Motorola Use of Customer Data. To the extent permitted by law, Customer grants Motorola and its subcontractors a right to use Customer Data and a royalty -free, worldwide, non-exclusive license to use Customer Data (including to process, host, cache, store, reproduce, copy, modify, combine, analyze, create derivative works from such Customer Data and to communicate, transmit, and distribute such Customer Data to third parties engaged by Motorola) to (a) perform Services and provide products under the Addendum, (b) analyze the Customer Data to operate, maintain, manage, and improve Motorola products and services, and (c) create new products and services. Customer agrees that this Addendum, along with any related documentation, are Customer's complete and final documented instructions to Motorola for the processing of Customer Data. Any additional or alternate instructions must be agreed to according to the change order process. Customer represents and warrants to Motorola that Customer's instructions, including appointment of Motorola as a processor or sub -processor, have been authorized by the relevant controller. 3.5.2 Collection, Creation, Use of Customer Data. Customer further represents and warrants that the Customer Data, Customer's collection, creation, and use of the Customer Data (including in connection with Motorola's Services), and Motorola's use of such Customer Data in accordance with the Addendum, will comply with all laws and will not violate any applicable privacy notices or infringe any third -party rights (including intellectual property and privacy rights). It is Customer's responsibility to obtain all required consents, provide all necessary notices, and meet any other applicable legal requirements with respect to collection and use (including Motorola's and third -party provider use) of the Customer Data as described in the Addendum or any applicable third -party agreements or EULAs. 3.5.3 Sub -processors and Third -Party Providers. Motorola may use, engage, resell, or otherwise interface with third -party software, hardware or services providers (such as, for example, third -party end point detection and response providers) and other sub -processors, who in turn may engage additional sub -processors to process personal data and other Customer Data. Customer agrees that such third -party software or services providers, sub -processors or their respective sub -processors may process and use personal and other Customer Data in accordance with and subject to their own respective licenses or terms and in accordance with applicable law. Customer authorizes and will provide and obtain all required notices and consents, if any, and comply with other applicable legal requirements, if any, with respect to such collection and use of personal data and other Customer Data by Motorola, and its subcontractors, sub -processors and/or third -party software, hardware or services providers. Notwithstanding any provision to the contrary, to the extent the use or performance of certain Services is governed by any separate license, data requirement, EULA, privacy statement, or other applicable agreement, including terms governing third -party software, hardware or services, including open source software, Customer will comply, and ensure its Authorized Users comply, with any such agreements or terms, which shall govern any such Services. 3.5.4 Notwithstanding any provision to the contrary in this Addendum or any related agreement, and in addition to other uses and rights set out herein, Customer understands and agrees that Motorola may obtain, use and/or create and use, anonymized, aggregated and/or generalized Customer Data, such as data relating to actual and potential security threats and vulnerabilities, for its lawful business purposes, including improving its Contractual Documentation Maror+a�a sot.ur+aws Use or disclosure of this proposal is subject to the restrictions on the cover page. Motorola Solutions Confidential Restricted Page 5-3 City of Fort Worth Cybersecurity Penetration Test August 14, 2022 22-133944/ Cybersecurity Services services and sharing and leveraging such information for the benefit of Customer, other customers, and other interested parties. 3.6 Service Use Data. Customer understands and agrees that Motorola may collect and use Service Use Data for its own purposes, including the uses described below. Motorola may use Service Use Data to (a) operate, maintain, manage, improve existing and create new products and services, (b) test products and services, (c) to aggregate Service Use Data and combine it with that of other users, and (d) to use anonymized or aggregated data for marketing, research or other business purposes. Service Use Data may be disclosed to third parties. It is Customer's responsibility to notify Authorized Users of Motorola's collection and use of Service Use Data and to obtain any required consents, provide all necessary notices, and meet any other applicable legal requirements with respect to such collection and use, and Customer represents and warrants to Motorola that it has complied and will continue to comply with this Section. 3.7. Data Retention and Deletion. Except as expressly provided otherwise, Motorola will delete all Customer Data following termination or expiration of this Addendum, with such deletion to occur no later than ninety (90) days following the applicable date of termination or expiration, unless otherwise required to comply with applicable law. Any requests for the exportation or download of Customer Data must be made by Customer to Motorola in writing before expiration or termination of this Addendum. Motorola will have no obligation to retain such Customer Data beyond expiration or termination unless the Customer has purchased extended storage from Motorola through a mutually executed agreement. 3.8. Third -Party Data and Motorola Data. Motorola Data and Third -Party Data may be available to Customer through the Services. Customer will not, and will ensure its Authorized Users will not: (a) use the Motorola Data or Third -Party Data for any purpose other than Customer's internal business purposes; (b) disclose the data to third parties; (c) "white label" such data or otherwise misrepresent its source or ownership, or resell, distribute, sublicense, or commercially exploit the data in any manner; (d) use such data in violation of applicable laws; (e) remove, obscure, alter, or falsify any marks or proprietary rights notices indicating the source, origin, or ownership of the data; or (f) modify such data or combine it with Customer Data or other data or use the data to build databases. Any rights granted to Customer or Authorized Users with respect to Motorola Data or Third - Party Data will immediately terminate upon termination or expiration of this Addendum. Further, Motorola or the applicable Third -Party Data provider may suspend, change, or terminate Customer's or any Authorized User's access to Motorola Data or Third -Party Data if Motorola or such Third -Party Data provider believes Customer's or the Authorized User's use of the data violates the Addendum, applicable law or Motorola's agreement with the applicable Third -Party Data provider. Upon termination of Customer's rights to use any Motorola Data or Third -Party Data, Customer and all Authorized Users will immediately discontinue use of such data, delete all copies of such data, and certify such deletion to Motorola. Notwithstanding any provision of this Addendum and the Primary Agreement to the contrary, Motorola will have no liability for Third -Party Data or Motorola Data available through the Services. Motorola and its Third -Party Data providers reserve all rights in and to Motorola Data and Third -Party Data. 3.9 Customer will ensure its employees and Authorized Users comply with the terms of this Addendum and will be liable for all acts and omissions of its employees and Authorized Users. Customer is responsible for the secure management of Authorized Users' names, passwords and login credentials for access to products and Services. "Authorized Users" are Customer's employees, full-time contractors engaged for the purpose of supporting the products and Services that are not competitors of Motorola or its affiliates, and the entities (if any) specified in a SOW or otherwise approved by Motorola in writing (email from an authorized Motorola signatory accepted), which may include affiliates or other Customer agencies. 3.10 Motorola as a Controller or Joint Controller. In all instances where Motorola acts as a controller of data, it will comply with the applicable provisions of the Motorola Privacy Statement at https://www.motorolasolutions.com/en_us/about/privacy-policy.html#privacystatement, as may be updated from time to time. Motorola holds all Customer Contact Data as a controller and shall Process such Customer Contact Data in accordance with the Motorola Privacy Statement. In instances where Motorola is acting as a Contractual Documentation Maror+a�a sot.ur+aws Use or disclosure of this proposal is subject to the restrictions on the cover page. Motorola Solutions Confidential Restricted Page 5-4 City of Fort Worth Cybersecurity Penetration Test August 14, 2022 22-133944/ Cybersecurity Services joint controller with Customer, the Parties will enter into a separate addendum to allocate the respective roles as joint controllers. 3.11 Beta or Proof of Concept Services. If Motorola makes any beta version of its Services ("Beta Service") available to Customer, or provides Customer a trial period or proof of concept period (or other demonstration) of the Services at reduced or no charge ("Proof of Concept" or "POC" Service), Customer may choose to use such Beta or POC Service at its own discretion, provided, however, that Customer will use the Beta or POC Service solely for purposes of Customer's evaluation of such Beta or POC Service, and for no other purpose. Customer acknowledges and agrees that all Beta or POC Services are offered "as -is" and without any representations or warranties or other commitments or protections from Motorola. Motorola will determine the duration of the evaluation period for any Beta or POC Service, in its sole discretion, and Motorola may discontinue any Beta or POC Service at any time. Customer acknowledges that Beta Services, by their nature, have not been fully tested and may contain defects or deficiencies. Notwithstanding any other provision of this Agreement, to the extent a future paid Service has been agreed upon subject to and contingent on the Customer's evaluation of a Proof of Concept Service, Customer may cancel such future paid Service as specified in the SOW or, if not specified, within a reasonable time before the paid Service is initiated. Section 4. WARRANTY 4.1 CUSTOMER ACKNOWLEDGES, UNDERSTANDS AND AGREES THAT MOTOROLA DOES NOT GUARANTEE OR WARRANT THAT IT WILL DISCOVER ALL OF CUSTOMER'S SECURITY EVENTS (SUCH EVENTS INCLUDING THE UNAUTHORIZED ACCESS, ACQUISITION, USE, DISCLOSURE, MODIFICATION OR DESTRUCTION OF CUSTOMER DATA), THREATS, OR SYSTEM VULNERABILITIES. MOTOROLA DISCLAIMS ANY AND ALL RESPONSIBILITY FOR ANY AND ALL LOSS OR COSTS OF ANY KIND ASSOCIATED WITH SECURITY EVENTS, THREATS OR VULNERABILITIES WHETHER OR NOT DISCOVERED BY MOTOROLA. MOTOROLA DISCLAIMS ANY RESPONSIBILITY FOR CUSTOMER'S USE OR IMPLEMENTATION OF ANY RECOMMENDATIONS PROVIDED IN CONNECTION WITH THE SERVICES. IMPLEMENTATION OF RECOMMENDATIONS DOES NOT ENSURE OR GUARANTEE THE SECURITY OF THE SYSTEMS AND OPERATIONS EVALUATED. CUSTOMER SHALL BE RESPONSIBLE TO TAKE SUCH ACTIONS NECESSARY TO MITIGATE RISKS TO ITS OPERATIONS AND PROTECT AND PRESERVE ITS COMPUTER SYSTEMS AND DATA, INCLUDING CREATION OF OPERATIONAL WORKAROUNDS, BACKUPS AND REDUNDANCIES. 4.2. Customer acknowledges, understands and agrees that the Services and products or equipment provided by or used by Motorola to facilitate performance of the Services may impact or disrupt information systems. Motorola disclaims responsibility for costs in connection with any such disruptions of and/or damage to Customer's or a third party's information systems, equipment, voice transmissions, data and Customer Data, including, but not limited to, denial of access to a legitimate system user, automatic shut -down of information systems caused by intrusion detection software or hardware, or failure of the information system resulting from the provision or delivery of the Service. 4.3. Motorola warrants that Supplied Equipment, under normal use and service, will be free from material defects in materials and workmanship for one (1) year from the date of shipment, subject to Customer providing written notice to Motorola within that period. AS IT RELATES TO THE SUPPLIED EQUIPMENT, MOTOROLA DISCLAIMS ALL OTHER WARRANTIES OR CONDITIONS, EXPRESS OR IMPLIED, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON -INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE. 4.4. Pass -Through Warranties. Notwithstanding any provision of this Addendum or any related agreement to the contrary, Motorola will have no liability for third -party software, hardware or services resold or otherwise provided by Motorola; provided, however, that to the extent offered by third -party software, hardware or services Contractual Documentation Maror+a�a sot.ur+aws Use or disclosure of this proposal is subject to the restrictions on the cover page. Motorola Solutions Confidential Restricted Page 5-5 City of Fort Worth Cybersecurity Penetration Test August 14, 202- 22-133944/ Cybersecurity Services providers and to the extent permitted by law, Motorola will pass through express warranties provided by such third parties. Section 5 LIMITATION OF LIABILITY 5.1. DISCLAIMER OF CONSEQUENTIAL DAMAGES. EXCEPT FOR PERSONAL INJURY OR DEATH, MOTOROLA, ITS AFFILIATES, AND ITS AND THEIR RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES, SUBCONTRACTORS, AGENTS, SUCCESSORS, AND ASSIGNS (COLLECTIVELY, THE "MOTOROLA PARTIES") WILL NOT BE LIABLE IN CONNECTION WITH THIS ADDENDUM (WHETHER UNDER MOTOROLA'S INDEMNITY OBLIGATIONS, A CAUSE OF ACTION FOR BREACH OF CONTRACT, UNDER TORT THEORY, OR OTHERWISE) FOR ANY INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, PUNITIVE, OR CONSEQUENTIAL DAMAGES OR DAMAGES FOR LOST PROFITS OR REVENUES, EVEN IF MOTOROLA HAS BEEN ADVISED BY CUSTOMER OR ANY THIRD PARTY OF THE POSSIBILITY OF SUCH DAMAGES OR LOSSES AND WHETHER OR NOT SUCH DAMAGES OR LOSSES ARE FORESEEABLE. 5.2. DIRECT DAMAGES. EXCEPT FOR PERSONAL INJURY OR DEATH, THE TOTAL AGGREGATE LIABILITY OF THE MOTOROLA PARTIES, WHETHER BASED ON A CLAIM IN CONTRACT OR IN TORT, LAW OR EQUITY, RELATING TO OR ARISING OUT OF THIS ADDENDUM OR ANY RELATED OR UNDERLYING AGREEMENT, WILL NOT EXCEED THE FEES SET FORTH IN THE APPLICABLE SOW OR PRICING FOR THE CYBER SERVICES UNDER WHICH THE CLAIM AROSE. NOTWITHSTANDING THE FOREGOING, FOR ANY SUBSCRIPTION SERVICES OR FOR ANY RECURRING SERVICES, THE MOTOROLA PARTIES' TOTAL LIABILITY FOR ALL CLAIMS RELATED TO SUCH PRODUCT OR SERVICES IN THE AGGREGATE WILL NOT EXCEED THE TOTAL FEES PAID FOR THE CYBER SERVICES TO WHICH THE CLAIM IS RELATED DURING THE CONSECUTIVE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT FROM WHICH THE FIRST CLAIM AROSE. FOR AVOIDANCE OF DOUBT, THE LIMITATIONS IN THIS SECTION 5.2 APPLY IN THE AGGREGATE TO INDEMNIFICATION OBLIGATIONS ARISING OUT OF THIS ADDENDUM OR ANY RELATED AGREEMENTS. 5.3. ADDITIONAL EXCLUSIONS. NOTWITHSTANDING ANY OTHER PROVISION OF THIS ADDENDUM, THE PRIMARY AGREEMENT OR ANY RELATED AGREEMENT, MOTOROLA WILL HAVE NO LIABILITY FOR DAMAGES ARISING OUT OF (A) CUSTOMER DATA, INCLUDING ITS TRANSMISSION TO MOTOROLA, OR ANY OTHER DATA AVAILABLE THROUGH THE PRODUCTS OR SERVICES; (B) CUSTOMER -PROVIDED EQUIPMENT, NON-MOTOROLA CONTENT, THE SITES, OR THIRD -PARTY EQUIPMENT, HARDWARE, SOFTWARE, SERVICES, DATA, OR OTHER THIRD -PARTY MATERIALS, OR THE COMBINATION OF PRODUCTS AND SERVICES WITH ANY OF THE FOREGOING; (C) LOSS OF DATA OR HACKING, RANSOMWARE, OR OTHER THIRD -PARTY ATTACKS OR DEMANDS; (D) MODIFICATION OF PRODUCTS OR SERVICES BY ANY PERSON OTHER THAN MOTOROLA; (E) RECOMMENDATIONS PROVIDED IN CONNECTION WITH OR BY THE PRODUCTS AND SERVICES; (F) DATA RECOVERY SERVICES OR DATABASE MODIFICATIONS; OR (G) CUSTOMER'S OR ANY AUTHORIZED USER'S BREACH OF THIS ADDENDUM, THE PRIMARY AGREEMENT OR ANY RELATED AGREEMENT OR MISUSE OF THE PRODUCTS AND SERVICES; (H) INTERRUPTION OR FAILURE OF CONNECTIVITY, VULNERABILITIES, OR SECURITY EVENTS; (1) DISRUPTION OF OR DAMAGE TO CUSTOMER'S OR THIRD PARTIES' SYSTEMS, EQUIPMENT, OR DATA, INCLUDING DENIAL OF ACCESS TO USERS, OR SHUTDOWN OF SYSTEMS CAUSED BY INTRUSION DETECTION SOFTWARE OR HARDWARE; (J) AVAILABILITY OR ACCURACY OF ANY DATA AVAILABLE THROUGH THE SERVICES, OR INTERPRETATION, USE, OR MISUSE THEREOF; (K) TRACKING AND LOCATION -BASED SERVICES; OR (L) BETA SERVICES. 5.4. Voluntary Remedies. Motorola is not obligated to remedy, repair, replace, or refund the purchase price for the disclaimed issues in Section 5.3 — Additional Exclusions above, but if Motorola agrees to provide Services to help resolve such issues, Customer will reimburse Motorola for its reasonable time and expenses, including by paying Motorola any fees set forth in this Addendum or separate order for such Services, if applicable. Contractual Documentation 12 "070nvca SOLUTIONS Use or disclosure of this proposal is subject to the restrictions on the cover page. Motorola Solutions Confidential Restricted Page 5-6 City of Fort Worth Cybersecurity Penetration Test August 14, 2022 22-133944/ Cybersecurity Services 5.5. Representations and Standards. Except as expressly set out in this Addendum or the applicable Motorola proposal or statement of work relating to the cyber products or services, or applicable portion thereof, Motorola makes no representations as to the compliance of Motorola cyber products and services with any specific standards, specifications or terms. For avoidance of doubt, notwithstanding any related or underlying agreement or terms, conformance with any specific standards, specifications, or requirements, if any, as it relates to cyber products and services is only as expressly set out in the applicable Motorola SOW or proposal describing such cyber products or services or the applicable (i.e., cyber) portion thereof. Customer represents that it is authorized to engage Motorola to perform Services that may involve assessment, evaluation or monitoring of Motorola's or its affiliate's services, systems or products. 5.6. Wind Down of Services. In addition to any other termination rights, Motorola may terminate the Services, any SOW or subscription term, in whole or in part, in the event Motorola plans to cease offering the applicable Services to customers. 5.7. Third -Party Beneficiaries. The Addendum is entered into solely between, and may be enforced only by, the Parties. Each Party intends that the Addendum will not benefit, or create any right or cause of action in or on behalf of, any entity other than the Parties. Notwithstanding the foregoing, a licensor or supplier of third - party software, products or services included in the Services will be a direct and intended third -party beneficiary of this Addendum. In witness whereof, the Parties hereto have executed this Addendum as of the Effective Date. MOTOROLA CUSTOMER BY: : BY: : Valerie Washington (Sep 26, 2023 09:38 CDT) NAME: NAME: Valerie Washington TITLE: TITLE: Assistant City Manager DATE: DATE: �cp 2G, 2023 Contractual Documentation a"OrC—a-a sol.u"ON,- Use or disclosure of this proposal is subject to the restrictions on the cover page. Motorola Solutions Confidential Restricted Page 5-7 M&C Review Page 1 of 2 CITY COUNCIL AGENDA Create New From This M&C DATE: 6/28/2022 REFERENCE **M&C 22- LOG NAME: NO.: 0496 CODE: P TYPE: CONSENT PUBLIC HEARING: Official site of the City of Fort Worth, Texas FoRTWORTI1 13P AMEND COOP MOTOROLA SOLUTIONS RADIO ACQUISITION TD IT NO SUBJECT: (ALL) Authorize the Execution of an Amendment to Purchase Agreement with Motorola Solutions, Inc., for the Acquisition of Public Safety Radios and Associated Equipment and Increase the Contract Amount in Year Two by $2,797,260.00 for a New Year Two Total of $4,406,340.00, for a Three -Year Contract Total Not to Exceed $7,639,128.00 RECOMMENDATION: It Is recommended that the City Council authorize the execution of an amendment to purchase agreement with Motorola Solutions, Inc., for the acquisition of public safety radios and associated equipment and increase the contract amount in Year Two by $2,797,260.00 for a new Year Two total of $4,406,340.00, for a three-year contract total not to exceed $7,639,128.00. DISCUSSION: The City of Fort Worth maintains a radio communications system, the North Texas Interoperable Radio Network (NTIRN), utilized by most city departments and almost 180 external government entities. On December 14, 2021, City Council approved the continuation of purchasing radios, repair services, parts and accessories on an as -needed basis from Motorola using H-GAC Contract RA05-21, in an amount of $1,462,800.00 in Year One, $1,602,080.00 in Year Two and $1,769,988.00 in Year Three for a three-year total authorization of $4,841,868.00 (M&C 21-0937). Year One expires on July 31, 2022. Staff recommends increasing the contract amount for Year Two by $2,797,260.00 in order to replace radios and equipment acquired in 2011. These radios are either no longer supported by the manufacturer or will lose support within the next two years. In addition, parts are unavailable for radios that are no longer supported. Current generation radios have newer capabilities that can improve functional and safety levels for First Responders, and will have a useful life of another 12-14 years. These radios will be deployed with Police and Fire personnel. By authorizing this increase, the contract amount for Year Two will be up to $4,406,340.00. Year Three spend authority will remain $1,769,988.00. Funding is budgeted in the ITS Other General Government Department's ITS Capital Fund for the purpose of funding the FY20 Radio Coverage Improvement, FY22 Radio Refresh & FY22 PD Radio Refresh projects, as appropriated. State law provide that a local government purchasing an item under a Cooperative Purchasing Agreement satisfies state laws requiring that the local government seek competitive bids for the purchase of the item. H-GAC RA05-21 has been competitively bid to increase and simplify the purchasing power of government entities. A M/WBE goal is not assigned when purchasing from an approved purchasing cooperative or public entity. This project will serve ALL COUNCIL DISTRICTS. http://apps.cfwnet.org/council_packet/mc review.asp?ID=30048&councildate=6/28/2O22 6/29/2022 M&C Review Page 2 of 2 FISCAL INFORMATION/CERTIFICATION: The Director of Finance certifies that upon approval of the above recommendation, funds are available in the current capital budget, as previously appropriated, in the ITS Capital Fund for the FY20 Radio Coverage Improvemnt, FY22 Radio Refresh & FY22 PD Radio Refresh projects to support the execution of the amendment. Prior to an expenditure being incurred, the IT Solutions Department has the responsibility to validate the availability of funds. BQN\\ TO Fund Department Account Project Program Activity Budget Reference # Amount ID ID Year (Chartfield 2) FROM Fund Department Account Project Program Activity Budget Reference # Amount ID ID Year (Chartfield 2) Submitted for Citv Manaaer's Office bv: Reginald Zeno (8517) Valerie Washington (6192) Oriainatina Department Head: Reginald Zeno (8517) Kevin Gunn (2015) Additional Information Contact: Cynthia Garcia (8525) Taylor Dean (7648) ATTACHMENTS 13PAMEND COOP MOTOROLA SOLUTIONS RADIO ACQUISITION TD IT funds availabilitv.docx (CFW Internal) 13PAMEND COOP MOTOROLA SOLUTIONS RADIO ACQUISITION TD IT Updated FID.xlsx (CFW Internal) FID Motorola.xlsx (CFW Internal) Form 1295 - Motorola Solutions, lnc..Ddf (CFW Internal) SAMS Motorola Solutions. Inc..Ddf (CFW Internal) http://apps.cfwnet.org/council_packet/mc review.asp?ID=30048&councildate=6/28/2O22 6/29/2022