Loading...
HomeMy WebLinkAboutContract 53668 r City Secretary Contract No. FORT WORTH tip- c� c VENDOR SERVICES AGREEMENT (Information !ethnology) This Vendor Services Agreement("Agreement") is made and entered into by and between the City of Fort Worth, a Texas home-rule municipal corporation(the"City" or"Client")and Carousel Industries,Inc. a Rhode Island Corporation ("Vendor"). City and Vendor are each individually referred to herein as a"party"and collectively referred to as the"parties." The term"Vendor" shall include Vendor,its officers, agents,employees,representatives, contractors or subcontractors.The term"City"shall include its officers,employees, agents, and representatives. CONTRACT DOCUMENTS: The Contract documents shall include the following: I. This for Vendor Services Agreement, 2, Exhibit A—Statement Of Work.Plus Any Amendments To The Statement Of Work; 3, Exhibit B—Payment Schedule, 4. Exhibit C—Network Access Agreement; and 5. Exhibit D Signature Verification Form All Exhibits attached hereto are incorporated herein and made a part of this Agreement for all purposes.In the event of any conflict between the documents,the terms and conditions of this Agreement shall control. The term "Vendor" or "Contractor" shall include the Vendor or Contractor, and its officers, agents, employees, representatives,servants,contractors or subcontractors. The term"City"shall include its officers, employees, agents,and representatives, 1. Scope of Services. Vendor hereby agrees, with good faith and due diligence, to provide the City with hardware, software, maintenance and support of its Extreme Networks, and Professional Services. Specifically, Vendor will perform all duties outlined and described in the Statement Of Work, which is attached hereto as Exhibit"A" and incorporated herein for all purposes,and further referred to herein as the"Services."Vendor shall perform the Services in accordance with standards in the industry for the same or similar services.In addition,Vendor shall perform the Services in accordance with all applicable federal, state, and local laws, rules, and regulations. If there is any conflict between this Agreement and Exhibit A,the terms and conditions of this Agreement shall control. 2. Term. This Agreement shall commence on September 1,2019("Effective Date")and shall expire no later than August 31,2020 ("Expiration Date"), unless terminated earlier in accordance with the provisions of this Agreement or otherwise extended by the parties.This Agreement may be renewed for three one-year renewals at the City's option,each a "Renewal Term," The City shall provide Vendor with written notice of its intent to renew at least thirty(30) days prior to the end of each term. 3. Compensation. City shall pay Vendor an amount not to exceed One hundred eighty thousand dollars ($180,000,00) in accordance with the provisions of this Agreement and Exhibit"B,"Payment Schedule,which is attached hereto and incorporated herein for all purposes.Vendor shall not perform any additional services for City not specified by this Agreement unless City requests and approves in writing the additional costs for such services. r s a no a le ,hAL RECORD Vendor Services Agreement----Technology(Rev. 81i9) a I_RET i pyaa yp� ��pp93${�j��p( ��{1@�(q i • 99 WORTH, +lei] i i City Secretary Contract No. for any additional expenses of Vendor not specified by this Agreement unless City first approves such expenses in writing, City agrees to pay all invoices of Vendor within thirty(30) days of receipt of such invoice. 4. Termination. 43. Convenienec. Either the City or Vendor may terminate this Agreement at any time and for any reason by providing the other party with 3 0 days written notice of termination. 4.2. Breach.If either party commits a material breach of this Agreement,the non-breaching Party must give written notice to the breaching party that describes the breach in reasonable detail. The breaching party must cure the breach ten (1.0) calendar days after receipt of notice fi•om the non-breaching party, or other time frame as agreed to by the parties. If the breaching party fails to cure the breach within the stated period of time, the non- breaching party may, in its sole discretion, and without prejudice to any other right under this Agreement, law, or equity, immediately terminate this Agreement by giving written notice to the breaching party. 4.3. Fiscal Funding Out. In the event no funds or insufficient funds are appropriated by the City in any fiscal period for any payments due hereunder,the City will notify Vendor of such occurrence and this Agreement shall terminate on the last day of the fiscal period for which appropriations were received without penalty or expense to the City of any kind whatsoever, except as to the portions of the payments herein agreed upon for which funds have been appropriated. 4.4. Duties and Ob[i atilt_ ons of the I�arties. In the event that this Agreement is terminated prior to the Expiration Date,the City shall pay Vendor for services actually rendered up to the effective date of termination and Vendor shall continue to provide the City with services requested by the City and in accordance with this Agreement Lip to the effective date of termination. Upon termination of this Agreement for any reason, Vendor shall provide the City with copies of all completed or partially completed documents prepared under this Agreement.In the event Vendor has received access to City information or data as a requirement to perform services hereunder,Vendor shall return all City provided data to the City in a machine readable format or other format deemed acceptable to the City. 5. Disclosure of Conflicts and Confidential Information. 5.1. Disclosure of Conflicts.Vendor hereby warrants to the City that Vendor has made frill disclosure in writing of any existing or potential conflicts of interest related to Vendor's services under this Agreement. In the event that any conflicts of interest arise after the Effective Date of this Agreement, Vendor hereby agrees immediately to make full disclosure to the City in writing. 5.2. Confidential Information. The City acknowledges that Vendor may use products, materials, or methodologies proprietary to Vendor. The City agrees that Vendor's provision of services under this Agreement shall not be grounds for the City to have or obtain any rights in such proprietary products, materials, or methodologies unless the parties have executed a separate written agreement with respect thereto. Vendor,for itself and its officers, agents and employees, agrees that it shall treat all information provided to it by the City ("City Information")as confidential and shall not disclose any such information to a third party without the prior written approval of the City. 5.3. Public Information Act. City is a government entity under the laws of the State of Texas and all documents held or maintained by City are subject to disclosure under the Texas Public Information Act.In the event there is a request for information marked Confidential or Proprietary, City shall promptly notify Seller. It will be the responsibility of Seller to submit reasons objecting to disclosure..lA determination on whether such reasons are sufficient will not be decided by City,but by the Office of the Attorney General of the State of Texas or by a court of competent jurisdiction. 5.4. Unauthorized Access, Vendor shall store and maintain City Information in a secure manner and shall not allow unauthorized users to access, modify, delete or otherwise corrupt City Information in any way. Vendor shall notify the City immediately if the security or integrity of any City information has been compromised Vendor Services Agreement—Technology(Rev. 8/19) Page 2 of 19 3 City Secretary Contract No. or is believed to have been compromised, in which event, Vendor shall, in good faith, use all commercially reasonable efforts to cooperate with the City in identifying what information has been accessed by unauthorized means and shall fully cooperate with the City to protect such information from further unauthorized disclosure. 6. Right to Audit. 6.1. Vendor agrees that the City shall, until the expiration of three (3)years after final payment under this Agreement have access to and the right to examine at reasonable times any directly pertinent books,documents, papers and records of the Vendor involving transactions relating to this Agreement at no additional cost to the City. Vendor agrees that the City shall have access during normal working hours to all necessary Vendor facilities and shall be provided adequate and appropriate work space in order to conduct audits in compliance with the provisions of this section. The City shall give Vendor not less than 10 days written notice of any intended audits. 6.2. Vendor further agrees to include in all its subcontractor agreements hereunder a provision to the effect that the subcontractor agrees that the City shall, until expiration of three (3) years after final payment of the subcontract, have access to and the right to examine at reasonable times any directly pertinent books, documents, papers and records of such subcontractor involving transactions related to the subcontract, and further that City shall have access during normal working hours to all subcontractor facilities and shall be provided adequate and appropriate work space in order to conduct audits in compliance with the provisions of this paragraph. City shall give subcontractor not less than 10 days written notice of any intended audits. 7. Independent Contractor. It is expressly understood and agreed that Vendor shall operate as an independent contractor as to all rights and privileges granted herein, and not as agent,representative or employee of the City. Subject to and in accordance with the conditions and provisions of this Agreement,Vendor shall have the exclusive right to control the details of its operations and activities and be solely responsible for the acts and omissions of its officers, agents, servants, employees, contractors and subcontractors. Vendor acknowledges that the doctrine of respondeat superior shall not apply as between the City, its officers, agents, servants and employees, and Vendor, its officers, agents, employees, servants, contractors and subcontractors. Vendor further agrees that nothing herein shall be construed as the creation of a partnership or joint enterprise between City and Vendor. It is further understood that the City shall in no way be considered a Co- employer or a Joint employer of Vendor or any officers, agents, servants, employees or subcontractors of Vendor. Neither Vendor, nor any officers, agents, servants, employees or subcontractors of Vendor shall be entitled to any employment benefits from the City. Vendor shall be responsible and liable for any and all payment and reporting of taxes on behalf of itself, and any of its officers, agents,servants,employees or subcontractors. 8. LIABILITY AND INDEMNIFICATION. 8.1. LIABILITY- VENDOR SHALL BE LIABLE AND RESPONSIBLE FOR ANY AND ALL PROPERTY LOSS, PROPERTY DAMAGE AND/OR PERSONAL INJURY, INCLUDING DEATH, TO ANY AND ALL PERSONS, OF ANY KIND OR CHARACTER,WHETHER REAL OR ASSERTED, TO THE EXTENT CAUSED BY THE NEGLIGENT ACT(S) OR OMISSION(S), MALFEASANCE OR INTENTIONAL MISCONDUCT OF VENDOR, ITS OFFICERS, AGENTS, SERVANTS OR EMPLOYEES. 8.2. INDEMNIFICATION - VENDOR HEREBY COVENANTS AND AGREES TO INDEMNIFY, HOLD HARMLESS AND DEFEND THE CITY, ITS OFFICERS,AGENTS, SERVANTS AND EMPLOYEES,FROM AND AGAINST ANY AND ALL CLAIMS OR LAWSUITS OF ANY KIND OR CHARACTER, WHETHER REAL OR ASSERTED, FOR EITHER PROPERTY DAMAGE OR LOSS (INCLUDING ALLEGED DAMAGE OR LOSS TO VENDOR'S BUSINESS, AND ANY RESULTING LOST PROFITS) PERSONAL INJURY, INCLUDING DEATH, TO ANY AND ALL PERSONS, AND DAMAGES FOR CLAIMS OF INTELLECTUAL PROPERTY INFRINGEMENT,ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT, TO THE EXTENT CAUSED BY THE ACTS OR OMISSIONS OF VENDOR, ITS OFFICERS, AGENTS, SUBCONTRACTORS, SERVANTS OR EMPLOYEES, Vendor Services Agreement—Technology(Rev. 8/19) Page 3 of 19 City Secretary Contract No. 8.3. INTELLECTUAL PROPERTY INFRINGEMENT. 8.3.1. The Vendor warrants that all Deliverables, or any part thereof,furnished hereunder, including but not limited to: programs, documentation, software, analyses, applications, methods, ways, and processes (in this Section 8C each individually referred to as a "Deliverable" and collectively as the"Deliverables,")do not infringe upon or violate any patent,copyrights,trademarks, service marks, trade secrets, or any intellectual property rights or other third party proprietary rights,in the performance of services under this Agreement. 8.3.2. Vendor shall be liable and responsible for any and all claims made against the City for infringement of any patent,copyright,trademark,service mark,trade secret,or other intellectual property rights by the use of or supplying of any Deliverable(s) in the course of performance or completion of,or in any way connected with providing the services,or the City's continued use of the Deliverable(s)hereunder. 83.3. Vendor agrees to indemnify, defend, settle, or pay, at its own cost and expense, including the payment of attorney's fees,any claim or action against the City for infringement of any patent,copyright,trade mark,service mark,trade secret,or other intellectual property right arising from City's use of the Deliverable(s),or any part thereof, in accordance with this Agreement,it being understood that this agreement to indemnify,defend,settle or pay shall not apply if the City modifies or misuses the Deliverable(s). So long as Vendor bears the cost and expense of payment for claims or actions against the City pursuant to this section 8,Vendor shall have the right to conduct the defense of any such claim or action and all negotiations for its settlement or compromise and to settle or compromise any such claim;however,City shall have the right to fully participate in any and all such settlement, negotiations, or lawsuit as necessary to protect the City's interest, and City agrees to cooperate with Vendor in doing so.In the event City,for whatever reason,assumes the responsibility for payment of costs and expenses for any claim or action brought against the City for infringement arising under this Agreement, the City shall have the sole right to conduct the defense of any such claim or action and all negotiations for its settlement or compromise and to settle or compromise any such claim; however,Vendor shall fully participate and cooperate with the City in defense of such claim or action. City agrees to give Vendor timely written notice of any such claim or action,with copies of all papers City may receive relating thereto. Notwithstanding the foregoing, the City's assumption of payment of costs or expenses shall not eliminate Vendor's duty to indemnify the City under this Agreement.If the Deliverable(s),or any part thereof,is held to infringe and the use thereof is enjoined or restrained or, if as a result of a settlement or compromise, such use is materially adversely restricted,Vendor shall, at its own expense and as City's sole remedy, either; (a) procure for City the right to continue to use the Deliverable(s); or (b) modify the Deliverable(s) to make them/it non-infringing, provided that such modification does not materially adversely affect City's authorized use of the Deliverable(s); or (c) replace the Deliverable(s) with equally suitable, compatible,and functionally equivalent non-infringing Deliverable(s)at no additional charge to City; or (d) if none of the foregoing alternatives is reasonably available to Vendor, terminate this Agreement,and refund all amounts paid to Vendor by the City,subsequent to which termination City may seek any and all remedies available to City underlaw.VENDOR'S OBLIGATIONS HEREUNDER SMALL BE SECURED BY THE REQUISITE INSURANCE COVERAGE AND AMOUNTS SET FORTH IN SECTION 10 OF THIS AGREEMENT. 8.4. Data Breach. Vendor further agrees that it will monitor and test its data safeguards from time to time, and further agrees to adjust its data safeguards from time to time in light of relevant circumstances or the results of any relevant testing or monitoring.If Vendor suspects or becomes aware of any unauthorized access to any financial or personal identifiable information ("Personal Data") by any unauthorized person or third party,or becomes aware of any other security breach relating to Personal Data held or stored by Vendor under this Agreement or in connection with the performance of any services performed under this Agreement or any Statement(s) of Work ("Data Breach"),Vendor shall immediately notify City in writing and shall fully cooperate with City at Vendor's expense to prevent or stop such Data Vendor Services Agreement—Technology(Rev. 8/19) Page 4 of 19 City Secretary Contract No._ Breach.In the event of such Data Breach,Vendor shall fully and immediately comply with applicable laws, and shall take the appropriate steps to remedy such Data Breach. Vendor will defend, indemnify and hold City,its Affiliates, and their respective officers, directors, employees and agents, harmless from and against any and all claims, suits, causes of action, liability, loss, costs and damages, including reasonable attorney fees, arising out of or relating to any third party claim arising from breach by Vendor of its obligations contained in this Section,except to the extent resulting from the acts or omissions of City.All Personal Data to which Vendor has access under this Agreement,as between Vendor and City,will remain the property of City. City hereby consents to the use, processing and/or disclosure of Personal Data only for the purposes described herein and to the extent such use or processing is necessary for Vendor to carry out its duties and responsibilities under this Agreement, any applicable Statement(s) of Work, or as required by law. Vendor will not transfer Personal Data to third parties otber than through its underlying network provider to perform its obligations under this Agreement, unless authorized in writing by City. Vendor's obligation to defend, hold harmless and indemnify City shall remain in full effect if the Data Breach is the result of the actions of a third party.All Personal Data delivered to Vendor shall be stored in the United States or other jurisdictions approved by City in writing and shall not be transferred to any other countries or jurisdictions without the prior written consent of City. 9. Assigmnent and Subcontracting. 9.1. Vendor shall not assign or subcontract any of its duties, obligations or rights under this Agreement without the prior written consent of the City. If the City grants consent to an assignment,the assignee shall execute a written agreement with the City and the Vendor under which the assignee agrees to be bound by the duties and obligations of Vendor under this Agreement.The Vendor and assignee shall be jointly Iiable for all obligations under this Agreement prior to the assignment. If the City grants consent to a subcontract, the subcontractor shall execute a written agreement with the Vendor referencing this Agreement under which the subcontractor shall agree to be bound by the duties and obligations of the Vendor under this Agreement as such duties and obligations may apply. The Vendor shall provide the City with a frilly executed copy of any such subcontract. 10. Insurance. 10.1. The Vendor shall carry the following insurance coverage with a company that is licensed to do business in Texas or otherwise approved by the City; 10.1.1. Commercial General Liability: 10.1.1.1. Combined limit of not less than $2,000,000 per occurrence; $4,000,000 aggregate; or 10.1.1.2. Combined limit of not less than $1,000,000 per occurrence; $2,000,000 aggregate and Umbrella Coverage in the amount of$4,000,000. Umbrella policy shall contain a follow-fon-n.provision and shall include coverage for personal and advertising injury. 10.1.1.3. Defense costs shall be outside the limits of liability. 10,1.2. Automobile Liability Insurance covering any vehicle used in providing services under this Agreement, including owned, non-owned, or hired vehicles, with a combined limit of not less than $1,000,000 per occurrence. 10.1.3. Professional Liability (Errors & Omissions) in the amount of$1,000,000 per claim and $1,000,000 aggregate limit. 10.1.4. Statutory Workers'Compensation and Employers'Liability Insurance requirements per the amount required by statute. Vendor Services Agreement—Technology(Rev. 8/19) Page 5 of 19 City Secretary Contract No" 10.1.5. Technology Liability(Errors &Omissions) 10.1.5.1. Combined limit of not less than $2,000,000 per occurrence; $4million aggregate or 10.1.5.2. Combined limit of not less than $1,000,000 per occurrence; $2,000,000 aggregate and Umbrella Covcta&c in the amount of$4,000,000. Umbrella policy shall contain a follow-form provision and shall include coverage forpersonal and advertising injury.The umbrella policy shall cover amounts for any claims not covered by the primary Technology Liability policy. Defense costs shall be outside the Iimits of liability. 10.1.5.3. Coverage shall include, but not be limited to,the following: 10.1.5.3.1. Failure to prevent unauthorized access; Unauthorized disclosure of information; Implantation of malicious code or computer virus; 10.1.5.3.4. Fraud, Dishonest or Intentional Acts with final adjudication language; 10.1.5.3.5. Intellectual Property infringement coverage, specifically including coverage for intellectual property infringement claims and for indemnification and legal defense of any clairns of intellectual property infringement, including infringement of patent, copyright, trade mark or trade secret, brought against the City for use of Deliverables, Software or Services provided by Vendor under this Agreement; 10.1.5.3.6. Technology coverage may be provided through an endorsement to the Commercial General Liability(CGL)policy, a separate policy specific to Technology E&O, or an umbrella policy that picks up coverage after primary coverage is exhausted.Either is acceptable if coverage meets all other requirements.Technology coverage shall be written to indicate that legal costs and fees are considered outside of the policy limits and shall not erode limits of liability. Any deductible will be the sole responsibility of the Vendor and may not exceed$50,000 without the written approval of the City. Coverage shall be claims-made, with a retroactive or prior acts date that is on or before the effective date of this Agreement. Coverage shall be maintained for the duration of the contractual agreement and for two (2) years following completion of services provided. An annual certificate of insurance,or a full copy of the policy if requested, shall be submitted to the City to evidence coverage; and 10.1.5.3.7. Any other insurance as reasonably requested by City. 10.2. General Insurance Requirements: 10.2.1. All applicable policies shall name the City as an additional insured thereon, as its interests may appear. The term City shall include its employees,officers, officials,agents,and volunteers in respect to the contracted services. 10.22 The workers' compensation policy shalt include a Waiver of Subrogation (Right of Recovery) in favor of the City of Fort Worth. 10.2.3. A minimum of Thirty(30) days' notice of cancellation or reduction in limits of coverage Vendor Services Agreement—'technology(Rev. 8/19) Page 6 of 19 s iz City Secretary Contract No. shall be provided to the City. Ten (10) days' notice shall be acceptable in the event of non-payment of premium. Notice shall be sent to the Risk Manager, City of Fort Worth, 1000 Throckmorton, .Fort Worth, Texas 76102, with copies to the City Attorney at the same address, 10.2.4. The insurers for all policies must be licensed and/or approved to do business in the State of Texas. All insurers must have a minimum rating of A-VII in the current A.M.Best Key Rating Guide, or have reasonably equivalent financial strength and solvency to the satisfaction of Risk Management. If the rating is below that required, written approval of Risk Management is required. 10.2.5. Any failure on the part of the City to request required insurance documentation shall not constitute a waiver of the insurance requirement. 10.2.6. Certificates of Insurance evidencing that the Vendor has obtained all required insurance shall be delivered to and approved by the City's Risk Management Division prior to execution of this Agreement. 11. COtn liance with Laws,_Ordinances,Rules and Regulations. Vendor agrees to comply with all applicable federal, state and local laws, ordinances, miles and regulations. If the City notifies Vendor of any violation of such laws, ordinances,rules or regulations,Vendor shall immediately desist from and correct the violation. 12. Non-Discrimination Covenant. Vendor, for itself, its personal representatives, assigns, subcontractors and successors in interest', as part of the consideration herein, agrees that in the performance of Vendor's duties and obligations hereunder, it shall not discriminate in the treatment or employment of any individual or group of individuals on any basis prohibited by law. If any claim arises from an alleged violation of this non-discrimination covenant by Vendor, its personal representatives, assigns, subcontractors or successors in interest, Vendor agrees to assume such liability and to indemnify and defend the City and hold the City harmless from such claim. 13. Notices. Notices required pursuant to the provisions of this Agreement shall be conclusively determined to have been delivered when (1) hand-delivered to the other party, its agents, employees, servants or representatives, (2) delivered by facsimile with electronic confirmation of the transmission, or(3)received by the other party by United States Mail,registered,return receipt requested,addressed as follows: TO THE CITY: TO VENDOR: City of Fort Worth Carousel Industries,Inc. Attn:Assistant.City Manager Attn: Jay Moniz 200 Texas Street Manager, Corporate Contracts ' Fort Worth TX 76102 659 South County Trail With Copy to the City Attorney Exeter; Rhode Island 02822 at same address 14. Solicitation of Employees, Neither the City nor Vendor shall, during the term of this Agreement and additionally for a period of one year after its termination, solicit for employment or employ, whether as employee or independent contractor, any person who is or has been employed by the other during the term of this Agreement, without the prior written consent of the person's employer.This provision shall not apply to an employee who responds to a general solicitation or advertisement of employment by either party. 15. Governmental Powers. It is understood and agreed that by execution of this Agreement,the City does not waive or surrender any of its governmental powers_ 16. No Waiver. The failure of the City or Vendor to insist upon the performance of any term or provision of this Agreement or to exercise any right granted herein shall not constitute a waiver of the City's or Vendor's respective right Vendor Services Agreement—Tecluiology(Rev. 8/19) Page 7 of 19 City Secretary Contract No. to insist upon appropriate performance or to assert any such right on any fixture occasion. 17. Governing Law and Venue. This Agreement shall be construed in accordance with the laws of the State of Texas. If any action,whether real or asserted, at law or in equity, is brought on the basis of this Agreement,venue for such action shall lie in state courts located in Tarrant County,Texas or the United States District Court for the Northern District of Texas,Port Worth Division. 18, Severability If any provision of this Agreement is held to be invalid, illegal or unenforceable,the validity, legaiity and enforceability of the remaining provisions shall not in any way be affected or impaired. 19. Force Maieure. The City and Vendor shall exercise their best efforts to meet their respective duties and obligations as set forth in this Agreement,but shall not be held liable for any delay or omission in performance due to force majeure or other causes beyond their reasonable control(force majeure),including,but not limited to, compliance with any government law, ordinance or regulation, acts of God, acts of the public enemy, fires, strikes, lockouts, natural disasters, wars, riots, material or labor restrictions by any governmental authority, transportation problems and/or any other similar causes. 20. Headings Not Controlling. Headings and titles used in this Agreement are for reference purposes only and shall not be deemed a part of this Agreement. 21. Review of Counsel. The parties acknowledge that each party and its counsel have reviewed this Agreement and that the normal rules of construction to the effect that any ambiguities are to be resolved against the drafting party shall not be employed in the interpretation of this Agreement or exhibits hereto, 22. Amendments. No amendment of this Agreement shall be binding upon a party hereto unless such amendment is set forth in a written instrument, and duly executed by an authorized representative of each party. 23. Entirety of Agreement. This Agreement, including any exhibits attached hereto and any documents incorporated herein by reference, contains the entire understanding and agreement between the City and Vendor, their assigns and successors in interest, as to the matters contained herein. Any prior or contemporaneous oral or written agreement is hereby declared null and void to the extent in conflict with any provision of this Agreement. 24. Counterparts. This Agreement may be executed in one or more counterparts and each counterpart shall,for all purposes, be deemed an original, but all such counterparts shall together constitute one and the same instrument.An executed Agreement, modification, amendment, or separate signature page shall constitute a duplicate if it is transmitted through electronic means,such as fax or e-mail, and reflects the signing of the document by any party.Duplicates are valid and binding even if an original paper document bearing each party's original signature is not delivered. 25. Warranty of Services. Vendor warrants that its services will be of a professional quality and conform to generally prevailing industry standards. City must give written notice of any breach of this warranty within thirty(30)days from the date that the services are completed. In such event, at Vendor's option,Vendor shall either(a)use commercially reasonable efforts to re-perform the services in a manner that conforms with the warranty, or(b)refund the fees paid by the City to Vendor for the nonconforming services. 26. Network Access. 26.1. City Network Access. If Vendor, and/or any of its employees, officers, agents, servants or subcontractors(for purposes of this section"Vendor Personnel"),requires access to the City's computer network in order to provide the services herein, Vendor shall execute and comply with the Network Access Agreement which is attached hereto as Exhibit"C"and incorporated herein for all purposes. 26.2. Federal Law Enforcement Database Access.If Vendor,or any Vendor Personnel,requires access to any federal law enforcement database or any federal criminal history record information system, including but not lira ted to Fingerprint Identification Records System ("FIRS"), Interstate Identification Index System ("Ill Vendor Services Agreement—Technology(Rev. 8/19) Page 8 of 19 City Secretary Contract No. System"), National Crime Information Center ("NCIC") of National Fingerprint File ("NFF"), or Texas Law Enforcement Telecommunications Systems ("TLETS"), that is governed by and/or defined in Title 28, Code of Federal Regulations Part 20("CFR fart 20"),for the purpose of providing services for the administration of criminal justice as defined therein on behalf of the City or the Fort Worth Police Department, under this Agreement,Vendor shaII comply with the Criminal Justice Information Services Security Policy and CFR Part 20, as amended, and shall separately execute the Federal Bureau of Investigation Criminal Justice Information Services Security Addendum. No changes, modifications, alterations, or amendments shall be made to the Security Addendum. The document must be executed as is, and as approved by the Texas Department of Public Safety and the United States Attorney General. 27. Immmi xation Nationality Act. Vendor shall verify the identity and employment eligibility of its employees who perform work under this Agreement, including completing the Employment Eligibility Verification Form (I-9). Upon request by City, Vendor shall provide City with copies of all I-9 forms and supporting eligibility documentation for each employee who performs work under this Agreement. Vendor shall adhere to all Federal and State laws as well as establish appropriate procedures and controls so that no services will be performed by any Vendor employee who is not legally eligible to perform such services. VENDOR SHALL INDEMNIFY CITY AND HOLD CITY HARMLESS FROM ANY PENALTIES, LIABILITIES, OR LOSSES DUE TO VIOLATIONS OF TINS PARAGRAPH BY VENDOR, VENDOR'S EMPLOYEES,SUBCONTRACTORS,AGENTS, OR LICENSEES. City, upon written notice to Vendor, shall have the right to immediately terminate this Agreement for violations of this provision by Vendor. 28. Informal Dispute Resolution. Except in the event of termination pursuant to Section 4.2, if either-City or Vendor has a claim, dispute,or other matter in question for breach of duty,obligations, services rendered or any warranty that arises under this Agreement, the parties shall first attempt to resolve the matter through this dispute resolution process. The disputing party shall notify the other party in writing as soon as practicable after discovering the claim,dispute,or breach. The notice shall state the nature of the dispute and list the parry's specific reasons for such dispute. Within ten(10)business days of receipt of the notice,both parties shall commence the resolution process and make a good faith effort, either through email, mail,phone conference, in person meetings, or other reasonable means to resolve any claim, dispute,breach or other matter in question that may arise out of, or in connection with this Agreement. If the parties fail to resolve the dispute within sixty(60) days ofthe date of receipt of the notice ofthe dispute,then the parties may submit the matter to non-binding mediation in Tarrant County,Iexas, upon written consent of authorized representatives of both parties in accordance with the Industry Arbitration Rules of the American Arbitration Association or other applicable rules governing mediation then in effect.The mediator shall be agreed to by the parties. Each party shall be liable for its own expenses, including attorney's fees; however,the parties shall share equally in the costs of the mediation. If the parties cannot resolve the dispute through mediation,then either party shall have the right to exercise any and all remedies available under law regarding the dispute. Notwithstanding the fact that the parties may be attempting to resolve a dispute in accordance with this informal dispute resolution process, the parties agree to continue without delay all of their respective duties and obligations under this Agreement not affected by the dispute.Either party may, before or during the exercise of the informal dispute resolution process set forth herein, apply to a court having jurisdiction for a temporary restraining order or preliminary injunction where such relief is necessary to protect its interests. 29. No Boycott of Israel. If Vendor has fewer than 10 employees or the Agreement is for less than$100,000, this section does not apply. Vendor acknowledges that in accordance with Chapter 2270 of the Texas Government Code, City is prohibited from entering into a contract with a company for goods or services unless the contract contains a written verification from the company that it; (1) does not boycott Israel; and (2) will not boycott Israel during the term of the contract. Tire terms"boycott Israel"and"company"shall have the meanings ascribed to those terms in Section 808.001 of the Texas Government Code. By signing this Addendum, Vendor certifies that Vendor's signature provides written verification to City that Vendor (1)does not boycottlsrael,'and(2)will not boycott Israel during the term of the Agreement. 30. Reporting Requirements. 30.1. For purposes of this section,the words below shall have the following meaning: 30.1.1. Child shall mean a person under the age of 18 years of age. Vendor Services Agreement—Technology(Rev. 8/19) Page 9 of 19 City Secretary Contract No. 30.1.2. Child pornography means an image of a child engaging in sexual conduct or sexual performance as defined by Section 43.25 of the Texas Penal Code. 30.1.3. Coniptiterineans an electronie,magnetic, optical,electrochemical,or other high-speed data processing device that performs logical,arithmetic,or memory fimotions by the manipulations of electronic or magnetic impulses and includes all input, output, processing, storage, or communication facilities that are connected or related to the device. 30.1.4. Computer technician means an individual who, in the course and scope of employment or business, installs, repairs, or otherwise services a computer for a fee. This shall include installation of software, hardware, and maintenance services. 30.2. Reporting Requirement. If Vendor meets the definition of Computer Technician as defined herein, and while providing services pursuant to this Agreement, views an image on a computer that is or appears to be child pornography, Vendor shall immediately report the discovery of the image to the City and to a local or state law enforcement agency or the Cyber Tip Line at the National Center for Missing and Exploited Children. The report must include the name and address of the owner or person claiming a right to possession of the computer, if known,and as permitted by law.Failure by Vendor to make the report required herein may result in criminal and/or civil penalties. 31. Sig-qature Authority. The person signing this agreement hereby warrants that he/she has the legal authority to execute this agreement on-behalf of the respective party,and that such binding authority has been granted by proper order, resolution, ordinance or other authorization of the entity. This Agreement, and any arnendment(s) hereto, may be executed by any authorized representative of Vendor whose name, title and signature is affixed on the Verification of Signature Authority Form,which is attached hereto as Exhibit"D"and incorporate herein by reference. Each party is fully entitled to rely on these warranties and representations in entering into this Agreement or any amendment hereto. 32. Survival of Provisions. The parties'duties and obligations pursuant to Section 4.4(Duties and Obligations), 5 (Disclosure of Conflicts and Confidential Information), Section 6 (Right to Audit), and Section 8 (Liability and Indemnification)shalt survive termination of this Agreement. (signature page folloivs) Vendor Services Agreement—Technology(Rev. 8/19) Page 10 of 19 City Secretary Contract No. ACCEPTED AND AGREED: CITY: CITY OF FORT WORTH CONTRACT COMPLIANCE MANAGER: By signing I acknowledge that I am the person responsible for the monitoring and administration of this contract,including ensuring all performance BY: and reporting requirements. Name: Dan"Burghff Title: InteManager Date: ! /4D ZD By: �----� Name: Verlon Plum APPROVAL RECOMMENDED: Title: IT Manager,Water Department B APPROVED AS TO FORM AND LEGALITY Y Name: Chris Harder Title: Director,Water Department By: Name:^AssistantCityArflb�incy ATTEST: Title: 5 CONTRACT AUTHORIZATION: M&C: aap.-0�35 By: Date Approved: I ao Name: Mary Kays Title: City Secretary Q: :� r orm 1295 Certification No. 0011-`j 1 Sol •' ., r VENDOR: CAROUSEL INDUSTRIES OF NORTH AMERICA,INC. I l By: z i Name: Jay Maniz Title: Manager of Corporate acts i Date: i 4 f { OFFM L RECORD Vendor Services Agreetnent—Technology(Rev. 8/19) C4TV SEC JA bf 56 FT. WORTH,YX City Secretary Conl'actNo. EXT BIT A STATEMENT OF WORD CAROUSEL MANAGED SERVICES-STATEMENT OF SERVICES Vendor Services Agreenlexzt--Technology—Exhibit A Managed Services Carouse[ E Carousel Managed Services Statement of Services This document provides a high-level service definition for.- City of Ft. Worth Water Department Effective Date: 01/27/2020 Proposal M. 580169 Presented to: Charmaine Baylor Presented by: Charli Willard,Account Executive Architected by. Ben Bonner, Managed Services Disclaimer This documentation might include technical or process inaccuracies or typographical errors and is subject to correction and other revision without notice.Carousel GIVES YOUTH E CLIENT THIS DOCUMENTATION"AS IS."EXPRESS OR IMPLIED WARRANTIES OF ANY KIND ARE NOT PROVIDED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.Some states or Page I City of Ft.Worth Water_01/27/2020 Table of Contents ManagedServices Agreement...........................-..........................................................................................................5 ServicesOverview.....................................................................................................................................................5 ServiceTransition..................................................................................................................................................5 SteadyState Delivery........................—..............................,..................................................................................6 List of Exhibits it this Agreement..................................................................................................................................7 Pricing............................................................................................................................................................................7 One Time Charges(OTC)................................................................................................................................I....... ..,7 MonthlyRecurring Charges(MRC)............................................................................................................................7 Time&Materials Pricing...........................................................................................................................................8 PricingAssumptions........ ...... .................................... ............... ...................................... ........ .......... .............9 Outof Scope and Service Limitations............................................................................................................................9 Signatures....................................................................................................................................................................10 ExhibitA--Service Delivery Gateway(5DG)............................................................................................. 11................. Carousel Secure Service Delivery Gateway.........................................................................................................11 Connectivity........................................................................................................... ............................................12 Infrastructure-Requirements........................................................................................................ .....................12 ConnectivityRequirements................................................................................................................................A4 A Day in the Life of a Managed Services Engineer..............................................................................................JS RemoteAccess..................-....... ............................... ............... ........................................................................16 PasswordVaulting...............................................................................................................................................17 Data Security and Management.........................................................................................................................18 Types of Data Carousel Does Not Collect..............—...................,.......................................,...............................19 TheCarousel Commitment.................................................................................................................................21 Exhibit B—Service Transition Details............................... ........................__..............................................................22 ~ B.1. Planning Phase............................................. .............................. ...................................... ..... 22 132, Execution Phase.........................................................................................................................................23 B.3, Quality Assurance/Testing Phase............................................ .......... .................. ...........................24 8,4, Tuning Phase................... ...... ................... ................................................... .......... ...............................24 B.S, Steady State Phase.....................................................................................................................................24 Exhibit C—Steady State Entitlements..........................................................................................................................26 C.1. Monitoring--.................................................................................. ................ .......................................26 C.1.1. Reachability Monitoring....................................................................................................................26 C.1,2. Incident&Performance Monitoring.................................................................................................26 C.2. Reporting&Portals........ ...........................................................................................................................26 C.3. Configuration Management........................................................... ...........................................................26 C.3.1 Network Backup....—....... ......................................................................................................................26 Page 2 City of Ft.Worth Water-01/27/2020 C4. Event Management................................................__................................................................................27 C.4.1 Service Desk...........................................................................................................................................27 C.4.2 Event Capture,Validation and Recording..............................................................................................27 C.4.3 Event Correlation&Suppression...........................................................................................................27 I C.5. Incident Management................................................................................................................................27 C.5.1 Incident Notification........................___................................. ............. .,28 C.5.2 Triage&Troubleshooting(Operate&Optimize Only).,.................. ..................................................29 C.5.3 Complex Resolution(Operate& Optimize Only)...................................................................................29 C.5.4 Bug&Security Resolution (Operate&Optimize Only)..........................................................................29 C.5.5 Carrier Management(Operate&Optimize Only)..................................................................................29 C.5.6 Vendor Management(Operate& Optimize Only).......................................................... ......................30 C.S.7 Incident Escalation (Operate&Optimize Only).....................................................................................3o C.6. Problem Management(Optimize Only).....................................................................................................31 C.6.1 Root Cause Analysis(Optimize Only)............. 31 C.6.2 Chronic Problem Management(Optimize Only)....................................................................................31 C,7. Patch&Release Management(Optimize Only).........................................................................................31 C.7.1 Server Patch Management(Optimize Only)..........................................................................................32 C,7.2 Network Device Release Management(Optimize Only)........................................................__............32 C.7.3 Application Release Management(Optimize Only)...............................................................................32 C.8. IT Asset Change Management(Optimize Only)...............................................................................................33 C.8.1 Standard Change Request(Optimize Only)................................................................................................33 C.8.2 Emergency Change Request(Optimize Only)—.........................................................................................34 C.8.3 Complex Change Request(Optimize Only)..............................................................................................„34 C.9. End-User Service Request(Optimize Only).............. ..35 C.11. Continuous Service Improvement..............................................................................................................35 C.12. Service Management—,............................. ........................................ ......................................................36 Exhibit D--Service Level Agreement...........................................................................................................................38 ExhibitE-Supported Items-................................................................... ...................................................................41 ExhibitF-Terms and Conditions.................................................................................................................................42 1. ORDER,PROVISION AND SCOPE OF SERVICES...................................................................................................42 2. INVOICING AND PAYMENT................................................................................................................................42 3, CUSTOMER RESPONSIBILITIES ............................. 4. SOFTWARE LICENSE............................................................................................................................................44 S. CONFIDENTIAL INFORMATION...................I...........................................................__......................................44 G. WARRANTIES......,.. _...............................................................................__.......,....... .....44 7. LIMITATION OF LIABILITY...................................................................................................................................45 8. GOVERNING LAW AND DISPUTE RESOLUTION..................................................................................................45 Page 3 City of Ft.Worth Water_01/27/2020 9. TERM AND TERMINATION..................................................................................................................................45 10. MISCELLANEOUS............................................................................................................................................46 i Page 4 Oty of Ft.Worth Water_01/27/2020 Managed Services Agreement This Statement of Services Agreement(the "Agreement") is entered into between Carousel Industries of North America, Inc. ("Carousel"),with an office at 659 South County Trail, Exeter, RI 02822 ("Carousel") and City of Ft.Worth ("Client") at 200 Texas Street, Ft.Worth,TX 76102 .The effective date of this Agreement is 02/01/2020 (the"Effective Date"). Where the Effective pate is not defined above,this Agreement will be effective on the date that Carousel countersigns this Agreement. This Agreement defines Carousel's IT Managed Services ("Managed Services") based upon the Carousel's 7x24 Service Delivery Platform which is driven by tight ITIL alignment from Carousel's US (primary support)and India (secondary support)service delivery centers. For this agreement, Carousel will provide a services transition plan, steady-state services to augment the client's ongoing day-to-day network operations and reduce the internal resources needed to provide operational support. Carousel is providing this Agreement as a 12-month contract for steady state support, preceded by 4 weeks of service transition. The infrastructure and services herein are structured to support the Client's current locations,with committed pricing to scale based upon growth or Carousel assuming increased responsibilities at the Client's discretion. Future grow, expansion, or contraction of this agreement can be facilitated through our Change Request(CR) process. Services Overview Carousel will provide a services transition plan and steady-state services to augment the Client's ongoing day-to-day IT operations and reduce the internal resources needed to provide operational support. Service Transition Carousel will manage and perform the following transition phases in which activities required for delivery are planned, designed and implemented: • Planning Prase—a detailed data-gathering including a series of internal reviews culminating with a transition kick-off meeting. • Execution Phase----quickly get supported items loaded and configured in the monitoring tool,validate connectivity and response • Qualm Assurance/Testing Phase-a full quality and testing review of the proposed solution with refinement and enhancements • Tuning Phase-tuning of the environment to eliminate noise,false positives and ensure that the monitoring and reporting functions are optimized and working as expected.Additionally,Carousel will finalize all delivery process and procedures • Steady-State Phase—Carousel will deliverthe services specified in this Statement of Services and provide regular reports on performance against agreed upon SLA metrics. Estimated Service Transition Timeframe Page 5 City of Ft.Worth water_01/27/2020 i Carousel estimates the entire service transitioning process will be completed within 4 weeks.The estirhated timeframe begins when Carousel receives the client required informatlon (inventory details, passwords, response procedures, etc.) Upon engagement of Carousel's Managed Services, we will work collaboratively with your team throughout the service transition process toward steady state support from Carousel's Support Centers,The following high-level schedule and process overview will provide you an understanding of the transition process: Planning Phase 7. `.!A Execution Phase QA/Testing Phase - — Tuning Phase Steady State(Go Live) Steady State Delivery Carousel offers a bundled approach to service delivery,with the most common services bundied together. The bundles aligned to your agreement are as follows: • OPTIMIZE—Proactive Monitoring,Alarm Management, Event Management,Incident Management, Prohlem Management,Network Configuration Management, Patch Management,Change Management and Quality Assurance Reviews Carousel will perform the following Service Bundles by technology for the Client. • Carousel will provide OPTIMIZE for Network Switching (Extreme Networks) Page 6 City of Ft.worth Water-01/27/2020 List of Exhibits in this Agreement Exhibit Connectivity initials: Exhibit B Service Transition Initials: Exhibit C- Steady State Entitlements Initials: Exhibit D Service Levels Initials: Exhibit E Supported Items Initials: ' Exhibit F Terms and Conditions Initials: Pricing DIR--TSO--4339 One Time Charges (OTC) Onboarding&Transition 1 $ 7,209.00 Due at Contract Signing Total One Time Charge $ 7,209,00 Monthly Recurring Charges (MRC) Service Description WonthsMonthly Steady State Managed Services Recurring Monthly Steady State Managed Services Charges—Optimize Level 12 $ 4,731.00 charges commence on the 15' calendar day of the month following service transition acceptance. Total Monthly Recurring Charges 1 $ 4,731.00 1 Or$56,772 Annual Charge Payments are due Net 30. Local,state and federal taxes are not included in the numbers listed above and will be added at time of invoice. Client is responsible for ensuring that manufacturer's maintenance and support contracts are maintained for all software and hardware components managed by Carousel. Page 7 City of Ft.Worth Water-01/27/2020 Time & Materials Pricing Resource T�pe Standnrd Rate ExtOnded-Rate Premium Rate Voice Technician $150.00 $225.00 $300.00 UC Engineer $210,00 $315.00 $420.00 Calf Center Specialist $275.00 $412.50 $550.00 Networking Engineer $210.00 $315.00 $420.00 Security Engineer $275.00 $412.50 $550,00 Server/Application Engineer $210.00 $315.00 $420.00 Project Manager $175.00 $262.50 $350,00 Time is billed in 30-minute increments,1-hour minimum onsite $120 Trip charge if dispatched during normal business hours,$200 trip charge for afterhours dispatch 12 1 2 3 4 5 1 6 71 S 1 9 1101111121 1 2 13 14 1 S 6 1 71 8 19 10 11 Sunda : JL I ' Monday ��1�1 .� ��•Y� � � I ! � ` �..:_'J'�I,�,, � ,�: St �° Tuesday sday Wedne r =, " fz r'{ 4' ;I; �._'.JI . FI �Li"L _ Thursday i' =7 }s '' • �i.._ _It___ t j �. w', Fk; . Friday r' F 5. II ar�L';-I I II :.-I •', 'ly' lil i Saturday J �, ,�' Holidays ! i i Extended Hours ' Standard Hours Premium Hours' Carousel follows a standard business hour model of 8:00 AM through 5:00 PM Local Domestic Time. Extended hours are defined as Monday—Friday 5:00 PM through 8:00 AM and Saturdays 8:00 AM through 5:00 PM. Premium hours are defined as Saturday off hours,Sundays and Carousel published holidays. Carousel Published Holidays • New Year's Day • Memorial Day • Independence Day • Labor Day • Thanksgiving pay • Day after Thanksgiving • Christmas Eve—h Day starting at 12:00 PM Local Domestic Time • Christmas Day • New Years Eve-%Day starting at 12:00 PM Local Domestic Time Page 8 City of Ft.Worth Water_01/27/2020 Pricing Assumptions `t Carousel's pricing is based on our current understanding of the Client environment,the scope defined in this support agreement, and the assumptions stated below. If durfngthe course of this engagement any of these assumptions prove to be invalid, both parties will agree to execute a change order and revisit the scope of this support agreement. • Quoted pricing is based upon a 36-month agreement • Quoted pricing is based on Annual billing via the Clients purchase order/invoice process. • All work will be performed remotely from Carousel Operation Centers located in the united States and India. • Any desk side assistance required to diagnose or resolve infrastructure issues will be performed by Client, • Client is responsible for ensuring that manufacturer's maintenance and support contracts are maintained for all software and hardware components managed by Carousel. • Performance issues or application failure due to faulty hardware or improperly configured or faulty software caused by Client is outside the scope of the services agreement and will be the responsibility of Client to remedy.Carousel will make reasonable efforts to work with Client to troubleshoot and rectify problems. • This proposal is based an a system configuration list and specifications contained within this Statement of Services. Any changes to these spedfications may result in new requirements or price changes for this program. Out of Scope and Service Limitations • Any project-based work in not include in this Statement of services. • We assume that all solutions under this agreement are designed,configured,and implemented correctly and any redesign,reconfiguration,or re-implementation are out of scope. • We assume that all solutions covered in this agreement are operational and performing at an optimal level and any additional remediation efforts are not covered under the agreement. • This agreement is a remote managed service offering and by default does not provide on-site support, engineering,and consulting.Any on-site requirements are out-of-scope unless clearly defined in Exhibit B (Steady State Entitlement Details). • Any custom errors, logs, and/or parameters to monitoring, • Any customizations to Carousel standard monitoring templates. + investigation and analysis of root cause of problems for P3 and M issues. Page 9 City of Ft.Worth Water 01/27/2020 City Secretary Contract No, Signatures Accepted (ClientA t orired Signature) Accepted BY:(Carousel Autho.rixed Signature) City of Ft. Worth on: Mark C. Moretti On: 2-25-2020 Bill to Address: Address; 659 South County Trail Exeter,RI 02322 ATTN: ATTN: Service Contracts Dept, 800-401-0760 main ter,anace{a7carausefindustries.com r OFFICIAL RECORD CITY SECRETARY FT WORTH,*TX Exhibit A — Service Delivery Gateway (SDG) Carousel Secure service Delivery Gateway The delivery of Carousel's Managed Services requires the implementation of our Service Delivery Gateway(SDG).The SDG is architected to provide device auto-discovery, monitoring, performance management,secure remote access,device level authentication,and tools for improved diagnostic capabilities. The SDG is deployed with a secure abstraction layer between Carousel's Network Operation Center and the Client's environment ensuring the confidentiality, integrity,and availability of the Client's critical data. Our National Institute of Standards and Technology(NISI) based architecture guarantees the highest levels of authentication,access control,auditability, availability,and scalability. The Service Delivery Gateway allows Carousel's managed services team to obtain alert,alarms, and performance information From The Client's environment. As abnormal,degraded, and service affecting conditions occur Carousel's service personnel can securely authenticate to the support devices,and investigate,evaluate, diagnose,and resolve detected incidents. In addition, our SDG maintains an audit trail of all access and records all session for detailed auditability. Caroui iTM ud 4 f� ' r I Outbound Oniy 3 . M.: Carousel Firewall Customer Firewall ServerAssets x. Networking Asset �j. Carousel Secure Scrvlce UC&PC Assets Delivery Gateway '. ,r €.ssword wort Page 11 City of Ft.Worth Water 01/27/2020 Connectivity Carousel's Service Delivery Gateway requires a minimum of three (3)virtual machines for secure connectivity, performance data collection and our managed services support tools. Carousel may also to choose to install additional Gateways,Agents or Master Agents for increased services, capabilities and visibility to assets, based the defined support requirements. Infrastructure Requirements Carousel requires that the client provides a minimum of three (3)virtual machine to deliver a best in class managed services experience.The client will provide the hardware platform to support the Service Delivery Gateway, and they will provide the Virtual Machine environment and all associated licenses. Also,the client must provide all Operating System licensing associated with each Virtual Machine. Carousel will provide all licensing forthe all monitoring and diagnostic tools for the supported environment. In addition, Carousel provide all operational maintenance and support of the Service Delivery Gateway once service transition ing is complete. Each virtual machine must be configured properly to manage the supported environment, The below are the requirement for the three distinct,security hardened gateways: Service Delivery Gateway 1-(Monitoring Gateway) Description A virtual appliancethat collects data from the managed environment(Servers,Voice,Switches,Routers,FirewaIIs,SLorage,ett.i. The Gateway establishes a secure connection to the ITOM Cloud over the internet via; 1. OpenSSH tunnel with 256-bit encryption 2. HTTPS with TL51.2 Form Factor The Gateway is a Virtual Appliance that runs on VMware vSphere and Citrix XenServer platforms. Operating Hardened configuration of Ubuntu Server.Hardening includes the following measures: System 1. Minimal software is installed 2. All unnecessary services are turned off 3. Applying latest patches and updates 4. All unnecessary users and groups are removed Access 1. All configuration updates for the Monitoring Gateway are pushed from the ITOM Cloud using a 256-bit encrypted channel treated Controls by the Monitoring Gateway.End users do not have access to the Monitoring Gateway. 2. The Gateway password is stored with SHA-512 encryption in a 16-char2cter Bait.Single mode login is disabled to prevent unauthorized access or prevent users from entering in singie user mode.The Gateway allows only 2 new sessions for every 60 seconds and after 5 wrong passwords,the account locked for 3 minutes. up to 25 devices 2 Virtual CPUs,2 GB RAM/40 GB HDD/1 NIC Supported hypervisors are VMware EW,Citrix XenServer,Microsoft Hyper-V and KVM Up to 100 devices 4 Virtual CPUs,4 G3 RAM/40 GB HDD/1 NIC Supported hypervisors are VMware ESXi,Citrix XenServer,Microsoft Hyper-V and KVM Up to 500 devices 8 Virtual CPUs,8 GB RAM/100 G&HDD/2 NIC Supported hypervisors are VMware FSXi,Citrix XenServer,Microsoft Hyper-V and KVM Greater than 500 devices at single site Deploy multiple Gateways Page 12 City of Ft.Worth Water_01/27/2020 Service Delivery Gateway 2-(SLIpport Gateway) Description A virtual appliance that is used to support the client's managed environment(Servers,Voice,Switches,Routers,Firewalls, Storage,etc.),The Service Delivery Gateway 2 can only be accessed through secure connection from the ITOM Cloud via RDP. Form Factor The Gateway is a Virtual Appliance that runs on VMware vSphere and C€tr€x Xenserver platforms. Operating Microsoft Windows Server 2016 System 1. Configured with a full tool set for the support of all managed services and devices. 2. Configured with a Just in Time Toolset(J€TT)so that services are only active during the time of action needed. This _ greatly reduces any potential exposure window. _ Access 1. Engineers must be granted access to the client environment to gain access. Controls 2. All initial access is funneled through the Carousel TOM Cloud 3. Secure authentication is provided through API integration with the Carousel Password Vault:(See Password Vault Details below) Tools include but are not limited to:RDP,Web Browser(HTTPS),Putty,I nformaCast Log Tool,LX Tool,Skype 4 Business,Cisco (JITT) Agent,Cisco Supervisor,Cisco Attendant Console,RTMT,It,Communicator,configured with a virtual audio driver,CCX F.dltor,Kiwi SyslogTool,Translator X,Skype Debugging Tools,Wireshark... I ice Delivery Gateway 2 Virtual CPUs,8 GB RAM/100 GB I IDD(Min)/1 NIC Supported hypervisors are VMware ESXi,Citrix XenServer,Microsoft Hyper-V and KVM Service Delivery Gateway 3- Per Lrmance Monitoring Gatewayl Description Foundations Version Diagnostics Version This deployment provides for enhanced performance by focusing on the this deployment provides for real-time visibility into entire UC ecosystem visa integrated capabilities such as resource trending signaling and the UC user's voice and video quality(for and utilization,capacity monitoring and planning,and comprehensive axample,MOS,R-factor,packet lass,jitter,and delay).It reporting and analytics.Further,the UC Monitoring Gateway module unobtrusively monitors the network topology as well as provides simple access to voice quality metrics that include trace route ontent and session data via passive taps or span ports(port nd IP network visibility,real-time media analysis,and immediate UCmirrors).After collection,the UCD module automatically network awareness.Comprehensive troubleshoot€ng tools enable ransforms and correlates this information.it lea rns ynthet€c call testing,remote access and call tracing,file transfer and network topologies and the status of available network ecure chat capabilities,alarm management,and SI.A tracking and resources by using standard network and IP routing management. protocols.The UCD module also obtains session information y passively listening to control traffic or by interacting with application servers and session control nodes and adds media content analysis into this correlated view. 1, UCF Features 2. UCD Features a, V Health&Availability a. V Real Time Media Analysis b. d Performance&Capacity b. VSlgna€ingCapture&Analysis C. d UC Auto-Discovery&Inventory C. d Route Topology d. V Voice&Video Quality d. V Network Session Correlation C. V Multi-Vendor Neutrality C. V Lync SDN API Integration Page 13 City of Ft.Worth Water 01/27/2020 Form The Gateway is a Virtual Appliance that runs on VMware v5phere and Hardened Network Appliance Factor Citrix XenServer platforms. k_ Itl'i Vl instance Requirements UCF.up to 1,000 users I 4 Virtual CPUs,8 GB RAM/180 GB IiDD/1 NIC PC:up to 1,000 simultaneous RTCP streams Supported hypervisors are VMware ESXi,Citrix XenServer,Microsoft Hyper-V and KVM UCF:up to 7,500 users 8 Virtual CpUs,15 G9 RAM/280 GB HDD/1 NIC Supported hypervisors are VMware ESXi,Citrix XenServer,Microsoft Hyper-V and KVM PC:up to7,500 simultaneous RTCP streams UCF:up to 30,000 users S Virtual CPUs,8 GB RAM/380 GR HDD/1 NIC Supported hypervisors are VMware ESXi,Citrix XenServer,Microsoft Hyper V and KVM PC:up to 30,000 simultaneous RTCP streams UC0-P:250-600 sessions per second Appliance deployment:Depending on customer requirements a stand-alone appliance deployment may he required. UCt]-A:16-28K concurrent RTP streams Note: In the event that a client is unable to provide virtual server environment,Carousel will provide hardware-based gateway(s)for an additional charge that will be listed as part of One-time Charges (OTC) in service transition cost. Connectivity Requirements The Service Delivery Gateway connects to Carousel's ITOM cloud platform.This connectivity requires that the client enables outbound access from their network. Listed below are the connectivity requirements: Inbound connectivity:The Carousel S5D Gateway does not impose any inbound connectivity requirements. Outbound connectivity. The Agent and Gateway 1 need DNS access to resolve api.opsramp.com. If the client's organization has firewall policies to limit outbound access to specific IP addresses,then the Agent and Gateway must have access to the specified IP ranges. Gateway 2 is only accessible via the ]TOM Cloud,therefore requires no inbound connectivity. Gateway 3 requires outbound connectivity only over TCP port 443. MP IP/CIpR Parts Page 14 City of Ft,worth water_01/27/2020 Data Center 1 63.251.89.0/24 TCP:443/8443 Data Center2 206.80.7,128/26 TCP:443/8443 140.239.76.0/24 Description IP/CIDR Ports Data Centers 63.261.89.0/24 TCP:443/8443 Data Center 206.80.7.129/26 TCP:443/8443 T 140.239.76.0/24 Description IP/CIDR Ports Data Center 1 52.3.3.211 TCPA43 Data Center 2 52.207.89.34 TCP:443 Data Center 3 35.169.184.165 TCP.443 A Day in the Life of a Managed Services Engineer As an Engineer I will begin by logging into my company provided laptop with my Active Directory(AD) domain credentials. I will start my day by logging into the Carousel ITOM cloud by launching my web browser and go to our HTTPS secured Carousel Industries ITSM portal. If 1 am on the Carousel domain will prompted via Multifactor Authentication (MFA)for my secure token. If I am not on the Carousel domain I will be prompted for my login information consisting of my email address and AD password. I will then be prompted via MFA for my secure token. I will then access our monitoring platform via HTTPS secure portal. Much like our ITSM portal we will also leveraging MFA drivers authentication. Now, I am securely authenticated into our multi-tenant structured Carousel [TOM cloud. I am prepared to support our clients. Once an incident or alert is assigned,I can then begin our troubleshooting and remote access process. This begins by accessing the client tenant and based on my role only the assets I am allowed to access will be made available. Once I have identified the asset I need to support, I will launch a secure remote access session (e.g. SSH, RQP, HTTPS).All sessions are recorded and archive for audit purposes. Leveraging a secure API connection back to our enterprise password vault that is encrypted via AES 256 our monitoring platform retrieves the proper credentials for the asset I am supporting. This API validates that I should have access to this asset. Any credentials retrieved from the vault are obfuscated and are not cached. Once my access is validated in the password vault,the asset service account information is then passed the device and the connection is made with no further interaction from me. Page 15 City of Ft.worth Water 01/27/2020 i Our gateway is designed to use Justin Time Tools (JiTT). ATT is a device hardening technique that keeps minimal services running to only allow the initial RDP connection only from the Carousel ITOM Cloud. Once a connection is established only the tools I specifically require will be enabled. Once I have completed my work and lag out,the gateway will return to its hardened steady state_ Best in class security practices are the foundation of the Carousel [TOM Cloud. Every user and system interface is tracked, logged and archived. Every interaction from incident updates,to accessing the client's assets leaves and audit trail that can be retrieved and reviewed. Remote Access The Service Delivery Gateway gives our engineers a secure, one-click access to the support devices, including those in remote data centers that require connecting to remote access servers first and then hopping to the target devices. Secure Remote Access centralizes the management of all client credentials and access controls,so Carousel's engineers don't have to authenticate themselves at each stage of a remote access. It handles all login and authentication steps automatically,giving us one-click secure access to our client's remote resources. Engineers assigned to support our client's environment are required to use an individualised 1-2- character minimum password. Additionally,each login requires a secondary authentication factor so that secure user authentication is assured. All interactions with our client's environments are logged, audited and recorded. This coupled with a single service account with a randomized password of least 15-characters or more, on our client's supported environment. Leveraging machine to machine secure API,the device level service account remains hidden from the engineering and support staff.This ensures that even an authorized engineer will not know the service account information that was used to make the connection. The Service Delivery Gateway maintains a complete record of'who','what'and 'when'of password access and provides intuitive reports on entire password management scenario in the supported enterprise.Carousel provides Real-time alerts on the occurrence of various password events through integration with Carousel's Security Information and Event Management(SIEM) solutions, Privileged sessions launched from the Service Delivery Gateway can be completely video recorded, archived and played back for forensic audits. We flake our clients trust seriously and execute measures to protect the sharing of service account credentials and resource access. All service accounts information is stored in our enterprise password vault. Page 16 City of Ft.Worth Water_01/27/2020 Remote Access and Support Diagram 1 Car o u .l .I T .f Outb 443,8443Ports: VVViYI LA I: IP GIDR HTTPS 63.251.89.0/24 —�� ITSM -- - ; 140.239.76.0/24 ' 206.80.7.128126 custoTe Fitewall Server Assets - i .,_ ABenl Cannectian 9 - .Fi. Networking Asset 1 Carousel Firewall 161,162,22,23 9443,443_ RCP ll hpplica6le . caeway 1 Secure AANMortRaoinK 514,161 i i. UC&DC Assets i MF [ , —M1FA— © fl U[Monitaring Gatewa 1 `��� GalewaY2 ail app1ca6lei I Support&Remote Access Pasco ord Veuk Password Vaulting Carousel's Service Delivery Gateway provides an enterprise password vault solution to protect IT assets in the supported environment.The Enterprise Password Vault is a platform for secure storing and managing of shared sensitive information such as enterprise-passwords, privileged accounts,shared accounts,documents and digital identities in a centralized repository.This ensures Carousel can offer critical data protection above and beyond our customer's best practice security guidelines for sensitive information. Secure Features include; • Confidentiality, Integrity&Availability o High Availability Architecture n Passwords&sensitive data are encrypted using AE5 256-bit encryption. • Multi-Factor Authentication o Enforced MFA for logging in to the Password Vault. • Automated Password Resets o Reset the passwords of remote resources when required or automatically through scheduled tasks. Page 17 City of Ft.Worth Water_01/27/2020 • Enforced Password Policies o Enforce industry standard and custom password policies, • Comprehensive Audit Trails&Reporting o Complete record of'who','what'and'when'of credential access. • Real-time Notifications,SIEM Integration o Real-time alerts on the occurrence of various password events with integration with Carousel's Security information and Event Management(SIEM)solutions • Industry Standard Secure API integration o RESTful API and XML-RPC API allow for application to application interaction and database instances. Centralized database far all ellonts MSp alprw can access I: __- D HT7PS x rJ F alow can Arcas$ i.................. ..................� .............. ' t - i. Password rd f_ ;M5P&"Cilvnl C" a L i alnno can access �,........... . ..,..� a. Data Security and Management Data Center Overview The Carousel Secure Service Delivery Gateway is comprised of the various components running on company and partner infrastructure and in Data Centers that are owned and operated by 3rd party'Best in Class' Data Center providers. Data Center providers are publicly listed U.S firms. Locations Data center 1:Santa Clara,California Data center 2:Rancho Cordova(Sacramento),California Data center 3:Dallas,Texas Data center 4:Chicago,Illinois Security Certifications Security certifications that these data centers have include:soc certifications,ISo7001,PCI DSS and others. Page 18 City of Ft.Worth Water_01/27/2020 Data Collection Carousel collects and stores only data necessary to perform IT operations management and support functions on devices that it manages. Type of Data Data Data Storage and Security Collected Performance system level information necessary to monitor Device performance statistics are stored only in the Carouse[ITOM Statistics the performance and health of managed Cloud.The Agent and Gateway collect and transmit this data to the devices: Carousel ITOM Cloud CPU and Memory utilization • OS Events Hardware Events Events and Operating System events and traps generated by The Monitoring Gateway and Agent processes events and traps SNMP Traps SNMP agents. locally and send resultant alerts to the ITOM Cloud via a secure channel.Raw event data is not stored in the Cloud. Device System level information necessary to asset The Monitoring Gateway and Agent sends configuration data to Configuration and device configuration status: the ITOM Cloud via a secure channel. Device Metadata DNS Names Make/Mode[ OS and Application Configuration Parameters Device Credentials Credentials {username / passwo(d) necessary to Device credentials are stored in the Carousel Enterprise Password discover devices, access performance and Vault,using industry standard FIPS level encryption. configuration data, and log into devices to run automation scripts. Support Information Information needed to support Incident, Problem and Change Management Contact information Asset Information Types of Data Carousel Does Not Collect Carousel does not collect,and has no means to collect,any data processed by applications that Carousel monitors. Examples of such data includes data within database tables, content of application transactions, user credentials of applications, etc. Data Management Data Classification Carousel only collects and stores data required for IT operations management on devices and applications managed by it. Data that Carouse[collects is limited to device performance metrics,performance and failure events,and configuration information. Data Isolation Carousel[mpleYnents strict multi-tenancy controls to ensure data access is strictly isolated between customers. Data Encryption(in-flight) All data transmitted between the Carousel Agent/Gateway and the Carousel Cloud is encrypted with SSL and TLS/SSN (for gateway). Data Encryption(at-rest) Device credentials stored in the Carousel cloud is encrypted using 1024-bit RSA encryption. Page 19 City of Ft.Worth Water_01/27/2020 Authentication Carousel Cloud offers SAML and OAuth2 based authentication.Carousel additionally supports third party authentication services such as oncLogin,Okta and ADFS.Carousel Cloud offers two-factor authentication. User Access Management Carousel has extensive role-based access controls.Carousel access controls are granular to the managed device,user,and feature. APIs Carousel provides REST APIs for integration with Carousel cloud.Carousel REST APIs are backed by OAuth2 based authentication. Regulatory and Carousel does NOT collect any Personally identi€fable information(Plq.Carousel is hosted in co-location facilities Compliance provided by two U,S based data center providers.Each provider has their own security certifications including SAS and Requirements SSAE. Data Security Carousel supports an extensive set of security features to ensure that management data collected by Carousel is accessed only by authorized users. Encryption All sensitive data is encrypted to FIPS(Federal Information Processing Standards)in Carousel.Customer data(inventory, metrics,alerts,and tickets)is logically partitioned and stored under the client tenant.Customer data is accessible,via Role- based Access Controls(RBAC)only to authorized users of the tenant. Role eased Carousel supports comprehensive Role-based Access Controls.risers'access to devices and actions within Carousel is controlled by Fine-grained permissions.Permissions are assigned based on users`roles. Access Control (ReAC) Identity Management Carousel provides multiple options to manage user identity; Built-in user management system within Carousel {ntegration with Microsoft Active Directory Integration with single sign-on service OneLogin via SAML 2.0. Authenticatfon Carousel follows standard practices for passwords; and Passwords NIST based rules of password strengths CAPTCHA code-based validation Automated lockout after multiple unsuccessful login attempts Carousel supports two-factor authentication using,Forti-roken,Google Authenticator and YubIcoYubiKey. Data Retention r A managed device is considered inactive if it meets an of the following criteria for 90 consecutive days or longer: No metrics are collected. Active and Inactive Devices No consoles are launched. No jobs,scripts,patches,or antivirus updates are applied. An active device is one that does not meet the above criteria. Page 20 City of Ft.Worth Water_01/27/2020 i A client Is considered inactive if they meet one of the following criteria for 90 consecutive days or longer: Active and Inactive Clients Client has no active devices. Client has been marked as inactive within Vistara. An active client is one that does not meet the above criteria. Type of data crit Devices Inactive devices o days Clients Inactive clients 0 days Tickets Closed tickets 2 months open tickets Y For as long as ticket Is open IV etrics Metrics collected from managed devices 12 months Alerts Suppressed and closed alerts 90 days Open alerts Far as long as alert is open Graphs Graphs with no data 15 days Reports Recurring reports last 5 generated reports One-time reports 90 days Job,Script,and Patch Activlty Jobs results o days Custom script results 0 days a._ Patches Missing patches,once detected,but not re-detected for 180 consecutive 90 days days or longer Secure Console Recordings Rolling history of console recordings for each device. 90 days Upon contract expiration Carousel inactivates the client"tenant" in the Carousel [TOM Cloud. An inactive tenant's instance inventory, metrics,and alerts data will be available in passive state, however, monitoring, alerting and other management functionality is no longer available. Based upon an agreement between Carousel and the Client,Carousel will delete all the tenant information from the Carousel 1TOM Cloud. Due to a ninety-day data archival retention policy, deleted tenant data will be available in archival repository for ninety days. The Carousel Commitment The Carousel Service Delivery Gateway provides secure end--to-end visibility and remote access into your most critical managed systems' health and performance. We support the world's most complex and dynamic environments and can monitor any element or service in your data center or cloud. Page 21 City of Ft.Worth Water_01/27/2020 Our MIST based world-class practices, manage events from across your network with a laser focus on your most critical managed infrastructure,ensuring the highest levels of system security, integrity and availability for your business. Exhibit B—Service Transition Details Carousel's service transition management methodology is based on the Project Management's Institutes' Project Management Body of Knowledge,the most comprehensive and globally recognized standard for project management. it outlines the critical path to planning and managing the service delivery Ilfecycle and is tailored to meet the Client's service transition requirements as necessary. It includes tools and templates used to manage Scope, Risk,Quality,Communications, Human Resources, Procurement,Time, and Cost. Carousel's service transition activities, based on the information received from the Client, are proposed to be executed in the following phases: •Re9ulrem b R.Pid .pzaEhshAlerts +Esrbleilan Goil- 0 G.Lhx,fng Onba.rding •lhr.hulds +Ndiflcetfons _ •vkscovery 0 . Note:During Service Transition, Carousel will provide best effort reactive support for incidents.Service level metrics will be enforced ninety(90)days after service transition acceptance. BJ, Planning Phase Carousel will begin the service transition with a series of internal reviews culminating with a transitiort kick-off meeting.Carousel's Due diligence conducted during the Planning Phase piays a vital role in understanding, documenting and delivering the proposed managed services,as per its expectations and requirements. Carousel welcomes the opportunity to perform a collaborative due diligence session to assess the client IT landscape. The objectives of the Planning Phase include; • Conduct Service Transition kick-off meeting with Client • Agreement Review o Confirm Scope of Services o Establish Priorities and Timelines o Review Supported Technologies o Validate Locations Supported o Items Supported • Response Procedures/runbook ❑ Review and Define Escalation and Prioritization Process o Collect Escalation Matrix details(Off Hours&Business Hours) o Review Vendor Management Requirements(LOA) o Review and Define Change Management Process o Discuss and Review Out-of-Scope Service Request • Review the Project Timeline o Confirm Communications Plan/Contacts o Schedule Weekly Status Meetings o Take and publish Meeting Minutes Page 22 City of Ft.worth Water_01/27/2020 o Establish Transition Steering Committee • Design and formulate a knowledge transfer calendar and plan • Review Monitoring tool requirements o Review Service Delivery Gateway Requirements o Review and Plan Service Delivery Gateway Deployment n Review Access Credentials o Security considerations • Readiness Assessment B.2. Execution Phase Carousel's Service Transition Execution phase is where the plan designed in the prior phase is put into action.The purpose of the Execution phase is to deliver the project expected results (deliverable and other direct outputs).Typically,this is the longest phase of the Service transition lifecycle,where most resources are applied. The execution team utilizes all the schedules, procedures and templates that were prepared and anticipated during the Planning phase.The Execution Phase is not a blind implementation of what was written in advance but a watchful process where doing things goes along with understanding what is being done to ensure execution corresponds to what was intend and expected. The focus forthe Execution Phase is to enable the supported environment,activate and configure the supported items, and validate connectivity and response. Here is an overview of what is accomplished during this phase: • Gather the Technical Environment Support Information o Network Connectivity Diagrams o ISP Information o Custom Tasks and Procedures o IP Subnets to perform the discovery o SNMP read only string for network Devices o Windows Administrator credentials for Windows Servers • Deployment of Services Delivery Gateway o Deploy Service Delivery Gateway o Configure Service Delivery Gateway o Ensure Bi-directional Communication with SDG o Perform Auto-Device Discovery o Configure the Identified Devices for Services • Deploy the basic and advanced templates on managed devices and applications • Validate the data generated by the monitoring system • Configure Proactive Management Tasks o Patch Management o Server re-boot schedule o Network configuration back-up schedule o Application back-up scripts and scheduling • Conduct Knowledge Transfer sessions o Load Client assets into ServiceNow ITSM System o Ensure Client Device Level Entitlement are Mapped to Appropriate Assets o Load Client Response Procedures into ServiceNow ITSM System o Collection of Standard Operating Procedures Page 23 City of Ft.Worth Water 01/27/20Zo a Knowledge Transfer Sessions on Client's Environment and Architecture o Knowledge Transfer Sessions on Standard and Custom Operating Procedures o Knowledge Transfer Sessions on Jobs, Maintenance plans. o Identifying and documenting the critical items • Identify risks and formulate a risk mitigation/readiness plan B.3. Quality Assurance/Testing Phase After the completion of the Service Transition Execution Phase,services will be started in a pre-steady state environment. During this phase,Carousel will focus on stabilizing the monitored environment by performing a full quality review and operational assurance testing of the managed solution. Further refinement and enhancements are also elements of this phase. The following are the critical activities performed during the phase: • Identify devices generating higher than average alerts and provide recommendations to reduce alerts • Building dependency maps for event correlations and noise reduction • Build custom automation scripts to reduce noise and improve resolution • Review the Client environment for potential change recommendation and recommend thresholds adjustments • Review of existing support contract documentation (i.e.Cisco SmartNet,) • Review and documentation of existing Carrier circuit ID's • Validation of the monitoring tools and network connectivity to the Carousel Service Delivery Platform a All devices configured into monitoring o Development of monitoring dependencies o Add'[tional Probes and Agents as required • Review and update response procedures • Validate ticket workflow • Identify gaps and additional requirements B.4. Tuning Phase This phase is focused on optimizing the managed environment to eliminate noise,false positives and ensure that the monitoring and reporting functions are working as expected. Additionally,Carousel will finalize all delivery process and procedures which include: • Finalize escalation notification processes • Initiate 24x7x365 alert processing,validation and escalation • Execute Standard Operating Procedures{SOPS} ■ Test and Review SLAB • Review Response Procedures/runbook with the Client to identify any changes. B.5. Steady State Phase During steady state support,the Carousel service delivery team incorporates a quality assurance and continuous improvement processes as a proactive component of our managed services offering. Our service delivery team compares month-to-month key performance indicators (KPIs)such as"first to Know"trends, SLA attainment, mean time to resolution measurements,"alert to incident" ratios, "alert to device" ratios, and noisy element analysis to drive continual service improvements. And daily, our team reviews a subset of incidents leading to runbook changes, new runbook development, runbook Page 24 City of Ft.Worth Water_01/27/2020 automation, increased event correlation, and improved alert aggregation.The Quality Assurance Review begins during service transitioning and continues throughout the entire contract lifecycle. • Provide services as per agreed SLAs • -Monitor alerts 24x7x3GS • Perform alert triaging and ticketing • Escalate incidents • Prepare new SOPS lased on alerts • Execute proactive management tasks • Report St-As • Plan Service Improvement • Perform monthly reviews • Portal credentials and review • Lessons learned review • Transition closure meeting and final signoff The Transition Closure meeting will be a key milestone that triggers steady state invoicing. Page Z5 City of ft.Worth Water-01/27/2020 Exhibit C — Steady State Entitlements C.1. Monitoring C.1.1. Reachability Monitoring Our Service Delivery Platform measures network connectivity at regular intervals via ICMP polling(PIING) to ensure the monitored elements are reachable on the network from an IP address availability perspective. C.1.2. Incident & Performance Monitoring Our Service Delivery Platform monitors identified elements utilizing standard SNMP data collection, SNMP trap receiver,syslog monitoring and available APIs to receive specific information, alerts, alarms, faults and performance data. Incident& Performance Monitoring provides 24x7x365 monitoring of supported devices for those Products listed in Appendix D with our Service Delivery Platform to help raise awareness of specific events that have the potential to cause a significant adverse impact to business operations. C.2. Reporting & Portals Carousel provides the client with access to two web-based portals. Our first portal,service management, provides direct access to our Information Technology Service Management (ITSM)system.Our service management portal provides core features such as reporting issues,submitting service requests,general questions,viewing open and closed tickets, and creating/exporting reports.An extranet will also be provided,with access to shared support documentation and static reports. Our second portal, performance management, provides direct access to our Information Technology Management ([TOM)system.This web-based portal provides access to real time performance dashboards, KPI management tool and on-demand performance reporting. It will allow the measurement and tracking performance against predefined SLAB,streamline service delivery and better support the business with metrics and analytics C.3. Configuration Management C.3.1 Network Backup Our best practice approach for network device configuration backup is a weekly cadence with immediate backup on a device configuration change. Backups will be stored within our cloud-based service delivery platform and we will maintain the last three months of archived configurations. Page 26 City of Ft.Worth Water_01/27/2020 CA. Event Management Carousel provides Event Management functionality from our operations located in the United States and India. Event Management is the process that monitors all alarms,alert,and events related to the operation of the IT environment.Our objective is to detect alarms, alerts,and events,analyses them,and determine the correct control action.Our Event Management function provides a strong foundation for service assurance,reporting,and service improvement. Event management responsibilities include: C.4.1 Service Desk Carousel will provide 7x24x365 live access to meet the communication needs of Client IT staff via phone,email or web portal.Our service desk is the focal pointfor reporting and updating status for existing issues,opening new incidences,and initiating a change or service request. The Service Desk will: • Answer incoming calls and capture valid information o Service request/problem description Site and contact information o Determine Severity by assessing urgency and impact • Review emails to understand the issue and contact information o Service desk may reach out to sender for clarification or additional information before opening a ticket • Open ticket and assign to Incident Management,Change Management or Service Request queue • Review portal requests and validate assignment to appropriate queues. C.4.2 Event Capture, Validation and Recording Our Service Delivery Platform monitors for a detectable or discernible occurrence that has significance for the management of the IT Infrastructure.We evaluate the event and record the identified conditions in our Information Technology Management System(ITSM). C.4.3 Event Correlation & Suppression Our Service Delivery Platform has a powerful event correlation and suppression engine which uses advanced technology for making sense of a large number of events and pinpoint the few events that require attention.This is accomplished by looking for and analysing relationships between events. Our Service Delivery Platform monitors for detectable or discernible occurrence that has significance for the management of the IT Infrastructure, Carousel will evaluate the event and record the identified conditions in our information Technology Management System(ITSM). C.5. Incident Management Incident Management is designed to help restore normal service operation within a reasonable time to help contain the adverse impact on the Client's business operations, service quality and systems availability. When an incident is opened, it is important that the appropriate priority is assigned to reflect the current service impact. As 1TIL defines it, incident priority is primarily formed out of its Impact and its Urgency.There are also additional elements, like size,scope, complexity, and resources required for resolution. Page 27 City of Et,worth Water_01/27/2020 The Impact of the incident is the measure of the criticality of the incident to the business.Traditionally, impact is tied to the number of users or business processes affected. Urgency is a measure of the necessary speed of resolving an incident. Based on the assessment of Urgency and Impact,the chart below is leveraged to assign the appropriate Priority level. Impact High Mid Low Nigh 1 2 3 w Mid 2 3 4 nn :3 Low 3 4 4 Incident Classification Priority Occurs when there is critical impact to the business.operations and urgent action is required to resolve the incident.For example,network is unavailable,a site is partially One:(PI) ess operations and no is down and/or Impacting a significant part ofthe busin available.. Occurs when performance of a supported service or environment is severely degraded causing a high to medium level of impact. Functionality may be noticeably unpaired,but Two(P2) most business operations continue. P2 incidents have a high to medium level of urgency requiring responsiveness,the activation of SOPS, on-call procedures,and invoking vendor support, Occurs when operational performance is impaired while most of the business operations remain functional.Limited devices(PC,printer,terminal,extension)are not operational. Three(133) There is degradation.of services although issue is not mission-critical:P3 incidents are responded to using standard operating procedures and operating within the standard workfiNt and operational structures, Occurs when you require information or assistance on Carousel-provided product Four(P4) capabilities,installation or configuration.There is clearly little or no impact to your business operations. P4 incident are responded to using standard operation procedures as time allows. C.5.1Incident Notification As incidents are prioritized and entered into the Information Technology Service Management(€TSM) platform,the Client is notified via automated email response.The automated email response will contain the incident number, details collected during the event identification process,and affected device,system,service, or location information, and all actions taken.Any time an incident its open, updated, and closed automated email notification is sent to the Client. In addition,to automated email notifications,Carousel can provide automate SMS notification, if requested by the Client. SMS notification is not a bi-directional SMS texting features rather it's an informational message sent from the ITSM to the Client. Carousel recommends that this function is only enabled for incidents containing the highest level of priority. Page 28 City of Et.Worth Water_01/27/2020 Carousel can provide additional telephonic notification for all P1 incidents, if requested by the Client. C.5.2 Triage & Troubleshooting (operate & optimize only) once the Carousel incident management team receives a service ticket, an engineer will follow step-by- step instructions to achieve predictable, standardized, and desirable results to quickly restore any unplanned interruption.This function covers the Analysis, diagnosis, resolution,and recovery of the incident. C.5.3 Complex Resolution (operate & optimize only) Carousel will work with the Client IT staff or other 3rd parties through resolution when the incident may be a result of multiple technologies contributing to the incident. C.5.4 Bug & Security Resolution (operate & Optimize only) When service affecting software anomalies (bugs) and security related vulnerability have been identified,our service delivery team will drive the resolution process. Carousel will identify the issue, work with the vendor to find a software resolution, begin an emergency service request process, and deploy the appropriate patch,service pack, or upgrade as part of the change management process. C.5.5 Carrier Management (operate & optimize only) For the supported environment, Carousel owns identification,troubleshooting, and resolution of Carrier related issues. Carousel acts as an agent of the Client and drives Carrier escalations for MPLS, Ethernet, broadband,dedicated Internet,SIP trunks, PRIs, or analog circuits in the event of link down,service outage,timing &slips,or high interface errors. Carousel will: • Create and maintain the appropriate documentation in Carousel's ITSM system • Drive escalation with the appropriate Carrier or service provider • Notify and communicate the issue to Client including carrier ticket number,time of outage and expected time of restoration • Act as an intermediary between Client and the service provider • Track and drive activities required to resolve the issue • Update the Carousel incident as required • Validate the resolution of the incident • Update and close the incident when the issue is resolved • If available,obtain root cause. Notwithstanding anything herein to contrary,Carousel resolution SLAB do not apply to Carrier Management Services. Note:Client is required to sign LOA(Letter of Authorization)for each service provider during the service transition process for Carousel to perform Carrier Management.limited to circuits connected to devices under Carousel Management. Page 29 City of Ft.Worth Water ol/27/2020 Note:Any signed LOA (Letter of Authorization) is for incidents only, Carousel will not be responsible or accountable for any procurement, payment, ordering or decommissioning of circuits. C.5.6 Vendor Man age rnent (operate & Optimize only) For the supported environment, Carousel owns identification,troubleshooting, and resolution of third- party vendor related issues. Carousel drives the third-party vendor escalation process and provides follow-up of a supported vendor related issue.When required, Carousel creates a ticket directly with the third-party vendor on the Clients behalf.We drive the third-party vendor to identify the issue, troubleshoot the defined issues, and ultimately obtain resolution. Carousel notifies and communicates all third-party vendor issues with the Client including, ongoing status, available work arounds, and expected time of resolution. Carousel works the incident through closure,and if available, obtains the root cause, When required,Carousel drives the escalation processes to resolve configuration,software,and hardware anomalies, manage hardware replacement,software bug fixing and patch management,and on-site engineering dispatch. Carousel will: • Create and maintain the appropriate documentation in Carousel's ITSM system • Drive escalate with the appropriate third-party vendor • Notify and communicate the issue to Client including ticket number,time of outage and expected time of restoration • Act as an intermediary between Client and the third-party vendors • Track and drive activities required to resolve the issue • For hardware replacement,Carousel drives the replacement process until replacement is shipped,received, installed,configured IP addressing,restore last known configuration and update serial numbers Carousel's ITSM/CMDB • Update the Carousel Incident as required • Validate the resolution of the incident • Update and close the incident when the issue is resolved • If available,obtain root cause. Note:Client is required to sign LOA(Letter of Authorization)for each third-party vendor during the service transition process for Vendor Management. C.5.7 Incident Escalation (operate & oprimize only) Incident escalation is a process used to highlight orflag certain issues within an Incident,so that the appropriate personnel can respond to these situations and monitor the resolutions.Carousel's escalation management process identifies,tracks, monitors and manages situations that require increased awareness and swift action. Carousel's carefully created escalation processes can ensure that unresolved problems don't linger, and issues are promptly addressed. Using Incident Escalation Management can re-priorit4ze, reassign,and monitor a situation to a satisfactory completion.There are two types of escalations: hierarchical and functional. Page 30 City of Ft.Worth Water 01/27/2020 Hierarchical escalation is used to ensure attention for notification,action or resolution is moving the technical levels of operation. For example, Est level support is unable to resolve the issue,so it is escalated to 2nd level support. In case they are also not able to solve the issue,they are escalating it to 3rd level support and so on until the issue is resolved. During the hierarchical escalation the workflow management is evaluating the incident priority against resolution progress. Functional escalation is used in case that the support team is unable to resolve the issue or stick within the agreed timeline(targeted time for resolution is exceeded). Functional escalation is the process used to assign an incident from one team to another team based on the skills required to resolve the incident. For example, escalating an incident from the unified communications team to the network team when it becomes apparent that the lack of performance is due to network conditions. C.6. Problem Management (optimize oniy) C.6.1 Root Cause Analysis (optimize only) Our service delivery team conducts root cause analysis to determine the underlying cause of an incident, document the findings and take appropriate corrective action. Root cause analyses are performed to understand the cause of critical outages, prevent future incidents from occurring,eliminate chronic incidents, and minimize future impact to problems and outages. 1. Perform problem determination and problem resolution; 2. Perform tracking and management of outage to Closure; 3. Perform root cause analysis for individual P1 and P2 incidents 4. Identify chronic problems; C.6.2 Chronic Problem Management (optimize only) Our service delivery team will drive the identification and resolution of chronic incidents. Chronic issues are defined as the same problem occurring multiple times in a 30-day period. We will attempt to reproduce the problem, identify incident triggers, document the current state,define remediation paths and work around scenarios and provide detailed root cause analysis. C.7. Patch & Release Management (optimize oniy) The purpose of Patch & Release Management is to facilitate the physical control of software assets and their release into the production environment. (a) Major Software Release- Major Release is a major change to the software that introduces new optional features and functionality. Major Releases are typically designated as a change in the digits)to the left of the first decimal point(for example, (NJ,y.z)are out of scope. (b) Minor Software Releases(aka'dot"release)-A Minor Release is a change to the software that introduces a limited number of optional features and functionality, Minor Releases are typically Page 31 City of Ft.Worth Water 01/27/2020 designated as a change in the digit to the right of the first decimal point(for example,n.[Y].z)and are out of scope. (c) Patch Release—Patch Release is a change to the software to stabilize the code based upon reported bug related issues or to correct/harden a potential security vulnerability.Patch Re{eases are typically designated as a change in the digit to the right of the second decimal point(for example,n.y.[Z]}and are included as part of release management. Note: Product correction updates may require system hardware upgrades to comply with current manufacturer's specifications. In these cases,the hardware must be upgraded before the update can he implemented. Hardware upgrades are not included as part of this service. Note: If Carousel determines the patch is appropriate, it will follow Change Management procedures and policies Note: Additional installation, implementation and/or customization services necessary to implement software releases are not included in this service and are defined as projects. !Vote: Client must retain entitlement to receive software and/or firmware updates from their manufacturers. Carousel does not provide an alternative to upgrade entitlement or leverage Carousel entitlements on Client's behalf. Carousel does not supply any software or firmware of any kind otherthan for Carousel owned equipment and systems. C.7.1 Server Patch Management (optimize onlyJ Carousel follows an industry best practice methodology of Scan,Assess,Approve and Install for updating Microsoft and Linux server patches.We provide weekly assessment, notification,and recommendation of patches. We provide monthly patch implementation or more immediate if service effecting or security related. C.7.2 Network Device Release Management (optimize only) Carousel follows a semantic versioning model for network device patches.The model is defined as MAJOR.MINOR.PATCH.We provide quarterly assessment, notification, and recommendation of patches. We provide semi-annual patch implementation or more immediate if service effecting or security related. Carousel will report on MAJOR.M I NOR.PATCH, but will only implement on PATCH. Any MAJOR or MINOR releases will be quoted as a project and be considered out of scope. C.7.3 Application Release Management (optimize only) Carousel follows a semantic versioning model for application for select business cnablement applications.The model is defined as MAJOR,MINOR.PATCH.We provide quarterly assessment, notification,and recommendation of patches.We provide quarterly patch implementation or more immediate if service effecting or security related.Carousel will report on MAJOR.MINOR.PATCH, but will only implement on PATCH. Any MAJOR or MINOR releases will be quoted as a project and be considered out of scope. Page 32 city of Ft.Worth Water_01/27/2D20 C.S. IT Asset Change Management (opamize onm) Carousel's IT asset change management function ensures that a standardized set of procedures is used to promptly handle all requests for service or change. It ensures that all changes are recorded,assessed, approved, prioritized,and deployed in a manner that meets business requirements and protects the stability and reliability of critical IT systems. The main objective of change management is to control the lifecycle of while minimizing disruption to IT services.Service or change request can be broadly classified as "Standard","Complex"and "Emergency,,; Standard change tasks are well known,defined, documented, and proven.The change management workflow is pre-established,and no approval is necessary. Emergency change requests need to be executed immediately to resolve imminent Critical/Sev- 1/P1 incidents that threaten business continuity. Emergency request requires approval from the eCAB and will follow the workflow defined in the emergency change request, • Complex change request is pervasive, less defined, and the impact of the request is not known. Complex request could change the configuration of an existing feature,enable existing capabilities,or focus resolving a known issue. Complex requests require Change Advisory Board (CAB)approval,and the specification of a maintenance window. As part of the overall process, Carousel will provide the following where applicable: • Manage and implement system level configuration changes • define the changes required; • measure the impact of the proposed change; • develop a back-out plan; • obtain any relevant approvals for change; • schedule the implementation of the change; • implement the change; • post-implementation testing and verifying expected outcomes;and • in the event of an unsuccessful change, implement the back-out plan in relation to the change. C.8.1 Standard Change Request (optimize o0y) Our Service Delivery team will manage and implement"systemwide" level configuration changes where the implementation process and-the risks are known upfront,documented, proven, and the risk is low and well understood, and the change workflow has been pre-established.These changes are managed Page 33 City of Ft.Worth Water_01/27/2020 according to policies that have been established during service Transitioning.Standard change request approval can be automatically granted. C,8.2 Emergency Change Request (optimize only) Our Service Delivery team will manage and implement emergency change requests when an unexpected error,threat occurs, or events that effect business continuity emerge. Emergency request are evaluated on the basis that the risk of not implementing the request is greater than implementing the request. Emergency request bypass the normal Change Advisory Board (CAB) process and is reviewed by the eCAB requiring a single board members approval.All emergency change requests undergo a post- implementation review process. C.8.3 Complex Change Request (optimize only) Complex Requests must be reviewed by the Change Advisory Board (CAB)who examines the request, assesses the associated risk and impact, and ultimately approves the request for implementation. For complex changes to be implemented, requires a minimum of 51%CAB member approval. Usually a complex request involves a significant change to the service or infrastructure,and it carries some degree of risk.All complex changes require comprehensive planning, documentation,workflow analysis, and governance. If the request is determined to be higH-risk,the CAB must decide whether,when and how the request will be implemented or if the complex change request needs to be treated as project.The following list of criteria are used to determine if the complex change request should be treated as a project: • On-site When the service/change request requires onsite Carousel engineers to complete the request. • 'testing When the service/change request requires extensive testing by our engineering team,client's team,or a combination of both. • Expansion When the service/change request adds new devices, locations,or features that fundamentally change the nature of the supported environment. • Design When the service/change request changes the fundamentally design, architecture,or the operations of the supported environment. • Platform When the service/change request impacts multiple supported platform across the supported environment. • Coordinate When the service/change request requires the Carousel team to coordinate multiple resources—vendors, people, locations or multiple phases of change implementation Page 34 city of Ft.Worth Water_01/27/2020 Based on the above defined criteria and the nature of the complex change,some request could be managed as a project and billed outside the scope of this contract. C.9. End-User Service Request (optimize only) Carousel's end-user service request function ensures that a standardized set of procedures is used to promptly handle all requests for implementation end-user related changes.The service request process ensures that all requests are recorded,assessed, approved, prioritized,and deployed in a manner that meets business requirements and protects the stability and reliability of critical IT systems. The main objective of change management is to control the lifecycle of while minimizing disruption to IT services. End-user service request be broadly classified as "Standard".Where standard service request tasks are well known,defined, documented, and proven.The service request management workflow is pre-established,and no approval is necessary. As part of the overall process, Carousel will provide the following where applicable. • Ensure that the client's IT personnel requesting the change is authorized; • manage and implement end-user level service request; • define the changes required to complete request; • schedule the implementation of the service requests; • implement the end-user service request; and • notification of the completion of the service request. Our Service Delivery team will manage and implement end-user service request where the implementation process and the risks are known upfront, documented, proven, and the risk is low and well understood, and the change workflow has been pre-established.These requests are managed according to policies that have been established during service transitioning. upon the receipt of the service request,a priority scale of 1 through 4 will be applied.And the assigned priority will determine the timeline for implementation where P1s are deployed within 2 hours, 132s within the same day, Pas within three business days,and P4 within five business days.Standard change request approval is automatically granted and implemented in accordance with the assigned priority. C.11.. Continuous Service improvement Carousel's service delivery team incorporates a quality assurance and continuous improvement processes as a proactive component of our managed services offering. Our service delivery team compares month-to-month key performance indicators (KPIs)such as "First to Know"trends,5LA attainment,mean time to resolution measurements,"alert to incident" ratios, "alert to device" ratios, Page 35 City of Ft.worth water 01/27/2020 and noisy element analysis to drive continual service improvements.And daily,our team reviews a subset of incidents leading to runbook changes, new runbook development, runbook automation, increased event correlation,and improved alert aggregation.The Quality Assurance Review begins during service transitioning and continues throughout the entire contract lifecycle. C.12. Service Management Carousel will provide a Service Delivery Manager(SDM)who will establish a framework for communications, reporting, procedural and contractual activities for the Services.The SDM helps the clients confidently pursue their growth, innovation and performance agendas through proactive management of their supported environment. Carousel's Service Delivery Manager is an assigned resource available during the standard hours of operations(Monday through Friday, 08:00 to 17:00).The assigned SDM standard hours are aligned with the client's center of IT operations. The SDM's focus is on maintaining service excellence each day by working closely with the client's leadership to translate essential business requirements to the broader support team such as business changes, critical system sensitivity, blackout periods for change, etc. During all projects and onboarding of new or modified services,the SDM will collaborate closely with the Project Manager though participation in service reviews with your team covering both project status and service management updates. The following are some of the responsibilities of the assigned Service Delivery Manager: Service Delivery Leadership During the service transition,the communication cadence between the client and the Service Delivery Manager is established. At any point during the term of the agreement,the communication cadence can be adjusted to meet the client's changing needs.These service focused touch points will discuss upcoming service requests, change requests, patch and release management status and significant projects.Also,the Service Delivery Manager will review and update any organizational changes, process changes,and modification to client response procedures. Service Level Performance Monitoring The Service Delivery Manager reviews open tickets queues providing feedback and direction to the services delivery team ensuring proper workflow management. During their review,the SDM will identify service trends, potential problems,and opportunities to improve the service delivery quality.Also,the SDM monitor overall service performance and reviewing Service Level Agreement attainment and escalation workflow. Major Incident Management Leadership Page 36 City of fit,Worth Water_01/7.7/2020 During the ordinary course of IT operations,significant incidents will occur, and they can have an extreme impact on the steady-state operation of the business/organization.Any events for which the timescale of disruption—to even a relatively small percentage of users—becomes excessive could he regarded as a major incident. When necessary,the major incident procedure could include the dynamic establishment of a separate Major Incident Team subject to the direct leadership of the Service Delivery Manager. The SDM's direction ensures that adequate resources and focus are provided for finding a resolution, If the incident is escalated to the point that requires a formal meeting between and should arrange a formal meeting with all invested parties.The SDM will organize,facilitate,and drive this crucial meeting with the purpose of reviewing progress and determining the best course of action. Throughout the major incident,the Service Delivery Manager ensures all activities are recorded, and the client is informed of progress. Communication is an important activity in handling major incidents. Executive Business Reviews An Executive Business Review (EBR) is a face-to-face meeting that is strategic--rather than tactical—in nature. EBR is scheduled and conducted by the assigned Service Delivery Manager, and this briefing is not the time or place to discuss the details of specific service issues, support questions or the status of particular projects. The SDM will lead a conversation to gain a deeper understanding of the client's business and plans, and to strategize as to how Carousel can deliver more value based on those factors.At the same,the Service Delivery Manager will provide insight on Carousel's business goals and objectives,overall performance,and new solution sets.Also,the SDM will provide comprehensive insight on overall service delivery performance, areas for improvements, capacity planning recommendation and life-cycle management advice. Carousel will conduct executive business reviews per year with the expectation is that the EBR would include critical members of the client ITteam including but not limited to executive leadership. Carousel goal is to ensure that all EBR have a face-to-face experience whether through the use of technology or an in-person meeting. Page 37 City of Ft.Worth Water 01/27/2020 Exhibit D — Service Level Agreement Carousel requires full access/shared control with the Client of the supported items that are at Operate and/or Optimize level of service. Client needs to inform Carousel of any device additions, deletions, or changes to supported items. The following table describes the various priority levels and Service Level Objectives (SLO). The start of the process can originate from monitoring system alerts or from user requests entered via the ticketing system, phone or e-mails. Speed to Answer is measured service Desk live answer <=Z0 seconds — 90% across all client calls. Aggregate Incident Response Is Notification to incident R' P1 <=1S Minutes 90% measured from receipt of All Emails considered as P2 by default P2 <=30 Minutes Aggregate notification via email,call,or alarm. P3 <=30 Minutes P4 <=30 Minutes Incident Assignment period is Incident to Engineer Assignment P1 <=30 Minutes -- —90% measured from the time the PZ =;-hour Aggregate incident has been opened. P3 a=4-hour P4 <=8-hour Incident Resolution period is Incident Creation to Incident Resolution P1777 measured from the time the PzIncident has been opened. P3 pq Problem Management is Root Cause Analysis(RCA)Inputs Draft 3 Business bays measured from time cif client Delivery 10 Business Days Aggregate request for RCA. Change Management Request Emergency Change Critical �P2 <=15 Minutes 90% Response is measured from <=30 Minutes Aggregate receipt of the request to the Emergency Change Default Page 38 City of Ft.Worth Water 01/27/2020 pliulily creation of the Service Complex Change Default P3 a=30 Minutes Request(SR). Standard Change Default Z <=30 Minutes D Change Management Emergency Change Critical p7 <=2-hour 80% Implementation is measured Emergency Change Default PZ <=Same Bus Day Aggregate from the time of the change approval or from the start of Complex Change Default P3 [-Next Bus Days the authorized change pq <=3 Business Days window. Standard Change Default p2 <=I5 Minutes 90% End-User Services Request Response is measured from P2 <=30 Minutes Aggregate receipt of the request to the creation of the Service p3 <=30 Minutes Request(SR). p�} <=30 Minutes End-user Service Request PI a 2-hour Implementation is measured P2 <=Same Bus Pay Aggregate from the time of the creation of the Service Request to the P3 <=3 Business Days implementation of the P4 e=S Business Days request. Resolution SLO timer is paused whorl ticket status is changed to"Handed-overto Client and/or Partner," "on-Hold," "Under observation," "Work around"or"Resolved" Below is a list of conditions that will trigger a pause in the resolution SLO timer: Resolution SLO timer pause conditions • Waiting for remote access/connectivity to client environment • Wallting for the arrival of replacement hardware • Waiting for the arrival of dispatched on-site engineering/resources • Waiting for 3`d Party(Carrier,Courier) • Waiting on clientto perform validation,testing, • Scheduled or planned downtime Resolution SLO timer are stopped when the INCDIENT is experiencing the following conditions: Page 39 City of Ft.Worth Water_01/27/2020 Exclusions • Force Majeure conditions Lack of power to facilities and inadequate power backup + Lack of Wide Area connectivity without appropriate redundancy Lack of appropriate manufacturer support coverage on critical elements Page 40 city of Ft.Worth Water_01/27/2020 Exhibit E -- Supported Items Product Lctcation Line Item-Number Manufacturer Long Description Quantity Virtualized(Customer Service Not CI-SDG- Provided VM).This is labor Transition Applicable VIRTUAL Carousel only. 1 Service Not MS- Onboarding Labor- Transition Applicable Onboarding Carousel Devices Service Not MS- Onboarding Labor-Project Transition Applicable Onboarding Carousel Management - Trarisftlon fi 3" Total MS-OPTM- Extreme 200 Texas St Optimize NET-SWCH-T2 Networks Summit X430 Series " 24 200 Texas St _ .24 -Total MS-OPTM- Extreme 201 Texas St Optimize NET-SWCH-T2 Networks Summit X440 Series(EoS) 21 201 Texas:St Total • MS-OPTM- Extreme 202 Texas St Optimize NET-SWCH-T4 Networks Summit X480 Series 5 2a2 Teas.St 9N5 Grand Total Page 41 City of Ft.Worth Water_01/27/2020 Exhibit F - Terms and Conditions 1. ORDER,PROVISION AND SCOPE OF SERVICES In return for the payment of the fees specified in the Statement of Services(SOS),Carousel will provide the Services and Service level Agreement(Exhibit D)for locations and/or products specified in Carousel's Supported Items List(Exhibit Q. Orders are subject to acceptance by Carousel.Carousel may accept an order by beginning to perform the Services_Terms and conditions contained in Client purchase orders or other Client documents will have no effect,unless explicitly approved and noted an the SOS. Remote Monitoring and Access.Carousel may remotely monitor or access Products and Systems serviced underthis agreement for the following purposes:(i)for remote diagnostics and corrective actions;(tt)to determine system configuration and applicable charges;(iii)to verify compliance with applicable software license terms and restrictions;(iv)when providing managed Services,to assess Client's needs for additional products or Services. Error Correction.Some Services options may include correction of Errors.An"Error"means a failure of a Supported Product to conform in all material respects to the manufacturer's specifications that were currently applicable when the Supported Product was purchased or licensed. Replacement Hardware.Replacement hardware provided as part of Services may be new,factory reconditioned,refurbished, re-manufactured orfunctionalty equivalent.It will be furnished only on an exchange basis.Returned hardware that has been replaced by Carousel,will become Carousel's property.Title to Carousel-installed replacement hardware provided as part of Services will pass to Customer when installed.Title to all other hardware provided as part of Services will pass to Client when it arrives at the Supported Site. Added/Removed Products.A.Addedl Removed Products.A.If Client acquires additional products of the same type and manufacturers)as the existing Supported Products and locates them with existing Supported Products at a Supported Site or networks them at a remole location as part of an existing Supported Products at a Supported Site,they will he considered"Added Products',and will be added to the order automatically for the remainder of the term. Added Products purchased from a party other than Carousel may be subject to certification by Carousel at Carousel's then current rates for such certification.if Added Products fail certification,Carousel may choose not to add them to the Supported items.Services coverage will be effective immedlatOy after Carousel certifies the added products.Charges for added products will be at the then current rate and coverage will be coterminous with the coverage for the existing Supported Items. B.REMOVED PRODUCTS,In the event that the Client removes components or equipment from a Carousel-supported system,any change in components,administered TDM and/or 1P port counts may be accounted for on next billing date.If Client removes equipment covered under a Carousel SOS,Carousel agrees that upon receiving 30 day written notification of the removal,complete with inventory detail,the monthly pricing of the SOS will be adjusted accordingly for the Client's next billing cycle,and at the rates originally agreed in the pricing section. General Limitations.unless the(Exhibit C)provides otherwise,Carousel will provide software Services only for the unaltered current release of the software and the prior release.For software versions that are older than t release prior to the then current release,software Services will be limited only by the manufacturer end of support policies.The following items are inctuded in the Services only if(Exhibit C)specifically Includes them:(!)support of user-defined applications;(ii)support of Supported Items that have been modified by a party ether than Carousel(except for installation of standard,self-installed updates provided by the manufacturer);(iii)making corrections to user-defined reports;(iv)data recovery services;(v)services associated with relocation of Supported items;(vi)correction of Errors arising from causes external to the Supported Items(such as power failures or surges);and(vti)Services for Supported Items that have been misused,used in breach of their license restrictions, improperly installed or configured,or that have had their serial numbers altered,defaced or deleted. 2. INVOICING AND PAYMENT. Invoicing. Carousel will invoice Client for Services in advance untess another payment option is specified to the order,or as otherwise specified in the pricing section of this document, Payment. Payment of undisputed invoices is due within thirty(30)days from the date of Carousel's invoice.Client will pay all bank charges,taxes,duties,levies and other casts and commissions associated with nonstandard methods of invoicing and Page 42 City of Ft.Worth Water_01/27/2020 payment.Overdue payments will be subject to a late payment charge of the lesser of 1.5%per month or the maximum rate allowed by applicable law.Unless Client provides Carousel with a tax exemption certificate,Client is solely responsible for paying all required taxes,(including,but not limited to,property,sales,use or excise taxes with respectto the provision of Carousel Equipment)except for any income tax assessed upon Carousel. 3. CUSTOMER RESPONSIBILITIES General.Client will cooperate with Carousel as reasonably necessary for Carousel's performance of its obligations,such as:(i] providing Carousel with full,free and safe access to its facilities;(11)providing telephone numbers,network addresses and passwords necessary for remote access;and(111)providing interface information for Supported items and necessary third-party consents and licenses to access them,Client shall provide to Carousel a technical resource or onsite contact person who shall assist Carousel Technicians,Engineers and Support Staff in remotely troubleshooting issues,including,but not limited to providing data logs,or assisting in raboots/resets of certain components.All items will be provided by Client at Client's expense.if Carousel provides an update or other new release of software as part of the Services,Client will implement it promptly.Client will reasonably use,safeguard and return to Carousel any items that Carousel loans to Client("Carousel Tools") for the purpose of providing Services under this SOS,such as,but not limited to,the Service Delivery Gateway("SDG").Carousel Tools shall not be considered Products. Prevision of Supported Products and 5 stems.Except for Carousel hosted facilities,Client will provide all Supported Items, Supported Systems and Supported Sites.Client continuously represents and warrants that:(i)Client is either the owner of,or is authorized to access and use,each of them;and(ii)Carousel,its suppliers,and subcontractors are authorized to do the same to the extent necessary to provide the Services in a timely manner. Moves of Supported Products.Client will notify Carousel in advance before moving Supported Items.Carousel may charge additional amounts to recover additional costs in providing the Services as a result of moved Supported Items. Vendor Management.Where Carousel is to instruct or request products or services on Client's behalf from third party vendors under Client's supply contracts with third-party vendors("Vendor Management"),Client will provide Carousel upon request a letter of agency or similar document,in farm reasonably satisfactory to Carousel and Client,permitting Carousel to perform the Vendor Management.Where the third-party vendor's consent is required for Carousel to be able to perform Vendor Management in a timely manner,Client will obtain the written consent of the vendor and provide Carousel a copy of it upon request. Third Party Hosting.In the event one or more network address(es)to be monitored by Carousel are associated with systems owned,managed,and/or hosted by a third party service provider("Host"),Customer will:(1)notify Carousel of the Host prior to commencement of the Services;(ii)obtain the Host's advance written consent for Carousel to perform the Services on the Host's computer systems and provide Carousel with a copy of the consent upon request;and(ill)facilitate necessary communications between Carousel and the Host in connection with the services. Access to Personal Data.From time to time,Client may require Carousel to access a Supported Item or Supported System containing employee,customer or other individual's personal data(collectively,"Personal Data"). Where Client instructs Carousel to access any Personal Data,or to provide Client or a third party identified by Client with access,Client will(i)notify all relevant employees and other individuals of the fact that Carousel will have access to such personal data in accordance with Client instructions and(ii)indemnify Carousel and its officers,directors,employees,subcontractors and affiliates against,and hold each of them harmless from,any and all liabilities,costs,damages,judgments and expenses(including reasonable attorney's fees and costs)arising out of Carousel accessing or providing access in accordance with Client's instructions. OEM Requirements: In order to receive manufacturer support or gain access to intellectual property such as software patches and updates,manufacturers may require an end user to maintain manufacturer-direct content in the form of licensing or software subscriptions,or another type of manufacturer-direct entitlement.It is the responsibility of the customerto ensure that all subscriptions,licensing fees,software support agreements,and other manufacturer entitlements are active and up to data at commencement of,and at all times during the term of the SOS.In some cases,the OEM requires that the support provider(Carousel)contract directly with the manufacturer on behalf of the end user,with an associated cost for services. In Page 43 City of Ft.Worth Water_01/27/2020 the event of early termination of the SOS,the Customer,at a minimum,shall be subject to an early termination fee of the prorated,net amounts due to the manufacturer for a I i established backend OEM support as defined on this 50S,in addition to any penalty as defined in section 10.(Termination)herein. End of Sup ort/Extended Support:Periodically,manufacturers may declare"end of life,""end of service,""end of support," "manufacture discontinue"or similar designation("End of Support")for certain Supported Items.For Products subject to End of Support,Carousel will continue to provide the support described,except forthe End of Support exceptions listed therein ("Extended Support").Products declared end of support/extended support,will be supported under the terms of Extended Support until contract end date,at which time the Supported Product may be removed from coverage and rates will be adjusted accordingly.Extended Support is best effort,support will be provided with the following exceptions:At the end of manufacturer support,Tier IV R&D product developer support and going forward maintenance updates(e.g.,Product Correction Notices("PCN's"),"bug fixes,"interoperability/usability solutions)are no longer provided by the manufacturer. Therefore,certain complex faults or functionality issues may not be resolvable without the Client upgrading the system to a version currently supported by the manufacturer.In addition,as replacement parts are manufacturer discontinued,some products or components may become increasingly scarce or require replacement with substitute parts,This may result in delays In response or repair intervals,or may require upgrades to other components at Client's expense in order to ensure compatibility and preserve Supported Item functionality. 4. SOFTWARE LICENSE WHERE SERVICES INCLUDE PROVISION OF PATCHES,UPDATES OR FEATURE UPGRADES FOR SUPPORTED PRODUCTS("NEW SOFTWARE"),THEY WILL BE PROVIDED SUBJECT TO THE LICENSE GRANTAND RESTRICTIONS CONTAINED IN THE ORIGINAL AGREEMENT UNDER WHICH CLIENT LICENSED THE ORIGINAL SOFTWARE FROM THE OEM. WHERE THERE IS NO EXiSTI NG LICENSE FROM THE OEM,NEW SOFTWARE WILL BE PROVIDED SUBJECTTO THE MANUFACTURERS THEN CURRENT LICENSE TERMS AND RESTRICTIONS FOR THE NEW SOFTWARE.NEW SOFTWARE MAY INCLUDE COMPONENTS PROVIDED BY THIRD PARTY SUPPLIERS THAT ARE SUBJECT TO THEIR OWN END USER LICENSE AGREEMENTS,CUSTOMER MAY INSTALL AND UST= THESE COMPONENTS IN ACCORDANCE WITH THE TERMS AND CONDITIONS OF THE END USER LICENSE AGREEMENT ACCOMPANYING THEM. 5. CONFEDENTIAL INFORMATION "Confidential Information"means business and/or technical information,pricing,discounts and any other information or data that by its nature would be reasonably deemed confidential,regardless of whether in tangible or other form,including but not limited to information communicated verbally.Confidential Information excludes information that:(1)is publicly available other than by an act or omission of the receiving party;(11)subsequent to its disclosure was lawfully received from a third party having the right to disseminate the information without restriction on its dissemination and disclosure;(iii)was known by the receiving party prior to its receipt and was not received from a third party in breach of that third party's confidentiality obligations;or(iv)is required to be disclosed by court order or other lawful government action,but only to the extent so ordered,provided the receiving party provides prompt written notification to the disclosing party of the pending disclosure so the disclosing party may attempt to obtain a protective order.In the event of a potential disclosure in the case of subsection (iv)above,the recelving party will provide reasonable assistance to the disclosing party should the disclosing party attempt to obtain a protective order.Each party will protect the secrecy of all Confidential Information received from the other party with the same degree of care as it uses to protect its own Confidential Information,but in no event with less than a reasonable degree of care.Neither party will use or disclose the other party's Confidential Information except as permitted in this Section or for the purpose of performing obligations under this SOS.The confidentiality obligations of each party will survive expiration or termination of the SOS.Upon termination of the SOS,each party will cease all use of the other party s Confidential Information and will promptly return,or at the other party's request destroy,all Confidential Information,including copies,in tangible farm in that party's possession or under its control,including Confidential information stored on any medium.Upon request,a party will certify In writing its compliance with this Section. 5. WARRANTIES Carousel warrants to Client that Services will be carried out in a professional and workmanlike manner by qualified personnel.If the Services have not been so performed and Carousel receives Client's detailed request to cure a non-conformance within 30 days of its occurrence,Carousel will re-perform those Services. This remedy wit]be Customer's sole and exclusive remedy and Page 44 City of Ft.Worth Water_01/27/2020 will be in lieu of any other rights or remedies Customer may have against Carousel with respect to the non-conformance of Services. EXCEPT AS REFERENCED AND LIMITED IN THIS SECTION,NEITHER CAROUSEL NOR ITS LICENSORS OR SUPPLIERS MAKES ANY OTHER EXPRESS OR IMPLIED REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE SERVICES.IN PARTICULAR,THERE 15 NO WARRANTY THAT ALL SECURITY THREATS AND VULNERABILITIES IN A SUPPORTED PRODUCT SUPPORTED SYSTEM OR NETWORK WILL BE DETECTED OR THAT SERVICES WILL RENDER THEM SAFE FROM SECURITY BREACHES_TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW,CAROUSEL DISCLAIMS ALL IMPLIED OR STATUTORY WARRANTIES,INCLUDING,BUT NOT LIMITED TO,ANY WARRANTIES OF MERCHANTABILITY,FITNESS FOR A PARTICULAR PURPOSE,AND NON-INFRINGEMENT. 7, LIMITATION OF LIABILITY IN NO EVENT WILL EITHER PARTY OR ITS RESPECTIVE LICENSORS OR SUPPLIERS HAVE ANY LIABILITY FOR ANY INCIDENTAL, SPECIAL,STATUTORY,INDIRECT OR CONSEQUENTIAL DAMAGES,LOSS OF PROFITS OR REVENUE,LOSS OR CORRUPTION OF DATA, TOLL FRAUD,COST OF COVER,OR SUBSTITUTE GOODS OR PERFORMANCE.EXCEPT FOR CAROUSEL:S MISAPPROPRIATION OF CLIENT'S PROPRIETARY OR CONFIDENTIAL INFORMATION,THE LIABILITY OF EITHER PARTY FOR ANY CLAIM ARISING OUT OF OR IN CONNECTION WITH THIS SOS WILL NOT EXCEED AN AMOUNT EQUAL TO THE AGGREGATE TOTAL AMOUNT OF ALL FEES PAID OR PAYABLE UNDER IN THE TWELVE(12)MONTH PERIOD IMMEDIATELY PRECEDING THE DATE OF THE EVENT GIVING RISE TO THE CLAIM.THE LIMITATIONS OF LIABILITY IN THIS SECTION WILL APPLY TO ANY DAMAGES,HOWEVER CAUSED,AND ON ANY THEORY OF LIABILITY,WHETHER FOR BREACH OF CONTRACT,TORT(INCLUDING,BUT NOT LIMITED TO,NEGLIGENCE),OR OTHERWISE,AND REGARDLESS OF WHETHER THE LIMITED REMEDIES AVAILABLE TO THE PARTIES FAIL OF THEIR ESSENTIAL PURPOSE.HOWEVER,THEY WILL NOTAPPLY IN CASES OF WILFULL MISCONDUCT,PERSONAL INJURY OR BREACHES OFOEM'S LICENSE RESTRICTIONS.THE LIMITATIONS OF LIABILITY IN THIS SECTION ALSO WILL APPLY TO ANY LIABILITY OF DIRECTORS, OFFICERS,EMPLOYEES,AGENTS AND SUPPLIERS. 8. GOVERNING LAW AND DISPUTE RESOLUTION Choice of Law. Any controversy or claim,whether based on contract,tort,strict liability,fraud,misrepresentation,or any other legal theory,related directly or indirectly to the 505("Dispute")shall be resolved solely in accordance with the terms of this Section 8, The SOS shall be governed by the laws of the Commonwealth of Massachusetts and interpreted and determined in accordance with the laws of the Commonwealth of Massachusetts. The parties hereto irrevocably,(a)agree that any suit, action,or other legal proceeding arising out of the SOS shall be brought exclusively in the courts of record of either the Commonwealth of Massachusetts or the courts of the United States located in the Commonwealth of Massachusetts;(b) consent to the jurisdiction of each such court in any such suit,action or proceeding;and(c)waive any objection which it may have to the laying of venue of such suit action or proceeding in any of such courts. Injunctive Relief. Either party may,at its option and at anytime during the dispute resolution process,seek injunctive relief in any court of competent jurisdiction(including but not limited to preliminary injunctive relief). The parties acknowledge that each of them has a vital interest In enjoining any violation of confidentiality obligations,including unauthorized use of the Software,because damages would not adequately compensate a party for any infringements of that party's intellectual property rights. No Withholding. Disputes will not be a basis for withholding payment of any undisputed amounts clue under the SOS or offsetting other amounts due whether or not the disputed Item Is on the same order or invoice,nor will any amount be retained in anticipation of a Dispute for which notice has not been received. 9. TERM AND TERMINATION Term. The SOS will be effective from the date Carousel accepts the order unless terminated earlier in accordance with this Section.Unless a different term is defined,Carousel will provide Services for an initial term of one year.Services will be renewed automatically for successive one-yearterms(unless specifically mandated)applying the then most similar current generally available support plan offeringand then current rates,unless either party gives the other written notice of its intent not to renew at least 60 days prior to the expiration of the applicable initial or renewal term.Unless otherwise specified,Client may terminate Services in whole or in part upon sixty(60)days prior written notice.Client will be subject to termination fees comprised of the net amounts due to OEM for all established backend OEM support,as defined on the SOS.For prepaid S05's, Page 45 City of Ft.Worth Wate-r_01/27/2020 Carousel will refund or credit the prorated price of the remaining term less the applicable termination charge.Either party may terminate the SA by written notice to the other party effective immediately upon receipt if the other party fails to cure any material breach of the SA within a thirty(30)day period after having received a written notice from the non--breaching party detailing the breach and requesting the breach is cured, Termination Notice. Client's written notice of cancellation or intent not to renew must be sent by:(€)letter via certified mail to the following address: Carousel Industries of North America,Inc.,659 South County Trail,Exeter,Rhode Island 02822 Attn: Termination;(D)email to cancel malltO:contract@carouselindustries.com;or(iii)fax to 401-667-5492, 10. MISCELLANEOUS With Client's prior written consent,Carousel may assign the SOS or any associated order to any of its affiliated entities or to any entity to which Carousel may sell,transfer,convey,assign or lease all or substantially all of the assets used in connection with its performance under this SOS.Carousel may subcontract any or all of its obligations,but will retain responsibility for them. Neither party will be liable for any delay or failure in performance to the extent the delay or failure is caused by events beyond the party's reasonable control,including without limitation,fire,flood,act of God,explosion,war or the engagement of hostilities,strike,embargo,labor dispute,government requirement,civil disturbances,civil or military author€ty,and inability to secure materials or transportation facilities.The failure of either party to assert any of its rights under the SOS is not a waiver by that party of Its right later to enforce the SOS in accordance with its terms.These Terms constitute the entire understanding of the parties with respect to Its subject matter and will supersede all previous and contemporaneous communications, representations or understandings,either oral or written,between the parties relating to that subject matter.It will not be contradicted or supplemented by any prior course of dealing between the part€es.All notices under the SOS and any modifications or amendments must be in writing which in no event shall include any form of electronic communication(such as e-mail). Page 46 City of Ft.Worth Water_01/27/2020 City Secretary Contract No. EXHIBIT B PAYMENT SCHEDULE INVOICING AND PAYMENT Invoicin . Carousel will invoice Client for Services in advance unless another payment option is specified in the order, or as otherwise specified in the pricing section of this document. pa__._Payment of undisputed invoices is due within thirty(30)days from the date of Carousel's invoice. Client will pay all bank charges,taxes,duties, levies and other costs and commissions associated with nonstandard methods of invoicing and payment. Overdue payments will be subject to a late payment charge of the lesser of 1.5% per month or the maximum rate allowed by applicable law.Unless Client provides Carousel with a tax exemption certificate, Client is solely responsible for paying all required taxes, (including, but not limited to,property,sales,use or excise taxes with respect to the provision of Carousel Equipment) except for any income tax assessed upon Carousel. Vendor Services Agreement—Teelumlogy—Exhibit B City Secretary Contract No. EXIHBIT C NETWORK ACCESS AGREEMENT Vendor Services Agreement--Technology—Exhibit C i City Secretary Contract No. EXHIBIT C NETWORK ACCESS AGREEMENT 1. The Network. The City owns and operates a computing environment and network (collectively the "Network"). Vendor wishes to access the City's network in order to provide description of services. In order to provide the necessary support, Vendor needs access to description of specific Network systems to which Vendor requires access, i.e. Internet, Intranet, email, HEAT System, etc. ("Access"). 2. Grant of Limited Access. Vendor is hereby granted a limited right of access to the City's Network for the sole purpose of providing description of services. Such access is granted subject to the terms and conditions forth in this Agreement and applicable provisions of the City's Administrative Regulation D-7 (Electronic Communications Resource Use policy),of which such applicable provisions are hereby incorporated by reference and made a part of this Agreement for all purposes herein and are available upon request. 3. Network Credentials. The City will provide Vendor with Network Credentials consisting of user IDs and passwords unique to each individual requiring Network access on behalf of the Vendor.Access is being granted for purposes of completing services for the City pursuant to the Agreement and Access shall expire at the completion of the, or upon termination of the Agreement,whichever occurs first. 4. Renewal. This Network Access Agreement shall be renewed in accordance with the Agreement if the following conditions are met: 4.1. Contracted services have not been completed; 4.2. Contracted services have not been terminated; and 4.3. Within the thirty (30) days prior to the scheduled annual expiration of this Agreement, the Vendor has provided the City with a current list of its officers, agents, servants, employees or representatives requiring Network credentials. Notwithstanding the scheduled contract expiration or the status of completion of services, Vendor shall provide the City with a current list of officers, agents, servants, employees or representatives that require Network credentials on an annual basis. Failure to adhere to this requirement may result in denial of Access and/or termination of this Network Access Agreement, 5. Network Restrictions. Vendor officers, agents, servants, employees or representatives may not share the City-assigned user IDs and passwords. Vendor acknowledges, agrees and hereby gives its authorization to the City to monitor Vendor's use of the City's Network in order to ensure Vendor's compliance with this Network Access Agreement.Abreach by Vendor, its officers,agents,servants,employees or representatives,of this Agreement and any other written instructions or guidelines that the City provides to Vendor pursuant to this Network Access Agreement shall be grounds for the City immediately to deny Vendor access to the Network and Vendor's Data,terminate the Agreement and the Network Access Agreement,and pursue any other remedies that the City may have under the Agreement or this Network Access Agreement or at law Vendor Services Agreement—Technology—Exhibit C City Secretary Contract No. or in equity. 5.1. Notice to Vendor Personnel—For purposes of this section,Vendor Personnel shall include all officers, agents,servants,employees,or representatives of Vendor.Vendor shall be responsible for specifically notifying all Vendor Personnel who will provide services to the City under this agreement of the following City requirements and restrictions regarding access to the City's Network: 5.1.1. Vendor shall be responsible for any City-owned equipment assigned to Vendor Personnel, and will immediately report the loss or theft of such equipment to the City; 5.1.2. Vendor, and/or Vendor Personnel, shall be prohibited from connecting personally-owned computer equipment to the City's Network; 5.1.3. Vendor Personnel shall protect City-issued passwords.and shall not allow any third party to utilize their password and/or user ID to gain access to the City,s Network; 5.1.4. Vendor Personnel shall not engage in prohibited or inappropriate use of Electronic Communications Resources as described in the City's Administrative Regulation D7; 5.1.5. Any document created by Vendor Personnel in accordance with this Agreement is considered the property of the City and is subject to applicabXe state regulations regarding public information; 5.1.6. Vendor Personnel shall not copy or duplicate electronic information for use on any non-City computer except as necessary to provide services pursuant to this Agreement; 5.1.7. All network activity-inay be monitored `for any reason deemed necessary by the City; and 5.1,8. A Network user ID maybe deactivated when the responsibilities of the Vendor Personnel no longer require Network access 6. Termination. In addition to the other rights of termination set forth herein,the City may terminate this Network Access Agreement at any time and for any reason with or without notice, and without penalty to the City. Upon termination of this Network Access Agreement, Vendor agrees to remove entirely any client or communications software provided by the City from all computing equipment used and owned by the Vendor, its officers, agents, servants, employees and/or representatives to access the City's Network. 7. Information Security.Vendor agrees to make every reasonable effort in accordance with accepted security practices to protect the Network credentials and access methods provided by the City from unauthorized disclosure and use. Vendor agrees to notify the City immediately upon discovery of a breach or threat of breach which could compromise the integrity of the City's Network, including but not limited to, theft of Vendor-owned equipment that contains City- provided access software, termination or resignation of officers, agents, servants, employees or representatives with access to City-provided Network credentials, and unauthorized use or sharing of Network credentials. Vendor Services Agrcement—Technology--Exhibit C City Secretary Contract No. ACCEPTED AND AGREED: CITY: CITY OF FORT WORTH CONTRACT COMPLIANCE MANAGER: By signing I acknowledge that I am the person responsible for the monitoring and administration of this contract,including ensuring all performance By: and reporting requirements. Name: Dana"Burghdo Title: Interinager Date: D : BY Name: Verlon Plunk APPROVAL RECOMMENDED: Title: IT Manager,Water Department APPROVED AS TO FORM AND LEGALITY: By: Name: Chris Harder Title: Director,Water Department By: Name Jo .tic— Strong ATTEST: Title: As scant City Attorney CONTRACT AUTHORIZATION: M&C. Name: �A Date Approved: M y ayse ..•� Title: City Secretary 1' 'y oam 1295 Certification No.: r a.. p i VENDOR: '•TE CAROUSEL INDUSTRIES OF NORTH AMERICA,INC. III By z- i Name: ray Mon'z j Title: Manager of Corporate acts j Date: 1 OFFICIAL RECORD CITY SECRETARY F�T. WORTH Tx � Vendor Services Agreement—Technology(Rev. $/19) Pa a t 2 of�� 56 s i E City Secretary Contract No. EXHIBIT D VERIFICA:I'ION OF SIGNATURE AUTHORITY Vendor Services Agreement—Technology—Exhibit D 2/6/2020 M&C Review Official site of the City of Fort Worth,Texas CITY COUNCIL AGENDA FOPTWoRTH DATE: 1/14/2020 REFERENCE **M&C 20- LOG NAME: 60CAROUSEL NO.: 0035 INDUSTRIES CODE: C TYPE— CONSENT PUBLIC NO HEARING: SUBJECT. Authorize a Cooperative Purchase Agreement with Carousel Industries, Inc. in the Amount of$180,000.00 for Hardware, Software, Maintenance and Support of the Water Department's Extreme Networks, and Professional Services Using the Texas Department of Information Resources Cooperative Contract Number DIR-TSO-4339 (ALL COUNCIL DISTRICTS) RECOMMENDATION: Authorize a cooperative purchase agreement with Carousel Industries, Inc, in the amount of $180,000.00 for hardware, software, maintenance and support of the Water Department's Extreme Networks, and professional services using the Texas Department of Information Resources Cooperative contract number DIR-TSO-4339. DISCUSSION: The Water Department will use this agreement to purchase hardware, software, maintenance and support of its Extreme Networks components, such as switches and routers. PRICE ANALYSIS The prices were obtained using Texas Department of Information Resources (DIR) contract number DIR-TSO-4339. The DIR contract offers fixed discounts for these services. Water Information Technology staff has reviewed the pricing and determined it to be fair and reasonable. COOPERATIVE PURCHASING - State law provides that a local government purchasing an item/service under a Cooperative Purchasing Agreement satisfies state laws requiring that the local government seek competitive bids for purchase of the item/service. DIR contracts have been competitively bid to increase and simplify the purchasing power of government entities. DIR is authorized to offer the cooperative purchasing program to state agencies, public institutions of higher learning, public school districts and local governments. SUCCESSOR CONTRACTS -To facilitate planning and budgeting, Staff would prefer to have annual Agreements that align with the Fiscal Year. However, the DIR Agreement is out of alignment with the City's Fiscal Year and the current term DIR-TSO-4339 will expire on January 22, 2024. In order for the Agreement to align with the City's Fiscal Year, adoption of this Mayor and Council Communication (M&C) technically authorizes (i) a series of Purchase Agreements, each of which will align to a term of the DIR, Agreements to ensure legal authority exists for the contract, and (ii) an annual spend amount, future years of which would be subject to City Council appropriation. In the event that a Cooperative Agreement is not renewed, Staff would cease purchasing at the end of the last Purchase Agreement coinciding with the valid Cooperative Agreements. If the City Council were to not appropriate funds for a future year, Staff would stop making purchases when the last appropriation expires, regardless of whether the then-current Purchase Agreement has expired. The City will initially use DIR-TSO-4339 to make purchases authorized by this M&C. As noted, DIR-TSO-4339 expires January 22, 2024. If DIR-TSO-4339 is extended this M&C authorizes the City to purchase similar equipment and supplies under the extended contracts. If DIR-TSO-4339 is not extended but DIR executes new cooperative contracts with Carousel with substantially similar terms as DIR-TSO- 4339, this M&C authorizes the City to purchase the equipment and supplies under the new ❑1R contract. http:llapps.cNvnet.org/counciI_packet/rnc review.asp?ID=27604&counciIdato=9114/2020 112 2l612020 M&C Review ADMINISTRATIVE CHANGE ORDER -An administrative change order or increase may be made by the City Manager in the amount up to $45,000 and does'not require specific City Council approval as long as sufficient funds have been appropriated. MIWBE OFFICE -A waiver of the goal for MBEISBE subcontracting will not be required due to this agreement being a Cooperative Purchasing Agreement. This satisfies the local government requirements. AGREEMENT TERMS — Upon City Council approval, this agreement shall begin on September 1, 2019 and end on August 31, 2020. This agreement will have a one-year initial term with three one- year options for renewal. RENEWAL OPTIONS - This Agreement may be renewed in accordance with the renewal options in DIR-TSO-4339. This action does not require specific City Council approval provided that the City Council has appropriated sufficient funds to satisfy the City's obligations during the renewal term. FISCAL INFORMATION/CERTIFICATION: The Director of Finance certifies that funds are available in the current operating budget, as appropriated, of the Water & Sewer Fund. Prior to any expenditure being incurred, the Water Department has the responsibility to validate the availability of funds. L�Fund Departmen# Account Project Program Activity Budget Reference# FAount ] ID I_ ID� Year I (Chartfield 2) FROM _ __ Fund ©epartment Accoun�Project Program Activity Budget Referenc #e Amount ID ID Year (Chartfield 2) Submitted for City Manager's Office by: Dana Burghdoff(8018) Originating Department Head: Chris Harder (5020) Additional Information Contact: Rick Lisenbee (2515) ATTACHMENTS 60CAROUSEL INDUSTRIES EW.pdf 60CAROUSEL INDUSTRIES PW.pdf http:llapps.cfwnet.org/eouncil_packet/mc_review.asp?]D=27604&councildate=1/14/2020 212