The URL can be used to link to this page

Home My WebLink AboutContracts & Agreements_241-2022AVOLVE SOFTWARE CORPORATION Software as a Services Agreement This agreement ("Agreement") is made this on the 15th day of November 2022, ("Effective Date") by and between Avolve Software Corporation, a Delaware corporation with offices at 4835 E. Cactus Road, Suite 420, Scottsdale, Arizona 85254, United States of America, ("Avolve" or "Services Provider") and the City of Redlands, a municipal corporation and general law city ("Customer"). WHEREAS Avolve offers remotely hosted subscription, software -as -a -service access (on hardware owned or operated on behalf of Avolve by a third party hosting service provider such as Microsoft Corporation) to Avolve's software (collectively, such hosted electronic plan review and project information management, collaboration and review system, including all software applications, application program interfaces, modules, databases, hardware, infrastructure, documentation and system administration, management and monitoring activities that Avolve provides for the software shall be referred to herein as the "Avolve SAAS Solution"); WHEREAS Avolve provides professional services ("Professional Services") to assist customers with among other things, implementation of the Avolve SAAS Solution and training; WHEREAS the Customer desires to purchase use rights for the Avolve SAAS Solution and related Professional Services (the "Initial Purchase") from Avolve and, pay for such purchases either directly or pursuant to an agreement between the Customer and a third -party financing source reasonably acceptable to Avolve (the "Financing Company"); and WHEREAS Avolve and Customer now desire to provide the terms and conditions under which Avolve will provide the Initial Purchase to Customer, as well provide the terms and conditions for the Customer to purchase other Professional Services from Avolve, with or without the assistance of Financing Company or another paying agent; NOW THEREFORE, in consideration of the foregoing and of the mutual covenants and promises set forth herein, Avolve and Customer agree as follows. SECTION A. — AVOLVE SAAS SOLUTION 1. Avolve SAAS Solution. a. Use Rights. Subject to Customer's compliance with all the terms and conditions of this Agreement, Avolve grants to Customer a non-exclusive, non -transferable, non-sublicensable right during the subscription term ("Subscription Term") identified in the Implementation SOW (attached hereto as Exhibit 1 to permit Users to use the Avolve SAAS Solution identified in the Implementation SOW for Customer's internal business operations, solely for the specific Business Unit(s) as further set forth in the Implementation SOW. Should Customer desire to reorganize any such Business Unit, it shall provide Avolve written notice as soon as possible following the determination of reorganization, so that Avolve may Page 1 of 15 L:\ca\Agreements\Avolve Software-FY22-0062.docx review the planned reorganization to determine if it is consistent with the Business Unit limitation in this use rights grant and, if not, what additional fees will be required due to Customer's reorganization to include additional Business Units. As used in this Agreement, "User" means authorized Customer employees and third parties that require access to the Avolve SAAS Solution in connection with the Customer's internal business operations, such as the Customer's employees, administrators, contractors, reviewers, and applicants. There may be different types/levels of Users for the Avolve SAAS Solution, such as administrator Users, if so identified in the Implementation SOW. b. Storage. The Avolve SAAS Solution will include for the initial Subscription Term the amount of storage set forth in the Implementation SOW. Customer acknowledges that should Customer exceed the included storage limits after Avolve has sent notice to Customer in accordance with Avolve's then -current standard storage limits and data backup practices (available upon request), additional charges will be incurred by Customer. Avolve shall invoice Customer for any such additional incurred charges, and Customer shall pay such invoices, in accordance with Section C of this Agreement. Avolve may, in its sole discretion, modify the amount of standard storage included at no additional charge with the Avolve SAAS Solution, with such modification to become effective upon the effective date of any renewal term provided that Avolve provides Customer written notice of such modification at least ninety days in advance of the expiration of the then -current Subscription Term. c. Restrictions on Use. Customer will not, and will ensure that its Users do not: (i) except as expressly stated herein, copy, reproduce, distribute, republish, download, display, host or transmit in any form or by any means, including but not limited to electronic, mechanical, photocopying, recording, or other means, any part of Avolve SAAS Solution or any other Avolve materials; (ii) use the Avolve SAAS Solution or any other Avolve materials to provide services to third parties (e.g., business process outsourcing, service bureau applications or third party training); (ii) assign, sublicense, sell, lease, loan, resell, sublicense or otherwise distribute or transfer or convey the Avolve SAAS Solution or any other Avolve materials, or pledge as security or otherwise encumber Customer's rights under this Agreement; (iii) make any use of or perform any acts with respect to the Avolve SAAS Solution or any other Avolve materials other than as expressly permitted in accordance with the terms of this Agreement; or (iv) use the Avolve SAAS Solution components other than those specifically identified in the Implementation SOW and then only as part of Avolve SAAS Solution as a whole, even if it is also technically possible for Customer to access other Avolve SAAS Solution components; or (v) modify, further develop or create any derivative works of, disassemble, decompile, reverse engineer or otherwise attempt to obtain or perceive the source code from which any part of Avolve SAAS Solution is compiled or interpreted, or access or use Avolve SAAS Solution in order to build Page 2 of 15 L:\ca\Agreements\Avolve Software-FY22-0062.docx a similar or competitive product or service; (vi) allow use of the Avolve SAAS Solution or any other Avolve materials by anyone other than authorized Users; (vii) publish any results of benchmark tests run on Avolve SAAS Solution; (viii) unless otherwise expressly authorized in writing by Avolve, use the Avolve SAAS Solution in connection with any software product or tools, or any other software as a service not provided by Avolve; and (ix) input, upload, transmit or otherwise provide to or through Avolve SAAS Solution or any systems used by Avolve anything that is unlawful, injurious, or contains, transmits or activates any harmful code. Customer acknowledges that nothing herein will be construed to grant Customer any right to obtain or use the source code from which Avolve SAAS Solution is delivered. Customer shall not tamper with or attempt to disable any security device or protection used by Avolve SAAS Solution or any other Avolve materials, nor shall Customer damage, destroy, disrupt or otherwise impede or harm in any manner the Avolve SAAS Solution or any systems used by Avolve. Customer agrees to take all commercially reasonable steps to ensure that Users abide by the terms of this Agreement and expressly agrees to indemnify Avolve, its officers, employees, agents and subcontractors from and against all claims, liabilities, losses, damages and costs (including reasonable attorney fees) suffered by Avolve arising from a breach by the User of the conditions of this Agreement. d. High -Risk Activities. The Avolve SAAS Solution is not fault -tolerant and is not designed, manufactured, or intended for use or resale as online control equipment in hazardous environments requiring fail-safe performance, such as in the operation of nuclear facilities, aircraft navigation or communication systems, air traffic control, direct life support machines or weapons systems, in which the failure of the Avolve SAAS Solution or derived binaries could lead directly to death, personal injury, or severe physical or environmental damage. The Avolve SAAS Solution is also not designed or intended for use with Federal Tax Information (FTI) as defined in the Internal Revenue Service Publication 1075 (IRS 1075) or criminal justice information ("CJI"), such as fingerprint records and criminal histories. Customer shall not use the Avolve SAAS Solution for any of these high -risk activities, including without limitation transmitting, storing or otherwise processing any FTI or CJI with the Avolve SAAS Solution. e. Project Administrator. Customer agrees, if not already designed in the Implementation SOW, to promptly designate in writing one person to be the Customer's point person responsible for all communications with Avolve (the Customer's "Project Administrator"). The Project Administrator is responsible for project administration duties as documented in the Avolve systems guides, statements of work, and documentation (collectively, the "Documentation"), as provided for time to time by Evolve to Customer. f. Customer Connection. During the Term, the Customer is responsible for obtaining and maintaining connection to the Avolve SAAS Solution, including the Internet connection. Avolve shall not be responsible for any inadequacy or lack of Page 3 of 15 L:\ca\Agreements\Avolve Software-FY22-0062.docx g• functionality of Customer's connection to the Avolve SAAS Solution or the inability of the Customer's computer, telecommunications provider, or other equipment and capabilities to access or use the Avolve SAAS Solution. Third Party Service Providers and Components. Notwithstanding anything to the contrary in this Agreement or any other documents between Avolve and Customer, Customer acknowledges and agrees as follows. 1. The Avolve SAAS Solution and its component parts are protected by copyright and other propriety rights of Avolve and one or more third party software vendors (including Oracle and Open Text Corporation ("OTC") (all such third -party vendors, including without limitation Oracle and OTC, shall be referred to herein as "third party vendors" or "third party software vendors"). Customer may be held directly responsible by such third -party vendors for acts relating to the Avolve SAAS Solution component parts that are not authorized by this Agreement. Customer's use of such third - party software is limited to only in conjunction with Avolve SAAS Solution and Customer acknowledges that it is not allowed to modify such third -party software or use it independent from Avolve SAAS Solution. 2. If Customer purchases from Avolve hosting of the Avolve SAAS Solution on the Microsoft® Windows AzureTM platform, the terms and conditions for such cloud services as such may be updated by Microsoft Corporation from time to time, are found online on at https://www.microsoft.com/licensing/docs/customeragreement. Customer should review the documents available on this website carefully to be sure that Customer reviews the appropriate customer agreement. If Customer has purchased Microsoft Cloud for US Government, review the customer agreement for Microsoft Cloud for US Government. If Customer is purchasing commercial access, the customer agreement for commercial access for the United States applies. Upon Customer's request, Avolve will provide Customer with assistance on finding and/or a copy of the appropriate Microsoft customer agreement. Customer acknowledges and agrees THAT (A) THE HOSTED SERVICES WILL BE PERFORMED SOLELY AND EXCLUSIVELY SUBJECT TO THE APPLICABLE MICROSOFT CORPORATION'S CUSTOMER AGREEMENT (the "Microsoft Customer Agreement) , (B) THAT AVOLVE DOES NOT GUARANTY MICROSOFT CORPORATION'S OBLIGATIONS PURSUANT TO THE MICROSOFT CUSTOMER AGREEMENT, AND (C) NOR CAN AVOLVE GRANT ANY WARRANTIES OR ADDITIONAL TERMS TO THE CUSTOMER AS TO THE HOSTED SERVICES UNDER THIS AGREEMENT. THE HOSTED SERVICES ARE Page 4 of 15 L:\ca\Agreements\Avolve Software-FY22-0062.docx SOLELY GOVERNED BY THE MICROSOFT CUSTOMER AGREEMENT, TO WHICH AVOVLE IS NOTA PARTY. Microsoft Corporation makes certain service level commitments to its customers, which are available online in the Microsoft Corporation's SLAs at https://azure.microsoft.com/en-us/support/legal/sla/summary/. If Customer desires to make a claim under the Microsoft Corporation SLAs, Customer shall submit the claim through Avolve. Avolve will escalate the claim to Microsoft Corporation for review. If Microsoft Corporation determines that a credit is due, Avolve will credit Customer the amount Microsoft Corporation has paid to Avolve for the SLA credit promptly after receiving the credit from Microsoft Corporation. h. Compatibility Updates. Avolve will make commercially reasonable efforts to update the Avolve SAAS Solution, if and as required, to cause it to operate under new versions or releases of current operating systems and internet browsers, within fifteen (15) months of general availability. Passwords, Access. Customer may designate and add Users and shall provide and assign unique passwords and usernames to each authorized User pursuant to Avolve's then -current protocols. At Avolve's discretion, Users may be added either by Avolve or directly by Customer. Customer shall ensure that multiple Users do not share a password or username. Customer further acknowledges and agrees that it is prohibited from sharing passwords and/or usernames with unauthorized users. Customer will be responsible for the confidentiality and use of its Users passwords and user names. Avolve will act as though any electronic communications it receives under such passwords, usernames, and/or account numbers have been sent by Customer. Customer agrees to immediately notify Avolve if it becomes aware of any Toss or theft or unauthorized use of any of passwords, usernames, and/or account numbers. Customer agrees not to access Avolve Cloud by any means other than through the interfaces that are provided by Avolve. 1• Transmission Of Data. Customer understands that the technical processing and transmission of Customer Data is necessary to use of the Avolve SAAS Solution, and consent to Avolve's interception and storage of Customer Data. Customer understands that its Users or Avolve may be transmitting Customer Data over the Internet, and over various networks, only part of which may be owned by Avolve. Avolve is not responsible for any portions of Customer Data that are lost, altered, intercepted or stored without authorization during the transmission of Customer Data across networks not owned by Avolve. k. Customer Responsibilities. Customer will (a) be responsible for Users' compliance with this Agreement, (b) be responsible for the accuracy, quality and legality of Customer Data and the means by which it acquired Customer Data, (c) be Page 5 of 15 L:\ca\Agreements\Avolve Software-FY22-0062.docx responsible for cooperating and assisting Avolve as reasonably requested by Avolve to facilitate performance of its obligations and exercising of its rights under this Agreement, (d) use the Avolve SAAS Solution and any other materials provided by Avolve only in accordance with the Documentation and applicable laws and government regulations, including complying with all applicable legal requirements regarding privacy and data protection so as to not violate the intellectual property, privacy or any other rights of any third parties, and (e) use commercially reasonable efforts to prevent any security breach, including any unauthorized access to or use of the Avolve SAAS Solution. Should Customer become aware of any actual or threated security breach, Customer shall promptly notify Avolve and take all reasonable and lawful measures within its control that are necessary to stop the activity or threatened activity and to mitigate its effects (including, where applicable, by discontinuing and preventing any unauthorized access to the Avolve SAAS Solution). Customer shall provide sufficient notice to, and obtain sufficient consent from, its Users and any other party providing personal data to Avolve and its suppliers (including the Microsoft Corporation) to permit the processing of data by Avolve and its supplier, and their respective affiliates, subsidiaries, and service providers solely to the extent such processing of data is expressly allowed for under this Agreement, including for the purpose of disclosing it to law enforcement or other governmental authorities as directed by Avolve solely to the extent Avolve is required to do so by law, or otherwise mutually agreed to in writing by the parties. Data Backup. The Avolve SAAS Solution is programmed to perform data backups of Customer Data stored within the Avolve SAAS Solution in accordance with Avolve's then -current standard storage limits and data backup practices (available upon request). Additional data backups may be purchased for an additional fee from Avolve and such additional data backup services shall be documented in an SOW pursuant to Section B of this Agreement. In the event of any Toss, destruction, damage or corruption of Customer Data caused by Avolve or the Avolve SAAS Solution, Avolve, as its sole obligation and liability and as Customer's sole remedy, will use commercially reasonable efforts to restore Customer Data from Avolve's most current backup of Customer Data. m. Ownership. Customer acknowledges and agrees that Avolve owns all right, title, and interest in and to all intellectual property rights (including all derivatives or improvements thereof) in the Avolve SAAS Solution and any suggestions, enhancements requests, feedback, recommendations or other information provided by Customer or any of its Users related to the Avolve SAAS Solution. Customer's use rights to the Avolve SAAS Solution and the related materials supplied by Avolve pursuant to this Agreement are strictly limited to the right to use the proprietary rights in accordance with the terms of this Agreement. No right of ownership, expressed or implied, is granted under this Agreement. Page 6 of 15 L:\ca\Agreements\Avolve Software-FY22-0062.docx 2. Security. The security, privacy and data protection commitments set forth in this Agreement only apply to products and services provided by Avolve directly to Customer and do not include any products or services resold by Avolve hereunder, including any hosting services provided by Microsoft Corporation pursuant to the Customer's Microsoft Customer Agreement. a. Security Program. Avolve has implemented and maintains an information security program that incorporates administrative, technical, and physical safeguards designed to protect the security, confidentiality, and integrity of the Customer Data provided by Customer and its Users to Avolve in accordance with this Agreement. b. Annual Audit. Avolve will use commercially reasonable efforts to conduct an annual security audit of Avolve using an independent third party selected by Avolve. Upon the Customer's written request, a copy of the final report from any such audit shall be promptly provided the Customer. The Customer agrees that any such reports or other information provided to Customer concerning any audit shall be the Confidential Information of Avolve. c. Security Breach. Avolve will notify Customer promptly and in no event later than one (1) business day following Avolve's discovery of a Data Security Breach (defined below) and shall (i) undertake a reasonable investigation of the reasons for and the circumstances surrounding such Data Security Breach and (ii) reasonably cooperate with Customer in connection with such investigation, including by providing Customer with an initial summary of the results of Avolve's investigation as soon as possible, but in all cases within two (2) business days after the date Avolve discovered or reasonably suspected a Data Security Breach, and then regular updates on the investigation as it progresses; (iii) not make any public announcements relating to such Data Security Breach without Customer's prior written approval, which shall not be unreasonably withheld; (iv) use commercially reasonable efforts to take all necessary and appropriate corrective action reasonably possible on Avolve's part designed to prevent a recurrence of such Data Security Breach; (v) collect and preserve evidence concerning the discovery, cause, vulnerability, remedial actions and impact related to such Data Security Breach, which shall meet reasonable expectations of forensic admissibility; and (vi) if requested by Customer, at Customer's cost, provide notice to individuals or entities whose Confidential Information was or may have been affected in a manner and format specified by Customer. In the event of any Data Security Breach is caused by Avolve, Customer shall have, in addition to all other rights and remedies available under this Agreement, law and equity, the right to terminate the Agreement upon thirty (30) days prior written notice. For purposes of this Agreement, the term "Data Security Breach" shall mean any of the following occurring in connection with Customer Data in connection with Customer's and its Users' authorized use of the Avolve SAAS Solution: (a) the loss or misuse of Customer Data; and (b) disclosure to, or acquisition, access or use by, any person Page 7 of 15 L:\ca\Agreements\Avolve Software-FY22-0062.docx not authorized to receive Customer Data, other than in circumstances in which the disclosure, acquisition, access or use is made in good faith and within the course and scope of the employment with Avolve or other professional relationship with Avolve and does not result in any further unauthorized disclosure, acquisition, access or use of Customer Data. d. Signatures. The parties shall use electronic signatures for all agreements unless otherwise prohibited by law. Prior to any public disclosure of any document containing a signature, the signature shall be redacted by the disclosing party in a manner which renders it illegible and unable to be copied. 3. Suspension Right. Avolve reserves the right to include disabling devices in the service and software provided under this Agreement and to use such disabling devices to suspend access and/or use when any payment is more than 60 days overdue or when Avolve believes that Users are using the Avolve SAAS Solution and/or any other materials or services provided by Avolve hereunder not in accordance with the Documentation, this Agreement and/or applicable laws and government regulations. In addition, if Customer is using Microsoft Corporation for hosting services, Microsoft Corporation may terminate or suspend Customer's hosting services in accordance with the Customer's Microsoft Customer Agreement and, should this happen, Customer will not be able to access the Avolve SAAS Solution. Customer agrees that Avolve shall not be liable to Customer, Users or to any third party for any suspension or inability to access the Avolve SAAS Solution pursuant to this Section A(3). If suspended for failure to pay, upon payment in full of all amounts overdue (including any interest owed), Customer may request the reactivation of its account. Avolve shall reactivate promptly after receiving in advance all applicable reactivation fees, provided that Avolve has not already terminated this Agreement. 4. Ownership and Disposition of Customer Owned Data, Hosting Location. "Customer Data" refers to the data provided by the Customer that resides in the Customer's Avolve SAAS Solution environment, including any plan review, project drawings and associated project documents. Customer shall own all Customer Data that may reside within Contractor's hosting environment, to include Disaster recovery site, equipment and media. Contractor is granted no rights hereunder to use the Customer Data except to the extent necessary to fulfill its obligations to Customer under this Agreement. Unless approved in writing by Customer, Avolve shall host the Avolve SAAS Solution provided to Customer hereunder from a data center located within the United States. Upon termination or expiration of Customer's right to use the Avolve SAAS Solution for any reason other than Customer's uncured material breach, for the first thirty (30) calendar days following termination or expiration, Customer may request in writing that Avolve provide a copy of Customer's then -current Customer Data and, for no additional cost, Avolve shall provide a copy in a mutually agreed upon format, unencrypted and uncompressed, on media supplied by the Customer. If the parties are unable to mutually agree upon the format or the media supplied by Customer is not acceptable to Avolve, Avolve will use commercially reasonable efforts to still provide a copy of the Customer Data but Avolve may charge a reasonable professional services fee for increased costs incurred. After this time period Page 8 of 15 L:\ca\Agreements\Avolve Software-FY22-0062.docx has expired, Avolve has no further obligation to retain the Customer Data and shall use commercially reasonable efforts to promptly delete all Customer Data from the Avolve SAAS Solution. 5. Verification. Avolve shall be permitted to audit (at least once annually and in accordance with Avolve standard procedures, which may include on -site and/or remote audit) the usage of the Avolve SAAS Solution and any other materials provided by Avolve to Customer. Customer shall cooperate reasonably in the conduct of such audits. In the event an audit reveals that (i) Customer underpaid fees to Avolve and/or (ii) that Customer has used in excess of the use rights granted herein, Customer shall pay such underpaid fees for such excess usage. Avolve reserves all rights at law and equity with respect to both Customer's underpayment of fees and usage in excess of the authorized quantities or levels. SECTION B. — PROFESSIONAL SERVICES AND SOWS 1. Statements of Work. From time -to -time during the Term of this Agreement, the parties may enter into statements -of -work (each being an "SOW") for Avolve SAAS Solution use rights (including additional storage) and/or Professional Services on terms mutually agreed in writing between the parties in the SOW, including, without limitation, scope of services, expected deliverables, milestone dates, acceptance procedures and criteria, fees and other such matters. No SOW shall be binding until executed by both parties. Each SOW will be incorporated into and subject to this Agreement. In the case of any conflict between the SOW and this Agreement, this Agreement shall control unless the SOW specifically states otherwise. SECTION C. — GENERAL TERMS AND CONDITIONS 1. Fees. a. Implementation SOW and Additional Storage Fees. The Implementation SOW includes the Avolve SAAS Solution subscription fees as outlined in Exhibit 3 — Pricing Agreement, as well as the training and implementation professional services; which, unless set forth otherwise in the Implementation SOW, shall be invoiced by Avolve in full, in advance on the Effective Date. Additional storage fees shall be as set forth in the then -current standard storage limits and data backup practices document, a copy of which is available from Avolve upon request. Additional storage fees will be invoiced in accordance with the then - current standard storage limits and data backup practices document. b. Other SOWs. Any SOWs that Avolve and the Customer may execute from time to time during the Term of this Agreement shall include within them the applicable fees, including whether the Avolve SAAS Solution subscription fees and/or Professional Services fees are being paid by Customer through Financing Company, by Customer through another paying agent, or by Customer directly to Avolve. Unless otherwise specified in the SOW, Professional Services fees will be L:\ca\Agreements\Avolve Software-FY22-0062.docx Page 9 of 15 invoiced as the Professional Services are delivered and Avolve SAAS Solution subscription fees will be invoiced yearly, in advance, in full at the time the SOW is executed. c. General Terms. Unless set forth otherwise in an SOW, payment on all invoiced amounts shall be due thirty (30) days from receipt of invoice. Avolve will invoice for the Avolve SAAS Solution subscription fees yearly, in advance, with the first invoice being issued on the Effective Date of this Agreement. The Customer agrees to pay all invoiced subscription fees net thirty (30) days from receipt of invoice. All fees are due in advance, irrevocable and non-refundable (except as expressly set forth otherwise in this Agreement). Customer agrees to provide Avolve with complete and accurate billing and contact information. 2. Taxes. Fees and other charges described in this Agreement do not include federal, state or local sales, foreign withholding, use, property, excise, service, or similar transaction taxes ("Tax(es)") now or hereafter levied, all of which shall be for Customer's account. Any applicable direct pay permits or valid tax-exempt certificates must be provided to Avolve prior to the execution of this Agreement. If Avolve is required to pay Taxes, Customer shall reimburse Avolve for such amounts. 3. Term. Except if terminated earlier in accordance with this Section C(3), this Agreement shall commence on the Effective Date and shall continue for the longer of either (a) the expiration of the Subscription Term for the Avolve SAAS Solution or (b) the completion of all Professional Services under all SOWs. Except as otherwise provided in any SOW, UPON THE EXPIRATION OF THE INITIAL TERM, THE SUBSCRIPTION TERM SHALL AUTOMATICALLY RENEW FOR SUCCESSIVE RENEWAL TERMS EACH EQUAL TO TWELVE (12) MONTHS, AT AVOLVE'S THEN CURRENT FEES FOR CUSTOMER'S THEN CURRENT USAGE, UNLESS EITHER PARTY PROVIDES NOTICE OF NON -RENEWAL AS SET FORTH IN THIS SECTION C(3). Avolve will provide notice of non -renewal or a notice of the fees due for each Renewal Term at least sixty (60) days prior to the commencement of the Renewal Term. If a notice of fees is provided, it will be in the form of an invoice. Customer acknowledges that it is its responsibility to provide a current email address to Avolve and to monitor such address for such notices. Customer may elect not to renew a Subscription Term by providing notice to Avolve at least thirty (30) days prior to the commencement of the Renewal Term. 4. Termination. In addition to any termination rights that maybe set forth in a specific SOW, either party may terminate this Agreement immediately upon written notice in the event that the other party materially breaches this Agreement and thereafter has failed to cure such material breach (or commenced diligent efforts to cure such breach that are reasonably acceptable to the terminating party) within thirty (30) days after receiving written notice thereof. Without prejudice to either party's rights to terminate set forth in the prior sentence, if Customer has purchased from Avolve hosting of the Avolve SAAS Solution on the Microsoft° Windows AzureTM platform, and Microsoft Corporation Page 10 of 15 L:\ca\Agreements\Avolve Software-FY22-0062.docx terminates the Customer's Microsoft Customer Agreement during a Subscription Term, Avolve and Customer shall act in good faith to determine a mutually acceptable replacement provider promptly upon receiving notice of Microsoft Corporation's intent to terminate the Customer's Microsoft Customer Agreement. 5. Force Maieure. Any delay or nonperformance of any provision of this Agreement (other than for the payment of amounts due hereunder) caused by conditions beyond the reasonable control of the performing party shall not constitute a breach of this Agreement, and the time for performance of such provision, if any, shall be deemed to be extended for a period equal to the duration of the conditions preventing performance. 6. Confidentiality. Each party shall use commercially reasonable efforts to hold confidential information ("Confidential Information") of the other in confidence. All Confidential Information (including but not limited to data) shall (i) remain the sole property of the disclosing party and (ii) be used by the receiving party only as authorized herein. Information will not be considered to be Confidential Information if (i) available to the public other than by a breach of this agreement; (ii) rightfully received from a third party not in breach of any obligation of confidentiality, (iii) independently developed by or for a party without access to Confidential Information of the other; (iv) lawfully known to the receiving party at the time of disclosure, (v) produced in compliance with applicable law, securities reporting requirement or a subpoena, government or court order, in which case Customer shall use its best effort to notify Avolve of the request and an opportunity to intervene; or (vi) it does not constitute a trade secret and more than three (3) years have elapsed from the date of disclosure. If Avolve receives a request for Customer Data (either directly or as redirected to Avolve by the Microsoft Corporation), then Avolve shall redirect the law enforcement agency to request that data directly from Customer. If compelled to disclose Customer Data to law enforcement, then Avolve shall promptly notify Customer and provide a copy of the demand, unless legally prohibited from doing so. To the extent required by law, Customer shall notify individual Users that their data may be processed for the purpose of disclosing it to law enforcement of other governmental authorities as directed by Avolve and shall obtain the User's consent to the same. 7. Indemnification; Limitation of Liability. a. Indemnification. If a third party makes a claim against the Customer that any Customer's use of the Avolve SAAS Solution in accordance with the terms of this Agreement infringes such third party's intellectual property rights, Avolve, at its sole cost and expense, will defend Customer against the claim and indemnify Customer from the damages, losses, liabilities, costs and expenses awarded by the court to the third party claiming infringement or the settlement agreed to by Avolve, provided that Customer: (i) notifies Avolve promptly in writing of the claim; (ii) gives Avolve sole control of the defense and any settlement negotiations; and (iii) gives Avolve reasonable assistance in the defense of such claim. If Avolve believes or it is determined that the Avolve SAAS Solution has Page 11 of 15 L:\ca\Agreements\Avolve Software-FY22-0062.docx violated a third party's intellectual property rights, Avolve may choose to either modify the Avolve SAAS Solution to be non -infringing or obtain a license to allow for continued use, or if these alternatives are not commercially reasonable, Avolve may terminate Customer's use rights and refund any unused, prepaid fees Customer may have paid to Avolve. Avolve will not indemnify the Customer to the extent that the alleged infringement arises from (1) the combination, operation, or use of the Avolve SAAS Solution with products, services, information, materials, technologies, business methods or processes not furnished by Avolve; (2) modifications to the Avolve SAAS Solution, which modifications are not made by Avolve; (3) failure to use updates to the Avolve SAAS Solution provided by Avolve; or (4) use of Avolve SAAS Solution except in accordance with any applicable Documentation or specifications. This section provides THE SOLE, EXCLUSIVE, AND ENTIRE LIABILITY OF AVOLVE AND ITS LICENSORS TO CUSTOMER, AND IS CUSTOMER's SOLE REMEDY, WITH RESPECT TO THE INFRINGEMENT OR MISAPPROPRIATION OF INTELLECTUAL PROPERTY RIGHTS. b. Limitation of Liability. In no event will Avolve be liable for special, indirect, incidental, consequential, or exemplary damages, including, without limitation, any damages resulting from loss of use, loss of data, interruption of business activities, or failure to realize savings arising out of or in connection with this agreement, including without limitation use of the Avolve SAAS Solution and the provision of the Professional Services. Except for direct damages and expenses associated with Avolve's obligation to indemnify Customer pursuant to Section C (7) (a), Avolve's aggregate, cumulative liability for damages and expenses arising out of this Agreement, whether based on a theory of contract or tort, including negligence and strict liability, will be limited to the amount of fees receive by Avolve under this Agreement (which fees may have been received by Avolve from Financing Company or directly from Customer). Such fees reflect and are set in reliance upon this limitation of liability. The limited remedies set forth in this Agreement shall apply notwithstanding the failure of their essential purpose. 8. Support; Warranties. a. Support. During the Customer's Subscription Term, at no additional cost to the Customer, Avolve shall provide the Avolve SAAS Solution in accordance with Avolve's Service Level Agreement (attached hereto as Exhibit 2). b. Warranties. Customer warrants and covenants that it owns or otherwise has and will have the necessary rights and consents in and relating to the Customer Data so that, as received by Avolve and processed in accordance with this Agreement, they do not and will not infringe, misappropriate or otherwise violate any intellectual property rights, or any privacy or other rights of any third party or violate any applicable laws or and government regulations, including but not limited to all foreign, United States federal and United States state recording laws. If Customer is purchasing from Avolve resold rights to Microsoft Cloud for US Page 12 of 15 L:\ca\Agreements\Avolve Software-FY22-0062.docx Government, Customer further warrants that it is one of the following: (i) a bureau, office, agency, department or other entity of the United States Government; (ii) any agency of a state or local government in the United States; (iii) any United States county, borough, commonwealth, city, municipality, town, township, special purpose district, or other similar type of governmental instrumentality established by the laws of Customer's state and located within Customer's state jurisdiction and geographic boundaries; or (iv) a federally - recognized tribal entity performing tribal governmental functions and eligible for funding and services from the US Department of Interior by virtue of its status as an Indian tribe. c. Disclaimer. Avolve AND ITS SUPPLIERS AND LICENSORS DISCLAIM ALL OTHER WARRANTIES STATUTORY, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF TITLE, NON -INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. NO WARRANTY IS GIVEN AS TO ACCURACY, ERROR -FREE OR UNINTERRUPTED SERVICE. CUSTOMER ASSUMES ALL RESPONSIBILITY FOR DETERMINING WHETHER THE SERVICES, ANY AVOLVE MATERIALS, THE AVOLVE SAAS SOLUTION OR THE INFORMATION GENERATED THEREBY IS ACCURATE OR SUFFICIENT FOR ITS PURPOSES. EACH PARTY DISCLAIMS ALL LIABILITY AND INDEMNIFICATION OBLIGATIONS FOR ANY HARM OR DAMAGES CAUSED BY ANY THIRD -PARTY HOSTING PROVIDERS. Avolve makes no warranties or conditions as to any services or products distributed under a third -party name, copyright, trademark or trade name that may be offered with or incorporated with the Avolve SAAS Solution or Professional Services provided by Avolve hereunder (such as the Microsoft hosting services). To the maximum extent permitted by law, Avolve will have no liability in connection with the third - party services or products. 9. Notices: Any notices being given by this Agreement shall be in writing and shall be effective if delivered personally, sent by prepaid courier service, sent by prepaid mail, or sent by facsimile or electronic communication (confirmed on the same or following day by prepaid mail). All correspondence shall be addressed to the parties as follows: If to Avolve: Mr. Jay Mayne CFO Avolve Software Corporation 4835 E. Cactus Rd., Suite 420 Scottsdale, AZ 85254 If to Customer: Brian Desatnik Development Services Director City of Redlands 35 Cajon Street Suite 20 Redlands, CA 92373 10. Governing Law. This Agreement will be governed by and construed in accordance with the laws of Customer's state of domicile. Page 13 of 15 L:\ca\Agreements\Avolve Software-FY22-0062.docx 11. Entire Agreement. This Agreement, together with any SOWs, constitutes the entire agreement and understanding between the parties and supersedes any prior agreements, representation, or understandings, whether oral or written, relating to the services provided hereunder. 12. Severability. Should any court of competent jurisdiction declare any term of this Agreement void or unenforceable, such declaration shall have no effect on the remaining terms hereof. 13. Assignment. These services and any other information or rights provided by Avolve, may not be sold, leased, assigned, sublicensed or otherwise transferred in whole or in part. Neither party may assign this Agreement or the benefits there from in whole or in part without the prior written consent of the other party which consent shall not be unreasonably withheld. Any assignment made in conflict with this provision shall be voidable at the option of Avolve. 14. Independent Contractor. Avolve is an independent contractor and not an employee of the Customer. Any personnel performing services under this Agreement on behalf of Avolve shall at all times be under Avolve's exclusive direction and control. Avolve shall pay all wages, salaries, and other amounts due such personnel in connection with their performance of services under this Agreement and as required by law. Avolve shall be responsible for all reports and obligations respecting such additional personnel, including, but not limited to: social security taxes, income tax withholding, unemployment insurance, and worker's compensation insurance. 15. Amendment. This Agreement may only be modified by written amendment signed by authorized representatives of both parties. 16. Hierarchy. The following order of precedence shall be applied in the event of conflict or inconsistency between provisions of the components of this Agreement: (i) this Agreement and (ii) the applicable Avolve Support SLA or SOW. Notwithstanding the foregoing, if any part of the Avolve Support SLA or SOW expressly states that it shall control over the Agreement, it shall so control. [SIGNATURES ON FOLLOWING PAGE] Page 14 of 15 L:\ca\Agreements\Avolve Software-FY22-0062,docx IN WITNESS WHEREOF, the parties hereto have executed this Agreement as of the dates set forth below. Name: Title: Date: Chief Financial Officer, VP Operations ATTEST: Aicte.ei eanne Donaldson, City Clerk L:\ca\Agreements\Avolve Software-FY22-0062.docx Paul T. Barich Name: Title: Mayor Date: l I --17— 20 22 Page 15 of 15 07102019 P roj ect Dot Electronic Document Management & Collaboration Solution City of Redlands, CA Statement of Work — Implementation SOW September 9, 2022 a of e. professional services 4835 East Cactus Road Suite 420, Scottsdale, Arizona 85252 Phone: 602.714.9774 www.avolvesoftware.com Exhibit 1 Page 1 of 12 of software EXECUTIVE SUMMARY This Statement of Work will focus on SaaS of a Production and Test Environments and the implementation of ProjectDox Best in Class workflows addressing the Customer's needs for One (1) Best in Class plan review process. The goal is to implement ProjectDox and a standard Cityworks PLL permitting system integration for ProjectDox utilizing web services, in a standardized, off the shelf manner. We will leverage Avolve best practices and built-in configuration and modifications features, to meet the most effective functionality required to achieve the highest business value for the customer (the "Project"). PHASE 1 SETUP The project kickoff will be scheduled between Avolve Software and the customer to start the project and the setup of the Production SaaS environment including installation of the below purchased workflows. Additional activities will include the development and acceptance of the project plan and identification of one 30-minute weekly status calls to occur each week over this 16-week project. Additional environments (Test) will be factored into the project plan and implemented based on the sales order/agreement. The date of acceptance for this milestone becomes the SaaS System Annual Renewal Date. PHASE 2 CONFIGURATION & INTEGRATION The Avolve project manager will work with the Customer to schedule configuration workshop sessions with the Customer project team to complete the Configuration Worksheet and complete the base setup using standard templates and design to expedite the project while providing the best business value for the below workflows. This includes three (3) 2-hour sessions to cover each workflow. Any design requirements identified during this phase outside of the design of the BIC workflow process and/or requiring development will be scoped and presented in a separate Statement of Work or Change Order. • Building Combination (Residential and Commercial) Workflow The Integration Configuration section of the Configuration Worksheet that will be reviewed with the Customer project team and used to acquire the required data and API connection/credential information to complete the defined integration. This includes two (2) 2-hour sessions. Integration between ProjectDox and Cityworks PLL requires the Cityworks PLL permitting system to have the required API's/ web services to facilitate the communication. If API's are not currently present and functional, the Customer will need to provide the resources to develop and test any new required services and Avolve will assist in testing. Any additional integration points other that what is described below would be considered additional scope and would require additional professional services (assurance services) to cover design, development, and testing. Direct database calls are not supported. Below is a description of the integration and visual reference of their locations within the workflow. • Cityworks PLL permitting system integration includes: 07102019 Exhibit 1 Page 2 of 12 o Get Permit Information —calls the API services to retrieve defined permit information from permitting system i.e., building details, zoning type, square footage, etc. o Get Contact Information —calls the API services to retrieve defined contacts and associated information, i.e. applicant name, address, phone, contractor name, address, phone, etc. o Get Default Reviews — calls the API services to retrieve the predefined setup of review groups to be assigned during the Assign Reviewers task in ProjectDox. These groups are then automatically selected (checked) in the Assign Reviewers eForm. o Add/Remove Plan Reviews — as plan reviews (Department Review) are assigned or unassigned, this is posted to the permitting system by adding/deleting/de-activating the associated reviews. o Update Plan Reviews — Push of data to provide the permitting system the following data related to the plan review: • Reviewer Name • Reviewer Department ■ Review Cycle • Review Status (Approved, Rejected) ■ Date Completed o Get Fee Balance - calls the API services to retrieve any fee balance. Some permitting systems API's can also supply details of fees due, but most only provide a current balance. o Update Project Status Approved — Push final status or log event of approved to permitting system API indicating to the permitting system that all reviews are approved in ProjectDox. 07102019 Exhibit 1 Page 3 of 12 of software aaentul to fle-nrt� Steps in the process flow configured for integration Display of application information from permitting system configured using Global Configuration Tool. - Project - Contractor - Owner Department Review PHASE 3 PROJECT TEAM TRAINING The Avolve training team will schedule a training session to educate the project team on the key concepts and features of the application and workflow to provide knowledge on how to begin unit testing of the workflow(s). This course will include basic navigation of the system, creating and editing annotations on plans and how this relates to the roles within the application and workflow for plan review. The system administration training course will also be conducted for identified City users. All courses are limited to 12 persons per course session maximum. PHASE 4 ACCEPTANCE TESTING Integration Unit Testing (IUT) The Integration Unit testing phase is conducted over a 5-business day per period that includes the delivery of the designed process, validation of the design by the Customer and resolution to design issues by Avolve before starting 07102019 Exhibit 1 Page 4 of 12 a✓olre- software the next sprint. The Avolve team will provide guidance to the Customer on methods to test the designed process and system meeting with the customer three (3) times for 1 hour each to work towards acceptance of the designed integrated product. Customer will validate the integration and document any identified issues in the Tracking Log document provided by the Avolve project manager. Avolve will resolve any identified issues to allow the customer retest to gain acceptance. End to End User Acceptance Testing The Avolve project manager will meet with the Customer three (3) times for 1 hour each to assist in the review and issue resolution for the functional end -to -end system. This phase is conducted over a 5-business day period and will allow the Customer to test and validate the full design of the system and the designed workflow(s). Any identified issues shall be added to the Tracking Log document provided by the Avolve project manager. Avolve will resolve any identified in scope issues to allow the customer to retest to gain acceptance. Completion and acceptance of the testing will initiate the promotion of the code from the Production system to the Test system to prepare for go -live training. • Setup of Test Environment • Code Promotion from Production to Test PHASE 5 TRAINING Avolve education specialists will deliver the below courses to the Jurisdictions staff. The courses will train approximately 48 persons and will be delivered based on the project plan rollout. A maximum of 12 persons per course is enforced with exception of the Community Outreach (TES -OUT). This demonstration/lecture session is targeted for the design community and is intended to be conducted for larger audiences (25+) to educate and promote the new processes. It is recommended that training sessions be organized with participants of similar technological abilities to allow for the most efficient delivery and retention of the materials. Additional training above and beyond the courses below may be added, or additional training may be performed post go -live by leveraging the assurance services funds afforded by the project. • Delivery of classes for all products/modules as purchased Quantity Course Name Est. Length 4 Introduction to ProjectDox 3 hrs. 3 Workflow & Markup for Plan Reviewers 6 hrs. 1 Workflow and Project Administration for Coordinators 6 hrs. 1 System Administration 4 hrs. 1 Community Outreach 1-2 hrs. PHASE 6 GO LIVE/LAUNCH The Avolve project manager will assist the customer with any product related errors or questions regarding the software for a period of 5-business days post go -live. After the 5-business day go -live period the project will be considered complete, and the customer shall be introduced and transitioned to the Avolve support team. The extension of support from the project manager can be extended with the purchase of post go live subscription services program. • Go -Live 07102019 Exhibit 1 Page 5 of 12 Transition to Support ASSURANCE SERVICES The assurance services fund may be leveraged at any time during or post project completion to cover additional integration requirements, newly identified out of scope requirements, training, and software not included in this statement or work. The funds intent is to be used post go-live/launch of a process to keep the project management team engaged to assist with change management and user adoption assistance. Assurance services hours are billed on an hourly basis at a rate of $225.00 an hour. The use of hours requires a change order or an assurance services agreement that defines the work and has signatures of agreement for use by the Customer. ACCEPTANCE PROCESS There will be Key Deliverables within the identified phases of the project as identified in the Project Activities/Deliverables Schedule which will be subject to acceptance by the Customer ("Acceptance"). Upon completion of each Key Deliverable, Avolve will request from the Customer a written response/acceptance within five (5) business days after receipt thereof. Notwithstanding the foregoing or anything to the contrary in the Purchase Agreement, all other Deliverables provided under this Statement of Work shall be deemed to have been accepted by the Customer upon delivery. If Customer does not approve, reasons for rejection must be clearly noted. Avolve will then work with the Customer to come to agreement on obtaining approval. The Customer shall be deemed to accept any such Key Deliverable which Customer does not accept or reject within such period. This acceptance will initiate the invoice of the milestone, if applicable. AVOLVE PROJECT PLAN AND PROCESS Promptly following execution of this Statement of Work, the parties shall meet to discuss the general project schedule, which will be organized around the standard Avolve project On -Boarding process. Within 2 weeks, the initial project plan will be created and sent to the Customer. The Project Plan contains a schedule, a list of tasks in a schedule format, assignments of specific team members over specific times and communication status reporting processes. The Project Plan is a living document that will be reviewed throughout the term of this Agreement and may be adjusted as reasonably necessary, as agreed to from time to time by the parties involved. 1. This Project was scoped based upon purchase of ProjectDox Best In Class, understanding that the site will be hosted by Avolve and configured per established Best -In -Class standards. This understanding forms the basis for Avolve's pricing and the Deliverables to be provided under this Statement of Work. Any deviation from these requirements will require a change order and may increase cost or estimated time of Project completion. 2. Avolve will have full access to all Project team members from the customer, as needed, to complete the successful implementation and roll out of ProjectDox. This access may require the team members of the customer to dedicate specific time to specific detailed tasks within the Project Plan. Team member tasks will be more clearly defined during the kickoff and planning sessions and documented in the Project Plan. 07102019 Exhibit 1 Page 6 of 12 oIVe- software 3. Customer and its third parties and/or subcontractors will fulfill any hardware/software requirements, including the purchase/development of API's for integration to allow for communication between Avolve Software and the Customer's permitting system in a timely fashion in order to keep the Project Plan on schedule. 4. This best approach package to implementation relies on partnership with the jurisdiction to achieve desired go -live goals. To that end, a not to exceed of 144 hours have been allocated to the project for professional service. Should the customer cause or contribute to the delay of any Deliverable, extend scope of schedule and/or scope of work incremental costs may be associated and may result in compilation of a formal Change Order to denote said changes. 5. Cancellation or reschedule requests within 72 hours of an upgrade and/or training date may result in a 20% cancellation fee. The 20% fee will be calculated on the total services for the project minus any Assurance Services. 6. All parties will reasonably prioritize their efforts to meet the Project Plan schedule in order to achieve a rapid roll out model. It is understood by all parties that multiple tasks may be in process at one time and Avolve may have more than one Professional Services team member working on the project at one time. 7. Client will provide adequate Project management for their own resources, and/or third parties, to collaborate with Avolve's project manager. Client subject matter experts and applicable users will be accessible and available in a timely fashion and for adequate and reasonable durations. Avolve will make sure that scheduling of meetings is done adequately in advance of these resource allocations. 8. Avolve has scoped and intends to fully leverage ProjectDox as is, utilizing all built in configuration features to setup the processes using the Configuration Worksheet as a guide to meet the business needs. 9. Any optional items chosen in the Purchase Agreement/Sales Order are not included here and would require a modification to this Statement of Work. 10. Customer understands that an ePlan Life Cycle implementation is a very significant digital transformation enterprise project that requires dedicated change management from the Customer's staff. This will be key for the success of the Customer. 11. Work will not begin until an executed copy of all paperwork is complete. Work will begin at the earliest date at which Avolve resources and Customer resources are available or as otherwise agreed to. 12. Avolve and Customer agree to cooperate in good faith to complete the Services and Deliverables in a timely and efficient manner. 13. Recording of Avolve provided training or UAT (user acceptance testing) sessions is not permitted. 14. All training classes unless otherwise noted are limited to 12 persons maximum per class. 15. In the event the Customer delays the progression of the implementation and Avolve Software resources are placed on -hold and/or removed from the project, Avolve Software will not guarantee Project Managers and/or Technical Avolve resources will be available to re -deploy immediately upon resolution of the issue. In this event, Avolve Software resources will be rescheduled to the next available timeframe. 07102019 Exhibit 1 Page 7 of 12 a /o lV e software *Configuration options are as described by ProjectDox documentation and as evidenced by ProjectDox administration screens. Minor changes to Avolve ProjectDox Best Practices (Best in Class) workflows are changes to activate/deactivate and/or parametrize with variables, existing steps in the Best Practices workflows. Customization of additional products and modules are to be within the bounds and scope of the respective core product(s) and modifications are limited to those that are allowed by core product design. CHANGE CONTROL PROCESS The "Change Control Process" is that process which shall govern changes to the scope of the Project during the life of the Project. The Change Control Process will apply to new components and to enhancements of existing components. The Change Control Process will commence at the start of the Project and will continue throughout the Projects duration. Additional procedures and responsibilities may be outlined by the Project Manager identified on the signature page to the Agreement and will be included in the Project Plan if mutually accepted. Under the Change Control Process, a written "Change Request" (attached) will be the vehicle for communicating any desired changes to the Project. It will describe the proposed change; the reason for the change and the effect the change may have on the Project. The Project Manager of the requesting party will submit a written Change Request to the Project Manager for the other parties. All parties must sign the approval portion of the Change Request to authorize the implementation of any change that affects the Project's scope, schedule or price. Furthermore, any such changes that affect the scope of this SOW, schedule or price will require an amendment to the SOW and/or any other part of the Purchase Agreement. Pricing and payment terms are as set forth in Exhibit 3 of the Agreement to Perform Professional Services. • Professional Service hours will be invoiced monthly as time and materials based on the rate for the applicable resources. Avolve will provide monthly balances for hours remaining for the project. • Training will be invoiced as courses are completed at the identified fixed price provided in the Purchase Agreement/Sales Order. • Travel and Expenses are estimated to be $10,000.00 and will be invoiced to customer as incurred for trips to the Customer offices. Customer will only be invoiced for actual incurred expenses. 07102019 Exhibit 1 Page 8 of 12 o Ive- software PROJECT ACTIVITIES 1 DELIVERABLES PAYMENT SCHEDULE Preliminary project and deliverable schedules are provided and are subject to change based on discussions to occur post the kick-off of the project, provided that both the Customer and Avolve Software agree to the new terms in writing. The project scope and associated costs is based on a 12-week implementation schedule. Schedule Deliverable Week 1 — Kick Off • • Project Kick Off Meeting Project Plan Week 2 — System Setup • ProjectDox system delivered for use Week 3 — Configuration Sessions • • Configuration Workshops Integration Workshops Week 4 — Customer Configuration Worksheet Completion Week 5 — Configuration Week 6 — Integration Configuration • Deliver Functional System Week 7 —Project Team Training • • Scheduled Project Team Training Course Applicant, Reviewer and Coordinator Quick Reference Guides Week 8 — User Acceptance Integration Unit Testing Week 9 — User Acceptance Workflow Testing • • Provide final system configuration worksheet Provide final Configuration Requirements Document or CRD Week 10 — Test Environment Setup • Functional Test Environment Week 11 — Go Live Training • Go Live Training as identified in the SOW Week 12 — Go Live • • Launch of System Transition to Support 07102019 Exhibit 1 Page 9 of 12 Est Schedule Project Phase Deliverables Deliverable/Acceptance Criteria Week 2 Setup • Project Kick Off Meeting • Project team can log into installed environment • Project Plan Setup and SaaS Renewal Sign Off Week 6 Orientation and Config • Configuration Workshops • Integration Workshops • Deliver Functional System • Project Team Training Scheduled Sign off Acceptance Document Week 7 Project Team Training • Project Team Training Course • Applicant, Reviewer and Coordinator Quick Reference Guides Sign off Acceptance Document Week 9 UAT • Provide final system configuration worksheet • Provide final Configuration Requirements Document or CRD • Functional Test Environment Sign Off Acceptance Document Week 11 Go Live Training • Go Live Training as identified in the SOW Sign Off Acceptance Document Week 12 Launch/Go-Live • Launch of System • Transition to Support Sign Off Acceptance Document Assurance Services • Invoiced monthly as time and materials For the avoidance of any doubt, all right, title and interest in and to the Deliverables (including without limitation the above Key Deliverables), as well as the intellectual property rights to such Deliverables, shall belong to Avolve, subject to the limited license granted to the Customer pursuant to the Licensing Agreement. 07102019 Exhibit 1 Page 10 of 12 of software STATEMENT OF WORK ACCEPTANCE Once fully executed, this document will become the Statement of Work for the Project defined in this document. Avolve and Customer's signatures below authorizes Avolve to begin the services described above and indicates Customer's agreement to pay the invoices associated with these services delivered as described. SOFTWARE ACCEPTANCE DATE AND MAINTENANCE Avolve will invoice Customer for Software Maintenance following the Software Acceptance Date and Customer shall pay such invoiced amount pursuant to the terms of the Purchase Agreement/Sales Order. For all subsequent years of Software Maintenance purchased by Customer, invoicing and payments shall be as set forth in the Purchase Agreement/Sales Order. AUTHORIZED SIGNATURES Avolve Software Corporation By: City of Redlands, CA �� By: G! 22 ��c' Jay Mayne " Brian Desatnik Name: Name: Chief Financial Officer, VP Operations Development Services Director Title: Title: Date: D /317.<5 2.2— Date: // — 7 -2 2 07102019 Exhibit 1 Page 11 of 12 EXHIBIT A: CHANGE REQUEST FORM Avolve Software Change Request Form City of Somewhere GENERAL INFORMATION Change Request M (CR) Protect:City/County Requester Name Description of Change Date Submitted Prionry (Enter a detailed deacrrotior: of the change being requested] Low ! j Medium High ' 24 Required Reason for Change Request ' 'Enter a debuiad descragion of why the change is being requested) Protect Artifacts Impacted Assumptions/Risks C om me n tsICon s ide ratio ns Alohmerrts/References /. ist other artifacts affected by this chengeJ fDocwnent essrrnpLons or comments regarding the requested change) (Enter adddiorrat comments) ESTIMATE S Total Estimated development Hours Total Estimated Oeveloprrent Duration Schedule Impact Cost Impact Comments/Recommendations PM Approval Signature Date Signed IDS Approval Signatwe Date Signed (Enter the hour Impact of the requested change) (Elmer the duration impact of the requested Mengel Detail the impact this change mar have on scheduiesj Meted the impact rhis change may have on cost) _J CITY OF SOMEWHERE AUTHORIZATION Customer Approval Signature Date Signed Pat of Copyright 2022 Avolve Software Corporation. ProjectDox is a registered trademark of Avolve Software Corporation. J EXHIBIT 2 — SERVICES SERVICE LEVEL AGREEMENT (SLA) SUPPORT PROCESS AND SERVICE LEVEL AGREEMENT Avolve's current support process and service level commitments ("Support") are defined below. Support Portal. Avolve provides Support through its Support Portal (https://support.avolvesoftware.com). All issues can be logged using the portal or through an on -call support number. Customer personnel receive Support Portal login credentials promptly following purchase of rights to use the Avolve SAAS Solution. After a login is received, the Customer may enter, track, update, and report on trouble ticket, as well as communicate with Avolve helpdesk staff via phone, email, web meeting, and/or ticket notes. Help, FAQs, Documentation, and a Knowledgebase are also available at the Avolve support portal. Support Hours. 8 AM — 5 PM MST. Planned Downtime. Avolve or its third -party agent may render the Avolve SAAS Solution unavailable in order to perform upgrades, updated, patches, enhancements and routine maintenance activities, so long as the Avolve SAAS Solution is only unavailable to Customer and its Customer Users outside of the hours of 7 AM through 9 PM East Coast Time on business days during the Subscription Term. Avolve shall provide no less than five (5) days advance notice to Customer of any planned downtime. Customer acknowledges that in the case of emergencies, Avolve or its third -party agents may render the Avolve SAAS Solution unavailable in order to address the emergency. In such situations, if reasonably feasible, Avolve will provide notice to Customer in advance of rending the Avolve SAAS Solution unavailable or, if not reasonably feasible, notice to Customer promptly following the rendering of the Avolve SAAS Solution unavailable. Customer understands and agrees that Avolve shall not be liable for any such interruption in access to the Avolve SAAS Solution for downtime occurring pursuant to this paragraph (collectively, referred to herein as "Planned Downtime"). On -Site Emergency Support. Customer may request on -site emergency operational support services as a separate and distinct billable service. In such cases and at its discretion, Avolve will dispatch appropriate technical staff to deliver on -site technical services. Problem Determination and Resolution. Avolve resources are allocated to resolve reported problems based on the severity level as described in the following table. Avolve uses commercially reasonable efforts to provide a prompt acknowledgement, acceptable resolution, workaround, or a plan for the provision of a resolution or acceptable workaround in the timeframe set forth below: Incident Response, Resolution, and Restoration Times Severity Level System Down Critical High Medium Low Response Time 1 hour 4 business hours 12 business hours 24 business hours 48 business hours Resolution Time Reasonable Best Effort Reasonable Best Effort Reasonable Best Effort Reasonable Best Effort Reasonable Best Effort Incident Reports 24 Hours n/a n/a n/a n/a *Normal Business Hours: 8:00 a.m. through 5:00 p.m. Mountain Standard Time, Monday through Friday (excluding standard holidays). Support Classification Definitions: • Response Time. Once a problem has been reported, the Customer receives an acknowledgement by email, chat, phone or the through the support portal. Avolve will begin the process of problem Page 1 of 5 determination and resolution at this point. The time the ticket is submitted, and the response time will be logged to ensure SLA is met. • Status Updates. During the problem determination and resolution process, Customer may receive regular communications, via email, chat, phone, or the support portal, as to the status of the problem determination and resolution. All communications should be logged in Avolve's support system including date, time, and contact name. This helps Avolve and the customer determine the status and duration of the issue reported. Any communications outside the support portal, unless scheduled by Avolve Support such as an online conference (e.g., Zoom or Teams), will not be considered as part of Avolve's SLA. Tickets forwarded to Avolve Development/CZA or PI Party Software company for further analysis or patch development, may result to delayed updates to the customer. • Resolution Time. It is the time the issue should be resolved. In some instances, a resolution may still be a temporary fix beyond the viable workaround. This incident occurs if the solution requires a product patch and/or product upgrade that result to a longer resolution schedule. • Severity Re-classification. Avolve and the Customer can reclassify the severity of a ticket if required. Severity Type Definitions: • System Down: A complete system failure impacting Customer's ability to use the system that affects their business operations. From a time management perspective, it is urgent and important. Examples of a system down severity is when all users are unable to login or various errors occur simultaneously for all users. Avolve Support will respond to the ticket within 1 hour and try to restore the system within 4 hours. Customer's administrators, IT, and/or users experiencing the issue may need to be available to help address specific tickets. If it requires further investigation and longer resolution time, a temporary workaround (i.e., restoration) will be determined with the Customer to allow operations to proceed during business or non -business hours. Status updates will be provided periodically, on a System Down tickets 24x7 until resolution. Infrastructure issues are often resolved quickly by service or system restart. Any potential system alerts will be promptly addressed in an effort to avoid issues from reoccurring. Avolve will create a new ticket with a low severity rating if the issue has been resolved but require further root -cause analysis. • Critical: An application failure impacting 1 or more end -users' ability to use the system and affects critical operations that need to be addressed immediately. From a time management perspective, it is urgent and important for some users. Examples of a critical severity is when 1 or more users are unable to upload files, batch stamp approved plans, open several files, or run reports after several attempts. Avolve Support will respond to the issue within 4 hours and try to resolve the issue within 6 hours. Customer's administrators, IT, and/or users experiencing the issue may need to be available to help address specific issues. If it requires further investigation and longer resolution time, a temporary workaround (i.e., restoration) will be determined with the customer to allow operations to proceed during business hours. Critical tickets will be immediately worked on until restoration from Monday to Friday (excluding US holidays) and within business hours. Any issue that requires work beyond work hours will be addressed on the following workday and within business hours. Avolve will create a new ticket with a low severity rating if the issue has been resolved but require further root -cause analysis. • High: An error that causes Avolve product to fail with minimal business impact. From a time management perspective, it is not urgent but important. Examples of a high severity are intermittent but frequent operational errors that need to be addressed. Avolve Support will respond to the issue within 12 business hours and try to resolve the issue within 24 business hours. If it requires further investigation and longer resolution time, a temporary workaround will be determined with the customer to allow operations to proceed during business hours. Support will work on the issue from Monday to Friday (excluding US holidays) and within business hours. Any issue that requires work Page 2 of 5 beyond business hours will be addressed on the following workday and within business hours. Avolve will create a new ticket with a low severity rating if the issue has been resolved but require further root -cause analysis. • Medium: An error that causes Avolve product to fail with no significant business impact. From a time management perspective, it is not urgent and slightly important to some users. Examples of a medium severity are how-to questions, or specific issues only occurring to a single end -user. Avolve Support will respond to the issue within 24 business hours and resolve the issue within reasonable best efforts. Support will work on the issue from Monday to Friday (excluding US holidays) and within business hours. Any issue that requires work beyond business hours will be addressed on the following workday and within business hours. • Low: A service request for a new feature, additional documentation, or an explanation of product functionality that does not impact business operations. From a time management perspective, it is not urgent with low importance. Avolve Support will respond to the issue Within 48 business hours and resolve the issue within reasonable best efforts. Support will work on the issue from Monday to Friday (excluding US holidays) and within business hours. Any issue that requires work beyond business hours will be addressed on the following workday and within business hours. Unsupported Issues. Avolve does not cover under Support, and the SLA does not include the following conditions (collectively, the "Unsupported Issues"). • Any Avolve SAAS Solution use not covered by an active support contract and/or not in compliance with a valid agreement with Avolve. Authorized users of the Avolve SAAS Solution are entitled to Support as part of their use fee. • End -user's computer hardware/software configurations such as OS (e.g., Linux or older Windows versions) or browser versions not supported by Avolve. • Problems caused by misuse or misapplication of the Avolve SAAS Solution, including any anomalies and/or failures in test or production operating environments that impact the Avolve SAAS Solution and are determined to have their cause due to unwarranted Customer decisions, actions, system configuration/ modification, policies and/or procedures. • Problems caused by Customer's custom application code authorized to be developed using Avolve APIs as set forth in the documentation accompanying such API and the Customer's Agreement. • Problems caused by updates or upgrades of 3rd party applications that are integrated with Avolve products and/or services. • All Training programs, regardless of software version updates and/or upgrades. • On -premises type of support including but not limited to: (a) End -user's Windows configuration issues; (b) On-prem firewall or other security device configuration; (c) On-prem VPN, proxy servers, or other internal devices that connect to the Avolve SaaS solution; (d) Customer DNS, SSL certifications, or Azure AD configurations and updates if used for the Avolve SaaS solution; (d) On-prem or end -user's network performance monitoring and updates; (e) End -User browser support; (f) User -modified and new workflows or eforms. Additional services may be purchased for an additional fee. • Any other reasons set forth in the Customer's Agreement, including without limitation any down -time due to Microsoft Corporation. Page 3 of 5 "Avolve, in its sole discretion, shall determine whether any of the foregoing exclusions are applicable to Customer. Any services provided for exclusions shall be paid by Customer at Avolve's then -current rates, as well as all travel and other expenses incurred by Avolve in providing such services. Customer's Obligations for Operational Support. To facilitate clear and consistent communication and timely issue resolution, Customer shall designate up to two contact persons for technical support processes. These individuals are responsible for initiating support requests, communicating with Avolve technical support personnel, and monitoring the support process with Avolve. Timely Customer response to Avolve requests for information during issue resolution is a necessary pre -requisite to Avolve's providing Support. Avolve also requires remote access to the Customer system for the purpose of problem determination and analysis. Where reasonably necessary to provide Support, Customer shall provide Avolve's technical support personnel reasonable, remote access capabilities into Customer's systems. Upon Avolve's request, Customer will also provide reasonable supporting data to aid in the identification and resolution of the issue. Service Level Commitments Uptime commitment. Per Avolve's SaaS agreement, Avolve will use commercially reasonable efforts to make the Avolve SAAS Solution available. The Annual Uptime Percentage has 2 components: The infrastructure uptime, which is dependent on Microsoft's SLA; Avolve software, which is 99.5%, excluding Planned Downtime. In the event that Avolve does not meet this uptime commitment, Customer will be eligible to receive a service credit for 1% of the monthly fee for each one (1) hour of downtime during Customer's normal business hours, up to 50% of Customer's Pro -Rated Monthly Subscription Fee. Definitions • "Annual Uptime Percentage" is calculated by subtracting from 100% the percentage of 10-minute periods during a calendar month in which the Avolve SAAS Solutions was Unavailable to Customer. • "Availability" means the ability to log into the Avolve SAAS Solution. • "Claim" means a claim for a service credit Customer submits by opening a support case with Avolve, on the basis that the hosted Avolve SaaS Product infrastructure has been Unavailable to Customer during a service month. • "Pro -Rated Monthly Subscription Fee" is calculated by dividing the Customer's applicable annual Avolve SAAS Solution subscription fee by twelve. • "Unavailability" means the inability to log into the Avolve SAAS Solution. Service Credit Requests To receive a service credit, Customer must notify Avolve and submit a Claim within thirty (30) days from the incident that would be the basis for the claim. To be eligible, the Claim must include (a) the dates, times, description, and duration of each incident experienced; and (b) the Customer's event logs or any other system telemetry that document the errors and corroborate the claimed Unavailability (any confidential or sensitive information should be removed). Failure to provide a timely Claim, which includes all the required information, will disqualify the Claim and Customer from receiving a service credit. If Avolve validates the Claim, then Avolve will promptly issue the service credit. Service Credit Provisions Service credits are Customer's sole and exclusive remedy for any failure of Avolve to provide the Avolve SAAS Solution in accordance with the terms of the Agreement. Service credits shall be a credit toward future services only and do not entitle Customer to any refund or other payment from Avolve. Service credits may not be transferred, applied to another account, exchanged for, or converted to monetary amounts. Page 4 of 5 The maximum service credits awarded with respect to Claims the Customer submits in any calendar month shall not, under any circumstance, exceed in the aggregate 50% of the Customer's Pro -Rated Monthly Subscription Fee for such month. Avolve will use all information reasonably available to it to validate Claims and make a good faith judgment on whether a service credit should be applied to the Claim. SLA Exclusions This SLA does not apply to any Availability or Unavailability of the Avolve SAAS Solution: • During Planned Downtime; • Caused by Unsupported Issues; • Caused by factors outside of Avolve's control, including any force majeure event or interruption or impediment to Internet access or related problems; • That result from Customer's equipment, software or other technology and/or third -party equipment, software or other technology, including any third party hosting providers; • That resulted from Planned Maintenance or associated to beta, evaluation, non -production systems, and trial services accounts; • That result from any actions or inactions from Customer or any third party, including employees, Users, agents, contractors, or vendors, or anyone gaining access to the hosted Avolve SaaS Product infrastructure by means of Customer's (and its Users') passwords or equipment; • Arising from Avolve's suspension and termination of Customer's right to use the hosted infrastructure in accordance with the Agreement; and • That result from Avolve application software implementation errors caused by configuration, customization, installation, or human errors. • Avolve, in its sole discretion, shall determine whether any of the foregoing exclusions are applicable to Customer. Avolve may, but is not obligated to, issue a Service Credit in Avolve's sole discretion where Customer's use of the Avolve SAAS Solution may be Unavailable due to factors other than expressly provided here in this SLA. IN WITNESS WHEREOF, the parties hereto have executed this Agreement as —of the dates set forth below. Avolve Soft By: Name: Title: Date: Corpora ti��y Jay Mayne Chief Financial Officer, VP Operations ATTEST: aanne Donaldson, City Clerk Name: Title: Date: Paul T. Barich Mayor I)- 17-z2, Page 5 of 5 ProjectDox Cit of Redlands, CA a software Exhibit 3 - Pricing Agreement November 15, 2022 Prepared by your Avolve Software Representative Chris Taddonio Western Region Sales Director 4835 East Cactus Road Suite 420 Scottsdale. AZ 85254 www.avolvesoftware.com Telephone: (602) 903-3111 Email: ctaddonio@avolvesoftware.com Exhibit 3 software ProjectDox® Pricing Agreement Quote Delivered To Tricia Munoz 35 Cajon Street Redlands, CA 92373 Management Analyst tmunoz@cityofredlands.org Date of Quote: 1/11/2022 City of Redlands, CA (909) 335.4755 x9 Quote Valid Until: 11/30/2022 Pro'ectDox ePlan Solution Pricin • A • reement SAAS - 1ST YEAR SUBSCRIPTION Product Name Product Code Description PUnit QtyTotal Price Price Production Environment Light Level Capacity ProjectDox SaaS License SAAS.PDOX P'L Software as a Service (SaaS) for ProjectDox on a Production Environment. Designed for organizations who have approximately 50 concurrent users and 3,000 plan checks per year. Software included for SaaS Production: • ProjectDox Software Subscription • Unlimited Workflow license Services included for SaaS Production: • Set up and installation of ProjectDox • Managed services • Annual ProjectDox upgrades -Technical Support Production Environment Safeguard: Avolve security policy limits access to the Production environment. External users including the customer's IT will not be allowed direct access to the Production servers and database. Any development or testing can be performed on the Test environment. 12.00 $6,000.00 $72,000.00 Test Environment Light -Level Capacity ProjectDo x SaaS License SAAS.PDOX T.L Software as a Service (Saar) for ProjectDox on a Test Environment. Designed for organizations who plan to use the system for development and/or testing with approximately 5 concurrent users and approximately 500 permits per year. Software included for Production: • ProjectDox Software Subscription • Unlimited Workflow license Services included for SaaS Production: • Set up and installation of ProjectDox • Managed services • Annual ProjectDox upgrades Test Environment Safeguard: Avolve security policy limits access to the Test environment. External users including the customer's IT can 12.00 $980.00 $11,760.00 Page 2 of 15 85254 202201-1884 Avolve Software Corporation 14835 East Cactus Road I Suite 420 I Scottsdale, Arizona software ProiectDox® Pricing Agreement be provided limited VPN access to the Test servers and database such as creation and testing of custom reports. VPN access will be made available upon request at additional cost. SaaS Cityworks Integration SaaS-CW.Int Avolve and Cityworks SaaS integrationwith ProjectDox and Cityworks Permit Licensing and Land (PLL) Integration includes: PLL with ProjectDox: - Create Projects - Get Permit Info - Get Contact Info - Get Default Reviews - Add/Remove Plan Reviews - Update Plan Reviews Get Fee Balances - Update Project Status Approved 1.00 $6,000.00 $6,000.00 TES Video License Subscription TES-VLS Embedded "How To" videos which provide online assistance for applicants and training refreshers for city staff 1 $5,400.00 $5,400.00 SaaS Sub -Total: $95,160.00 TRAINING - SERVICES SKU (ONE TIME) Product Name Product Code Description Qty Unit Price Total Price ProjectDox Bundled Training Services PKG- PDOX.TRN Package Includes: 2 Introduction to ProjectDox 1 Workflow and Markup Training for Reviewers 1 Workflow and Project Administration for Coordinators 1 System Administration Training 1 Community Training Package is limited to 12 Unique Users 1.00 $13,050.00 $13,050.00 Workflow & Markup Training for Reviewers TES- WF.MU.R Instructor led lecture, demonstration, and hands-on activity to leam the workflow review process and Viewer tools and features. Course participation is estimated at 6 hours. 2.00 $3,350.00 $6,700.00 Introduction to ProjectDox TES INTRO The Training and Educational Services course includes a flexible mixture of lecture and hands-on lab time to familiarize the user with the basic features of ProjectDox. This 3 hour instructor lead course will review how to access a project, view a file, use the search feature and communication tools to efficiently use and communicate using the ProjectDox application. This course is limited to a max of 12 persons per session/course. 2.00 $1,125.00 $2,250.00 Training Sub -Total: $22,000.00 Page 3 of 15 85254 202201-1884 Avolve Software Corporation 14835 East Cactus Road I Suite 420 I Scottsdale, Arizona a\/o Ives software ProjectDox® Pricing Agreement PROFESSIONAL SERVICES - SERVICES SKU (ONE TIME) Product Name Product Code Description Qty Unit Price Total Price Best -in -Class Level 1 ProjectFlow PLUS Services PS- BIC.L1PLUS BIC Plus Setup Services Level 1 for Workflows: Building Plan Review 1.00 $30,600.00 $30,600.00 SaaS Cityworks Integration Services PS- SaaS.CW.Int Avolve configuration services to implement the SaaS Cityworks integration subscription. 1.00 $1,800.00 $1,800.00 Assurance Services PS -AS 45 Hours of Assurance Services Invoiced monthly as used $225/hour. 0.50 $10,125.00 $5,062.50 Professional Services Sub -Total: $37,462.50 Unless otherwise stated, pricing does not include any applicable taxes that may be applied at invoicing. Travel and Expenses are not included in this total and will be invoiced as incurred. First year SaaS and 20% of Services shall be invoiced upon execution of Agreement. Payment for the total amount is due net thirty (30) days from the date of Initial Invoice. Payment via EFT. See notes for details. Grand Total: $154,622.50 This best approach package to implementation relies on partnership with the jurisdiction to achieve desired go -live and paperless goals. To that end, a not to exceed 265 hours have been allocated to services and training on this project. In the event scope expands or delays account for incremental hours to be required, a Change Request(s) will be issued for the incremental costs associated with delay or expansion. OPTIONAL PROFESSIONAL SERVICES - SERVICES SKU (ONE TIME) Product Name Product Code Description Qty Unit Price Total Price Best -in -Class Level 1 ProjectFlow PLUS Services PS- BIC.L1PLUS BIC Plus Setup Services Level 1 for Workflows: Planning Plan Review 1.00 $30,600.00 $30,600.00 Best -in -Class Level 2 ProjectFlow PLUS Services PS- BIC.L2PLUS BIC Plus Setup Services Level 2 for Workflows: Fire Plan Review 1.00 $22,500.00 $22,500.00 Best -in -Class Level 1 ProjectFlow PLUS Services PS- BIC.L1PLUS BIC Plus Setup Services Level 1 for Workflows: Engineering Plan Review 1.00 $30,600.00 $30,600.00 Professional Services Sub -Total: $83,700.00 Page 4 of 15 Avolve Software Corporation 14835 East Cactus Road I Suite 420 I Scottsdale, Arizona 85254 202201-1884 software ProjectDox® Pricing Agreement Infrastructure Architecture Avolve SaaS Infrastructure Design Each Avolve customer is setup in Avolve SaaS environment. Every customer's files and data will be on separate storage environments. Avolve continues working with Microsoft to optimize and evolve its architecture to take advantage of several Azure features for security, scalability, and performance purposes. Disaster Recovery and Backup Process Avolve Software Corporation develops, maintains, and periodically tests its disaster preparedness and recovery plan. The Avolve Software Disaster Recovery (ASDR) plan for Azure supports continuity of operations and systems availability if a disaster or other unplanned business impacting event occurs in the Microsoft Azure Cloud Services environment. The ASDR Plan has been developed, reviewed, and tested according to Avolve Software Corporation's Business Continuity Planning Policy and Procedures, a subset of the Avolve Information Security Policy and NIST compliance objectives. Avolve Disaster Recovery Services on Avolve SaaS: Avolve SaaS includes Microsoft Azure Site Recovery (ASR) service in addition to standard Azure Backup Service. Avolve will manage the replication, failover, and recovery processes through ASR to help keep the jurisdiction's application running during planned (excludes software upgrades) and unplanned outages. With ASR, Avolve orchestrates and manages the backup and frequency of the Hyper-V servers, files, and database. Swtte Network ammo tua Servers mom mom mom '— —moms— cam cam amme Source: VMWare/Hyper-V 443 (HRVS) Microsoft Azure Recovery Services Agent • Continuous replication until cut -over • Monitoring service • Failover testing Site Recovery is a native disaster recovery as a service (DRaaS), and Microsoft has been recognized as a leader in DRaaS based on completeness of vision and ability to execute by Gartner's Magic Quadrant for Disaster Recovery as a Service. RPO and RTO In the IT world, any event that threatens or causes the loss of data important to business operations can rightly be called a "disaster." A disaster can be as encompassing as a complete infrastructure failure and as isolated as someone unintentionally deleting or overwriting files. Recovery Point Objective (RPO) and Recovery Time Objective (RTO) are terms used in conjunction with disaster recovery. RPO denotes how much data loss will be allowed to occur in the immediate wake of an outage or failure. The shorter the RPO, the more capable the data recovery system must be in order to minimize data loss. In the case of Azure Site Recovery, the data image is updated every 5-10 minutes, so if an outage requiring ASR for recovery occurs, the system will have retained all data in the ASR system up until ten minutes prior to the outage. Page 5 of 15 Avolve Software Corporation 14835 East Cactus Road I Suite 420 1 Scottsdale, Arizona 85254 202201-1884 a of e• software ProjectDox® Pricing Agreement Recovery Time Objective (RTO) is understood as the amount of down time an organization can tolerate before it must return to operations after an outage. Avolve customer environment using Azure Site Recovery should be operational within two (2) hours of a disaster recovery event. The RTO time is also dependent on Avolve's 3rd party DNS provider's ability to distribute the updated DNS address within North America and to the rest of the world. Avolve has tested the DNS change can occur within 2 hours in the United States. Avolve Backup Process on MS Azure: Azure Backups is another business continuity, data loss prevention component of ASDR. Data backups are required for SQL data, File data and Operating System configuration data, and are performed daily. File and system data is backed up incrementally. SQL transaction logs are normally captured every 5-10 minutes, while the database itself is included in the daily backup. Triple Redundancy Using the Azure Virtual Machine (VM) extension, Azure Backups, by default, creates three copies of the files and data for a customer environment within the same region as the primary site, known as "Locally Redundant Storage" or LRS. This triple redundancy all but guarantees that customer data will never be completely lost. LRS does not necessarily mean that backups share the same/adjacent physical infrastructure — it is a regional designation. All servers are backed up nightly. All backups are retained for 14 days at two regions. For the primary and secondary regions, all backup copies will be within the closet region from your location. Each region consists of multiple data centers. For the primary region, Azure stores 3 copies of the content across multiple data centers in the region. This provides uninterrupted access during disaster events. Transactions are also replicated synchronously. West Central US West US 2 West US US Gov Arizona US Gov Texas South Central US - US Gov Iowa Central US Canada East Canada Central North Central US US DoD East East US. East US 2. US Gov Virginia US DoD Central Backups are transmitted to the paired secondary region via secure fiber loop. Azure backup process stores 3 extra copies of the content. The transaction will be asynchronous to the secondary data centers (500+ miles away from the primary location). This gives the jurisdiction a total of 6 copies of the data backup distributed in the primary and secondary regions. Change in Capacity and Additional Storage: The system resources and storage are based on the selected capacity level for the jurisdiction. Capacity levels are determined from the number of concurrent users and number of permits. The capacity is calculated based on Avolve's historical consumption results from various customers on Avolve's Cloud and Microsoft's recommendations. The selected capacity is a best case estimate and is subject to change based on usage and strategic plans of the jurisdiction on the percentage growth for a paperless system. An annual system review will be conducted to determine if any system resource adjustments are necessary. When system resources need to be increased for performance improvements or storage capacity has reached 75%, additional resources will be recommended. To prevent data loss, at 100% storage utilization, additional storage is automatically added, and additional storage will be invoiced. Security & Safeguards • AVOLVE OAS AND PROJECTDOX ARE INSTALLED ON MS AZURE SYSTEMS Page 6 of 15 Avolve Software Corporation 14835 East Cactus Road I Suite 420 I Scottsdale, Arizona 85254 202201-1884 o! software ProjectDox® Pricing Agreement • MSFT Azure Data Centers are SOC 1-3, Tier 203, SAE 18 compliant • MSFT Azure Commercial Cloud (also called Azure Public) is FedRAMP High and NIST 800-171 compliant. (https://docs.m icrosoft.com/en-us/azure/azure-government/compl lance/azure-services-in-fedramp-auditscope). Azure public services by audit scope Last Updated: Play 2027 Azure Service DoD CC SRG FedRAMP FedRAMP IL 2 Moderate High Al Builder d d d API Management L^ d d d Application Change Analysis to e/ d Application Gateway L' V V V Automations? V 4/ V Azure Active Directory (Free and Basic) L° d V 4/ Azure Active Directory (Premium P1 + P2) t" V/ V V Azure Active Directory B2C Lr V . V Azure Active Directory Domain Services r? V V d Azure Active Directory Provisioning Service V 4/ d Azure Advanced Threat Protection Lr V V d Azure Advisor tr d V d Azure Analysis Services r? V d d Azure App Configuration t? V V d Azure API for FHIR L? d V Azure Arc enabled Servers d d d Azure Bastion cr d d d Azure Blueprints Lr d d d • MSFT Azure has the highest security compliance from all Cloud Service providers. To access a complete list go to:_ https://docs.microsoft.com/en-us/azure/compliance/. Page 7 of 15 Avolve Software Corporation 14835 East Cactus Road I Suite 420 I Scottsdale, Arizona 85254 202201-1884 oI software US government �} 015 CNSSI 1253 {a} DFARS IE} DoD IL2 {a_} DoD IL4 { DoD IL5 DoD IL6 {a} DoE 10 CFR Part 810 or} EAR ProjectDox® Pricing Agreement US government ;at FedRAMP FERPA {m} FIPS 140-2 is} IRS 1075 ITAR • NIST 800-171 • NIST 800-53 {s} NIST CSF .tit Section 508 VPATs • Layer 3 and layer 4 firewall security with 1 firewall for the load balancer, 1 firewall for the web tier subnet, 1 firewall for the app tier subnet and 1 firewall for the data tier subnet. Avolve will be adding Layer 7 WAF scheduled for summer 2021. • Microsoft $1 B+ investment in security R&D and 3,500 cybersecurity experts on MS Azure Cloud. Additional security information is available at https://azure.microsoft.com/en-us/overview/trusted-cloudf. I„ Microsoft Data Center Active Directory Windows Update Microsoft Security Response Center Tntstworthy Computing dnitiative Global Data Center Services Microsoftz Azure Maiware Assume Pr n Breach Security Developrnent Digital 1.ifecycle Crimes 1131 Unit r, L- �r. FedRAMP/ n 100, Data UK G-Cloud FISMA © Centers alh Level2 Operations SOC 2 Security Assurance E.U. Data Protection ISO/IEC Directive HIPAA/ 27001:2005 HITECH PCI DSS Level 1 • All incoming and outgoing traffic goes through Azure load balancer which is protected by a Microsoft's network firewall called the Azure network security group (NSG). By default, all NSG's block incoming and outgoing traffic that are not related to Avolve software. • Traffic is forwarded from the load balancer to the web tier subnet via network access translation (NAT). The web tier subnet has an additional NSG associated to it to filter incoming and outgoing traffic from/to the load balancer. In addition to the web tier subnet Avolve also has an application tier subnet and a data tier subnet. Each subnet has an NSG associated to it, so communication between each subnet is filtered via the NSGs. Page 8 of 15 Avolve Software Corporation 14835 East Cactus Road I Suite 420 I Scottsdale, Arizona 85254 202201-1884 G software ProjectDox® Pricing Agreement • Avolve Production Environment Safeguard Guidelines: Industry best -practices for systems operational control (SOC) and the National Institute of Standards (NIST) are an integral part of the Azure infrastructure, ensuring a very high level of security and system uptime for Avolve's customers and their environments. Avolve's security and operational policies are established in order to safeguard against any unauthorized access to data and/or potential service disruption that are a constant threat in today's world of online commerce. Therefore, the following policies are enforced by Avolve: • Customer will have no access to the server infrastructure. Deployment and changes to Production server hardware and/or Operating System (OS) configuration in the system will be performed by Avolve and qualified partner staff only. Customers will be notified if modifications to their environments are required at any given time. • Custom report creation requires direct access to the Production database. For this reason, Avolve will only support access to a Test environment where the Production tables for reports can be exported. • Apart from machine -to -machine (M2M) VPN tunnels required for third -party software integration, no user account - based VPN access will be granted to Avolve Production environment infrastructure or software applications. • Data Center Physical Location Security: Avolve SaaS products are hosted on Microsoft Azure. Each Azure geography contains one or more regions and meets specific data residency and compliance requirements. This lets you keep your business -critical data and apps nearby on fault -tolerant, high -capacity networking infrastructure. There are 8 US regions. The physical design and operating characteristics of the datacenter is confidential for security reasons. Each region consists of more than one datacenter strategically located to optimize customer's systems. The regions location will depend on the type of service required. A region is a set of datacenters that is interconnected via a massive and resilient network. The network includes content distribution, load balancing, redundancy, and data -link layer encryption by default for all Azure traffic within a region or travelling between regions. With more global regions than any other cloud provider, Azure gives the customer the flexibility to deploy applications where you need them. Microsoft takes a layered approach to physical security, to reduce the risk of unauthorized users gaining physical access to data and the datacenter resources. Datacenters managed by Microsoft have extensive layers of protection: access approval at the facility's perimeter, at the building's perimeter, inside the building, and on the datacenter floor. Layers of physical security are: • Access request and approval • Facility's perimeter • Building entrance • Inside the building • Datacenter floor Read more information at https://docs.microsoft.com/en-us/azure/security/fundamentals/physical-security. • Avolve Security Policies and Procedures: Page 9 of 15 Avolve Software Corporation 14835 East Cactus Road I Suite 420 I Scottsdale, Arizona 85254 202201-1884 software ProjectDox® Pricing Agreement Avolve has been in the process of moving towards full NIST 800-53 compliance by Q31Q4 2021. The process started in late 2019 with a full security audit by a 3rd party security company, which resulted to a NIST compliance plan. In 2020, we commenced implementing these NIST policies and guidelines with over 900 controls. While many of these policies have been implemented, there are still several procedures that are evolving with newer industry security practices. The policies include: • Access Control • Assessment and Authorization • Audit and Accountability • Awareness and Training • Configuration Management • Contingency Planning • Identification and Authentication • Incident Management • Information Management • Media Protection • Personnel Security • Physical and Environmental • Planning • Risk Categorization • Risk Management • Software Usage • System and Communication Protection • System and Services Acquisition • System Maintenance • Information Integrity Avolve NIST policies and procedures include quarterly employee cybersecurity training, capturing system access logs, security monitoring and limited access to customer production systems. • Vulnerability and Penetration Tests: Vulnerability scans are run quarterly, and penetration testing are run annually. The vulnerability/penetration test tool that Avolve uses monitors against the OWASP top ten recognized standards - https://owasp.orq/www-project-top-ten/ They include: • Suspicious input transformation • SMTP header injection • Serialized object in HTTP message • Cross -site scription (DOM-based) • XML external entity injection • External service interaction (HTTP) • Web cache poisoning • Server -side template injection • SQL injection • OS command injection Based on NIST SP 800-53 compliance policy, we address priority issues based on the following guidelines: • Critical - Within 1 month • High - Within 1 quarter • Medium - Within 1 year • Low - To be addressed in future releases • Avolve SaaS CyberSecurity Capabilities: Page 10 of 15 Avolve Software Corporation 14835 East Cactus Road I Suite 420 I Scottsdale, Arizona 85254 202201-1884 e• software ProjectDox® Pncing Agreement Avolve SaaS includes the following security detection and monitoring services: • Azure Defender Security • Sophos Central with Server Intercept X Advanced detection and investigation with on -demand endpoint isolation, automated malware removal and clean & block • Sophos MTR threat hunts, detection, case investigation, and incident immediate response • LogicMonitor monitoring and security • N-Central monitoring Security breaches will undergo root -cause analysis by the Sophos MTR team, which will be reviewed by the Avolve Security Committee prior to submission of an Incident Report. Depending on the level of security breach and system affected, there may be additional information preceding the initial Incident Report. Avolve SaaS Sample List of Detection, Investigation, Threat Hunts and Remediation CyberSecurity Controls. Respond Managed Security Services • cks Surface Reduction • • Web Security • Download Reputations Web Control / Category -based URL blocking • Peripheral Control • Application Control • Deep Learning Malware Detection • Anti-Mahvare Pile Scanning • Protection xecution Behavior Analysis (HPS) - Ry Unwanted Application: (PUA) Blocking Prevention System (IPS) Loss Prevention untime Behavior Analysis (HIPS) imalware Scan Interface (ANSI) licious Traffic Detection (MTD) bit Prevention ve Adversary Mitigator, omware File Protection (CryptoGuard) and Boot Record Protection (W peGua 1111111111111111111, Human -led Threat Hunting and 10 Response by top Security Industry ---� Exports Managed Services Operations Automated Malware �:e•.,..;a Synchronized Security Heartbeat Sophos Clean Remote Terminal Access (remotely investigate and Eatce_arbpn) On -demand Endpoint Isolation Clean and Block • 24x7 Lead -driven Threat Hunting • Security Health Check and Remediation • Data Retention • Activity Reporting • Adversanal Detections • Threat Neutralization & Remediation • 24x7 Lead -less Threat Hunting • Threat Response Team Lead • Proactive Security Posture Improvement Page 11 of 15 Avolve Software Corporation 14835 East Cactus Road I Suite 420 I Scottsdale, Arizona 85254 202201-1884 a of e software ProjectDox® Pricing Agreement Avolve ensures high system availability and is backed by rock solid infrastructure and service level guarantees. Your Avolve ePlan Life Cycle licensed software is hosted in a secure, state of the art data center, and most importantly the application is expertly managed by Avolve. Meticulous attention has been given to security, backup, system redundancy and failover. Your Avolve ePlan Life Cycle application environment is monitored 24-7 for optimum health and security. And if an issue arises, our experts have immediate and direct access to your servers and software for quick diagnosis and resolution. Our comprehensive, Managed Services matrix details what you can expect from the Avolve: Avolve software monitoring, support, investigation & upda 24 x 7 system monitoring & maintenance 24 x 7 OS, virtual, security, data center monitoring & management 24x7 Support and Monitoring for SaaS Customers US Mountain Time Zone 8am-5pm E Q E a 8pm-6am 6am-8am Scheduled Hardware and OSNirtual System Monitoring & Support Server and network resources (i.e., CPU, RAM, Storage, and bandwidth) monitored with automated alerts for resource threshold, server failure, internet and WAN connectivity. Alerts will not be able to monitor issues that occur within less than 1 second failure. Those issues are often discovered during application -level (i.e., OAS and ProjectDox) connectivity issues. • Monitoring Data Points: o Up/Down Status o Network Interface Errors o CPU Warning o Memory Warning o Memory Critical o CPU Critical o Storage Warning o Partition Warning o Partition Critical o Database Warning o Database Down o SSL warning o SSL expiration o Webserver Alerts o DNS x x x x Page 12 of 15 85254 202201-1884 Avolve Software Corporation 14835 East Cactus Road I Suite 420 I Scottsdale, Arizona software ProiectDox® Pricing Agreement v r 24x7 Support and Monitoring for SaaS Customers US Mountain Time Zone 8am-5pm 5pm-8pm E E Q co 6am-8am Scheduled • Custom designed Outage and Alert Plan - adds, changes, & modifications (add user, update firmware, modification, network configuration) • Scheduled Hardware Audits • OS and VMWare proactive management. This includes monitoring of any system level failure caused by OS and VMWare patches, viruses, or other issues • Permission Control (group changes, file/folder permissions, Windows, or Linux) • Optimize backend x x x x • Log File analysis • Best -practices recommendations • Other services as requested • Regular reporting based on customer preference • VLAN creation/modification x • Cyber Security monitoring and automated alerts. • Regular anti -virus scan and anti -virus removal • Database Security x x x x • Scheduled data recovery, OS & VMware patches and anyhardware replacements • Critical OS patches and updates x • Backup automated services x x x x • 24x7 Infrastructure Support calls x x x x Application (OAS, ProjectDox, PlansAnywhere) Technical Support through ticket submissions • Application Specific Monitoring o Monitor Web Server Connectivity o Monitor Web Site Availability o Monitor Web Site Page Responsiveness o Monitor Application Specific Services o Minimalizes Support Issues x x x x • Application Performance Reviews x x • Database Performance Reviews • Application Administration Assistance x x • Scheduled Reports x • System health checks x • Performance tuning • ProjectDox DB Tuning and re -indexing (periodic • ProjectDox configuration tuning and adjustments based on any progressive performance growth requirements • Routine cleanup of the DLcache folder • Restart of ProjectDox services and/or Servers during support or patches x • Online Support Tickets: Responding to application issues reported x x • Software minor patch updates for Support related issues x Page 13 of 15 85254 202201-1884 Avolve Software Corporation 14835 East Cactus Road I Suite 420 I Scottsdale, Arizona software Pro iectDox®Pricing Agreement 24x7 Support and Monitoring for SaaS Customers US Mountain Time Zone 8am-5pm 5pm-8pm E E a 6am-8am Scheduled • Software resolution to fix a technical reported issue x • Application support for system down issues for Standard Support customers until problem is resolved or a work around has been identified x x x x x IN WITNESS WHEREOF, the parties hereto have executed this Agreemen dates set forth below. Avolve So • oration CITI\ OF REDLAND By: i By: Name: ay Mayne Name: Paul T. Barich Title: Date: l ga 6Z-2- Chief Financial Officer, VP Operations ATTEST: hne Donaldson, City Clerk Title: Mayor Date: /7-?6Z0. Page 14 of 15 Avolve Software Corporation 14835 East Cactus Road I Suite 420 I Scottsdale, Arizona 85254 202201-1884