The URL can be used to link to this page

Home My WebLink AboutVigilant Solutions LLC; 2018-11-19;Enterprise Service Agreement (ESA) This Vigilant olutions Enterprise Service Agreement (the "Agreement") is made and entered into as of this / 9th Day of 1-,,_,_,_.-"""--~~.r::., 2 18 by and between Vigilant Solutions, LLC, a Delaware corporation, having its principal place of business at 1152 Stealth Street, Livermore, CA 94551 ("Vigilant") and City of Carlsbad, a municipal corporation on behalf of its Police Department, a law enforcement agency (LEA) or other governmental agency, having its principal place of business at 2560 Orion Way, Carlsbad, CA 92056 ("Affilliate"). WHEREAS, Vigilant designs, develops, licenses and services advanced video analysis software technologies for the law enforcement and security markets; WHEREAS, Vigilant provides access to license plate data as a value-added component of the Vigilant law enforcement package of license plate recognition equipment and software; WHEREAS, City will separately purchase License Plate Recognition (LPR) hardware components from Vigilant and/or its authorized reseller for use with the Software Products (as defined below); WHEREAS, City desires to license from and receive service for the Software Products provided by Vigilant; THEREFORE, In consideration of the mutual covenants contained herein this Agreement, City and Vigilant hereby agree as follows: I. Definitions: "CJIS Security Policy" means the FBI CJIS Security Policy document as published by the FBI CJIS Information Security Officer. "CLK" or "Camera License Key" means an electronic key that will permit each license of Vigilant's CarDetector brand LPR software (one CLK per camera) to be used with other Vigilant approved and licensed LPR hardware components (i.e., cameras and other hardware components provided by Vigilant or provided by a Vigilant certified reselling partner that has authority from Vigilant to deliver such Vigilant-authorized components) and Software Products. CLKs shall be not issuable and if issued in error shall be removed and immediately rendered null and void for cameras and other hardware components that are not Vigilant-authorized cameras and other hardware components or are delivered to City by another vendor that is not a Vigilant certified reselling partner. "Criminal Justice Information Services Division" or "CJIS" means the FBI division responsible for the collection, warehousing, and timely dissemination of relevant CJI to the FBI and to qualified law enforcement, criminal justice, civilian, academic, employment, and licensing agencies. "Effective Date" means the date set forth in the first paragraph of this Agreement. "Enterprise License" means a non-exclusive, non-transferable license to install and operate the Software Products, on applicable media provided by Vigilant or Vigilant's certified reselling partners. This Enterprise Service Agreement allows City to install the Software Products on such devices, in accordance with the selected Service Package(s), and allow benefits of all rights granted hereunder this Agreement. Vigilant Sulutions l•:ntcrprisc 1.iccnsc Agreement vcr. 2.8 Page I uf 13 VS Initial, ( 'it, Initial, "LEA LPR Data" refers to LPR data collected by LEAs and available on LEARN for use by other LEAs. LEA LPR Data is freely available to LEAs at no cost and is governed by the contributing LEA's retention policy. "Service Fee" means the amount due from City prior to the renewal of this Agreement as consideration for the continued use of the Software Products and Service Package benefits according to Section VIII of this Agreement. "Service Package" means the City designated service option(s) which defines the extent of use of the Software Products, in conjunction with any service and/or benefits therein granted as rights hereunder this Agreement. "Service Period" has the meaning set forth in Section Ill (A) of this Agreement. "Software Products" means Vigilant's Law Enforcement & Security suite of Software Products including CarDetector, Law Enforcement Archival & Reporting Network (LEARN), PlateSearch, Mobile Companion for Smartphones, Target Alert Service (TAS) server/client alerting package,, and other software applications considered by Vigilant to be applicable for the benefit of law enforcement and security practices. Software Products shall only be permitted to function on approved Vigilant cameras and other hardware components provided by Vigilant or through Vigilant certified reselling partners. Software Products shall not be permitted to operate on third-party provided or not Vigilant- authorized hardware components, and if found to be operating on third-party provided hardware components Software Products shall be promptly removed by City. "Technical Support Agents" means City's staff person specified in the Contact Information Worksheet of this Agreement responsible for administering the Software Products and acting as City's Software Products support contact. "User License" means a non-exclusive, non-transferable license to install and operate the Software Products, on applicable media, limited to a single licensee. "Users" refers to individuals who are agents and/or sworn officers of the City and who are authorized by the City to access LEARN on behalf of City through login credentials provided by City. II. Enterprise License Grant; Duplication and Distribution Rights: Subject to the terms and conditions of this Agreement, Vigilant hereby grants City an Enterprise License to the Software Products for the Term provided in Section Ill below. Except as expressly permitted by this Agreement, City or any third party acting on behalf of City shall not copy, modify, distribute, loan, lease, resell, sublicense or otherwise transfer any right in the Software Products. Except as expressly permitted by this Agreement, no other rights are granted by implication, estoppels or otherwise. City shall not eliminate, bypass, or in any way alter the copyright screen (also known as the "splash" screen) that may appear when Software Products are first started on any computer. Any use or redistribution of Software Products in a manner not explicitly stated in this Agreement, or not agreed to in writing by Vigilant, is strictly prohibited. Ill. Term; Termination. A. Term. The initial term of this Agreement for new cameras is for five (5) years beginning on the Effective Date (the "Initial Term"), unless earlier terminated as provided herein. Sixty (60) days prior to the expiration of the Initial Term and each subsequent Service Period, Vigilant will provide City with an invoice for the Service Fee due for Vigilant Sl)lutiun~ I •:ntcrprisc LiL·cnsc .-\grccmcnt \er. 2.X ~-,-( 'it\ l11i1 ial-.; the subsequent twelve (12} month period (each such period, a "Service Period"). This Agreement and the Enterprise License granted under this Agreement will be extended for a Service Period upon City's payment of that Service Period's Service Fee, which is due 30 days prior to the expiration of the Initial Term or the existing Service Period, as the case may be. Pursuant to Section XIII below, City may also pay in advance for more than one Service Period. C. City Termination. City may terminate this Agreement at any time by notifying Vigilant of the termination in writing thirty (30} days prior to the termination date and deleting all copies of the Software Products. If City terminates this Agreement prior to the end of the Initial Term, Vigilant will not refund or prorate any license fees, nor will it reduce or waive any license fees still owed to Vigilant by City. Upon termination of the Enterprise License, City shall immediately cease any further use of Software Products. City may also terminate this agreement by not paying an invoice for a subsequent year's Service Fee within sixty (60) days of invoice issue date. D. Vigilant Termination. Vigilant has the right to terminate this Agreement by providing thirty (30) days written notice to City. If Vigilant's termination notice is based on an alleged breach by City, then City shall have thirty (30) days from the date of its receipt of Vigilant's notice of termination, which shall set forth in detail City's purported breach of this Agreement, to cure the alleged breach. If within thirty (30} days of written notice of violation from Vigilant City has not reasonably cured the described breach of this Agreement, City shall immediately discontinue all use of Software Products and certify to Vigilant that it has returned or destroyed all copies of Software Products in its possession or control. If Vigilant terminates this Agreement prior to the end of a Service Period for breach, no refund for any unused Service Fees will be provided. If Vigilant terminates this Agreement prior to the end of a Service Period for no reason, and not based on City's failure to cure the breach of a material term or condition of this Agreement, Vigilant shall refund to City an amount calculated by multiplying the total amount of Service Fees paid by City for the then-current Service Period by the percentage resulting from dividing the number of days remaining in the then-current Service Period, by 365. IV. Warranty and Disclaimer; Infringement Protection; Use of Software Products Interface. A. Warranty and Disclaimer. Vigilant warrants that the Software Products will be free from all Significant Defects (as defined below) during the term of this Agreement (the "Warranty Period"). "Significant Defect" means a defect in a Software Product that impedes the primary function of the Software Product. This warranty does not include products not manufactured by Vigilant. Vigilant will repair or replace any Software Product with a Significant Defect during the Warranty Period; provided, however, if Vigilant cannot substantially correct a Significant Defect in a commercially reasonable manner, City may terminate this Agreement and Vigilant shall refund to City an amount calculated by multiplying the total amount of Service Fees paid by City for the then-current Service Period by the percentage resulting from dividing the number of days remaining in the then-current Service Period, by 365. The foregoing remedies are City's exclusive remedy for defects in the Software Product. Vigilant shall not be responsible for labor charges for removal or reinstallation of defective software, charges for transportation, shipping or handling loss, unless such charges are due to Vigilant's gross negligence or intentional misconduct. Vigilant disclaims all warranties, expressed or implied, including but not limited to implied warranties of merchantability and fitness for a particular purpose. In no event shall Vigilant be liable for any damages whatsoever arising out of the use of, or inability to use, the Software Products. B. Infringement Protection. If an infringement claim is made against City by a third-party in a court of competent jurisdiction regarding City's use of any of the Software Products, Vigilant shall indemnify City, and assume all legal responsibility and costs to contest any such claim. If City's use of any portion of the Software Products or Vigilant .',<Jluti"n' 1:n1crrri,e License .·\grccn1cn1 ,er.~ X documentation provided to City by Vigilant in connection with the Software Products is enjoined by a court of competent jurisdiction, Vigilant shall do one of the following at its option and expense within sixty (60) days of such enjoinment: (1) Procure for City the right to use such infringing portion; (2) replace such infringing portion with a non- infringing portion providing equivalent functionality; or (3) modify the infringing portion so as to eliminate the infringement while providing equivalent functionality. C. Use of Software Products Interface. Under certain circumstances, it may be dangerous to operate a moving vehicle while attempting to operate a touch screen or laptop screen and any of their applications. It is agreed by City that City's users will be instructed to only utilize the interface to the Software Products at times when it is safe to do so. Vigilant is not liable for any accident caused by a result of distraction such as from viewing the screen while operating a moving vehicle. V. Software Support, Warranty and Maintenance. City will receive technical support by submitting a support ticket to Vigilant's company support website or by sending an email to Vigilant's support team. Updates, patches and bug fixes of the Software Products will be made available to City at no additional charge, although charges may be assessed if the Software Product is requested to be delivered on physical media. Vigilant will provide Software Products support to City's Technical Support Agents through e-mail, fax and telephone. VI. Camera License Keys (CLKs). City is entitled to use of the Software Products during the term of this Agreement to set up and install the Software Products on an unlimited number of media centers within City's agency in accordance with selected Service Options. As City installs additional units of the Software Products and connects them to LPR cameras, City is required to obtain a Camera License Key (CLK) for each camera installed and considered in active service. A CLK can be obtained by City by going to Vigilant's company support website and completing the on line request form to Vigilant technical support staff. Within two (2) business days of City's application for a CLK, City's Technical Support Agent will receive the requested CLK that is set to expire on the last day of the Initial Term or the then-current Service Period, as the case may be. VII. Ownership of Software. A. Ownership of Software Products. The Software Products are copyrighted by Vigilant and remain the property of Vigilant. The license granted under this Agreement is not a sale of the Software Products or any copy. City owns the physical media on which the Software Products are installed, but Vigilant retains title and ownership of the Software Products and all other materials included as part of the Software Products. B. Rights in Software Products. Vigilant represents and warrants that: (1) it has title to the Software and the authority to grant license to use the Software Products; (2) it has the corporate power and authority and the legal right to grant the licenses contemplated by this Agreement; and (3) it has not and will not enter into agreements and will not take or fail to take action that causes its legal right or ability to grant such licenses to be restricted. VIII. Data Sharing, Access and Security. Vigilant Solutions J:nterprisc License Agreement \Cr. 2.8 Cit\' Initials If City is a generator as well as a consumer of LPR Data, City at its option may share its LEA LPR Data with similarly situated LEAs who contract with Vigilant to access LEARN (for example, LEAs who share LEA LPR Data with other LEAs). Vigilant will not share any LEA LPR Data generated by the City without the permission of the City. Vigilant has implemented procedures to allow for adherence to the FBI CJIS Security Policy. The hosting facility utilizes access control technologies that meet or exceed CJIS requirements. In addition, Vigilant has installed and configured network intrusion prevention appliances, as well as ensured that the configuration of the Microsoft environment adhere to the Windows Server Security Guide. IX. Ownership and use of Data. City retains all rights to LEA LPR Data generated by the City. Should City terminate agreement with Vigilant, a copy of all LEA LPR Data generated by the City will be created and provided to the City. After the copy is created, all LEA LPR Data generated by the City will be deleted from LEARN at the written request of an authorized representative of the City or per the City's designated retention policy, whichever occurs first. LEA LPR Data should be used by the City for law enforcement purposes only. X. Loss of Data, Irregularities and Recovery. Vigilant places imperative priority on supporting and maintaining data center integrity. Using redundant disk arrays, there is a virtual guarantee that any hard disk failure will not result in the corruption or loss of the valuable LPR data that is essential to the LEARN system and clients. XI. Data Retention and Redundancy. LEA LPR Data is governed by the contributing LEA's retention policy. LEA LPR Data that reaches its expiration date will be deleted from LEARN. Vigilant's use of redundant power sources, fiber connectivity and disk arrays ensure no less than 99% uptime of the LEARN LPR database server system. XII. Account Access. A. Eligibility. City shall only authorize individuals who satisfy the eligibility requirements of "Users" to access LEARN. Vigilant in its sole discretion may deny access to LEARN to any individual based on such person's failure to satisfy such eligibility requirements. User logins are restricted to agents and sworn officers of the City. No User logins may be provided to agents or officers of other local, state, or Federal LEAs without the express written consent of Vigilant. B. Security. City shall be responsible for assigning an Agency Manager who in turn will be responsible for assigning to each of City's Users a username and password (one per user account). A limited number of User accounts is provided. City will cause the Users to maintain username and password credentials confidential and will prevent use of such username and password credentials by any unauthorized person(s). City shall notify Vigilant immediately if City believes the password of any of its Users has, or may have, been obtained or used by any unauthorized person(s). In addition, City must notify Vigilant immediately if City becomes aware of any other breach or attempted breach of the security of any of its Users' accounts. C. in Exhibit A. CJIS Requirements. City certifies that its LEARN users shall comply with the CJIS requirements outlined Vigilant Slllutiun" Lnterprise Liccn"~' ;\gn:cmenl ,er ~.X Cit, Initials XIII. Service Package, Fees and Payment Provisions. +<>-'o 2- A. Service Package. This Enterprise License Agreement is based on a minimum of one (1) of the t~ (31 following Service Package Options. Please select the applicable Service Package(s) below: D Service Package -Basic LPR Service Package: • Vigilant Managed/Hosted LPR server LEARN Account • Access to all Vigilant Software including all upgrades and updates • Unlimited user licensing for the following applications: o LEARN, CarDetector and TAS Service Package -Option# 1-Standard LPR Service Package: • All Basic Service Package benefits • Unlimited use of CarDetector -Mobile Hit Hunter (CDMS-MHH) • Unlimited use of Vigilant's LPR Mobile Companion smartphone application B. Service Fee. Payment of each Service Fee entitles City to all rights granted under this Agreement, including without limitation, use of the Software Products for the relevant Service Period, replacement of CLKs, and access to the updates and releases of the Software Products and associated equipment driver software to allow the Software Products to remain current and enable the best possible performance. The annual Service Fee due for a particular Service Period is based on the number of current Vigilant issued CLK's at the time of Service Fee invoicing, and which will be used by City in the upcoming Service Period. A schedule of annual Service Fees is shown below: --------------=--====================================== Annual Service Fee Schedule (multiplied by number of CLK's Issued) 7[-_ --To~;~~ ~CL_~'s under this ESA II 0-14 CLK's I/ 15-30 CLK's II 31-60 CLK's I/ Over 60 II] j Basic Se~vic~---.. --][ $525.00 II $450.00 II $400.00 II $275.00 IIJ ][__ Standard (Option# 1) II $750.00 II $640.00 II $565.00 II $390.00 IIJ Payment of the Service Fee is due thirty (30) days prior to the renewal of the then-current Service Period. All Service Fees are exclusive of any sales, use, value-added or other federal, state or local taxes (excluding taxes based on Vigilant's net income) and City agrees to pay any such tax. Service Fees may increase by no higher than 4% per year for years after the first year of this agreement. For ILP (Option# 2) Tier packages, the Tier amount is due for subsequent periods and Basic Service CLK fees are due for all cameras from previous periods (this is in addition to the Annual Subscription Fee). City and Vigilant agree that the number of CLKs issued as of the Effective Date of this Agreement is thirty-four (34). All future additions of CLl<s shall only be those as provided for in the definitions provided above. C. Advanced Service Fee Payments. Vigilant will accept advanced Service Fee payments on a case by case basis for Citys who wish to lock in the Service Fee rates for subsequent periods at the rates currently in effect, as listed in the table above. If City makes advanced Service Fee payments to Vigilant, advanced payments to Vigilant will be applied in full to each subsequent Service Period's Service Fees until the balance of the credits is reduced to a zero balance. System based advanced credits shall be applied to subsequent Service Fees in the amount that entitles City V1glla111 :-.ol11tio11, l·.lltl'rprhl' I .il'l'llSl' :\µrl'Cllll'llt \'l'I. 2.8 ~~fn VSh~ Cit\' Initials ,✓VIGILANT V f;(]L.UT10NF. continued operation of the designated camera unit systems for the following Service Period until the credits are reduced to a zero balance. D. Price Adjustment. Vigilant has the right to increase or decrease the annual Service Fee from one Service Period to another; provided, however, that in no event will a Service Fee be increased by more than 2% of the prior Service Period's Service Fees. If Vigilant intends to adjust the Service Fee for a subsequent Service Period, it must give City notice of the proposed increase on or before the date that Vigilant invoices City for the upcoming Service Period. XIV. Miscellaneous. A. Limitation of Liability. IN NO EVENT SHALL VIGILANT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL DAMAGES INCLUDING DAMAGES FOR LOSS OF USE, DATA OR PROFIT, ARISING OUT OF OR CONNECTED WITH THE USE OF THE SOFTWARE PRODUCTS, WHETHER BASED ON CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY OR OTHERWISE, EVEN IF VIGILANT HAS BEEN ADVISED OF THE POSSIBILITY OF DAMAGES. IN NO EVENT WILL VIGILANT'S LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT EXCEED THE FEES PAID BY CITY TO VIGILANT FOR THE SOFTWARE PRODUCTS LICENSED UNDER THIS AGREEMENT. B. Confidentiality. City acknowledges that Software Products contain valuable and proprietary information of Vigilant and City will not disassemble, decompile or reverse engineer any Software Products to gain access to confidential information of Vigilant. C. Assignment. Neither Vigilant nor City is permitted to assign this Agreement without the prior written consent of the other party. Any attempted assignment without written consent is void. D. Amendment; Choice of Law. No amendment or modification of this Agreement shall be effective unless in writing and signed by authorized representatives of the parties. This Agreement shall be governed by the laws of the state of California without regard to its conflicts of law. E. Complete Agreement. This Agreement constitutes the final and complete agreement between the parties with respect to the subject matter hereof, and supersedes any prior or contemporaneous agreements, written or oral, with respect to such subject matter. F. Relationship. The relationship created hereby is that of contractor and customer and of licensor and City. Nothing herein shall be construed to create a partnership, joint venture, or agency relationship between the parties hereto. Neither party shall have any authority to enter into agreements of any kind on behalf of the other and shall have no power or authority to bind or obligate the other in any manner to any third party. The employees or agents of one party shall not be deemed or construed to be the employees or agents of the other party for any purpose whatsoever. Each party hereto represents that it is acting on its own behalf and is not acting as an agent for or on behalf of any third party. G. No Rights in Third Parties. This agreement is entered into for the sole benefit of Vigilant and City and their permitted successors, executors, representatives, administrators and assigns. Nothing in this Agreement shall be construed as giving any benefits, rights, remedies or claims to any other person, firm, corporation or other entity, including, without limitation, the general public or any member thereof, or to authorize anyone not a \11gilrn11 \nluti111ts L11tc1p1 i,c liccnsc ;\grccmcnl ,er. ~.8 Pag.1;; 7 nf 13 L'ily Initials party to this Agreement to maintain a suit for personal injuries, property damage, or any other relief in law or equity in connection with this Agreement. H. Construction. The headings used in this Agreement are for convenience and ease of reference only, and do not define, limit, augment, or describe the scope, content or intent of this Agreement. Any term referencing time, days or period for performance shall be deemed calendar days and not business days, unless otherwise expressly provided herein. I. Severability. If any provision of this Agreement shall for any reason be held to be invalid, illegal, unenforceable, or in conflict with any law of a federal, state, or local government having jurisdiction over this Agreement, such provision shall be construed so as to make it enforceable to the greatest extent permitted, such provision shall remain in effect to the greatest extent permitted and the remaining provisions of this Agreement shall remain in full force and effect. J. Federal Government. Any use, copy or disclosure of Software Products by the U.S. Government is subject to restrictions as set forth in this Agreement and as provided by DFARS 227.7202-l(a) and 227.7202-3(a) (1995), DFARS 252.227-7013(c)(1)(ii) (Oct 1988), FAR 12.212(a)(1995), FAR 52.227-19, or FAR 52.227 (ALT Ill), as applicable. K. Right to Audit. City, upon thirty (30) days advanced written request to Vigilant, shall have the right to investigate, examine, and audit any and all necessary non-financial books, papers, documents, records and personnel that pertain to this Agreement and any other Sub Agreements. L. Notices; Authorized Representatives; Technical Support Agents. All notices, requests, demands, or other communications required or permitted to be given hereunder must be in writing and must be addressed to the parties at their respective addresses set forth below and shall be deemed to have been duly given when (a) delivered in person; (b) sent by facsimile transmission indicating receipt at the facsimile number where sent; (c) one (1) business day after being deposited with a reputable overnight air courier service; or (d) three (3) business days after being deposited with the United States Postal Service, for delivery by certified or registered mail, postage pre-paid and return receipt requested. All notices and communications regarding default or termination of this Agreement shall be delivered by hand or sent by certified mail, postage pre-paid and return receipt requested. Either party may from time to time change the notice address set forth below by delivering 30 days advance notice to the other party in accordance with this section setting forth the new address and the date on which it will become effective. Vigilant Solutions, LLC Attn: Sales Administration 1152 Stealth Street Livermore, CA 94551 City: Carlsbad Police Department Attn: Cindy Anderson Address: 2560 Orion Way Carlsbad, CA 92010 M. Authorized Representatives; Technical Support Agents. City's Authorized Representatives and its Technical Support Agents are set forth below in the Contact Information Worksheet. City's Authorized Representative is responsible for administering this Agreement and City's Technical Support Agents are responsible for administering the Software Products and acting as City's Software Products support contact. Either party may from time to time change its Authorized Representative, and City may from time to time change its Technical Support Agents, in each \'igilant Stllution-, 1-:ntcrprisc l.iccns1..· :\gn:ement ,er. 2.X Page 8 uf 1., ( 'it, Initial, case, by delivering 30 days advance notice to the other party in accordance with the notice provisions of this Agreement. Vigilant Solutions 1:nterprise License Agreement \Cr. 2.8 Page 9 uf 13 ~~ VS Initials Cit\ Initials IN WITNESS WHEREOF, the parties have executed the Agreement as of the Effective Date. Manufacturer: Vigilant Solutions, LLC Authorized Agent: Bill Quinlan Title: Vice President Sales Operations Date: Signature: City Organization: City of Carlsbad, a Municipal Corporation Authorized Agent: Title: Date: Signature: APPROVED AS TO FORM: CELIA A. BREWER, City Attorney Walter Chung Assistant City Attorney Vigilant SPlulillllS Lnkrprisc LiccnsL' ;\grcclllClll ,er 2.8 !'age Ill or!., Exhibit A: CJIS Requirements Vigilant and the City agree on the importance of data security, integrity and system availability and that these security objectives will only be achieved through shared responsibility. Vigilant and the City agree they will more likely be successful with information security by use of the Vigilant supplied technical controls and client City use of those controls; in conjunction with agency and personnel policies to protect the systems, data and privacy. Vigilant and the City agree that City owned and FBI-CJIS supplied data in Vigilant systems does not meet the definition of FBI-CJIS provided Criminal Justice Information (CJI). Regardless, Vigilant agrees to treat the City-supplied information in Vigilant systems as CJI. Vigilant will strive to meet those technical and administrative controls; ensuring the tools are in place for the proper protection of systems, information and privacy of individuals to the greatest degree possible. Vigilant and the City agree that information obtained or incorporated into Vigilant systems may be associated with records that are sensitive in nature having, tactical, investigative and Personally Identifiable Information. As such, that information will be treated in accordance with applicable laws, policies and regulations governing protection and privacy of this type of data. Vigilant and the City agree that products and services offered by Vigilant are merely an investigative tool to aid the client in the course of their duties and that Vigilant make no claims that direct actions be initiated based solely upon the information responses or analytical results. Further, Vigilant and the City agree that the City is ultimately responsible for taking the appropriate actions from results, hits, etc. generated by Vigilant products and require ongoing training, human evaluation, verifying the accuracy and currency of the information, and appropriate analysis prior to taking any action. As such, the parties agree to do the following: Vigilant: 1. Vigilant has established the use of FBI-CJIS Security Policy as guidance for implementing technical security controls in an effort to meet or exceed those Policy requirements. 2. Vigilant agrees to appoint a CJIS Information Security Officer to act as a conduit to the client Contracting Government Agency, Agency Coordinator, to receive any security policy information and disseminate to the appropriate staff. 3. Vigilant agrees to adhere to FBI-CJIS Security Policy Awareness Training and Personnel Screening standards as required by the City. 4. Vigilant agrees, by default, to classify all client supplied data and information related to client owned infrastructure, information systems or communications systems as "Criminal Justice Data". All client information will be treated at the highest level of confidentiality by all Vigilant staff and authorized partners. Vigilant has supporting guidance/policies for staff handling the full life cycle of information in physical or electronic form and has accompanying disciplinary procedures for unauthorized access, misuse or mishandling of that information. 5. Vigilant will not engage in data mining, commercial sale, unauthorized access and/or use of any of City owned data. 6. Vigilant and partners agree to use their formal cyber Incident Response Plan if such event occurs. Vigilant Solution, l'nkrprise Liccn,c ,\grccmcnt I er 2.8 7. Vigilant agrees to immediately inform City of any cyber incident or data breach, to include DDoS, Malware, Virus, etc. that may impact or harm client data, systems or operations so proper analysis can be performed and client Incident Response Procedures can be initiated. 8. Vigilant will only allow authorized support staff to access the City's account or City data in support of City as permitted by the terms of contracts. 9. Vigilant agrees to use training, policy and procedures to ensure support staff use proper handling, processing, storing, and communication protocols for City data. 10. Vigilant agrees to protect client systems and data by monitoring and auditing staff user activity to ensure that it is only within the purview of system application development, system maintenance or the support roles assigned. 11. Vigilant agrees to inform the City of any unauthorized, inappropriate use of data or systems. 12. Vigilant will design software applications to facilitate FBI-CJIS compliant information handling, processing, storing, and communication of City. 13. Vigilant will advise City when any software application or equipment technical controls are not consistent with meeting FBI-CJ IS Policy criteria for analysis and due consideration. 14. Vigilant agrees to use the existing Change Management process to sufficiently plan for system or software changes and updates with Rollback Plans. 15. Vigilant agrees to provide technical security controls that only permit authorized user access to City owned data and Vigilant systems as intended by the City and data owners. 16. Vigilant agrees to meet or exceed the FBI-CJ IS Security Policy complex password construction and change rules. 17. Vigilant will only provide access to Vigilant systems and City owned information through City managed role- based access and applied sharing rules configured by the City. 18. Vigilant agrees to provide technical controls with additional levels of user Advanced Authentication in Physically Non-Secure Locations. 19. Vigilant agrees to provide compliant FIPS 140-2 Certified 128-bit encryption to City owned data during transport and storage ("data at rest") while in the custody and control of Vigilant. 20. Vigilant agrees to provide firewalls and virus protection to protect networks, storage devices and data. 21. Vigilant agrees to execute archival, purges and/or deletion of data as configured by the data owner. 22. Vigilant agrees to provide auditing and alerting tools within the software applications so City can monitor access and activity of Vigilant support staff and City users for unauthorized access, disclosure, alteration or misuse of City owned data. (Vigilant support staff will only have access when granted by the City.) 23. Vigilant will only perform direct support remote access to City systems/infrastructure when requested, authorized and physically granted access to the applications/systems by the City. This activity will be documented by both parties. 24. Vigilant creates and retains activity transaction logs to enable auditing by the City data owners and Vigilant staff. 25. Vigilant agrees to provide physical protection for the equipment-storing City data along with additional technical controls to protect physical and logical access to systems and data. 26. Vigilant agrees to participate in any Information or Technical Security Compliance Audit performed by the City, state CJIS System Agency or FBI-CJIS Division. 27. Vigilant agrees to perform independent employment background screening for its' staff and participate in additional fingerprint background screening as required by City. 28. Vigilant agrees that the City owns all City contributed data to include "hot-lists", scans, user information etc., is only shared as designated by the client and remains the responsibility and property of the City. Vigilant Solutions Lntnpris, Licens, ,\gn:ement I er 2.8 Page 12 of 13 City: 1. City agrees to appoint an Agency Coordinator as a central Point of Contact for all FBI-CJ IS Security Policy related matters and to assign staff that are familiar with the contents of the FBI-CJ IS Security Policy. 2. City agrees to have the Agency Coordinator provide timely updates with specific information regarding any new FBI-CJIS, state or local information security policy requirements that may impact Vigilant compliance or system/application development and, to facilitate obtaining certifications, training, and fingerprint-based background checks as required. 3. City agrees to inform Vigilant when any FBI-CJIS Security Awareness Training, personnel background screening or execution of FBI-CJ IS Security Addendum Certifications are required. 4. City agrees to immediately inform Vigilant of any relevant data breach or cyber incident, to include DDoS, Malware, Virus, etc. that may impact or harm Vigilant systems, operations, business partners and/or other Citys, so proper analysis can be performed, and Incident Response Procedures can be initiated. 5. City agrees that they are responsible for the legality and compliance of information recorded, submitted or placed in Vigilant systems and use of that data. 6. City agrees that they are responsible for proper equipment operation and placement of equipment. 7. City agrees that they are responsible for vetting authorized user access to Vigilant systems with due consideration of providing potential access to non-City information. 8. City agrees that responsibility and control of persons granted access to purchased Vigilant systems, along with data stored and transmitted via Vigilant systems, is that of the City. 9. City agrees that they have responsibility for all data security, handling and data protection strategies from point of acquisition, during transport and until submission ("Hotlist upload") into Vigilant systems. 10. City agrees to reinforce client staff policies and procedures for secure storage and protection of Vigilant system passwords. 11. City agrees to reinforce client staff policies for creating user accounts with only government domain email addresses. Exceptions will be granted in writing. 12. City agrees to reinforce client staff policies for not sharing user accounts. 13. City agrees to use Vigilant role-based access as designed to foster system security and integrity. 14. City agrees that they control, and are responsible for, appropriate use and data storage policies as well as procedures for the data maintained outside the Vigilant systems. This includes when any information is disseminated, extracted or exported out of Vigilant systems. 15. City agrees that they control and are responsible for developing policies, procedures and enforcement for applying deletion/purging and dissemination rules to information within and outside the Vigilant systems. 16. City agrees that it is their responsibility to ensure data and system protection strategies are accomplished through the tools provided by Vigilant for account and user management features along with audit and alert threshold features. 17. City agrees to use the "virtual escorting" security tools provided for managing client system remote access and monitor Vigilant support staff when authorized to assist the client. 18. City agrees that the Vigilant designed technical controls and tools will only be effective in conjunction with City created policies and procedures that guide user access and appropriate use of the system. 19. City agrees that information and services provided through Vigilant products do not provide any actionable information, City users are responsible for the validity and accuracy of their data and developing procedures to verify information with the record owner and other systems (NCIC) based upon the potential lead generated. Vigilant 'iolutiun, Lntcrprisc 1.iccmc .\grccmcnt ,er 2.8 Page 13 of 13