The URL can be used to link to this page

Home My WebLink About25211AGREEMENT INFORMATION AGREEMENT NUMBER 25211 NAME/TYPE OF AGREEMENT RISKONNECT CLEARSIGHT, LLC DESCRIPTION PROFESSIONAL SERVICES AGREEMENT/RISK MANAGEMENT SYSTEM TO SUPPORT & IMPROVE CLAIMS ADMINISTRATION PROCESS/FILE ID: 3700/R-18- 0124/MATTER ID: 24-396 EFFECTIVE DATE October 11, 2024 ATTESTED BY TODD B. HANNON ATTESTED DATE 10/11/2024 DATE RECEIVED FROM ISSUING DEPT. 10/11/2024 NOTE DOCUSIGN AGREEMENT BY EMAIL CITY OF MIAMI DOCUMENT ROUTING FORM ORIGINATING DEPARTMENT: Department of Procurement DEPT. CONTACT PERSON: Aimee Gandarilla EXT. 1906 NAME OF OTHER CONTRACTUAL PARTY/ENTITY: Riskonnect Clearsignt, LLC IS THIS AGREEMENT A RESULT OF A COMPETITIVE PROCUREMENT PROCESS? TOTAL CONTRACT AMOUNT: $ FUNDING INVOLVED? TYPE OF AGREEMENT: ❑ MANAGEMENT AGREEMENT ■❑ PROFESSIONAL SERVICES AGREEMENT ❑ GRANT AGREEMENT ❑ EXPERT CONSULTANT AGREEMENT ❑ LICENSE AGREEMENT OTHER: (PLEASE SPECIFY) YES YES ❑ PUBLIC WORKS AGREEMENT ❑ MAINTENANCE AGREEMENT ❑ INTER -LOCAL AGREEMENT ❑ LEASE AGREEMENT ❑ PURCHASE OR SALE AGREEMENT NO NO PURPOSE OF ITEM (BRIEF SUMMARY): Professional Services Agreement with Riskonnect Clearsignt, LLC for RFP 681390 risk management system COMMISSION APPROVAL DATE: 3/22/2018 FILE ID: 3700 ENACTMENT NO.: 18-0124 IF THIS DOES NOT REQUIRE COMMISSION APPROVAL, PLEASE EXPLAIN: ROUTING INFORMATION Date PLEASE PRINT AND SIGN DIRECTOR/CHIEF PROCUREMENT OFFICER October 3, 2024 Annie Perez, CPPO 115:14:19 EDT SIGNATURE: [aLssa c.ili,ow RISK MANAGEMENT October 3, 2024 Ann -Marie Sharpe I 15:31:27 EDT SIGNATURE: fiti g .�d� CITY ATTORNEY matter 24-396 October 7, 2024 George K. Wysong III 5 Ea, SSG 'l�Jlt�.ae. rr k wNsok.,) III ASSISTANT CITY MANAGER, CHIEF FINANCIAL OFFICER October 10, 2024 Larry Spring, CPA I 14: 21: 38 EDT SIGNATURE: 9srn4 ASSISTANT CITY MANAGER, CHIEF OF OPERATIONS Barbara Hernandez, MPA SIGNATURE: ASSISTANT CITY MANAGER, CHIEF OF INFRASTRUCTURE Asael Marrero SIGNATURE: DEPUTY CITY MANAGER October 10, 2024"altallKa:Ie3gr4FWilliams SIGNATURE: Nfz.,d.eda....4-wu:, Caad ri e CITY MANAGER October 11, 2024 Arthur Noriega V 1 12:28:13 EDT. SIGNATURE: aril`,,,," Cas— CITY CLERK October 11, 2024oydY5ailn6Q119 TT yy EDT SIGNATURE: �Z— PLEASE ATTACH THIS ROUTING FORM TO ALL DOCUMENTS THAT REQUIRE EXECUTION BY THE CITY MANAGER City of Miami Office of the City Attorney Legal Services Request To: Office of the City Attorney From: Tahlia Gray Contact Person Procurement Analyst Title 10/3/2024 Date: Procurement Requesting Client (305) 416-1912 Telephone Legal Service Requested: Matter No. 24-396: Professional Services Agreement with Riskonnect Clearsignt, LLC for RFP 681390 risk management system. Complete form and forward to the Office of the City Attorney or e-mail to Legal Services. Do not assume that the Office of the City Attorney knows the background of the question and/or issue, such as opinions on the same or similar issues, the existence of relevant memos, correspondence, etc. Please attach to this form and/or e-mail all pertinent information relating to the subject. Once your request has been assigned, an e-mail will be sent to you with the Assigned Attorney's name and the issued matter identification number. All attorneys in the Office of the City Attorney shall fully comply with the Rules Regulating the Florida Bar. For Legal Services requesting an opinion from the Office of the City Attorney: Issue opinion in writing. Publish opinion after issuance. Authorized by: Annie Perez Date response requested by: BELOW PORTION TO BE COMPLETED BY THE OFFICE OF THE CITY ATTORNEY Assigned Attorney: Date: File No. Approved by: Ultimate Client: Comments: D / R Date: Copy returned to Requesting Client Type: Matrix: Category: Copy to Ultimate Client rev. 04/14/2017 PROFESSIONAL SERVICES AGREEMENT OVERVIEW PSA TITLE: City of Miami and Riskonnect Clearsignt, LLC 1. AWARD DELEGATED AUTHORITY: ❑ Chief Procurement Officer — Authority level of $ ❑ City Manager — Authority level of $ ❑ City Commission — RESOLUTION No. 2. PROCUREMENT METHOD: ❑ RFP/RFQ ❑ IFB ❑ SOLE SOURCE ❑ PIGGY -BACK ❑ PROFESSIONAL SERVICES UNDER $25,000 ❑ OTHER (Please explain): 18-72(b)(15) exempt from procurement process "maintenance and licensing agreements to support continued, on -going use of proprietary software applications" 3. WHAT IS THE SCOPE OF SERVICES? A risk management information system for the continued support of the claims administration process of the City's self -insured program managed by the Department of Risk Management 4. IF CITYWIDE, WHAT ARE THE MOST FREQUENT USER DEPARTMENTS? Risk 5. IS THE AWARDEE INCUMBENT? Yes. Originally sourced via RFP 681390 6. IS THE PRICING HIGHER, LOWER OR THE SAME AS THE CURRENT CONTRACT? Higher, current contract was awarded in 2016 7. WHEN DOES THE CURRENT CONTRACT EXPIRE? Contract is currently month to month 8. WHAT WAS THE PREVIOUS SPEND ON THE CURRENT CONTRACT? $400,500.00 9. WHAT IS THE METHOD OF AWARD (Group, Item by Item etc.)? N/A — Exempt per 18-72(b)(15). See #2 above. PROFESSIONAL SERVICES AGREEMENT By and Between The City of Miami, Florida And Riskonnect Clearsight, LLC This Professional Services Agreement ("Agreement") is entered into this llth day of October , 2024 ("Effective Date") by and between the City of Miami, a municipal corporation of the State of Florida, whose address is 444 S.W. 2nd Avenue, 10th Floor, Miami, Florida 33130 ("City"), and, Riskonnect Clearsight, LLC, a Georgia limited liability Company, qualified to do business in the State of Florida whose principal address is 380 Interstate North Parkway SE, Suite 400, Atlanta, GA 30339 ("Contractor"). RECITALS: WHEREAS, pursuant to Resolution No. 18-0124, the City Commission approved RFP 681390 for the procurement of a risk management system to effectively and efficiently support and improve the claims administration process of the City's self-insurance program managed by the Department of Risk Management ("Risk"); WHEREAS, Section 18-72(b)(15) of the Miami City Code ("City Code") allows for the continuance of maintenance and licensing agreements and upgrades to support continued, on- going use of proprietary software applications, when the original software purchase of which was procured and approved fully in accordance with Chapter 18, Article III of the City Code; WHEREAS, Risk is satisfied with the service provided by Riskonnect and wishes to continue the services of the Contractor, and the Contractor wishes to continue performing the services for the City; and Page 1 of 79 WHEREAS, the City and the Contractor desire to enter into this Agreement under the terms and conditions set forth herein. NOW, THEREFORE, in consideration of the mutual covenants and promises herein contained, Contractor and the City agree as follows: TERMS: 1. RECITALS AND INCORPORATIONS; DEFINITIONS: The Recitals are true and correct and are hereby incorporated into and made a part of this Agreement. The following exhibits are attached hereto and are hereby incorporated into and made a part of this Agreement: Exhibit A Riskonnect Renewal Summary/Subscription Order No. 1 Exhibit B Schedule A — Supplemental Terms and Conditions (Riskonnect Clearsight Applications) inclusive of Exhibits 1-2 Exhibit C Riskonnect Security Exhibit Exhibit E Exhibit F Exhibit G Exhibit H Exhibit J Riskonnect Privacy Notice Data Transfer Protocols Insurance Requirements City Resolution R-18-0124 Corporate Resolution In the event of a conflict between the provisions of this Agreement or any of its exhibits, the conflict shall be resolved in favor this Agreement then the priority order indicated above. For purposes of this agreement, the terms subconsultant or subcontractor shall mean any third party that Contractor engages for a statement of work specifically for the City. 2. TERM: This Agreement shall become effective on the Effective Date and shall continue in effect for the duration of two (2) years ("Initial Term"). The City, acting by and through its City Manager, shall have the option to renew this Agreement for up to three (3) successive one-year terms (each a "Renewal Term" or "Renewal Subscription Term"). In addition to the above, the City shall have the right to extend this Agreement for one year Page 2 of 79 periods beyond the stated contract term, inclusive of renewal terms, in order to provide the City with continual service while a new contract is executed. If the right is exercised, the City shall notify the Proposer, in writing, of its intent to extend the Agreement, and the term will extend at the same price, terms and conditions for a one year period. 3. SCOPE OF SERVICES: A. Contractor agrees to provide the services as specifically described in Exhibit "A", Riskonnect Renewal Summary/Subscription Order No 1. B. Contractor represents to the City that: (i) it possesses all qualifications, licenses, certificates, authorizations, registrations, and expertise required for the performance of the Riskonnect Services, including but not limited to full qualification to do business in Florida; (ii) it is not delinquent in the payment of any sums due the City, any City agency or instrumentality, including payment of accounts, debts, permits, fees, occupational licenses, etc., nor in the performance of any obligations or payment of any monies to the City; (iii) all personnel assigned to perform the Riskonnect Services are and shall be, at all times during the term hereof, fully qualified and trained to perform the tasks assigned to each; (iv) the Riskonnect Services will be performed in the manner described in Exhibit "A"; and (v) each person executing this Agreement on behalf of Contractor has been duly authorized to so execute the same and fully bind Contractor as a party to this Agreement. C. Contractor shall at all times provide fully qualified, competent and physically capable employees to perform the Riskonnect Services under this Agreement. Contractor shall possess and maintain any required licenses, permits and certifications to perform the Riskonnect Services under this Agreement. The City may require Contractor to remove any employee the City deems careless, incompetent, insubordinate, or otherwise objectionable upon documented, commercially reasonable grounds.. 4. COMPENSATION: A. The amount of compensation payable by the City to the Contractor will be those amounts provided for in Exhibit "A", Riskonnect Renewal Summary/Subscription Order No 1. B. Payment shall be made in accordance with the terms of any Subscription Order and/or Statement of Work agreed to by the parties. to the satisfaction of the City within forty-five (45) days after receipt of Contractor's invoice for Services performed, which shall be accompanied Page 3 of 79 by sufficient supporting documentation and contain sufficient detail, to allow a proper audit of expenditures, should the City require one to be performed. Invoices shall be sufficiently detailed so as to comply with the "Florida Prompt Payment Act", §218.70. - 218.79, Florida Statutes, and other applicable laws. No advance or future payments shall be made at any time. C. Contractor agrees and understands that (i) any and all subcontractors providing Services related to this Agreement shall be paid through Contractor and not paid directly by the City, and (ii) any and all liabilities regarding payment to or use of subcontractors for any of the Services related to this Agreement shall be borne solely by Contractor. D. Contractor reserves the right to increase its fee by three percent (3%) no more often than annually. 5. OWNERSHIP OF DOCUMENTS: Contractor understands and agrees that any information, data, document, report or any other material whatsoever which is given by the City to Contractor, its employees, or any subcontractor, or which is otherwise obtained or prepared by Contractor, or by the Riskonnect Services, solely and exclusively for the City pursuant to or under the terms of this Agreement, is and shall at all times remain the property of the City. Contractor agrees not to use any such information, data, document, report or material for any other purpose whatsoever without the written consent of the City Manager, which may be withheld or conditioned by the City Manager in his/her sole discretion. Contractor is permitted to make and to maintain duplicate copies of the files, records, documents, etc. if Contractor determines copies of such records are necessary subsequent to the termination of this Agreement; however, in no way shall the confidentiality as permitted by applicable laws be breached. 6. AUDIT AND INSPECTION RIGHTS AND RECORDS RETENTION: A. Contractor agrees to provide access to the City or to any of its duly authorized representatives, to any financial books, documents, papers, and records of Contractor which are directly pertinent to this Agreement, for the purpose of audit, examination, excerpts, and transcripts. The Page 4 of 79 City may, at reasonable times, and for a period of three (3) years following the date of final payment by the City to Contractor under this Agreement, audit and inspect, or cause to be audited and inspected, those books, documents, papers, and records of Contractor which are soley related to payment under this Agreement. Contractor agrees to maintain any and all such books, documents, papers, and records at its principal place of business for a period of three (3) years after final payment is made under this Agreement and all other pending matters are closed. Contractor's failure to adhere to, or refusal to comply with, this condition shall result in the immediate cancellation of this Agreement by the City. Upon request, Contractor shall provide the City with the results of the audits conducted by independent third parties and answer any questionnaires pertaining to the operation of Contractor annually. B. For any deliverables provided for under this Agreement, the City may request testing, in which case, the City will complete End -to -End Testing ("End -to -End Testing" shall mean testing of the complete project deliverables to ensure full functionality), based on a mutually agreed project schedule. City will provide written acceptance to promote deliverables to production. Contractor will request final project acceptance ("Project Acceptance") on or after the Go -live date. Customer must notify Riskonnect of acceptance in writing within fifteen (15) days after receipt of the Project Acceptance communication. Failure to provide written acceptance or a written reason for dispute within fifteen (15) days after receipt of the Project Acceptance communication will be deemed as acceptance, and the project will be closed. 7. AWARD OF AGREEMENT: Contractor represents and warrants to the City that it has not employed or retained any person or company employed by the City to solicit or secure this Agreement and that it has not offered to pay, paid, or agreed to pay any person any fee, commission, percentage, brokerage fee, or gift of any kind contingent upon or in connection with, the award of this Agreement. 8. PUBLIC RECORDS: A. Contractor understands that the public shall have access, at all reasonable times, to all documents and information pertaining to City Agreements, subject to the provisions of Chapter 119, Florida Statutes, and agrees to allow access by the City and the public to all Page 5 of 79 documents subject to disclosure under applicable laws. Contractor's failure or refusal to comply with the provisions of this section shall result in the immediate cancellation of this Agreement by the City. B. Contractor shall additionally comply with Section 119.0701, Florida Statutes, including without limitation: (1) keep and maintain public records that ordinarily and necessarily would be required by the City to perform this service; (2) if required, provide the public with access to public records on the same terms and conditions as the City would at the cost provided by Chapter 119, Florida Statutes, or as otherwise provided by law; (3) ensure that public records that are exempt or confidential and exempt from disclosure are not disclosed except as authorized by law; a n d (4) meet all requirements for retaining public records and transfer, at no cost, to the City all public records in its possession upon termination of this Agreement and destroy any duplicate public records that are exempt or confidential and exempt from disclosure requirements; and, (5) provide all electronically stored public records that must be provided to the City in a format compatible with the City's information technology systems. Notwithstanding the foregoing, Contractor shall be permitted to retain any public records that make up part of its work product solely as required for archival purposes, as required by law, or to evidence compliance with the terms of this Agreement. C. SHOULD CONTRACTOR DETERMINE TO DISPUTE ANY PUBLIC ACCESS PROVISION REQUIRED BY FLORIDA STATUTES, THEN CONTRACTOR SHALL DO SO AT ITS OWN EXPENSE AND AT NO COST TO THE CITY. IF THE CONTRACTOR HAS QUESTIONS REGARDING THE APPLICATION OF CHAPTER 119, FLORIDA STATUTES, TO THE CONTRACTOR'S DUTY TO PROVIDE PUBLIC RECORDS RELATING TO THE CONTRACT, CONTACT THE CUSTODIAN OF PUBLIC RECORDS AT (305) 416-1800, VIA EMAIL AT PUBLICRECORDS@MIAMIGOV.COM, OR REGULAR MAIL AT CITY OF MIAMI OFFICE OF THE CITY ATTORNEY, 444 SW 2ND AVENUE, 9TH FLOOR, MIAMI, FL 33130. THE CONTRACTOR MAY ALSO CONTACT THE RECORDS CUSTODIAN AT THE CITY OF MIAMI DEPARTMENT WHO IS ADMINISTERING THIS CONTRACT. 9. COMPLIANCE WITH FEDERAL, STATE AND LOCAL LAWS: Contractor understands that agreements with local governments are subject to certain laws and regulations, including laws pertaining to public records, conflict of interest, ethics, funding, lobbying, record keeping, etc. the City and Contractor agree to comply with and observe Page 6 of 79 all such applicable federal, state and local laws, rules, regulations, codes and ordinances, as they may be amended from time to time. Contractor further agrees to include in all of Contractor's agreements with subcontractors for any Services related to this Agreement this provision requiring subcontractors to comply with and observe all applicable federal, state, and local laws rules, regulations, codes and ordinances, as they may be amended from time to time. 10. E-VERIFY EMPLOYMENT VERIFICATION: Contractor shall utilize the E-Verify platform to verify the employment status of all employees and subconsultants to the extent required by federal, state, and local laws, rules, and regulations. The City shall consider the employment by Contractor of unauthorized aliens a violation of Section 274A(e) of the Immigration and Nationality Act. If the Contractor knowingly employs unauthorized aliens, such violation shall be cause for termination of this Agreement. Furthermore, Contractor agrees to utilize the U.S. Agency of Homeland Security's E-Verify System, https://e- verify.uscis.gov/emp, to verify the employment eligibility of all employees during the term of this Agreement. The Contractor shall also include a requirement in subconsultant agreements that the subconsultant shall also utilize the E-Verify System to verify the employment eligibility of all employees of the subconsultant during the term of this Agreement 11. INDEMNIFICATION: Contractor shall indemnify, hold and save harmless, and defend (at its own cost and expense), the City, its officers, agents, directors, departments, and/or employees (collectively "Indemnitees"), from all liabilities, damages, losses, judgements, and costs, including, but not limited to, reasonable attorney's fees, to the extent caused by a third party claim based on the (1) the negligence, recklessness, negligent act or omission, or intentional wrongful misconduct of Contractor and persons employed or utilized by Contractor in the performance of this Contract (2) infringement by the Riskonnect Application of any Intellectual Property Rights of a third party; provided that Contractor shall have no obligation for indemnification to the extent the Riskonnect Application is modified by the Indemnitees or if the City is not using the most recent version of the Riskonnect Application, where such use would have avoided the claim of infringement, or (3) a violation of the Applicable Law in connection with the data as generally described in a Statement Page 7 of 79 of Work, Subscription Order or otherwise documented by the parties and input into the Riskonnect Application. Contractor shall further, hold the City, its officials and employees, indemnify, save and hold harmless for, and defend (at its own cost), the City its officials and/or employees against any civil actions, administrative, regulatory, statutory or similar claims, injuries or damages arising or resulting from the Services. In the event that any action, cause of action, claim, demand or proceeding (collectively "Claim(s)") is brought against the City by reason of any such Claim(s), the Contractor shall, upon written notice from the City, resist and defend such action or proceeding by counsel approved by the City Attorney, which approval shall not be unreasonably withheld. The Contractor expressly understands and agrees that any insurance protection required by this Contract or otherwise provided by the Contractor shall in no way limit the responsibility to indemnify, hold, keep and save harmless and defend the City or its officers, employees, agents, and instrumentalities as herein provided. The indemnification provided above shall obligate the Contractor to defend, at its own expense, subject to the limitations of liability in this Agreement, to and through trial, mediation, arbitration, administrative, regulatory, appellate, supplemental or bankruptcy proceedings, or to provide for such defense, at the City's option, any and all claims of liability and all suits and actions of every name and description which may be brought against the City, whether performed by the Contractor, or persons or entities employed or utilized by Contractor. These duties will survive the cancellation or expiration of this Agreement. This Section will be interpreted under the laws of the State of Florida, including without limitation and interpretation, which conforms to the limitations of Sections 725.06 and/or 725.08, Florida Statutes, as they may be applicable, and as they may be amended. Contractor shall require all sub -contractor agreements to include a provision that each sub -contractor will indemnify, hold harmless and defend the City in substantially the same language as this Section. The Contractor agrees and recognizes that the City shall not be held liable or responsible for any claims which may result from any actions or omissions of the Contractor in which the City participated either through review or concurrence of the Contractor's actions. In reviewing, approving or rejecting any submissions by the Contractor or other acts of the Contractor, the City, in no way, assumes or shares any responsibility or liability of the Contractor or sub -contractor under this Contract. Ten dollars ($10.00) of the payments made by the City constitute separate, distinct, and independent consideration for the granting of this indemnification, the receipt and sufficiency of Page 8 of 79 which is voluntarily and knowingly acknowledged by the Contractor. 12. LIMITATION OF LIABILITY IN NO EVENT SHALL EITHER PARTY HAVE ANY LIABILITY TOWARDS THE OTHER PARTY OR ANY THIRD PARTY FOR ANY LOST PROFITS, REVENUES OR INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, COVER OR PUNITIVE DAMAGES. THE PARTIES AGREE, THAT RISKONNECT'S AGGREGATE LIABILITY ARISING OUT OF THIS AGREEMENT SHALL NOT EXCEED $1,000,000. NOTWITHSTANDING, THIS LIMIT SHALL NOT APPLY TO RISKONNECT'S INDEMNIFICATION OBLIGATION UNDER SECTION 11(2) HEREIN, ANY CLAIMS BASED ON RISKONNECT'S GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, OR ANY CLAIMS BASED ON A BREACH OF CONFIDENTIALITY OR DATA PRIVACY. RISKONNECT'S AGGREGATE LIABILITY FOR ITS BREACH OF CONFIDENTIALITY OR DATA PRIVACY OBLIGATIONS UNDER THIS AGREEMENT SHALL NOT EXCEED $5,000,000. 13. DEFAULT: If either party fails to comply materially With any term or condition of this Agreement, or fails to perform in any material way any of its obligations hereunder, and fails to cure such breach, after reasonable notice, within a thirty (30) day time period of such notice, then said party shall be deemed in default and the other party shall have the right to terminate this Agreement. Each party understands and agrees that termination of this Agreement under this section shall not release it from any obligation accruing prior to the effective date of termination. 14. RESOLUTION OF AGREEMENT DISPUTES: Contractor understands and agrees that all disputes between Contractor and the City based upon an alleged violation of the terms of this Agreement by the City shall be submitted to the City Manager for his/her resolution, prior to Contractor being entitled to seek judicial relief in connection therewith. In the event that the amount of compensation hereunder exceeds Twenty - Five Thousand Dollars and No/Cents ($25,000), the City Manager's decision shall be approved or disapproved by the City Commission. Contractor shall not be entitled to seek judicial relief unless: (i) it has first received City Manager's written decision, approved by the City Commission if the amount of compensation hereunder exceeds Twenty -Five Thousand Dollars and No/Cents ($25,000), or (ii) a period of sixty (60) days has expired, after submitting to the City Manager a detailed statement of the dispute, accompanied by all supporting documentation (one hundred Page 9 of 79 twenty (120) days if City Manager's decision is subject to the City Commission approval); or (iii) the City has waived compliance with the procedure set forth in this section by written instruments, signed by the City Manager. In no event may the amount of compensation under this Section exceed the total compensation set forth in Section 4 (A) of this Agreement. 15. TERMINATION; OBLIGATIONS UPON TERMINATION: The City, acting by and through its City Manager, shall have the right to terminate this Agreement, in its sole discretion, for convenience, and without penalty or any stated cause, at any time, by giving written notice to Contractor at least sixty (60) calendar days prior to the end of the Initial Term or Renewal Term, with the effective date of such termination being the expiration of that Initial Term or Renewal Term. In no event shall the City be liable to Contractor for any additional compensation and expenses incurred, other than that provided herein, and in no event shall the City be liable for any consequential or incidental damages. The Contractor shall have no recourse or remedy against the City for a termination under this subsection except for payment of fees due prior to the effective date of termination. Upon termination, Contractor shall refund fees for (1) professional services that have been pre -paid by the City pro -rated to the date of termination, and (2) under a Subscription Order pro -rated to the date of termination, minus any fees paid to Contractor's platform provider not refunded by the platform provider. 16. INSURANCE: A. Contractor shall, at all times during the term hereof, maintain such insurance coverage(s) as set forth in Exhibit "G" and incorporated herein by this reference. The City's agreement and title number must appear on each certificate of insurance. The Contractor shall add the City of Miami as an additional insured and as a named certificate holder on all policies. Contractor shall correct any insurance certificates as requested by the City's Director of Risk Management. All such insurance, including renewals, shall be subject to the approval of the City for adequacy of protection and evidence of such coverage(s) and shall be furnished to the City Risk Management Director on Certificates of Insurance indicating such insurance to be in force and effect and any cancelled or non -renewed policy will be replaced with no coverage gap and a current Certificate of Insurance will be provided. Completed Certificates of Insurance shall be filed with the City prior to the performance of Riskonnect Services hereunder, provided, however, that Contractor shall at any time upon request file duplicate copies of the Certificate of Insurance with Page 10of79 the City. B. Contractor understands and agrees that any and all liabilities regarding the use of any of Contractor's employees or any of Contractor's sub -contractors for Riskonnect Services related to this Agreement shall be borne solely by Contractor throughout the term of this Agreement and that this provision shall survive the termination of this Agreement. Contractor further understands and agrees that insurance for each employee of Contractor providing Services related to this Agreement shall be maintained in good standing and in accordance with the terms of this Agreement. C. Contractor shall be responsible for assuring that the insurance certificates required under this Agreement remain in full force and effect for the duration of this Agreement, including any extensions hereof. If insurance certificates are scheduled to expire during the term of this Agreement and any extension hereof, Contractor shall be responsible for submitting new or renewed insurance certificates to the City's Director of Risk Management. In the event that expired certificates are not replaced, with new or renewed certificates which cover the term of this Agreement and any extension thereof: (i) the City shall suspend this Agreement until such time as the new or renewed certificate(s) are received in acceptable form by the City's Director of Risk Management; or (ii) the City may, assert a material default in accordance with Section 12. D. Compliance with the foregoing requirements shall not relieve Contractor of its liabilities and obligations under this Agreement. 17. NONDISCRIMINATION, EQUAL EMPLOYMENT OPPORTUNITY: Contractor shall not unlawfully discriminate against any person in its operations and activities or in its use or expenditure of funds in fulfilling its obligations under this Agreement. In addition, Contractor shall take affirmative steps to ensure nondiscrimination in employment against disabled persons. Contractor affirms that it shall not discriminate as to race, age, religion, color, gender, gender identity, sexual orientation, national origin, marital status, physical or mental disability, political affiliation, or any other factor which cannot be lawfully used in connection with its performance under the contract. Furthermore, Contractor affirms that no otherwise qualified Page 11of79 individual shall solely by reason of their race, age, religion, color, gender, gender identity, sexual orientation, national origin, marital status, physical or mental disability, political affiliation, or any other factor which cannot be lawfully used, be excluded from the participation in, be denied benefits of, or be subjected to, discrimination under any program or activity. In connection with the conduct of its business, including performance of services and employment of personnel, Contractor shall not discriminate against any person on the basis of race, age, religion, color, gender, gender identity, sexual orientation, national origin, marital status, physical or mental disability, political affiliation, or any other factor which cannot be lawfully used. All persons having appropriate qualifications shall be afforded equal opportunity for employment. 18. ASSIGNMENT: This Agreement shall not be assigned, sold, transferred, pledged, or otherwise conveyed by Contractor, in whole or in part, and Contractor shall not assign any part of its operations which are related to the performance of this Agreement, without the prior written consent of the City Manager, which may be withheld or conditioned, in the City's sole discretion through the City Manager. Notwithstanding, Contractor may assign this Agreement or its operations, in whole or in part, to an affiliate or in the event of a merger, sale, change of control or other transfer of all or substantially all of the assets of Contractor. Contractor shall notify the City in writing as soon as reasonably practicable, and in any event no later than five (5) business days after the public announcement, if the Contractor enters into any agreement that results in an assignment of this Agreement through a merger, sale, change of control, or other transfer of substantially all the assets of the Contractor. Such notification shall include the details of the transaction and any changes in the management or operation of the Contractor. Failure to provide such notice shall constitute a material breach of this Agreement. The City reserves the right to terminate this Agreement in accordance with Section 15A upon receiving notice of such assignment. 19. NOTICES: All notices or other communications required under this Agreement shall be in writing and shall be given by hand -delivery or by registered or certified U.S. Mail, return receipt requested, addressed to the other party at the address indicated herein or to such other address as a party may designate by notice given as herein provided. Notice shall be deemed given on the day on Page12of79 which personally delivered; or, if by mail, on the fifth day after being posted or the date of actual receipt, whichever is earlier. TO CONTRACTOR: Riskkonnect, Inc. Attn: Chief Financial Officer 380 Interstate North Parkway SE, Suite 400 Atlanta, GA 30339 With a copy to: Riskkonnect, Inc. Attn: General Counsel 380 Interstate North Parkway SE, Suite 400 Atlanta, GA 30339 legal@riskonnect.com 20. MISCELLANEOUS PROVISIONS: TO THE CITY: Arthur Noriega V City Manager 444 SW 2nd Avenue, 10t" Floor Miami, FL 33130-1910 Annie Perez, CPPO Director /Chief Procurement Officer 444 SW 2nd Avenue, 6t" Floor Miami, FL 33130-1910 George K. Wysong III City Attorney 444 SW 2nd Avenue, 9t" Floor Miami, FL 33130-1910 A. This Agreement shall be construed and enforced according to the laws of the State of Florida. Venue in any proceedings between the parties shall be in Miami -Dade County, Florida. Each party shall bear its own attorney's fees. Each party waives any defense, whether asserted by motion, memorandum, or pleading, that the aforementioned courts are an improper or inconvenient venue. Moreover, the parties consent to the personal jurisdiction of the aforementioned courts and irrevocably waive any objections to said jurisdiction. The parties freely, knowingly irrevocably waive any rights to a jury trial in any actions or proceedings between them related to this Agreement. B. No waiver or breach of any provision of this Agreement shall constitute a waiver of any subsequent breach of the same or any other provision hereof, and no waiver shall be effective unless made in writing. C. Should any provision, paragraph, sentence, word or phrase contained in this Agreement be determined by a court of competent jurisdiction to be invalid, illegal or otherwise unenforceable under the laws of the State of Florida or the City of Miami, such provision, paragraph, sentence, word or phrase shall be deemed modified to the extent necessary in order to conform with such laws, or if not modifiable, then the same shall be deemed severable, and Page13of79 in either event, the remaining terms and provisions of this Agreement shall remain unmodified and in full force and effect or limitation of its use. D. This Agreement constitutes the sole and entire Agreement between the parties hereto. No modification or amendment hereto shall be valid unless in writing and executed by properly authorized representatives of the parties hereto. Except as otherwise set forth in Section 2 above, the City Manager shall have the sole authority to extend, amend, or modify this Agreement on behalf of the City. All changes and/or modifications to this Agreement shall be approved in advance and in writing by the Office of the City Attorney as to legal form and correctness, and executed in writing by the City and the Contractor. E. Title and paragraph headings are for convenient reference and are not a part of this Agreement. F. Nothing contained in this Agreement is any way intended to be a waiver of the limitation placed upon the Indemnitees' liability as set forth in Chapter 768, Florida Statutes. Additionally, the Indemnitees do not waive sovereign immunity, and no claim or award against the Indemnitees shall include attorney's fees, investigative costs, pre -suit or adjusting costs, or pre- judgment interest. G. If any term or provision of this Agreement, or combination of the same, is in violation of any applicable law or regulation, or is unenforceable or void for any reason, such term, provision or combination of same shall be modified or reformed by the court to the minimum extent necessary to accomplish the intention of the entire Agreement to the maximum extent allowable, under any legal form, without violating applicable law or regulation. Notwithstanding, the remainder of this Agreement shall remain binding upon the parties. This Subsection shall not apply if there is a material breach of this Agreement causing cancelation or cancellation for convenience. 21. SUCCESSORS AND ASSIGNS: This Agreement shall be binding upon the parties hereto, their heirs, executors, legal representatives, successors, or assigns. 22. INDEPENDENT CONTRACTORS: Contractor has been procured and is being engaged to provide Riskonnect Services to the City as an independent contractor, and not as an agent or employee of the City. Accordingly, neither Page14of79 Contractor, nor its employees, nor any subcontractor hired by Contractor to provide any Riskonnect Services under this Agreement shall attain, nor be entitled to, any rights or benefits under the Civil Service or Pension Ordinances of the City, nor any rights generally afforded classified or unclassified employees. Contractor further understands that Florida Workers' Compensation benefits available to employees of the City are not available to Contractor, its employees, or any subcontractor hired by Contractor to provide any Riskonnect Services hereunder, and Contractor agrees to provide or to require subcontractor(s) to provide, as applicable, workers' compensation insurance for any employee or agent of Contractor rendering Riskonnect Services to the City under this Agreement. Contractor further understands and agrees that Contractor's or subcontractors' use or entry upon City properties shall not in any way change its or their status as an independent contractor. 23. CONTINGENCY CLAUSE: Funding for this Agreement is contingent on the availability of funds and continued authorization for program activities and this Agreement is subject to amendment or termination due to lack of funds, reduction of funds, failure to allocate or appropriate funds, and/or change in applicable laws or regulations, upon thirty (30) days written notice. 24. FORCE MAJEURE: A "Force Majeure Event" shall mean an act of God, act of governmental body or military authority, fire, explosion, power failure, flood, storm, hurricane, sink hole, other natural disasters, epidemic, riot or civil disturbance, war or terrorism, sabotage, insurrection, blockade, or embargo. In the event that either party is delayed in the performance of any act or obligation pursuant to or required by this Agreement by reason of a Force Majeure Event, the time for required completion of such act or obligation shall be extended by the number of days equal to the total number of days, if any, that such party is actually delayed by such Force Majeure Event. The party seeking delay in performance shall give notice to the other party specifying the anticipated duration of the delay, and if such delay shall extend beyond the duration specified in such notice, additional notice shall be repeated no less than monthly so long as such delay due to a Force Majeure Event continues. Any party seeking delay in performance due to a Force Majeure Event shall use its best efforts to rectify any condition causing such Page15of79 delay and shall cooperate with the other party to overcome any delay that has resulted. 25. CITY NOT LIABLE FOR DELAYS: Contractor hereby understands and agrees that in no event shall the City be liable for, or responsible to Contractor or any subcontractor, or to any other person, firm, or entity for or on account of, any stoppages or delay(s) in work herein provided for, or any damages whatsoever related thereto, because of any injunction or other legal or equitable proceedings or on account of any delay(s) for any cause over which the City has no control. The City acknowledges that delays or stoppages caused directly by the City may impact the Contractor's ability to provide the Riskonnect Services and thus disclaims all liability for any damages or losses that such City -caused delays or stoppages may cause to the Riskonnect Services. 26. USE OF NAME: Contractor understands and agrees that the City is not engaged in research for advertising, sales promotion, or other publicity purposes. Contractor is allowed, within the limited scope of normal and customary marketing and promotion of its work, to use the general results of this project and the name of the City. The Contractor agrees to protect any confidential information provided by the City and will not release information of a specific nature without prior written consent of the City Manager or the City Commission. 27. NO CONFLICT OF INTEREST: Pursuant to the City of Miami Code Section 2-611, as amended ("Code"), regarding conflicts of interest, Contractor hereby certifies to the City that no individual member of Contractor, no employee, and no subcontractor under this Agreement nor any immediate family member of any of the same is also city employee or a member of any board, commission, or agency of the City. Contractor hereby represents and warrants to the City that throughout the term of this Agreement, Contractor, its employees, and its subcontractors will abide by this prohibition of the City Code. Contractor additionally agrees during the term of this Agreement not to serve as a paid Page16of79 expert witness, affiant or otherwise furnish evidence adverse to the City in a Claim brought against the City by any third party. 28. NO THIRD -PARTY BENEFICIARY: No persons other than the Contractor and the City (and their successors and assigns) Page17of79 shall have any rights whatsoever under this Agreement. 29. SURVIVAL: All obligations (including but not limited to indemnity and obligations to defend and hold harmless) and rights of any party arising during or attributable to the period prior to expiration or earlier termination of this Agreement shall survive such expiration or earlier termination. 30. TRUTH -IN -NEGOTIATION CERTIFICATION, REPRESENTATION AND WARRANTY: Contractor hereby certifies, represents and warrants to the City that on the date of Contractor's execution of this Agreement, and so long as this Agreement shall remain in full force and effect, the wage rates and other factual unit costs supporting the compensation to Contractor under this Agreement are and will continue to be accurate, complete, and current. Contractor understands, agrees and acknowledges that the City shall adjust the amount of the compensation and any additions thereto to exclude any significant sums by which the City determines the contract price of compensation hereunder was increased due to inaccurate, incomplete, or non- current wage rates and other factual unit costs. All such contract adjustments shall be made within one (1) year of the end of this Agreement, whether naturally expiring or earlier terminated pursuant to the provisions hereof. 31. COUNTERPARTS, ELECTRONIC SIGNATURES: This Agreement may be executed in counterparts, each of which shall constitute an original, but all of which, when taken together, shall constitute one and the same agreement. This Agreement may be executed in counterparts, each of which shall be an original as against either party whose signature appears thereon, but all of which taken together shall constitute but one and the same instrument. An executed facsimile or electronic scanned copy of this Agreement shall have the same force and effect as the original. The parties shall be entitled to sign and transmit an electronic signature on this Agreement (whether by facsimile, PDF or other email transmission), which signature shall be binding on the party whose name is contained therein. Any party providing an electronic signature agrees to promptly execute and deliver to the other parties an original signed Agreement upon request. Page18of79 32. ENTIRE AGREEMENT: This instrument and its exhibits constitute the sole and only agreement of the parties relating to the subject matter hereof and correctly set forth the rights, duties, and obligations of each to the other as of its date. Any prior agreements, promises, negotiations, or representations not expressly set forth in this Agreement are of no force or effect. 33. ANTITRUST VIOLATOR VENDORS. A person or an affiliate who has been placed on the antitrust violator vendor list following a conviction or being held civilly liable for an antitrust violation may not submit a bid, proposal, or reply on any agreement to provide any good or services to a public entity; may not submit a bid, proposal, or reply on any agreement with a public entity for the construction or repair of a public building or public work; may not submit a bid, proposal, or reply on leases of real property to a public entity; may not be awarded or perform work as a grantee, supplier, subcontractor, or consultant under an agreement with a public entity; and may not transact new business with a public entity. Page19of79 IN WITNESS WHEREOF, the parties hereto have caused this instrument to be executed by their respective officials thereunto duly authorized, this the day and year above written. Print Name: Title: Vet._c L.J6ck.k�11C (Corporate Seal) "Contractor" Riskonnect Clearsight, LLC, a Georgia limited liability company By: Print Name: ` 7rt r11 �� e�cti� Title: Whip (Authorized Corporate Officer) "City" CITY OF MIAMI, ATTEST: ,- Signed by: a Florida municipal corporation By: DocuSignerl EEE6F� Todd B. Hannon, By: Qvgukr Arthur Noriega V, City Manager APPROVED AS TO LEGAL FORM APPROVED AS TO INSURANCE AND CORRECTNESS: By: os ,—Docus,,ne.y (—Mr George K. Wysong Ill 24-396 City Attorney By: REQUIREMENTS: Ann -Marie Sharpe Director of Risk Management Page 20 of 79 EXHIBIT "A" RISKONNECT RENEWAL SUMMARY/Subscription Order No 1 Application Subscription Bundle User Licenses Description Quantity Page21of79 Annual Subscription Fees: $68,578.51 Data Infrastructure & Storage Subscriptions Description Quantity Data Infrastructure & Storage Subscriptions: $26,944.32 Data Subscription Description Data Subscriptions Annual Fees: USD $11,676.50 M Customer Success Services Description Quantity Customer Success Services Annual Fees: $11,788.78 Total Annual Subscription Fees for the Renewal Subscription Term Under this Order: USD4 $118,988.11 *A 3% annual price increase will be applied during the Subscription Term. Page 22 of 79 EXHIBIT "B" SCHEDULE A — SUPPLEMENTAL TERMS AND CONDITIONS (RISKONNECT CLEARSIGHT APPLICATIONS) INCLUSIVE OF EXHIBITS 1-2 SCHEDULE A SUPPLEMENTAL TERMS DEFINITIONS The capitalized terms as used herein, and not defined elsewhere within the Agreement, shall have the meanings specified below. "Affiliate" means with respect to a Party, any entity that directly or indirectly, through one or more intermediaries, controls, is controlled by or is under common control with that Party. The term "Control" (including the terms "controlled by" and "under common control with") means the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of such entity, organization, or body, whether through the ownership of voting securities or otherwise. "Annual Services" means maintenance services, other than Software Support, provided to Customer, such as maintenance change requests, training, data services, modification of data interfaces, and other such services, as set forth in the applicable Subscription Order. "Confidential Information" means all confidential and proprietary information of a Party disclosed to the other Party, whether orally, in writing or electronically, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure, including, but not limited to: • business and marketing plans, identity of clients or prospective clients; and business processes; • technology and technical information, product designs, software, source code and object code, screenshots, data models, data conversion and processing logic, formulae and processes, know- how, and show -how; • discoveries, inventions, developments, improvements, works of authorship, concepts, mask works, and ideas, or expressions thereof, whether or not subject to patents, copyright, trademark, trade secret protection or other intellectual property right protection (in the United States or elsewhere) and whether in tangible or intangible form and whether or not stored, compiled or memorialized physically, electronically, graphically, photographically or in writing; • the terms and conditions of this Agreement (including pricing); • Customer Data; and • the Riskonnect Service. • Confidential Information (except for Customer Data) shall NOT include any information that is or becomes generally known to the public without breach of any obligation owed to the other Party; was known to a Party prior to its disclosure by the other Party without breach of any obligation owed to the other Party; was independently developed by a Party without breach of any obligation owed to the other Party; or is received from a third party without breach of any obligation owed to the other Party. "Customer" means the City of Miami, Florida. Page 23 of 79 "Customer Data" means the information or material, including Customer's Confidential Information and Personal Data, that Customer and Users submit, upload, or transfer, or cause to be submitted, uploaded, or transferred to the Riskonnect Service. For clarity, Customer Data shall not include de -identified or aggregated data. "Data Protection Laws and Regulations" means all laws and regulations applicable to the processing of Personal Data under this Agreement. For clarity, the laws of China and of Russia are expressly excluded. "Disabling Code" means any programming devices (e.g., viruses, key locks, back doors, trap doors, etc.) which would (i) disrupt the use of a Riskonnect Application or any system, equipment or software to which Customer's networks are interfaced or connected; or (ii) destroy or damage data or make data inaccessible or delayed, except for file and purge routines necessary to the routine maintenance of a Riskonnect Application or other mechanisms to monitor Customer's compliance with the terms of this Agreement. "Documentation" means, in Web -based form, any manuals, user guides, technical specification documents and other instructional and reference materials generally distributed by Riskonnect regarding the Riskonnect Applications, all as updated and redistributed by Riskonnect from time to time. "Intellectual Property Rights" shall mean all copyright, patent, trademark, trade secret and other intellectual property and proprietary rights. "Licensor" means a third -party provider of products or services to Riskonnect necessary for Riskonnect to provide the Riskonnect Service, as set forth in the applicable Product Schedule, a SOW or Subscription Order. "Modeling and Analytics Services" means modeling and/or business analytics services, including hazard loss and catastrophe modeling, loss forecasting and triangles, adverse event simulation, scenario and portfolio risk analysis, decision mapping, risk bearing and risk retention tolerance analysis and insurance program evaluation analysis. "Non-Riskonnect Service Application" means a third -party or Customer -implemented product, service or application unrelated to or integrated with the Riskonnect Service. "Parties" means both Riskonnect and Customer. "Party" means either Riskonnect or Customer. Riskonnect shall mean the same as Contractor and Customer shall mean the same as the City. "Personal Data" means any data or other information that relates to an identified or identifiable individual, or as otherwise defined under Data Protection Laws and Regulations. "Product Schedule" means the additional terms applicable to the Riskonnect Service(s) licensed to Customer under this Agreement and attached to and incorporated into this Agreement as Schedule A. Page24of79 "Professional Services" means any consulting, training, implementation, configuration, Annual Services, Software Support, or other professional services provided by Riskonnect and paid by Customer pursuant to the Parent Agreement, including an applicable Statement of Work or PCO. "Riskonnect Application" means the Web -based version of the proprietary computer software programs of Riskonnect, as configured for Customer by Riskonnect, and all improvements, updates, licensed internal code, embedded third -party software, upgrades, new versions, modifications, subsequent releases, fixes, enhancements, derivative products and information used by Riskonnect in providing Customer access to the Riskonnect Service, as further described in Schedule A and as identified in an applicable Subscription Order. "Riskonnect Service" means, collectively, (i) the Riskonnect Application; (ii) Licensors' proprietary technology (including audio and visual information, documents, software, hardware, products, methods, processes, algorithms, user interfaces, know-how, techniques, designs and other tangible or intangible technical material or information); and (iii) any deliverables set forth in each Statement of Work, Subscription Order, and/or addendum. "Software Support" means support services, other than Annual Services, provided to Customer for password resets, software errors, minor bug fixes, or other support services, as more fully described in Riskonnect's Service Level Agreement available upon request. "Statement of Work" or "SOW" means a document (including any exhibits or other Supplemental Materials) on a form issued by Riskonnect signed by both Parties that specifies the Professional Services to be provided by Riskonnect to Customer, and which may include objectives, scope of work, initial implementation deliverables, and/or fees with respect to such Professional Services. The initial Statement of Work is included herein. "Subscription Order" or "Order" means a document on a form issued by Riskonnect signed by Customer that specifies the Riskonnect Applications and other subscriptions ordered by Customer and the associated fees for such subscriptions. "Supplemental Materials" means the following documents, provisions, or materials either available at a link set forth below or attached to this Agreement, all of which are incorporated into the Agreement by reference: • Riskonnect Privacy Notice attached hereto as Exhibit E; • Data Transfer Protocols attached hereto as Exhibit F; • Riskonnect Security Exhibit attached as Exhibit C; and • Other materials as may be set forth in a document signed by the Parties. During the Term, Riskonnect may not materially modify or degrade any obligation set forth in the Supplemental Materials without Customer's consent. "Upgrades" means the updates, upgrades, new versions, modifications, or subsequent releases of a Riskonnect Application that Riskonnect provides to its customers at no charge. "User" means an individual, including Customer's employees, representatives, agents or third parties employed or retained by Customer to perform services for or on behalf of Customer, who are authorized by Customer to use or access Customer's configuration of the Riskonnect Service and whom have been issued a User -ID. "User -ID" means a unique user identification and password provided or assigned to a User. Page 25 of 79 RIGHT TO USE THE RISKONNECT SERVICE; RESTRICTIONS User Access. Subject to the terms and limitations set forth in this Agreement, Riskonnect hereby grants to Customer a limited term, revocable, worldwide, non-exclusive, non-sublicensable, non -transferable (except as set forth in Section 0), right and license for Users to use Customer's configuration of the Riskonnect Service, solely for Customer's own internal business purposes. Customer shall provide the equipment and software (including obtaining any third -party software licenses) required to access the Riskonnect Service in accordance with, and to otherwise comply with, the hardware/software specifications for the Riskonnect Service. Customer shall be responsible for all maintenance and compliance with laws, if applicable, of Customer networks, equipment and system security required or appropriate in connection with the Riskonnect Service. Reserved Rights. All rights not expressly granted to Customer are reserved by Riskonnect and its Licensors. Restrictions. Customer shall not, and shall not permit any third party (including Users) to: • license, sublicense, sell, resell, rent, lease, transfer, assign, distribute, timeshare, provide on a service bureau basis or otherwise commercially exploit or make available the Riskonnect Service to any third party; • modify, copy or make a derivative work based upon the Riskonnect Service or any part of the services of Riskonnect's Licensors; • create Internet "links" to the Riskonnect Service, any part of the services of Riskonnect's Licensors, or "frame" or "mirror" the Riskonnect Service other than on Customer's own intranets or otherwise for Customer's own internal business purposes; • reverse engineer or access the Riskonnect Service, or any part of the services of Riskonnect's Licensors, in order to develop a competitive product or service, develop a product using similar ideas, features, functions or graphics of the Riskonnect Service, or copy any ideas, features, functions or graphics of the Riskonnect Service; • use or access the Riskonnect Service in a manner, or act otherwise in any manner, that could damage, disable, overburden, or impair any Riskonnect servers, or the networks connected to any Riskonnect server; • interfere with or disrupt the integrity or performance of the Riskonnect Service or the data contained therein, or any third party's use and enjoyment thereof; • attempt to gain unauthorized access to the Riskonnect Service, accounts, computer systems, or networks connected to any Riskonnect server through hacking, password mining, or any other means; • use or access the Riskonnect Service to send spam or otherwise duplicative or unsolicited messages in violation of applicable laws; • use or access the Riskonnect Service to send or store infringing, obscene, threatening, libelous, or otherwise unlawful or tortious material, including material that is harmful to children or violates third -party privacy rights; or • use or access the Riskonnect Service to send or store viruses, worms, time bombs, Trojan horses or other harmful or malicious code, files, scripts, agents, or programs. Page26of79 USERS User-IDs. No User may use the User -ID of any other User. Customer will safeguard the User ID's and other security data and methods furnished to Customer in connection with the Riskonnect Service and prevent unauthorized access to or use of the Riskonnect Service. Customer shall notify Riskonnect if it becomes aware of any unauthorized access or use of the Riskonnect Service. No User shall be engaged in the business of providing software or software -as -a -service for the management of risk, claims, or compliance matters. Customer Responsibility for Users. Customer is responsible for all Users and the activity occurring under Customer's User accounts and shall abide by all applicable local, state, national and foreign laws, treaties and regulations in connection with Customer's use of the Riskonnect Service in accordance with the terms of the Parent Agreement, including those related to data privacy, international communications and the transmission of technical, financial or personal data. Riskonnect Licensors. Customer's subscription does not include a subscription to use applications provided directly by Riskonnect's Licensors outside of the Riskonnect Service. Reserved Rights. Riskonnect reserves the right to immediately suspend access under any User ID which Riskonnect reasonably suspects poses a risk to the security of Customer Data or the Riskonnect Service, or which Riskonnect reasonably suspects of activity that is in material breach of the terms of this Agreement. DATA; PRIVACY AND SECURITY Customer Owns Customer Data. Customer owns all right, title and interest in and to the Customer Data, which shall never be deemed to be the Riskonnect Service, even if delivered or incorporated therewith. Customer shall have sole responsibility, and Riskonnect shall have no responsibility whatsoever, for the accuracy, quality, integrity, legality, reliability, appropriateness, and intellectual property ownership of Customer Data, and Riskonnect shall not review, monitor, or check the Customer Data except as instructed by Customer or as otherwise necessary to provide the Riskonnect Service to Customer. Riskonnect shall have no liability for the deletion, destruction, damage, or loss of any Customer Data by Users, or through no fault of Riskonnect or its Licensors, without limiting Riskonnect's obligations to comply with its data backup practices. Safeguards. • Riskonnect shall maintain and handle all Customer Data with commercially reasonable physical, electronic, and procedural safeguards to protect and preserve the confidentiality and security of Customer Data in accordance with (1) Data Protection Laws and Regulations; and (2) the Riskonnect Security Exhibit; (3) Riskonnect Privacy Notice set forth in the Supplemental Materials. • Riskonnect shall not license, transmit or disclose Customer Data to any third party, except to (i) Riskonnect's and Affiliates' employees and contractors who are subject to written confidentiality requirements no less restrictive than those contained herein, (ii) Riskonnect Licensors, (iii) as required by applicable law, regulation or rule, and (iv) Users. • Regardless of location of storage or access of Customer Data, Riskonnect and Affiliate employees and contractors will deploy the same data protection safeguards in compliance with the terms and conditions of this Agreement and in compliance with Data Protection Laws and Regulations. Page 27 of 79 • Riskonnect will not sell Customer Data to any third party. Integration of Non-Riskonnect Service Applications. In the event Customer acquires, licenses or otherwise obtains a Non-Riskonnect Service Application, any exchange of data between Customer and any third -party provider of a Non-Riskonnect Service Application is solely between Customer and such third party. Riskonnect provides no warranties or support for Non-Riskonnect Service Applications. CONFIDENTIALITY Standard of Care. Subject to Florida's Public Records Law, each Party acknowledges and agrees that during the Term it may be furnished with or otherwise have access to Confidential Information of the other Party. In fulfilling its obligations under this Section 0, the Party receiving Confidential Information ("Receiving Party"), shall exercise the same degree of care and protection with respect to the Confidential Information of the Party disclosing Confidential Information to Receiving Party ("Disclosing Party") that it exercises with respect to its own Confidential Information, but in no event shall Receiving Party exercise less than a reasonable standard of care. Receiving Party shall only use, access, and disclose Confidential Information as necessary to fulfill its obligations or in exercise of its rights expressly granted under this Agreement. Receiving Party shall not directly or indirectly disclose, sell, copy, distribute, republish, create derivative works from, demonstrate or allow any third party to access any of Disclosing Party's Confidential Information; provided, however, that: • Receiving Party may disclose Disclosing Party's Confidential Information to Receiving Party's Affiliates who have a need to know; and • Riskonnect shall have a right to disclose Customer's Confidential Information to Customer's Affiliates and Users and Riskonnect's employees, Licensors, and other agents; and • All use of the Disclosing Party's Confidential Information shall be subject to all the restrictions set forth in this Agreement; and • Receiving Party may disclose Confidential Information that is not Customer Data or the Riskonnect Application to attorneys, agents and consultants who need to know the Confidential Information to enable such Party to perform under this Agreement and who have previously agreed to be bound by confidentiality obligations no less stringent than those in this Agreement. Compelled Disclosure. If a Receiving Party is compelled by law to disclose Confidential Information of Disclosing Party, it shall provide Disclosing Party with prior notice of such compelled disclosure to the extent legally permitted and reasonable assistance, at Disclosing Party's cost, if Disclosing Party wishes to contest the disclosure. Right to Seek Injunction. If a Receiving Party discloses or uses (or threatens to disclose or use) any Confidential Information of Disclosing Party in breach of confidentiality protections hereunder, Disclosing Party shall have the right, in addition to any other remedies available to it, to seek injunctive relief to enjoin such acts, it being specifically acknowledged by the Parties that any other available remedies are inadequate. INTELLECTUAL PROPERTY Proprietary Rights. As between Customer and Riskonnect, Riskonnect (and the Licensors, where applicable) is the exclusive owner of all right, title and interest, including all related Intellectual Property Page28of79 Rights, in and to the Riskonnect Service, including without limitation any modifications, updates, revisions or enhancements thereto and any suggestions, ideas, enhancement requests, feedback, recommendations or other information provided by Customer or Users, and regardless of any participation or collaboration by Customer in the design, development or implementation of the Riskonnect Service. No title or ownership of Intellectual Property Rights in and to the Riskonnect Service, or any component thereof, is transferred to Customer, its Affiliates or any third parties hereunder. To the extent that any such Intellectual Property Rights do not otherwise vest in Riskonnect or its Licensors, Customer hereby assigns such Intellectual Property Rights to Riskonnect or its Licensors and agree to take steps reasonably necessary to perfect Riskonnect's or its Licensors' ownership thereof, without additional consideration of any kind. Proprietary Notices. Customer shall not remove any copyright, patent, trademark or other proprietary or restrictive notice or legend contained in the Riskonnect Service, and Customer shall reproduce all such notices and legends on all copies of the Riskonnect Service that are permitted to be made hereunder. Customer further agrees to reasonably cooperate with and assist Riskonnect (at Riskonnect's sole expense) in protecting, enforcing, and defending Riskonnect's rights in and to the Riskonnect Service. FEES AND PAYMENTS Fees. Customer shall pay to Riskonnect the fees as set forth in an applicable Subscription Order and/or Statement of Work. Fees for additional services or expenses, if any, will be invoiced monthly as incurred. Expenses. Customer may reimburse Riskonnect for all reasonable, documented out of pocket travel, lodging, meal, and other expenses incurred by Riskonnect in the course of performing the Professional Services. Travel expense must be approved by the City and billed at cost in accordance with the City of Miami's per diem guidelines. Payments. All undisputed Fees under this Agreement shall be payable by Customer pursuant to and in accordance with any payment schedule set forth in a Subscription Order and/or Statement of Work. Invoices shall be issued by Riskonnect or its Affiliates, as appropriate. Late Payment. Payments remitted after 45 days after due date on any undisputed portion of an invoice shall bear interest in accordance with §§ 218.70 — 218.80, Florida Statutes. If Customer does not pay an invoice 60 days after its due date, Riskonnect may at its sole discretion suspend Customer's services or terminate this Agreement. Upon termination for non-payment, this Agreement and all of Customer's rights hereunder will terminate without further notice. Fees Generally. Except as otherwise agreed in writing, Customer acknowledges and agrees that: • fees are set forth in a Subscription Order or Statement of Work and not based on actual usage; • except as set forth in Sections 12.3.4 and 8.5.2, all payment obligations are non -cancelable, and all fees paid are non-refundable; • All fees shall be paid in United States Dollars; and • Subject to applicable Data Protection and Privacy Laws, Riskonnect reserves the right to refuse to perform any Professional Services, including but not limited to extraction of Customer Data, should the Customer have any unpaid invoices. Customer Billing Obligations. Customer shall provide Riskonnect with complete and accurate billing and billing contact information, including Customer's legal name, street address, name and telephone number Page 29 of 79 and -email address of an authorized billing contact, and any applicable tax exemption certificate number. Customer shall update this information within 30 days of any change by emailing billing@riskonnect.com. TERM AND TERMINATION. Term of the Agreement. The Term shall commence as indicated in the Agreement. Termination by Riskonnect for User Breach. In addition to any other rights granted to Riskonnect herein or under law, Riskonnect reserves the right, upon written notice to Customer, to (i) terminate this Agreement; (ii) terminate subscriptions, in whole or in part; and/or (iii) suspend Customer's access to and use of the Riskonnect Service due to Customer's failure to cause a User to comply with the terms of this Agreement. Unless otherwise agreed in a Statement of Work, should Customer terminate this Agreement for Riskonnect's uncured material breach under the Agreement, Riskonnect shall refund Customer any pre- paid, pro -rated fees to the extent Riskonnect receives a refund from an applicable Licensors. PROFESSIONAL SERVICES Professional Services. During the Term, Riskonnect shall perform the Professional Services set forth in the applicable Statement(s) of Work in accordance with the terms of this Agreement. SUPPORT Support. Riskonnect shall provide the following support services to Customer: • Software Support in accordance with the Service Level Agreement; and • Annual Services for the number of hours per year if purchased and included in an applicable Subscription Order. If Customer exceeds the number of Annual Service hours in a given year, then Riskonnect shall notify Customer and upon written agreement for the purchase of more Annual Service Hours, invoice Customer for those additional hours used at Riskonnect's then current hourly rate for such Annual Service hours, and Customer agrees to pay in accordance with this Agreement. All Annual Service hours must be used within the applicable year and are not available in a subsequent year. Limitations. Riskonnect will not provide any support required as a result of, or with respect to, Customer's operating systems, networks, hardware, or other related equipment, or for Customer's or any of its Users' use of the Riskonnect Service other than in accordance with the applicable Statement of Work and Documentation or as otherwise permitted under this Agreement. LIMITED WARRANTIES AND DISCLAIMER. Application Warranty. Riskonnect warrants that a Riskonnect Application will perform in all material respects in accordance with the Documentation when used in accordance with the terms of this Agreement. Application Warranty Remedy. Customer's sole remedy for any breach by Riskonnect of the warranty provided in this Section shall be repair or replacement of the nonconforming functionality in the Riskonnect Application caused by Riskonnect, at Riskonnect's sole expense, as described herein. If Page 30of79 Customer discovers that any functionality in the Riskonnect Application fails to conform to the warranty provided in this Section , Customer shall give Riskonnect written notice of such nonconformity no later than 30 days after delivery of the Riskonnect Application or component thereof to Customer. Virus Warranty. Riskonnect warrants that, to the best of Riskonnect's knowledge, prior to its access by Customer, the Riskonnect Application does not contain any Disabling Code. Riskonnect will apply commercially reasonable practices and security procedures to avoid insertion of Disabling Code into the Riskonnect Application and, as Customer's sole remedy, Riskonnect shall remove any such Disabling Code so inserted at Riskonnect's cost and expense should Customer not be in breach of its warranty under this Section. RISKONNECT WARRANTY DISCLAIMERS. EXCEPT AS OTHERWISE EXPRESSLY STATED IN THIS AGREEMENT, RISKONNECT MAKES NO WARRANTY OR REPRESENTATION WHATSOEVER, EITHER EXPRESS OR IMPLIED, WITH RESPECT TO THE RISKONNECT SERVICE OR ANY PROFESSIONAL SERVICES PROVIDED UNDER THIS AGREEMENT, INCLUDING QUALITY, PERFORMANCE, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON -INFRINGEMENT. NO RISKONNECT AGENT OR EMPLOYEE IS AUTHORIZED TO MAKE ANY EXPANSION, MODIFICATION OR ADDITION TO THIS LIMITATION AND EXCLUSION OF WARRANTIES IN THIS AGREEMENT. • Customer agrees and acknowledges that Riskonnect and its Affiliates shall not be responsible for any acts, omissions, delays, inaccuracies, errors or any other failure caused by Customer, its Affiliates or any Users' computer systems, hardware or software, including through interfaces with third -party software, or any inaccuracies that such systems may cause within the Riskonnect Service; any inaccuracies in or failures of a Riskonnect Application to conform to the Documentation arising out of the use of a version or release of a Riskonnect Application other than the most recent version or release provided by Riskonnect; any data that Riskonnect receives from Customer or third -party sources, including the data's accuracy or completeness; Customer's claim handling decisions; Customer's failure to encrypt Customer Data; Customer's failure to use available security features within the Riskonnect Service; or, the Riskonnect Service to the extent it is modified by anyone other than Riskonnect. • To the extent the Riskonnect Service uses Internet systems to transmit data or communications, Riskonnect disclaims any liability for interception of any such data or communications, including of encrypted data not solely due to Riskonnect's breach of its obligations hereunder. • Customer agrees that Riskonnect shall have no responsibility or liability for any damages arising in connection with access to or use of the Riskonnect Service by Customer, its Affiliates, or Users other than as authorized by this Agreement. • Riskonnect is also not responsible for the security, reliability or continued availability of the telephone lines and equipment outside of Riskonnect's direct control used to access a Riskonnect Service. Customer's Warranties. Customer warrants that: • Customer owns all right, title, and interest in and to, or otherwise has the right to grant the use of Customer Data and associated Intellectual Property Rights as set forth in this Agreement; Page31of79 • Customer, and such other third parties used by Customer, are authorized to collect, use and disclose the Customer Data to Riskonnect for use and storage pursuant to this Agreement; • such disclosure, use or storage does not and shall not violate applicable law or, if applicable, any Customer agreements with, or privacy notices to, individuals with respect to whom the Customer Data relates; and • Customer use commercially reasonable practices to avoid insertion of Disabling Code into Customer Data or the Riskonnect Service. INDEMNIFICATION — N/A LIMITATIONS OF LIABILITY —N/A GENERAL Database Information. From time -to -time Riskonnect or its Affiliates may compile databases of risk management information that it may market to Customer and other customers of Riskonnect. Subject to Riskonnect's confidentiality obligations set forth herein, Customer agrees that Riskonnect or its Affiliates may use de -identified and/or aggregated Customer Data for these purposes. Modeling and Analytics. Riskonnect may provide Customer with Modeling and Analytics Services. The Modeling and Analytics Services will be based upon a number of assumptions, conditions and factors. If any of them or any information provided to Riskonnect is inaccurate or incomplete or should change, the Modeling and Analytics Services provided by Riskonnect could be materially affected. The Modeling and Analytics Services are subject to inherent uncertainty, and actual results may differ materially from that projected by Riskonnect. These services are provided solely for the Customer's benefit, and do not constitute, and are not intended to be a substitute for, actuarial, accounting, or legal advice. Riskonnect shall have no liability to any third party in connection with the Modeling and Analytics Services or to Customer with regard to such services performed or provided by a third party. Export Control. Riskonnect and Customer shall comply with the export laws and regulations of the United States and other applicable jurisdictions in providing and using the Riskonnect Service and Professional Services. Without limiting the foregoing, each Party represents that it is not named on any U.S. Page 32 of 79 government denied party list. Customer shall not permit Users to access or use the Riskonnect Service in a U.S.-embargoed country or in violation of any U.S. export law or regulation. Compliance with Anti -Bribery Laws. • Each party acknowledges that it is aware of, understands and has complied and will comply with, all applicable U.S. and foreign anti -corruption laws, including without limitation, the U.S. Foreign Corrupt Practices Act of 1977 and the U.K. Bribery Act of 2010, and similarly applicable anti- corruption and anti -bribery laws ("Anti -Corruption Laws"). Each party agrees that no one acting on its behalf will give, offer, agree or promise to give, or authorize the giving directly or indirectly, of any money or other thing of value, including travel, entertainment, or gifts, to anyone as an unlawful inducement or reward for favorable action or forbearance from action or the exercise of unlawful influence (a) to any governmental official or employee (including employees of government -owned and government -controlled corporations or agencies or public international organizations), (b) to any political party, official of a political party, or candidate, (c) to an intermediary for payment to any of the foregoing, or (d) to any other person or entity in a corrupt or improper effort to obtain or retain business or any commercial advantage, such as receiving a permit or license, or directing business to any person. Improper payments, provisions, bribes, kickbacks, influence payments, or other unlawful provisions to any person are prohibited under this Agreement. Schedule A- SUPPLEMENTAL TERMS AND CONDITIONS (RISKONNECT CLEARSIGHT APPLICATIONS) The following Additional and Amended Definitions, Additional Terms and Conditions and Additional Exhibits are incorporated to the Agreement by reference to the extent Customer has subscribed to the following Riskonnect ClearSight Applications as more fully set forth on a Subscription Order and/or SOW: • Claims Administration • Claims Management • Incident Management • Insurance Management • Physician Administration • Risk Identification • Risk Mitigation • Enterprise All capitalized terms used but not otherwise defined in this Schedule A have the meanings set forth in the General Terms and Conditions, except as and to the extent amended below. Additional and Amended Definitions: "Supplemental Materials" shall also include the Riskonnect ClearSight Exhibits for the EDI solution, Medicare Section 111 Solution (CMS Solution), and Work Cover / Comcare Submissions (Applicable to Australia only). Additional Terms and Conditions. • Data Portability and Deletion. Page 33 of 79 • Prior to Termination or Expiration. Customer Data is available for download at all times through reporting capabilities included in the Application(s). Further, at any time during the Term of this Agreement, upon written request by Customer, Riskonnect shall make the Customer Data available to Customer in the Riskonnect format and layout at no cost to the Customer. • After Termination or Expiration. If this Agreement terminates for any reason, within 30 days of Customer's written request (provided that Riskonnect receives the request before the effective date of termination), Riskonnect will provide Customer Data to Customer in Riskonnect's then current standard format and layout using Customer's available Annual Service hours or at additional cost if Customer's Annual Service hours have been exhausted. Riskonnect shall thereafter delete Customer Data. Riskonnect's Data Transfer Protocols shall apply to any transfer of Customer Data under this section. Additional Exhibits The following Exhibits are incorporated into this Schedule A: Exhibit 1 to Schedule A — EDI Exhibit 2 to Schedule A — Medicare Section 111 Solution (CMS Solution) Page34of79 EXHIBIT 1 TO SCHEDULE A EDI Riskonnect ClearSight Enterprise Edition supports IAIABC standards EDI releases 1, 2 and 3, as required by the applicable state. EDI States included for Customer are set forth in the applicable Statement(s) of Work. Configuration of additional states may require additional fees and/or erode the Annual Service hours. Riskonnect is not responsible for maintaining claim and payment data in compliance with state requirements. SaaS Application will provide basic functionality that will allow Customer to transmit EDI data to jurisdictions via the Riskonnect ClearSight Data Router or a third -party clearinghouse/data router. Riskonnect is not responsible for accuracy of Customer Data contained in submissions or for the initiation of the transmission processes. Riskonnect will not provide services/EDI transmission related to proof of coverage. States limit acceptance of EDI transmissions through particular vendors or through particular mechanisms. If Customer will be using the SaaS Application EDI functionality for states that accept EDI transmissions only from particular vendors other than Riskonnect or through mechanisms other than those offered by Riskonnect, Customer will be responsible for establishing and maintaining a relationship with such vendors or otherwise arranging for transmission from the SaaS Application through such mechanisms. In these cases, Riskonnect shall not have responsibility for transmissions to or from the state. SaaS Application functionality will then be configured to permit transmission to and from such vendors or through such mechanism. Riskonnect shall have no responsibility for the services or products, or transmission provided by such vendors. If EDI transmissions are made through a third -party vendor, Customer is responsible for providing Riskonnect with necessary third -party authorizations and the user ID and password to access the Customer's account to permit for delivery and receipt of files to that vendor from the SaaS Application. As part of the initial setup, Riskonnect will deploy and configure the standard EDI (FROI/SROI) module, set up the transmission method (according to state requirements) and set up the transmission schedule. Riskonnect will assist Customer during state acceptance testing period but is not responsible for training Customer on state requirements or for creating test plans based on state requirements. Customer will be required to establish trading partner agreements with all jurisdictions prior to state testing. The data elements of the FROI/SROI EDI transmission will reside in a holding table in the SaaS Application database until the data is sent (as set forth below) to the state's EDI data warehouse. Customer is responsible for: • entry and accuracy of all EDI data entered in the system and for meeting state requirements; marking EDI transmissions in the SaaS Application with a status of "Mark to Send" when transmissions are ready to be submitted to the state; and • understanding the timing originally set up at the time of implementation related to when EDI transmissions will be processed and sent to the State(s). Riskonnect requires Customer to maintain remote access to streamline the testing process and allow Riskonnect to perform services related to EDI under this Exhibit. If Customer disables remote assess, Customer will incur additional remote and/or telephonic assistance hours and will be responsible for additional fees incurred as a result of such additional assistance hours. Riskonnect recommends that Customer transmits claims daily. Riskonnect shall not be responsible for any state, Customer or third -party system failures or connectivity issues which may result in failures to transmit Customer's transactions within the state's required time frames. Page 35 of 79 Customer is responsible for: • claims administration, claims decisions and business decisions related to data that is tracked in the SaaS Application and transmitted to the state; and • ensuring that data is populated in the SaaS Application in accordance with state rules, including ensuring that data is available for all data elements/fields required by the state. All changes to the setup of this feature after completion of state acceptance testing will be applied against ongoing service hours. Riskonnect is not responsible for any third -party fees or state penalties related to state EDI requirements. Page36of79 EXHIBIT 2 TO SCHEDULE A Medicare Section 111 Solution (CMS Solution) 1.0 Medicare Section 111 Solution Elements 1.1 Solution Options The Medicare Section 111 Solution (the "Solution") provided by Riskonnect includes several options to aid Customer in compliance with The Medicare, Medicaid, and SCHIP Extension Act of 2007 ("SCHIP"): • Option 1 (Comprehensive Solution): A comprehensive solution wherein Riskonnect and a Strategic Service Provider (SSP) will facilitate the full cycle of reporting Medicare beneficiary data to Centers for Medicare and Medicaid Services (CMS). • Option 2 (Claims/Eligibility Data Export): A solution for Customers who prefer to work with their own Reporting Agent (RA) or method for reporting Medicare beneficiary data to CMS and can choose to receive a standard data export from Riskonnect ClearSight applications. • Alternate Reporting Agent Option: A solution wherein Riskonnect and a Strategic Service Provider (SSP) will facilitate exporting CMS data and receiving responses from an Alternate Reporting Agent who will serve as the Reporting Agent (RA) for the Customer. The Alternate Reporting Agent (not Riskonnect or the SSP) will facilitate reporting Medicare beneficiary data to Centers for Medicare and Medicaid Services (CMS). Neither Riskonnect nor SSP shall be responsible for any actions or omissions of the Alternate Reporting Agent. Unless specified otherwise, the Medicare Section 111 Solution Elements as defined in Section 1.1 of this Appendix apply to all options. 1.2 Supported Riskonnect ClearSight Software and Upgrade Requirements The Solution is only supported by the following Riskonnect ClearSight proprietary software packages and versions (the "Supported Software"): • Riskonnect ClearSight Enterprise In the event that Customer is not currently licensing the Supported Software, Customer will not be able to use the Solution without upgrading or migrating to the Supported Software. Any such upgrade or migration is not included in the scope of the Solution. 1.3 CMS Data Elements CMS has identified data element requirements for the purpose of standardizing the process of mandatory reporting under Section 111 of SCHIP (the "CMS Data Elements"). This includes standardized data fields, history and response elements as outlined in the MMSEA Section 111 Medicare Secondary Payer Mandatory Reporting Liability Insurance (Including Self -Insurance), No -Fault Insurance, and Workers' Compensation USER GUIDE (the "CMS User Manual"), as supplemented and amended by CMS. The CMS User Manual is available at the following link: http://www.cros.gov/Medicare/Coordination-of-Benefits-and-Recovery/Mandatory-I nsurer-Reporting- For-Non-Group-Health-Plans/NGHP-User-Guide/NGHP-User-Guide.html 37 Riskonnect shall provide a repository within the Supported Software to store the CMS Data Elements. This repository shall house CMS Data Elements that Customer cannot accommodate within core tables in the Supported Software. In order to capture this data in the CMS Data Elements repository, workflow changes may be required by Customer. Capabilities to assign default data element values and handle data element modifications such as parsing Claimant Name into first name / last name and eliminating dashes in Social Security Numbers will be available within the Section 111 Data Mapping Tool (described below). Customer may wish to define multiple Responsible Reporting Entity (RRE) IDs within the Solution. Customers may define RRE IDs at the following levels only: • Customer, Coverage, Location, Policy • The following combinations only are supported for RRE ID definition: o Customer o Customer, Coverage o Customer, Coverage, Policy o Customer, Coverage, Location o Claim Level Assumptions: • RRE ID definition at levels other than those identified above will require customization at an additional fee 1.4 Section 111 Data Mapping Tool Riskonnect shall provide a data mapping tool to map both data elements and codes to the CMS Data Elements. Assumptions: • Mapping for Customers who use Professional Edition and Riskonnect ClearSight Enterprise — Mapping will be limited to data elements that reside in the following core tables: Claim (including extended tables), Location, Rolodex / Contact, and Policy for each RRE identified by Customer 1.5 Riskonnect ClearSight Medicare Section 111 Solution Module The Riskonnect ClearSight Medicare Section 111 Solution Module includes a claim user interface ("Standard Section 111 Tab"), data structure, and logic processes required to capture and manage mapped CMS Data Elements for export to CMS. The Riskonnect ClearSight Section 111 Solution Module includes all CMS Data Elements as defined by CMS. Implementation During implementation, Riskonnect and/or Customer will deploy and configure the Solution as described in the corresponding Statement of Work. Duration and effort for implementation will vary depending on the specific implementation requirements of Customer, as reflected in specifications mutually agreed to by the parties. Riskonnect will work with Customer to deploy the Standard Section 111 Tab to Customer's licensed version of the Supported Software and will provide a process to map any existing fields and codes in Customer's licensed version of the Supported Software to the CMS Data Elements as provided for in the corresponding Statement of Work. Riskonnect is not responsible for any of Customer's obligations to 38 CMS under the requirements of SCHIP or for any failure of the Customer to provide the data elements required by CMS. Any system configuration services or changes required to comply with any CMS guidance issued under SCHIP ("CMS Section 111 requirements") will be billed as incurred at Riskonnect's then current rates or erode existing Annual Service hours. Examples of system configuration services or changes that are not included in the scope of the Solution include, but are not limited to, the following: • • • • • • • • • Modifications to existing system configuration, codes, and screen design Creation of or modification to event notifications or validations for workflow purposes Changes to system security as a result of CMS Section 111 requirements Future configuration changes resulting from modifications to the existing CMS Section 111 requirements Modifications to data conversions occurring as a result of CMS Section 111 requirements Working meetings or project management efforts by Riskonnect staff to coordinate to existing configuration modification Changes required to transfer data to or from third -party sources Custom programming work or changes to existing custom programming or reports Assistance from Riskonnect with any Customer testing required by CMS under SCHIP Implementation will be considered complete once the Solution has been deployed, configured, tested and moved into production with SSP. 2.0 Option 1 (Comprehensive Solution) Specific Information 2.1 Strategic Service Provider ExamWorks Clinical Solutions, LLC, as successor in interest to Gould & Lamb, LLC ("ExamWorks") is Riskonnect's designated Strategic Service Provider (SSP) for the Solution. More information about the SSP may be found at www.examworks-cs.com. Customer acknowledges and agrees that Customer shall designate ExamWorks as its Reporting Agent at the time of RRE Registration with CMS as required by SCHIP. In the event that Customer is not an RRE, Customer shall ensure that its customers that are RREs (the "Customer's RREs") are registered as such on the CMS Coordination of Benefits Secure Website (COBSW) and designate ExamWorks as RA at RRE Registration with CMS as required by SCHIP. Customer acknowledges and agrees that Customer shall deliver to SSP the required reporting information and CMS - defined reporting date as provided by CMS during the registration process. In the event Customer enters into a SOW after RRE registration, Customer will take all necessary steps required by CMS, such as designating ExamWorks as the Customer's RA with CMS as required by SCHIP. SSP shall assign Customer a Single Point of Contact (SPOC) as well as an Account Manager to facilitate the reporting process to CMS. Responsibilities include, but are not limited to, issue resolution and training. Customer acknowledges and agrees that ExamWorks shall be solely responsible for submitting any required information to CMS received from Customer or Customer's RRE. As the SSP will submit to CMS all data provided by or on behalf of the Customer to Riskonnect via the Solution, Customer acknowledges 39 and agrees that the SSP will require access to Customer Data made available to Riskonnect by, or on behalf of, Customer and consents to the disclosure of such Customer Data to SSP by Riskonnect. The SSP may, upon Customer's consent, offer additional services to Customer. Customer shall enter into a separate agreement with the SSP for any such additional services. Riskonnect shall not be responsible for any obligations in connection with such separate agreement between Customer and the SSP. In the event that the SSP services provided under the applicable Statement of Work are terminated either because the SSP designated in this Appendix has ceased supporting CMS reporting or for other reasons, Riskonnect shall provide to Customer the option of entering into a new or amended Statement of Work for the performance of Claims/Eligibility Data Export Services (Option 2) and shall use commercially reasonable best efforts to find an alternative SSP. Unless Customer elects to enter into a new or amended Statement of Work for Claims/Eligibility Data Export Services, Customer acknowledges and agrees that it shall designate an alternative SSP provided by Riskonnect as its RA and that such alternative SSP shall be solely responsible for submitting any required information to CMS received from Customer or Customer's RREs. In the event Customer enters into a new or amended Statement of Work for Claims/Eligibility Data Export Services, Riskonnect shall have the right to terminate the services for the Option 1 (Comprehensive Solution). Customer may elect to utilize a Customer Data Provider as its data provider for CMS Data Elements and may also elect to utilize the Solution to submit data to CMS on behalf of its Customer Data Provider. Customer shall be responsible for all CMS data element data quality and exchange of information with Customer Data Provider related to CMS data elements; Riskonnect bears no responsibility for data transfer to Customer Data Provider or quality of data received from Customer Data Provider. Riskonnect recommends that Customer increase frequency of data updates from Customer Data Provider to a minimum of weekly to best facilitate data transfer to the SSP where Customer will utilize Riskonnect ClearSight's Comprehensive Solution (Option 1) to submit data to CMS on behalf of their Customer Data Provider. 2.2 Riskonnect ClearSight Medicare Section 111 Solution Modulefor Option 1 In addition to the elements defined above, the Section 111 Module for Option 1 includes the following: • Response codes from the SSP processing / result files • All data required to facilitate exports to and imports from SSP 2.3 Post -Implementation Functionality/ Workflow Riskonnect shall submit CMS Data Elements provided by Customer or Customer's Data Provider to the SSP on a scheduled weekly basis. Riskonnect is not responsible for the accuracy of any CMS Data Elements or for ensuring that such CMS Data Elements comply with CMS Section 111 requirements. SSP shall submit the Claim Input file transmissions provided by Customer (consisting of all CMS Data Elements provided by Customer or Customer Data Provider to Riskonnect) to CMS on a quarterly basis within Customer's CMS -assigned quarterly submission. CMS shall submit a response regarding the quarterly Claim Input file transmission to SSP. The response from CMS shall be processed by the SSP and submitted to Riskonnect. SSP shall also notify Customer by e-mail that a response has been submitted to Riskonnect. Such results shall be available for Customer's 40 review within the Supported Software, and Customer is responsible for review of and required action on all such results within five (5) business days of receipt of the e-mail notification from SSP. SSP shall submit Medicare Eligibility queries to CMS on a monthly basis in order to verify whether injured parties reported in the CMS Data Elements are eligible for Medicare coverage. CMS shall submit a response regarding the monthly Medicare eligibility check to SSP. Response shall be processed by the SSP and supplied back to Riskonnect via the weekly transmission process between Riskonnect and SSP. Customer must respond to and correct all errors received in response files from the SSP within five (5) business days of receipt of the e-mail notification from SSP. 2.4 Data Transmissions from Riskonnect to SSP for ASP Customers Data transmissions to SSP for ASP Customers include weekly Claim Input file transmission and weekly Medicare Eligibility file transmission for each RRE for which Customer sets up mapping in the Riskonnect ClearSight Medicare Section 111 Solution Module of Supported Software as described in this Exhibit. The Claim Input file is based on Section 111 specifications. The claim detail, auxiliary, and TIN reference records are denormalized into a single claim record with additional fields required by SSP to manage system administration and compliance. The Medicare Eligibility file is used for submitting claims to test for Medicare eligibility. It includes injured party information required to check Medicare eligibility with CMS. 2.5 Receipt of Data Imports by Riskonnect from SSP for ASP Customers Data imports from SSP include a Claim Result file, a Claim Status file, and a Section 111 Response file for each RRE as identified in the RRE Appendix. Relevant results are imported into the Supported Software and available for Customer's review within the Riskonnect ClearSight Medicare Section 111 Solution Module. This deliverable includes weekly transmission from SSP to Riskonnect of the Claim Result file and Claim Status file, as well as quarterly transmission from SSP to Riskonnect of the Section 111 Response file. A Claim Result file is created automatically for each weekly submission to SSP. This file contains records that were not processed by the SSP due to errors. A Claim Status file is provided weekly by SSP for each RRE and contains claim validation, eligibility, and compliance updates for all claims currently in the SSP's application for the Customer. The Section 111 Response file is provided by CMS for each RRE within forty- five (45) days of receipt of a Section 111 required submission and TIN Reference file. CMS Claim Response data are provided to Customer in the Section 111 Response File received from SSP. 3.0 Option 2 (Claims/Eligibility Data Export) Specific Information 3.1 Post -Implementation Functionality /Workflow Riskonnect shall submit CMS Data Elements provided by Customer or Customer Data Provider to the Customer or to Reporting Agent designated by Customer on a scheduled weekly basis. Riskonnect is not responsible for the accuracy of any CMS Data Elements or for ensuring that such CMS Data Elements comply with the Section 111 requirements issued by CMS. 41 Customer may elect to utilize a Customer Data Provider as their data provider for CMS Data Elements and may also elect to utilize the Solution to submit data to CMS on behalf of their Customer Data Provider. Customer must maintain all responsibility for CMS data element data quality and exchange of information with Customer Data Provider related to CMS data elements; Riskonnect bears no responsibility for data transfer to Customer Data Provider or quality of data received from Customer Data Provider. Riskonnect recommends that Customer increase frequency of data updates from Customer Data Provider to a minimum of weekly to best facilitate data transfer to CMS on behalf of their Customer Data Provider. 3.2 Assumptions: • Riskonnect will not make changes to the standard export file layouts. Changes to the layout that are not initiated by Riskonnect will require an additional fee. • Option 2 is export only and does not include an import of Section 111 Response file or Medicare Eligibility Response file. • Customer is responsible for data in the Supported Software, including identification and resolution of all claim data errors related to the Section 111 reporting process. • Customer is responsible for any fees levied by CMS due to data errors in the Supported Software. • Where Riskonnect needs to participate in error resolution, time spent on those activities will be billed as incurred at Riskonnect then current rates or erode existing Annual Service hours. • Riskonnect will make changes to the file layout as needed to support changes to the CMS reporting requirements. Riskonnect will provide advance warning of those changes to Customer. Customer is responsible for coordinating change management with Customer's Solution or Customer's Reporting Agent. 3.3 Data Transmissions from Riskonnect to Customer's Solution or Customer's Reporting Agent for ASP Customers Riskonnect will transmit export file(s) in the Riskonnect ClearSight standard export layout to Customer's Solution or Customer Agent's FTP site via Secure FTP. Export files include: • Weekly claim detail, including TIN reference data file which includes claims with (a) non -closed status, (b) financial activity within the last quarter, or (c) are Medicare eligible, will be included in this file export. • (OPTIONAL) Weekly Medicare Eligibility Query data file. Eligibility determination must be manually entered into the claims database. Standard layout definition will be made available to customers selecting this option. • Alternate Reporting Agent Delivery Option —Specific Information 3.4 Strategic Service Provider ExamWorks Clinical Solutions, LLC, as successor in interest to Gould & Lamb, LLC ("ExamWorks") is Riskonnect's designated Strategic Service Provider (SSP) for the Solution. More information about the SSP may be found at www.examworks-cs.com. Customer acknowledges and agrees that Customer shall notify Riskonnect and the SSP with the identity of its Alternate Reporting Agent or the Alternate Reporting Agent for its customers that are RREs (the "Customer's RREs"). 42 SSP shall assign Customer a Single Point of Contact (SPOC) as well as an Account Manager to facilitate the reporting process to the Alternate Reporting Agent. Responsibilities include, but are not limited to, issue resolution and training. Customer acknowledges and agrees that ExamWorks shall be solely responsible for submitting any required information to Alternate Reporting Agent received from Customer or Customer's RRE and that Alternate Reporting Agent shall be solely responsible for submitting any required information to CMS. As the SSP will submit to Alternate Reporting Agent all data provided by or on behalf of the Customer to Riskonnect via the Solution, Customer acknowledges and agrees that the SSP will require access to Customer Data made available to Riskonnect by, or on behalf of, Customer and consents to the disclosure of such Customer Data to SSP by Riskonnect. The SSP may, upon Customer's consent, offer additional services to Customer. Customer shall enter into a separate agreement with the SSP for any such additional services. Riskonnect shall not be responsible for any obligations in connection with such separate agreement between Customer and the SSP. In the event that the SSP services provided under the applicable Statement of Work are terminated either because the SSP designated in this Exhibit has ceased supporting CMS reporting or for other reasons, Riskonnect shall provide to Customer the option of entering into a new or amended Statement of Work for the performance of Claims/Eligibility Data Export Services (Option) and shall use commercially reasonable best efforts to find an alternative SSP. In the event Customer enters into a new or amended Statement of Work for Claims/Eligibility Data Export Services, Riskonnect shall have the right to terminate the services for the Alternate Reporting Agent Solution. Customer may elect to utilize a Customer Data Provider as its data provider for CMS Data Elements and may also elect to utilize the Solution to submit data to CMS on behalf of its Customer Data Provider. Customer shall be responsible for all CMS data element data quality and exchange of information with Customer Data Provider related to CMS data elements; Riskonnect bears no responsibility for data transfer to Customer Data Provider or quality of data received from Customer Data Provider. Riskonnect recommends that Customer increase frequency of data updates from Customer Data Provider to a minimum of weekly to best facilitate data transfer to the SSP where Customer will utilize Riskonnect ClearSight's Alternate Reporting Agent Solution to submit data to Alternate Reporting Agent on behalf of their Customer Data Provider. 4.0 Riskonnect ClearSightMedicare Section111Solution Modulefor AlternateReporting Agent In addition to the elements defined above, the Section 111 Module for Alternate Reporting Agent includes the following: • Response codes from the SSP processing / result files • All data required to facilitate exports to and imports from SSP 4.1 Post -Implementation Functionality / Workflow Riskonnect shall submit CMS Data Elements provided by Customer or Customer's Data Provider to the SSP on a scheduled weekly basis. Riskonnect is not responsible for the accuracy of any CMS Data Elements or for ensuring that such CMS Data Elements comply with CMS Section 111 requirements. SSP shall submit the Claim Input file transmissions provided by Customer (consisting of all CMS Data Elements provided by Customer or Customer Data Provider to Riskonnect) to Alternate Reporting Agent upon receipt from Riskonnect. 43 Neither Riskonnect nor SSP are responsible for submitting Claim Input file transmissions to CMS within Customer's CMS -assigned quarterly submission or receiving and processing CMS response files. The response received by SSP from Alternate Reporting Agent shall be processed by the SSP and submitted to Riskonnect. Such results shall be available for Customer's review within the Supported Software. Customer acknowledges and agrees that it is solely responsible for ensuring that: (1) Alternate Reporting Agent submits Medicare Eligibility queries to CMS in order to verify whether injured parties reported in the CMS Data Elements are eligible for Medicare coverage; and (2) Alternate Reporting Agent acknowledges receipt of and processes responses from CMS regarding the Medicare eligibility check. Responses received by SSP from Alternate Reporting Agent shall be processed by the SSP and supplied back to Riskonnect via the weekly transmission process between Riskonnect and SSP. 4.2 Data Transmissions from Riskonnect to SSP for ASP Customers Data transmissions to SSP for ASP Customers include weekly Claim Input file transmission and weekly Medicare Eligibility file transmission for each RRE for which Customer sets up mapping in the Riskonnect ClearSight Medicare Section 111 Solution Module of Supported Software as described in this Exhibit. The Claim Input file is based on Section 111 specifications. The claim detail, auxiliary, and TIN reference records are denormalized into a single claim record with additional fields required by SSP to manage system administration and compliance. The Medicare Eligibility file is used for submitting claims to test for Medicare eligibility. It includes injured party information required to check Medicare eligibility with CMS. 4.3 Receipt of Data Imports by Riskonnect from SSP for ASPCustomers Data imports from SSP include data provided to SSP by the Alternative Reporting Agent (which may include a Claim Result file, a Claim Status file, and a Section 111 Response file for each identified RRE). The Alternative Reporting Agent may provide additional details regarding the data it shall provide to SSP. Relevant results are imported into the Supported Software and available for Customer's review within the Riskonnect ClearSight Medicare Section 111 Solution Module. This deliverable includes weekly transmission from SSP to Riskonnect of the Claim Result file and Claim Status file, as well as quarterly transmission from SSP to Riskonnect of the Section 111 Response file returned by Alternate Reporting Agent. A Claim Result file is created automatically for each weekly submission to SSP. This file contains records that were not processed by the SSP due to errors. A Claim Status file is provided weekly by SSP for each RRE and contains claim validation, eligibility information received from Alternate Reporting Agent, and compliance updates for all claims currently in the SSP's application for the Customer. Riskonnect and SSP are not responsible for the Section 111 Response file provided by CMS to Alternative Reporting Agent for each RRE within forty-five (45) days of receipt of a Section 111 required submission and TIN Reference file. CMS Claim Response data is provided to Customer in the Section 111 Response File returned to SSP by Alternate Reporting Agent. 44 5.0 Customer Responsibilities 5.1 CMS Requirements If Customer is an RRE under CMS guidelines, Customer shall register as such on the COBSW as required by SCHIP and/or coordinate registration of their customers which may be RREs as required by SCHIP (the "RRE Registration"). Compliance with the requirements of the COBSW (and all CMS Mandatory Insurer Reporting, or Section 111, obligations generally) is solely Customer's responsibility. To ascertain its Section 111 obligations and determine whether it is an RRE, Customer should consult the CMS Section 111 website at www.cros.hhs.gov/MandatorylnsRep or such other website as CMS might provide. In the event Customer enters into a Statement of Work for the CMS Solution after RRE Registration, Customer shall provide proof of its registration as an RRE on the COBSW to Riskonnect upon the effective date of such Statement of Work and shall take all necessary steps required or provided by CMS. Customer is responsible for registration with the COBSW and designation of the applicable organization as Reporting Agent (RA) or making any changes to the designated RA as may be required by Riskonnect. Customer is responsible for providing RRE ID information to Riskonnect. 5.2 Data Elements Customer must ensure that injured party data elements and the Medicare eligibility flag contained within the CMS Data are properly captured on the base claim table for Professional Edition ("PE") and Riskonnect ClearSight Enterprise (on El records for Workers Comp claims and CI records for non -WC claims). The Solution will NOT automate the management of RRE ID assignments based on claim takeovers, deductible limits, re -insurance, stop loss insurance, excess insurance, umbrella insurance, guaranty funds, patient compensation funds, etc. Modification of data within Supported Software will be the sole responsibility of Customer to accommodate these types of business decisions. Customer will be responsible for manual entry and management of RRE assignments/changes, TPOC (Total Payment Obligation of Claimant) data, and ORM (On -going Responsibility for Medicals) data. Customer will also be responsible for correcting any data entry errors pertaining to this data entry. Customer may elect to utilize a Customer Data Provider as their data provider for CMS Data Elements and may also elect to utilize a Riskonnect ClearSight Medicare Section 111 Solution to submit data to CMS on behalf of their Customer Data Provider. Customer must maintain all responsibility for CMS data element data quality and exchange of information with Customer Data Provider related to CMS data elements; Riskonnect bears no responsibility for data transfer to Customer Data Provider. Riskonnect recommends that Customer increase frequency of data updates from Customer Data Provider to a minimum of weekly to best facilitate data transfer to CMS on behalf of their Customer Data Provider. 5.3 User Acceptance Testing Customer User Acceptance Testing is required for approval of all deliverables outlined herein. If Customer does not provide Riskonnect with feedback, the deliverable will be deemed accepted thirty (30) days after delivery. 5.4 Post Implementation Upon implementation of the Solution, Customer shall be solely responsible for: 45 • Accuracy of data required by and submitted to CMS and any damages of any nature resulting from the transmission of incorrect information • Timely entry and update of data required by CMS in the appropriate fields within the Medicare Section 111 Module • Identification and resolution of all errors in the CMS Data Elements and ensuring that the CMS Data Elements comply with the Section 111 requirements issued by CMS • Ensuring that the CMS Data Elements have been provided by Customer or Customer Data Provider for all data elements/fields required by the CMS Section 111 guidelines in a timely manner for accurate reporting to CMS • Claims administration, claims decisions and business decisions related to CMS Data Elements 6.0 Additional Terms and Conditions Riskonnect shall not be responsible for any CMS, Customer, Customer Data Provider, SSP, Alternate Reporting Agent or other third -party system failures or connectivity issues which may result in failures to transmit Customer's transactions within the CMS required time frames. Riskonnect shall not be responsible for errors or omissions, negligence of, or connectivity issues or delays by SSP or the Alternate Reporting Agent. Notwithstanding anything to the contrary in the Agreement, Riskonnect shall in no event be liable for any indirect, special, punitive, incidental, or consequential damages in any action arising from or related to any software provided or services performed in connection with the Solution, whether based in contract, tort, intended conduct or otherwise. In the event that the SSP changes its fees to Riskonnect, Riskonnect shall notify Customer in writing within thirty (30) days of Riskonnect receipt of notice regarding SSP's fee increase. Customer agrees that Riskonnect shall have the right to adjust the annual fee by the amount set forth in such notice to Customer. 46 EXHIBIT "C" RISKONNECTSECURITY EXHIBIT Riskonnect shall maintain a ISO 27001 certification during the Term of the Agreement. 47 3/25/24, 1:45 PM Service Level Agreement (SLA) for Hosted Riskonnect Services • Riskonnect OUR BLOC I CUSTOMER SUPPORT I LOGIN Gskonnect SOLUTIONS WHO WE SERVE SERVICES RESOURCES COMPANY CONTACT US SCHEDULE DEMO ❑ Service Level Agreement (SLA) for Hosted Riskonnect Services All rights reserved I Terms of Use I Privacy Policy I Sustainable Procurement Policy 48 EXHIBIT "E" RISKONNECT PRIVACY NOTICE 56 3/25/24, 1:46 PM Privacy Notice • Riskonnect nkonnect SULU I IONS WHU WE SEKVE SEKVILES KESUUKLES COMPANY LON I AL I US Privacy Notice SCHEDULE DEMO Last updated: March 21, 2024 Exhibit E - Riskonnect's Privacy Notice Riskonnect (alternatively, "we" or "us" or "our") respects the privacy of our users ("user", "your"or"you"). This Privacy Notice explains how we collect, use, disclose, and safeguard your personal data when visiting our website, using our products and services or participating in our marketing activities. Please read this Privacy Notice carefully. When providing our products and services to our customers, Riskonnect acts as a data processor with respect to the personal data obtained from our customers who act as a data controller. For additional information or how to exercise your privacy rights in connection with such personal data, please refer to the customer's privacy notice. Privacy hanges to it. Riskonnect reserves the right to update its Privacy Notice online. wthc"California Privacy Noticc"scction bclow. COLLECTION OF YOUR PERSONAL DATA Riskonnect may collect personal data about you in a variety of ways. The data collected may include your name, email address, IP address, office/cell phone number, financial information, usage and browsing data, data from social networks, geolocation data, and aggregated data. https://riskonnect.com/privacy-notice/ 1/17 You may provide personal data to us when you interact with us on behalf of your organization. We may collect, use, store and transfer different kinds of personal data https://riskonnect.com/privacy-notice/ 2/17 3/25/24, 1:46 PM Privacy Notice • Riskonnect Cris onnoct Personal data is defined as information that can be used to directly or indirectly identify 6rg easy ARUSie t6VDYR§bch 5g 'r�S acme Saf'a'gM Ni adElQ sii4s employment -related information), that is provided to Riskonnect when you interact with us. JCHEDULE DE1 , ❑ This data may be provided during activities such as social media posts, posting messages in comment sections, registering for our webinars or whitepapers, event registration, website contact forms, liking social media posts, sending feedback, or responding to our surveys. If you choose to share data about yourself via these methods, the data you disclose is either disclosed voluntarily or becomes publicly available information. Riskonnect will collect personal data when a customer purchases its product(s). This information is used to conduct business with the customer. Examples of this type of personal data are name, company address, email, phone number, financial information, and technical specifics. Riskonnect products collect personal data provided by its customers when carrying out their core functions. However, Riskonnect does not have access to this personal data. This personal data is under the control of the Riskonnect customer who collects the data. For additional information on how to exercise your privacy rights in connection with such personal data, please refer to the customer's privacy notice. Financial Data Customer financial information, such as data related to your payment method (e.g., valid credit card number, credit card details, banking information, etc.) may be collected when you subscribe, update, or discontinue the use of Riskonnect products in the performance of a contract. Usage and Browsing Data When you visit our website, we may gather data such as your IP address, browser type or the referring site. If you visit our website in response to an email, social media post or a posted article, we may gather additional data such as your employer, title, or work address https://riskonnect.com/privacy-notice/ 3/17 3/25/24, 1:46 PM Privacy Notice • Riskonnect Cris onne t VAIA II Lil II JULIOI I VC1VVLII r tgel-refkkmay M-1W froMb'ER net 6l Viites iig ac Tlce;ctiri dIn, Instagram, Pinterest, X, etc. This may include your legal name, social network username, location, gender, birth date, email address, profile picture, and any other publicly available d a t.a ,f,o r m o rd axt s,cw h e n you u "like" or "follow" us or interact with our postings or advertising. This data may also include the contact information of anyone you invite to view, comment, or follow us. The data shared with us is at the discretion of the social media network. Geolocation Data When you visit our website, we determine your country of origin from your visiting IP address. We also use GoogleAnalytics, a tool which collects additional data about your visit. Marketing In order to deliver relevant marketing content to you and to measure or understand the effectiveness of our marketing campaigns, we may collect data from you, such as your Riskonnect marketing communications preferences, the delivery method and the communication frequency. You will receive marketing communications from us if you have requested information or purchased our services, or where we think our services would be of interest to you and you have not opted out of receiving that marketing communication. For information about how to opt out of marketing communications, see the section of this Privacy Notice entitled "Options Regarding Your Data". Aggregated Data We also collect, use and disclose aggregated data such as usage, statistical or demographic data. Aggregated data could be derived from your personal data but is not considered to be personal data, as this data cannot be reasonably used to identify you directly or indirectly. For example, we may aggregate your usage data with other users to calculate the percentage of users accessing a specific website feature or page. However, if https://riskonnect.com/privacy-notice/ 4/17 3/25/24, 1:46 PM Privacy Notice • Riskonnect Crisk.onneot Personal Data Collection Methods SOLUTIONS WHO WE SERVE SERVICES RESOURCES COMPANY CONTACT US We use different methods to collect personal data from and about you, including the following: SCHEDULE DEMO ❑ Direct interactions —You provide us with your personal data by completing forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you: o Register on our website. o Register for events such as webinars or conferences. o Request information regarding our services. o Request marketing materials to be sent to you. o Request customer support. °Purchase or sell our products or services on behalf of your organization. ° Provide a business card or other contact information at our event booth. o Provide us feedback or contact us. • Automated technologies or interactions —As you interact with our website, we will automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. Please see our Cookie Policy for further details. • Third parties or publicly available sources — We may receive personal data from third parties and from publicly available information sources. The types of personal data we collect from third parties or publicly available sources other sources include identifiers, professional or employment -related information, educational information, visual information, Internet activity information, and inferences about preferences and behaviors. Your personal data is provided from sources such as the following: o Our customers. o Data brokers that collect business contact information, including mailing addresses, job titles, email addresses, phone numbers, internet-related data (or user behavior data), IP addresses, social media profiles, Linkedln URLs and custom profiles. This information is used for the purposes of targeted advertising, delivering relevant email content, event promotion, event profiling, determining eligibility, and verifying contact information. https://riskonnect.com/privacy-notice/ 5/17 3/25/24, 1:46 PM Privacy Notice • Riskonnect Cnkonnect VJL VI 1 VVI\ 1 LI %.J%JI V/"'1 V/—% 1 /—% SOLUTIONS WHO WE SERVE SERVICES RESOURCES COMPANY CONTACT US We may use the personal data collected about you to: • Create and manage your account. Fulfil i.nd manage pu Lrchases, orders, payments, and other transactions. • Generate a configuration profile about you to make your future use of our site and the use of our products and services more personalized. • Provide certain customer support services to you. • Increase the efficiency and operation of our sales and marketing operations and our products and services. • Notify you of updates and available upgrades to Riskonnect's product lineup or its software. • Provide you with the latest industry news and news about Riskonnect. • Perform other business activities as needed. Our legal basis for processing your personal data will depend on the personal data collected and the specific context in which we collect it. We process personal data from you when: • We have your consent to do so; • We have a contract with you, and it is necessary to process your personal data to perform our contract with you, including to operate our business, provide our products and services, and provide you with the benefits of our products and services; • The processing is in our legitimate business interests, such as operating our business, providing our products and services, improving and developing the services, communicating with you, marketing and advertising our products and services, to identify and protect fraud, protect you, us, or others from security threats by enhancing the security of our network and information systems, and complying with applicable laws and industry regulations; and • To comply with legal requirements, including applicable laws and regulations. DISCLOSURE OF YOUR PERSONAL DATA https://riskonnect.com/privacy-notice/ 6/17 3/25/24, 1:46 PM Privacy Notice • Riskonnect Cris .onnoct LW.,. V • I_... v........... I, S.,. u,.41 ., V. . _ 11,7 ..v.u..Iv..,,. Wegiflpilse enetatf Off( yo i EiErtidZErst h e fellottngscondittosNY CONTACT US • To respond to court or law enforcement orders or investigations. To investigate or remedy potential violations of our policies. sc o prof tie rights, property, and safety of others. In these circumstances we may disclose your personal data as permitted (or required) by any applicable law, rule, or regulation. This includes exchanging data with outside entities for the purposes of fraud protection and credit risk reduction. We may also disclose your personal data to various third parties, including as follows: Service Providers: We may disclose your personal data to our contracted service providers who provide us with services such as IT services, system administration, email delivery, hosting services, payment processing, research and analytics, marketing, customer support, and data enrichment. Event Sponsors: If you attend an event, conference, webinar organized by us, or register for an event through our website, we may disclose your personal data to sponsors of the event. If required by applicable law or regulation, you will consent to such disclosure via the registration form or by allowing your attendee badge to be scanned at a vendor's booth. In these circumstances, your personal data will be subject to the sponsor's privacy notice(s). If you do not wish for your data to be shared, you may decline to opt -in by declining the event/webinar registration or electing to not have your badge scanned. Customers with Which You Are Affiliated: If you use our services as an authorized user of one of our customers, we may disclose your personal data to that customer, who is responsible for your access to the services to the extent this is necessary for verifying accounts and activity, investigating suspicious activity, or enforcing our terms and policies. https://riskonnect.com/privacy-notice/ 7/17 3/25/24, 1:46 PM Privacy Notice • Riskonnect ris oitnect data with us so that we can better market and advertise on third -party platforms and websites. Riskonnect does not share personal data with those networks. SOLUTIONS WHO WE SERVE SERVICES RESOURCES COMPANY CONTACT US Professional Advisers: In iiJividuati w s to n c e s, we❑may disclose your personal data to professional advisers acting as service providers, processors, or joint controllers. This may include lawyers, bankers, auditors, and insurers (based in the countries where we operate) who provide us with consultancy, banking, legal, insurance and accounting services. This is only done when we are legally obligated to share, or have a legitimate interest in sharing, your personal data. Riskonnect Affiliates: We disclose your personal data internally to other affiliated entities that are controlled by Riskonnect, Inc. The data we disclose is necessary to fulfill requests you have submitted on our website. Data is also disclosed for customer support, marketing, technical operations, and account management purposes. Riskonnect's affiliates are currently located in the USA, UK, Ireland, Australia, and India. We may also disclose personal data (as part of a transaction) to third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, the new owners may not use your personal data in the same way as set out in this Privacy Notice, as further described in "Transfer of Ownership" section of this Privacy Notice below. Marketing Communications: We disclose your personal data to third parties in the execution of those duties listed in the "Marketing" section of this Privacy Notice. We use several marketing firms to place ads, conduct webinars and to gather contact information for our marketing campaigns. The contact information is developed by affiliate firms and provided to us as a service. The contact information is stored in our customer engagement tools and used for marketing outreach. Third -Party Advertisers: https://riskonnect.com/privacy-notice/ 8/17 3/25/24, 1:46 PM Privacy Notice • Riskonnect Cri konnoct Offer Wall: SOLUTIONS WHO WE SERVE SERVICES RESOURCES COMPANY CONTACT US We offer items such as e-books, industry news and whitepapers on our website in exchange for your contact information. If you provide such information, it is stored in our custrffmer relationship ma❑nagement (CRM) platform and other third -party marketing platforms that we use. Social Media Contacts: If you interact with us through social media, your data on the social media platform will be shared with us to the extent allowed by the platform. What is shared with us is at the discretion of the social media platform and in accordance with its policies. Transfer of Ownership: If we reorganize, sell all or a portion of our assets, undergo a merger, or are acquired by another entity, we may transfer your data to the successor entity. If we go out of business or cntcr bankruptcy, your data would be an ass rty. Third -Party Data Practices: We are not responsible for the actions of third parties with whom you share personal or sensitive data, and we have no authority to manage or control third -party solicitations. If you no longer wish to receive correspondence, emails or other communications from third parties, you are responsible for contacting the third party directly. TRACKING TECHNOLOGIES Cookies and Web Beacons: Cookie data is stored on your device when interacting with our website. The account information is encrypted and is stored in the browser's memory. Please refer to our Lome IUnlc on what data is collected and how to manage your preferences. Internet -Based Advertising: https://riskonnect.com/privacy-notice/ 9/17 3/25/24, 1:46 PM Privacy Notice • Riskonnect :111131 nskonn ct Website Analytics: SOLUTIONS WHO WE SERVE SERVICES RESOURCES COMPANY CONTACT US We use several tools to monitor the effectiveness of our website and your interactions with it. The data is stored in our analytic tools (e.g., Google Analytics) to help us improve the w r a'sx,rian.❑ Chat Bot: We use a website chatbot powered by Zoominfo to provide you with information and support. You acknowledge that our chatbot and Zoominfo may collect, monitor, record, and manage any information (including personal data) that you enter or certain device data and usage data automatically. In addition, your interactions with this chatbot arc also subject to Zoominfo's applicable terms of use, privacy and data collection policies. Lcarn more here: https://www.zoominfo.com/privacy center. In addition, your interactions with this chatbot are subject to Zoominfo's applicable terms and use, privacy and data collection policies. Learn more here: https://www/zoominfo.com/privacy-center. Google Analytics: We may use Google Analytics, a web analysis service provided by Google, together with other analytics services, in order to better understand your use of our website and how we can improve it. Google Analytics collects information such as how often users visit a website, what pages you visit when you do so, and what other websites you used prior to coming to such website. Google Analytics collects only the IP address assigned to you on the date you visit a website, rather than your name or other directly identifying information. We do not combine the information collected through the use of Google Analytics with your personal data. Although Google Analytics plants a persistent cookie on your web browser to identify you as a unique user the next time you visit a website, the cookie cannot be used by anyone but Google. Google Analytics uses its cookie(s) and the information Google Analytics collects to track your online activities over time and across different websites when you use our website, and other websites. Google's ability to use and share information collected by Google Analytics about your visits to our website are governed by the Google Analytics Teri 3CI VILA. and the Google PrivaLy Police.. Google may utilize the data collected to track and examine the use of our website, to prepare reports on its activities, and share them with other Google services. To more fully https://riskonnect.com/privacy-notice/ 10/17 understand how Google may use the data it collects through the website, please review "How Google Uses Information From Sites or Apps That Use Our Services" (located ). https://riskonnect.com/privacy-notice/ 11/17 3/25/24, 1:46 PM Privacy Notice • Riskonnect r1s c nne t As described above, we may collect your personal data via automated technologies via our K6Llulitimpd 19 glatas pa 66ir ctr6 i3klr§, stONI-rty ctyslaws, this may constitute a "sale" or"share" of personal data or processing for"targeted advertising". We may have "sold" or"shared" personal data, which consists of identifiers, commercial information, Internet or other electronic network activity information, and geolocation d a t ct'bilil providers and advertising partners to provide you with marketing and advertising and for internal research, analytics, and development purposes. Under certain U.S. state privacy laws, you have the right to opt -out of this disclosure of your information, which may be considered a "sale", "sharing", or "targeted advertising" under such laws. You may opt -out of this "sale" or"sharing" of your personal data or "targeted advertising" through: setting the Global Privacy Control Signal, configuring your browser to reject cookies, rejecting cookies in our cookie banner or contacting us at pi iIvd :y@riskth SECURITY OF YOUR PERSONAL DATA We use administrative, technical, and physical security measures consistent with legal and regulatory requirements to help protect your personal data. These methods are designed to protect against unlawful or unauthorized destruction, loss, alteration, use or disclosure of, or access to, your personal data. POLICY FOR CHILDREN We do not knowingly solicit data from, or market to children under the age of 13. If you become aware of any data that we or an affiliate company has collected from children under the age of 13, please contact us using the contact information provided below. CONTROLS FOR DO -NOT -TRACK FEATURES We comply with your settings. If your browser has activated the Do Not Track option, with your browser settings set to reject cookies, then we do not collect cookies from our website. OPTIONS REGARDING YOUR PERSONAL DATA https://riskonnect.com/privacy-notice/ 12/17 3/25/24, 1:46 PM Privacy Notice • Riskonnect ris Dime t hosted outside of our marketing website. The data used to access your account is not sWq()1\Rr vier_1951Ar s iv our AsE in RrAwsliTNsyourcm hr\t via 8gipAreFlt Ct website to which you are directed from the hosting platform. Opting Out .J l_.1 ILLJV LL LJLIV 1'. ❑ You can request that we stop sending you marketing messages at any time by clicking the opt -out links on any marketing message sent to you by us by contacting us at privacy@riskonnect.com . When you opt out of receiving our marketing messages, we may still send you non -marketing related messages. These messages may be about a purchase, service experience or other transaction that you have made with us. If you no longer wish to receive correspondence, emails, or other communications from our third parties, you are responsible for contacting the third party directly. International Personal Data Transfers Your personal data may be collected, accessed, transferred to, and stored by us in the USA and by our affiliates and third parties (as described above under Riskonnect Affiliates) that are based in other countries. Whenever we transfer your personal data to these third parties, we ensure that the recipient of your personal data offers an adequate level of protection and security, including by entering into Standard Contractual Clauses and/or International Data Transfer Agreements or other alternative mechanisms for data transfers, as approved by applicable regulators. Personal Data Retention We retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, as described in this Privacy Notice, or as otherwise required to satisfy any legal, regulatory, tax, accounting, or reporting requirements. We may also retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of future litigation. In some circumstances we will anonymize your personal data (so that it can no longer be associated with you) for our business purposes, https://riskonnect.com/privacy-notice/ 13/17 3/25/24, 1:46 PM Privacy Notice • Riskonnect Criskonnect 1 VW LCy. AI RIlJ, I Il.J WfaNsg or i'e*RY1Fesid WE ay fi&Min refffier c Y &-a'd' law, including: T 4 @ s i e h t to access Qrknow: You have the right to know what personal data we process about you. The right to correct: You have the right to correct the personal data we hold about you. • The right to delete or request erasure of your personal data. This enables you to ask us to delete personal data in certain circumstances. Note, however, that we may not always be able to comply with your deletion or erasure request for specific legal reasons which will be disclosed to you, if applicable, at the time of your verified request. • The right to object to the processing of your personal data where we are relying on a legitimate interest (or that of a third party). In some cases, we may demonstrate that we have compelling legitimate grounds to process your data which overrides your rights and freedoms. • The right to object where we are processing your personal data for direct marketing purposes. • The right to request the restriction of your personal data processing. You may request us to suspend your personal data processing under the following scenarios: a You want us to establish the data's accuracy. o Where our use of the data is unlawful, but you do not want us to erase it. O Where you need us to hold the data for you if you need the data to establish, exercise or defend legal claims. O You have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it. • The right to data portability: You may request the transfer of your personal data to you or to a third party. We will provide you, or a third party you have chosen, with your personal data in a structured, commonly used, machine-readable format. • The right to withdraw consent: You may withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect any data that we used or processed before you withdrew your consent. If you withdraw your consent, we may be unable to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. https://riskonnect.com/privacy-notice/ 14/17 3/25/24, 1:46 PM Privacy Notice • Riskonnect ris .onneot Exercise of Rights and Fees and Right to Appeal SOLUTIONS WHO WE SERVE SERVICES RESOURCES COMPANY CONTACT US When we provide our products and services to our customers, we are a data processor with respect to the personal data provided by our customers. In order to exercise your rigs esr becwin this Pr❑ivacy Notice with respect to such personal data, please contact the customer directly. If you wish to exercise any of the rights described in this Privacy Notice where we are acting as a data controller, you or your authorized agent may contact us at privacy@riskonnect.cor . If you would like to opt -out of the "sale" or"sharing" of personal data or"targeted advertising", you may also opt -out through rejecting cookies on our cookie banner on our website. If you would like to authorize an agent to make a rights request, please have them contact us via the email address, disclosing they are your "authorized agent". You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request under these circumstances. What We May Need from You We may request specific information from you or your authorized agent to confirm your identity when exercising any of your rights. This is a security measure to prevent unauthorized access. We may also request additional information to speed up our response. How to Appeal and Lodge a Complaint If you submitted a request to exercise your rights and are dissatisfied with the decision made by us, you may have the right to appeal that decision in certain states. Please contact privacy@riskonnect.co to exercise your right to appeal. If you have a complaint about how we use your personal data, we hope that you will contact us according to the below. However, you can always file a complaint with the data protection authority in your jurisdiction. For more information, please contact your local https://riskonnect.com/privacy-notice/ 15/17 3/25/24, 1:46 PM Privacy Notice • Riskonnect Criskonnocfi California Privacy Notice SOLUTIONS WHO WE SERVE SERVICES RESOURCES COMPANY CONTACT US This portion of our Privacy Notice (the "California Privacy Notice") applies only to residents of the State of California and provides California residents with certain infoIatioi`id''r the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the "CCPA"). It applies only to the extent of any inconsistency with the information above. Categories of Personal Data Collected About Consumers In the past 12 months, we may have collected the following categories of personal data from you: (1) identifiers, such as name, address, online identifiers, Internet protocol address, e-mail address, or other similar identifiers; (2) additional personal information described in Cal. Civ. Code Section 1798.80, such as telephone number, employment, and employment history; (3) commercial information such as products, purchased, obtained, or considered or other purchasing or consuming tendencies; (4) Internet or other electronic network activity information; (5) geolocation data; (6) professional or employment -related information; and (7) education information. Categories of Sources from Which Personal Data is Collected We may have collected personal data about you from the following categories of sources as further described in the "Personal Data Collection Methods" section of the Privacy Notice. Business or Commercial Purposes for Collecting Personal Data from Consumers We may have collected any of the categories of personal data collected above for the business or commercial purposes further described in the "Use of Your Personal Data" section of the Privacy Notice. Categories of Personal Data Sold or Shared to Third Parties In the past 12 months, we may "sell" or "share" (as such terms are defined in the CCPA) the following categories of personal data: (1) identifiers; (2) commercial information; (3) Internet or other electronic network activity information; or (4) geolocation data. We may https://riskonnect.com/privacy-notice/ 16/17 3/25/24, 1:46 PM Privacy Notice • Riskonnect ris oitnect "sell" or "share" (as such terms are defined in the CCPA) personal data of consumers under 16 years of age. SOLUTIONS WHO WE SERVE SERVICES RESOURCES COMPANY CONTACT US Categories of Personal Data Disclosed to Third Parties In the pastL2rigonths, wemayhave disclosed the categories of personal data listed in the "Categories of Personal Data Collected about Consumers" section of this California Privacy Notice to the categories of third parties listed in the "Disclosure of Your Personal Data" section of the Privacy Notice for the business or commercial purposes listed in the "Use of Your Personal Data" section of the Privacy Notice. Personal Data Retention The criteria used to determine how long we retain personal data are set forth in the "Personal Data Retention" section of the Privacy Notice. Use and Disclosure of Sensitive Personal Data We do not use or disclose your sensitive personal data outside of the following purposes: (1) performing our services; (2) detecting security incidents; (3) resisting malicious, deceptive, fraudulent, or illegal actions; (4) ensuring physical safety; (5) for short-term transient use, including certain non -personalized advertising; (6) maintaining or servicing accounts, providing customer service, verifying customer information, or providing similar services, and (7) verifying and maintaining the quality or safety of a service or product or improving, upgrading, or enhancing a service or product. Accordingly, we do not provide the right to limit the use or disclosure of your sensitive personal data under the CCPA. CCPA Rights If you are a California resident, you have certain rights regarding your personal data under the California Consumer Privacy Act and the California Privacy Rights Act subject to certain restrictions under applicable law, including: • Right to Know: The right to know what personal data we have collected about you, including the categories of personal data, the categories or sources from which the personal data is collected, the business or commercial purpose for collecting, selling or sharing such personal data, the categories of third parties to whom we have https://riskonnect.com/privacy-notice/ 17/17 3/25/24, 1:46 PM Privacy Notice • Riskonnect is onneet that we have collected from you. • Right to Opt -Out of Sales and Sharing: The right to oot-out of the sale or sharing (as SOLUTIONStermsa°redefinedunaerltieCCPA)o yourpesonalBataDyus. CT us • Right to Nondiscrimination: You have the right to not receive discriminatory treatment by us for the exercise of any of the rights conferred by the CCPA. --ROM Correct Inaccurate Personal Data: The right to correct inaccurate personal data that we maintain about you. How to Exercise Your CCPA Rights When we provide our products and services to our customers, we are a service provider with respect to the personal data provided by our customers. In order to exercise your CCPA rights with respect to such personal data, please contact the customer directly. If you are a California resident, you may exercise your CCPA rights where we are acting as a data controller, by emailing nrivcy@riskonnPrt rnr . You may designate an authorized agent to exercise any of your CCPA rights described in the previous section of this California Privacy Notice on your behalf. Upon receiving your request, we will verify your identity and in order to do so may request information (such as identifiers already known to or collected by us) from you. You may opt -out of the sale or sharing (as such terms are defined under the CCPA) of your personal data described above by sending certain browser enabled opt -out signals, such as the Global Privacy Control, rejecting cookies through our cookie preference tool, and/or configuring your browser to reject cookies. You may learn more about how to set the Global Privacy Control here: https://globalprivacycontrol.org/. CONTACT US If you have questions or comments about this Privacy Notice or would like to exercise one of your privacy rights where we are acting as a data controller, we want to hear from you. Riskonnect, Inc. 380 Interstate North Parkway SE, Suite 400, Atlanta, Georgia 30339 https://riskonnect.com/privacy-notice/ 18/17 3/25/24, 1:46 PM Privacy Notice • Riskonnect riskonnect SOLUTIONS WHO WE SERVE SERVICES RESOURCES COMPANY CONTACT US JcArk[eE®0,0000 of your peers! Get the latest expert advice, practical tips, and useful risk and compliance information delivered straight to your inbox. You'll also receive two Forrester® Total Economic ImpactTM reports that can help you build a better case for risk software investment. Corporate Email r 1 Kea ay to Talk? Let's start a conversation. CONTACT US Work with us. VIEW CURRENT JOB OPENINGS Connect with us. 0 0 0 All rights reserved I Terms of Use I Privacy Policy I Sustainable Procurement Policy https://riskonnect.com/privacy-notice/ 19/17 EXHIBIT "F" DATA TRANSFER PROTOCOLS 57 3/25/24, 1:46 PM Data Transfer Protocols • Riskonnect OUR BLOG I CUSTOMER SUPPORT I LOGIN 0 eskonnect SOLUTIONS WHO WE SERVE SERVICES RESOURCES COMPANY CONTACT US SCHEDULE DEMO ❑ Data Transfer Protocols Exhibit F - Data Transfer Protocols Attachment 1 to SOW: Data Transfer Protocols (DTPs) Effective as of 1 June 2021 Riskonnect may receive Customer Data that may be sent from Customer or Customer's third parties in order to perform data interface services. Unless otherwise specified in writing, Riskonnect is responsible for the execution and verification of all implementation and ongoing data interfaces, provided that the following DTPs are followed. If Customer requests or requires Riskonnect to provide services to support any of the Customer obligations below or to support an extended project timeline while Customer addresses its obligations, Customer will approve Riskonnect to invoice through a current, active SOW or Customer will execute a Project Change Order for the service hours needed at Riskonnect's standard, current Professional Services rates. 1. Customer shall be responsible for the delivery to Riskonnect of electronic files for data interfaces in generally accepted, standard, readable formats (e.g. CSV files or fiat delimited files). 1.1. In the case of a spreadsheet load, Customer will prepare Customer Data in the acceptable import format described herein and below, which includes combining data into one single tab, one row per record, and removing any formatting (subtotals and titles). In the event Customer Data in an Excel load is not in an acceptable format, Customer will revise the data and provide in the acceptable format. Riskonnect shall not be obligated to accept the Customer Data for processing until it is provided in the acceptable import format. 1.2. While Riskonnect's platform will enable Customer to improve the overall quality of Customer Data, Riskonnect cannot be responsible for the quality of Customer Data as it is provided to Riskonnect. 1.3. For all data provided by Customer, financial control totals and record counts must be provided, financial data contained in each file must balance to control totals, and claim financials must balance to sum of transactions. Also, all data in a file must be of the same evaluation date. 2. Customer is responsible for making all arrangements with third parties to provide data for data interfaces to be performed by Riskonnect, and Customer is responsible for any fees associated with the request in order for Customer's third party to perform the work. Riskonnect will provide a template data request letter to the Customer so Customer can approve each third party to send required data to Riskonnect. Riskonnect will not be responsible for costs assessed or any acts or omissions committed by Customer Data providers (e.g. third -party administrators (TPAs) or insurance carriers). Riskonnect shall not be required to enter into any agreement with Customer or a third -party data provider regarding data interfaces, including any that requires Riskonnect to provide (i) greater assurances to such third -party data provider than set forth in this MSA or (ii) notifications directly to such third -party data provider. 3. For each implementation data interface to be performed by Riskonnect, Customer shall provide Riskonnect an initial file and a go -live file and the go -live file must be in the same layout and format as the initial file. 4. For ongoing feeds, Customer will send files consistently within a specific, and reasonable timeframe window, approved by Riskonnect, that supports automation. 5. Customer shall be responsible for the delivery of a data dictionary, location mapping, control totals, codes, and code descriptions for each data interface performed by Riskonnect. https://riskonnect.com/legal-dtps/ 1/4 3/25/24, 1:46 PM Data Transfer Protocols • Riskonnect 6. Data files provided to Riskonnect for data interfaces must have consistently defined relationships (referential integrity). Data files must be received as merged (denormalized) to provide a single fiat file for each component (i.e., Claim, Claim Transactions, and/or Location Hierarchy). Data files must not contain duplicate unique keys, and related data files must have valid foreign keys. Data file structures and field formats must remain consistent in subsequent submissions. 7. Riskonnect and Customer shall each ensure all data transmitted to or from the Riskonnect Service is encrypted using PGP encryption. In the event Customer, or any of Customer's third party data providers, is unable or unwilling to use PGP encryption, then Customer acknowledges and agrees that (1) the data interface will not be delivered or performed by Riskonnect unless Customer executes a waiver in a form reasonable acceptable to Riskonnect, (2) Riskonnect shall have no liability for failure to deliver or perform the data interface, and (3) Riskonnect shall not be required to offer any refund to Customer or Customer's third party data provider for not delivering or performing the data interface. 8. Web Services: Riskonnect shall integrate with Customer's third -parties or internal systems via web services for the exchange of data between systems. Riskonnect can host web services for Customer's third -parties or internal systems to consume and can consume web services hosted by third -parties or internal systems. Riskonnect will work with Customer's qualified resources to establish and test web service connectivity and security protocols. 9. Riskonnect Application Web Services: Riskonnect supports web services to add and update elements within the Riskonnect application. These allow customer to interact with our system. The Riskonnect application has webservice APIs exposed to be consumed by customer. Customer application creates and sends a REST based web service request to an applicable Riskonnect web service. Customers are responsible for development efforts to make the web service requests to Riskonnect. Riskonnect will provide the technical information to support the development but will not write client -side applications on behalf of customers. The points below describe the general process to interact with Riskonnect via web services. 9.1. Customer application creates and sends a REST based web service request to an applicable Riskonnect web service. 9.2. All requests include credentials information containing the Client ID, Client Secret, Username and Password as well as the action specific REST request content. 9.3. Riskonnect web services receive the request, validate message structure data and process request (if there are no errors in the request). 9.4. Riskonnect web services send a REST response to the requesting customer application. Any business validation errors will be returned in the response. 10. Clearsight Application Web Services: Riskonnect supports web services to add and update elements within the ClearSight application. These allow Customer to interact with our system, The Riskonnect ClearSight application has webservice APIs exposed to be consumed by the Customer. Customer application creates and sends a SOAP based web service request to an applicable ClearSight web service. Customers are responsible for development efforts to make the web services requests to Riskonnect. Riskonnect will provide the technical information to support the development but will not write customer -side applications on behalf of customers. The points below describe the general process to interact with Riskonnect ClearSight via web services: 10.1. Customer application creates and sends a SOAP based web service request to an applicable ClearSight web service. All requests include credentials information containing the Schema ID, User ID and Password as well as the action specific SOAP request content. 10.2. ClearSight web services receive the request, validates message structure data and processes request (if there are no errors in the request). 10.3. ClearSight web services send a SOAP response to the requesting customer application. Any business validations errors will be returned in the response. Attachment 1 to SOW: Data Transfer Protocols (DTPs) https://riskonnect.com/legal-dtps/ 2/4 3/25/24, 1:46 PM Data Transfer Protocols • Riskonnect Effective as of 1 October 2020 Riskonnect may receive Customer Data that may be sent from Customer or Customer's third parties in order to perform data interface services. Unless otherwise specified in writing, Riskonnect is responsible for the execution and verification of all implementation and ongoing data interfaces, provided that the following DTPs are followed. If Customer requests or requires Riskonnect to provide services to support any of the Customer obligations below or to support an extended project timeline while Customer addresses its obligations, Customer will approve Riskonnect to invoice through a current, active SOW or Customer will execute a Project Change Order for the service hours needed at Riskonnect's standard, current Professional Services rates. 1. Customer shall be responsible for the delivery to Riskonnect of electronic files for data interfaces in generally accepted, standard, readable formats (e.g. CSV files or fiat delimited files). 1.1. In the case of a spreadsheet load, Customer will prepare Customer Data in the acceptable import format described herein and below, which includes combining data into one single tab, one row per record, and removing any formatting (subtotals and titles). In the event Customer Data in an Excel load is not in an acceptable format, Customer will revise the data and provide in the acceptable format. Riskonnect shall not be obligated to accept the Customer Data for processing until it is provided in the acceptable import format. 1.2. While Riskonnect's platform will enable Customer to improve the overall quality of Customer Data, Riskonnect cannot be responsible for the quality of Customer Data as it is provided to Riskonnect. 1.3. For all data provided by Customer, control totals must be provided, financial data must balance to control totals, and claims must balance to transactions. Also, all data in a given file must be of the same evaluation date. 2. Customer is responsible for making all arrangements with third parties to provide data for data interfaces to be performed by Riskonnect, and Customer is responsible for any fees associated with the request in order for Customer's third party to perform the work. Riskonnect will provide a template data request letter to the Customer so Customer can approve each third party to send required data to Riskonnect. Riskonnect will not be responsible for costs assessed or any acts or omissions committed by Customer Data providers (e.g. third -party administrators (TPAs) or insurance carriers). Riskonnect shall not be required to enter into any agreement with Customer or a third -party data provider regarding data interfaces, including any that requires Riskonnect to provide (i) greater assurances to such third -party data provider than set forth in this MSA or (ii) notifications directly to such third -party data provider. 3. For each one-time implementation data interface to be performed by Riskonnect, Customer shall provide Riskonnect an initial file and a go -live file and the go -live file must be in the same layout and format as the initial file. 4. For ongoing feeds, Customer will send files consistently within a specific, and reasonable timeframe window, approved by Riskonnect, that supports automation. 5. Customer shall be responsible for the delivery of a data dictionary for each data interface performed by Riskonnect. 6. Tables and fields provided to Riskonnect for data interfaces must have consistently defined relationships (referential integrity). Tables must be received as merged (denormalized) to provide a single fiat file for each component (i.e., Claim, Claim Transactions, and/or Location Hierarchy). Tables must not contain duplicate unique keys, and related tables/files must have valid foreign keys. Table structures and field formats must remain consistent in subsequent submissions. 7. Riskonnect and Customer shall each ensure all data transmitted to or from the Riskonnect Service is encrypted using PGP encryption. In the event Customer, or any of Customer's third party data providers, is unable or unwilling to use PGP encryption, then Customer acknowledges and agrees that (1) the data interface will not be delivered or performed by Riskonnect unless Customer executes a waiver in a form reasonable acceptable to Riskonnect, (2) Riskonnect shall have no liability for failure to deliver or perform the data interface, and (3) Riskonnect shall not be required to offer any refund to Customer or Customer's third party data provider for not delivering or performing the data interface. 8. Web Services: Riskonnect shall integrate with Customer's third -parties via web services for the exchange of data between systems. Riskonnect supports the integration of REST web services. Riskonnect can host web services for Customer's third - parties to consume and can consume web services hosted by third -parties. Riskonnect will work with Customer's qualified resources to establish and test web service connectivity and security protocols. https://riskonnect.com/legal-dtps/ 3/4 3/25/24, 1:46 PM Data Transfer Protocols • Riskonnect 8.1. In addition, Riskonnect supports web services to add and update elements within the ClearSight application. These allow Customer to interact with our system, The Riskonnect ClearSight application has webservice APIs exposed to be consumed by the Customer. Customer application creates and sends a SOAP based web service request to an applicable ClearSight web service. Customers are responsible for development efforts to make the web services requests to Riskonnect. Riskonnect will provide the technical information to support the development but will not write customer -side applications on behalf of customers. The points below describe the general process to interact with Riskonnect ClearSight via web services: 8.1.1. Customer application creates and sends a SOAP based web service request to an applicable ClearSight web service. All requests include Credentials information containing the Schema ID, User ID and Password as well as the action specific SOAP request content. 8.1.2. ClearSight web services receive the request, validates message structure data and processes request (if there are no errors in the request). 8.1.3. ClearSight web services send a SOAP response to the requesting client application. Any business validations errors will be returned in the response. Join over 200,000 of your peers! Get the latest expert advice, practical tips, and useful risk and compliance information delivered straight to your inbox. You'll also receive two Forrester® Total Economic ImpactTM reports that can help you build a better case for risk software investment. Corporate Email SUBMIT Ready to Talk? Let's starta conversation. CONTACT US Work with us. VIEW CURRENT JOB OPENINGS 0 All rights reserved I Terms of Use I Privacy Policy I Sustainable Procurement Policy Connect with us. 0 0 0 https://riskonnect.com/legal-dtps/ 4/4 EXHIBIT "G" INSURANCE REQUIREMENTS INSURANCE REQUIREMENTS -PROFESSIONAL SERVICES AGREEMENT I. Commercial General Liability A. Limits of Liability Bodily Injury and Property Damage Liability Each Occurrence - $1,000,000 General Aggregate Limit - $2,000,000 Products/Completed Operations - $1,000,000 Personal and Advertising Injury - $1,000,000 B. Endorsements Required City of Miami listed as an additional insured Contractors not excluded Primary Insurance Clause Endorsement II. Worker's Compensation Limits of Liability Statutory -State of Florida Waiver of Subrogation Employer's Liability A. Limits of Liability $1,000,000 for bodily injury caused by an accident, each accident. $1,000,000 for bodily injury caused by disease, each employee $1,000,000 for bodily injury caused by disease, policy limit III. Professional Liability/Errors and Omissions Coverage Combined Single Limit Per Claim and General Aggregate Limit - $5,000,000 Retroactive Date Included IV. Cyber Liability Per Claim and Policy Aggregate $5,000,000 V. Umbrella Liability 5 Each Occurrence $5,000,000 Policy Aggregate $5,000,000 Excess follow form over all corresponding liability policies contained herein. The above commercial general and umbrella policies shall provide the City of Miami with written notice of cancellation or material change from the insurer in accordance to policy provisions. Companies authorized to do business in the State of Florida, with the following qualifications, shall issue all insurance policies required above: The company must be rated no less than "A-" as to management, and no less than "Class V" as to Financial Strength, by the latest edition of Best's Insurance Guide, published by A.M. Best Company, Oldwick, New Jersey, or its equivalent. All certificates of insurance are subject to review and verification by Risk Management prior to insurance approval. 6 EXHIBIT "H" CITY RESOLUTION NO. 18-0124 7 City of Miami Legislation Resolution City Hall 3500 Pan American Drive Miami, FL 33133 www.miamigov.com File Number: 3700 Final Action Date: A RESOLUTION OF THE MIAMI CITY COMMISSION, WITH ATTACHMENT(S), ACCEPTING THE PROPOSAL RECEIVED JUNE 26, 2017, PURSUANT TO REQUEST FOR PROPOSALS NO. 681390 FROM MARSH CLEARSIGHT LLC, A FOREIGN LIMITED LIABILITY COMPANY ("MARSH CLEARSIGHT"), TO PROVIDE A RISK MANAGEMENT INFORMATION SYSTEM ("SYSTEM") FOR THE DEPARTMENT OF RISK MANAGEMENT ("RISK"), FOR A PERIOD OF THREE (3) YEARS; ALLOCATING FUNDS FROM THE VARIOUS SOURCES OF FUNDS OF THE END -USER DEPARTMENT, SUBJECT TO THE AVAILABILITY OF FUNDS AND BUDGETARY APPROVAL AT THE TIME OF NEED; AUTHORIZING THE CITY MANAGER TO EXECUTE THE NEGOTIATED PROFESSIONAL SERVICES AGREEMENT ("PSA"), IN SUBSTANTIALLY THE ATTACHED FORM; FURTHER AUTHORIZING THE CITY MANAGER TO NEGOTIATE AND EXECUTE ALL OTHER DOCUMENTS, INCLUDING ANY CONTRACTS, AMENDMENTS, RENEWALS, EXTENSIONS, AND MODIFICATIONS, INCLUDING WITHOUT LIMITATION, INCREASES IN CAPACITY AND INCREASES TO THE CONTRACT FUNDING WHICH MAY BE ADMINISTRATIVELY APPROVED BY THE CITY MANAGER SUBJECT TO ALLOCATIONS, APPROPRIATIONS AND BUDGETARY APPROVAL HAVING BEEN PREVIOUSLY MADE, AND IN COMPLIANCE WITH APPLICABLE PROVISIONS OF THE CODE OF THE CITY OF MIAMI, FLORIDA, AS AMENDED, ("CITY CODE"), INCLUDING, WITHOUT LIMITATION, THE CITY'S PROCUREMENT ORDINANCE, ANTI -DEFICIENCY ACT, AND FINANCIAL INTEGRITY PRINCIPLES ALL AS SET FORTH IN CHAPTER 18 OF THE CITY CODE, IN A FORM ACCEPTABLE TO THE CITY ATTORNEY, AND IN COMPLIANCE WITH APPLICABLE REGULATIONS, AS MAY BE NECESSARY FOR SAID PURPOSE. WHEREAS, the City of Miami ("City") has a need for a risk management information system to effectively and efficiently support and improve the claims administration process of the City's self-insurance program ("System"), managed by the Department of Risk Management ("Risk"); and WHEREAS, on May 12, 2017, the Department of Procurement ("Procurement") issued Request for Proposal ("RFP") No. 681390 to secure a qualified and experienced firm for the provision of the System; and WHEREAS, on June 26, 2017, eight (8) proposals were received by the Office of the City Clerk in response to the RFP; and WHEREAS, on July 27, 2017, the Evaluation Committee ("Committee") appointed by the City Manager convened to discuss and evaluate the eight (8) responsive proposals following the guidelines and criteria established within the RFP, and ranked Marsh ClearSight LLC, a foreign limited liability company ("Marsh Clearsight") as the highest ranked responsive and responsible proposer; and WHEREAS, on August 8, 2017, the City Manager concurred with the recommendation of the Committee and authorized Procurement to enter into negotiations with Marsh ClearSight for a Professional Services Agreement ("PSA") for the System; and WHEREAS, Procurement and a designated team have successfully completed negotiations with Marsh ClearSight and have recommended to the City Manager the execution of a PSA with Marsh ClearSight; NOW, THEREFORE, BE IT RESOLVED BY THE COMMISSION OF THE CITY OF MIAMI, FLORIDA: Section 1. The recitals and findings contained in the Preamble to this Resolution are adopted by reference and incorporated as if fully set forth in this Section. Section 2. The Proposal received June 26, 2017, pursuant to RFP No. 681390 from Marsh ClearSight for the provision of a risk management information system for Risk, for an initial period of three (3) years, allocating funds from the various sources of funds of the end - user department, subject to the availability of funds and budgetary approval at the time of need, is accepted. Section 3. The City Manager is authorized' to execute the negotiated PSA, in substantially the attached form. Section 4. The City Manager is further authorized' to negotiate and execute all other documents, including any contracts, amendments, renewals, extensions, and modifications, including without limitation, increases in capacity and increases to the contract funding which may be administratively approved by the City Manager subject to allocations, appropriations and budgetary approval having been previously made, and in compliance with applicable provisions of the Code of the City of Miami, Florida as amended ("City Code"), including, without limitation, the City's Procurement Ordinance, Anti -Deficiency Act, and Financial Integrity Principles all as set forth in Chapter 18 of the City Code, in a form acceptable to the City Attorney, and in compliance with applicable regulations, as may be necessary for said purpose. Section 5. This Resolution shall become effective immediately upon its adoption and signature of the Mayor.2 APPROVED AS TO FORM AND CORRECTNESS: nd[F eZzCity Attor ey 3/12/2018 1 The herein authorization is further subject to compliance with all requirements that may be imposed by the City Attorney, including but not limited to, those prescribed by applicable City Charter and City Code provisions. 2 If the Mayor does not sign this Resolution, it shall become effective at the end of ten (10) calendar days from the date it was passed and adopted. If the Mayor vetoes this Resolution, it shall become effective immediately upon override of the veto by the City Commission. EXHIBIT `I" COMPANY RESOLUTION AND EVIDENCE OF QUALIFICATION TO DO BUSINESS IN FLORIDA (To be provided upon document execution) 62 City of Miami Legislation Resolution: R-18-0124 City Hall 3500 Pan American Drive Miami, FL 33133 www.miamigov.com File Number: 3700 Final Action Date: 3/22/2018 A RESOLUTION OF THE MIAMI CITY COMMISSION, WITH ATTACHMENT(S), ACCEPTING THE PROPOSAL RECEIVED JUNE 26, 2017, PURSUANT TO REQUEST FOR PROPOSALS NO. 681390 FROM MARSH CLEARSIGHT LLC, A FOREIGN LIMITED LIABILITY COMPANY ("MARSH CLEARSIGHT"), TO PROVIDE A RISK MANAGEMENT INFORMATION SYSTEM ("SYSTEM") FOR THE DEPARTMENT OF RISK MANAGEMENT ("RISK"), FOR A PERIOD OF THREE (3) YEARS; ALLOCATING FUNDS FROM THE VARIOUS SOURCES OF FUNDS OF THE END -USER DEPARTMENT, SUBJECT TO THE AVAILABILITY OF FUNDS AND BUDGETARY APPROVAL AT THE TIME OF NEED; AUTHORIZING THE CITY MANAGER TO EXECUTE THE NEGOTIATED PROFESSIONAL SERVICES AGREEMENT ("PSA"), IN SUBSTANTIALLY THE ATTACHED FORM; FURTHER AUTHORIZING THE CITY MANAGER TO NEGOTIATE AND EXECUTE ALL OTHER DOCUMENTS, INCLUDING ANY CONTRACTS, AMENDMENTS, RENEWALS, EXTENSIONS, AND MODIFICATIONS, INCLUDING WITHOUT LIMITATION, INCREASES IN CAPACITY AND INCREASES TO THE CONTRACT FUNDING WHICH MAY BE ADMINISTRATIVELY APPROVED BY THE CITY MANAGER SUBJECT TO ALLOCATIONS, APPROPRIATIONS AND BUDGETARY APPROVAL HAVING BEEN PREVIOUSLY MADE, AND IN COMPLIANCE WITH APPLICABLE PROVISIONS OF THE CODE OF THE CITY OF MIAMI, FLORIDA, AS AMENDED, ("CITY CODE"), INCLUDING, WITHOUT LIMITATION, THE CITY'S PROCUREMENT ORDINANCE, ANTI -DEFICIENCY ACT, AND FINANCIAL INTEGRITY PRINCIPLES ALL AS SET FORTH IN CHAPTER 18 OF THE CITY CODE, IN A FORM ACCEPTABLE TO THE CITY ATTORNEY, AND IN COMPLIANCE WITH APPLICABLE REGULATIONS, AS MAY BE NECESSARY FOR SAID PURPOSE. WHEREAS, the City of Miami ("City") has a need for a risk management information system to effectively and efficiently support and improve the claims administration process of the City's self-insurance program ("System"), managed by the Department of Risk Management ("Risk"); and WHEREAS, on May 12, 2017, the Department of Procurement ("Procurement") issued Request for Proposal ("RFP") No. 681390 to secure a qualified and experienced firm for the provision of the System; and WHEREAS, on June 26, 2017, eight (8) proposals were received by the Office of the City Clerk in response to the RFP; and WHEREAS, on July 27, 2017, the Evaluation Committee ("Committee") appointed by the City Manager convened to discuss and evaluate the eight (8) responsive proposals following the guidelines and criteria established within the RFP, and ranked Marsh ClearSight LLC, a foreign limited liability company ("Marsh Clearsight") as the highest ranked responsive and responsible proposer; and City of Miami Page 1 of 2 File ID: 3700 (Revision:) Printed On: 7/3/2018 File ID: 3700 Enactment Number: R-18-0124 WHEREAS, on August 8, 2017, the City Manager concurred with the recommendation of the Committee and authorized Procurement to enter into negotiations with Marsh ClearSight for a Professional Services Agreement ("PSA") for the System; and WHEREAS, Procurement and a designated team have successfully completed negotiations with Marsh ClearSight and have recommended to the City Manager the execution of a PSA with Marsh ClearSight; NOW, THEREFORE, BE IT RESOLVED BY THE COMMISSION OF THE CITY OF MIAMI, FLORIDA: Section 1. The recitals and findings contained in the Preamble to this Resolution are adopted by reference and incorporated as if fully set forth in this Section. Section 2. The Proposal received June 26, 2017, pursuant to RFP No. 681390 from Marsh ClearSight for the provision of a risk management information system for Risk, for an initial period of three (3) years, allocating funds from the various sources of funds of the end - user department, subject to the availability of funds and budgetary approval at the time of need, is accepted. Section 3. The City Manager is authorized' to execute the negotiated PSA, in substantially the attached form. Section 4. The City Manager is further authorized' to negotiate and execute all other documents, including any contracts, amendments, renewals, extensions, and modifications, including without limitation, increases in capacity and increases to the contract funding which may be administratively approved by the City Manager subject to allocations, appropriations and budgetary approval having been previously made, and in compliance with applicable provisions of the Code of the City of Miami, Florida as amended ("City Code"), including, without limitation, the City's Procurement Ordinance, Anti -Deficiency Act, and Financial Integrity Principles all as set forth in Chapter 18 of the City Code, in a form acceptable to the City Attorney, and in compliance with applicable regulations, as may be necessary for said purpose. Section 5. This Resolution shall become effective immediately upon its adoption and signature of the Mayor.2 APPROVED AS TO FORM AND CORRECTNESS: ndez, City Attor ey 3/12/2018 1 The herein authorization is further subject to compliance with all requirements that may be imposed by the City Attorney, including but not limited to, those prescribed by applicable City Charter and City Code provisions. 2 If the Mayor does not sign this Resolution, it shall become effective at the end of ten (10) calendar days from the date it was passed and adopted. If the Mayor vetoes this Resolution, it shall become effective immediately upon override of the veto by the City Commission. City of Miami Page 2 of 2 File ID: 3700 (Revision:) Printed on: 7/3/2018 ANTI -HUMAN TRAFFICKING AFFIDAVIT 1. The undersigned affirms, certifies, attests, and stipulates as follows: a. The entity is a non -governmental entity authorized to transact business in the State of Florida and in good standing with the Florida Department of State, Division of Corporations. b. The nongovernmental entity is either executing, renewing, or extending a contract (including, but not limited to, any amendments, as applicable) with the City of Miami ("City") or one of its agencies, authorities. boards, trusts, or other City entity which constitutes a governmental entity as defined in Section 287.138(1), Florida Statutes (2024). c. The nongovernmental entity is not in violation of Section 787.06, Florida Statutes (2024), titled "Human Trafficking." d. The nongovernmental entity does not use -coercion" for tabor or services as defined in Section 787.06, Florida Statutes (2024), attached and incorporated herein as Exhibit Affidavit -I. 2. Under penalties of perjury, I declare the following: a. 1 have read and understand the foregoing Anti -Human Trafficking Affidavit and that the facts. statements and representations provided in Section 1 are true and correct. b. 1 am an officer or a representative of the nongovernmental entity authorized to execute this Anti - Human Trafficking Affidavit. Nongovernmental Entity: Riskonnect ClearSight LLC Name: James Wetekamp fficer Title: Chief Exective Officer Signature of Officer: Office Address: 380 Inte orth Parkway SE, Suite 400, Atlanta, GA 30339 Email Address: legal@rlskOnneCt.COm Main Phone Number: 770-790-4700 FEIN Not 0 -2/0/3/6/6/8/9 STATE OF FLORIDA COUNTY OF MIAMI-DADE ) ) The foregoing instrument was sworn to and subscribed before me by means of gi'ptiysical presence or 17 online notarization, this akisday of 00 n\ by Sr.my l„w1/45-4) WftlasttittRized officer or representative for the nongovernmental entity.. the is 2ersonally known to me or has produced as identification. (NOTARY PUBLIC SEAL) My Commission Expires: aoa Signaturof Person Taking Oath (Printed. Typed, or Stamped Name of Notary Public) EXHIBIT AFFIDAVIT -I SECTION 787.06, FLORIDA STATUTES (2024) Select Year: 2024 Y The 2024 Florida Statutes Go Title pter 787 View Entire XLVI KIDNAPPING; CUSTODY OFFENSES; HUMAN TRAFFICKING; AND RELATED Chapter CRIMES OFFENSES 787.06 Human trafficking.— (1)(a) The Legislature finds that human trafficking is a form of modern-day slavery. Victims of human trafficking are young children, teenagers, and adults. Thousands of victims are trafficked annually across international borders worldwide. Many of these victims are trafficked into this state. Victims of human trafficking also include citizens of the United States and those persons trafficked domestically within the borders of the United States. The Legislature finds that victims of human trafficking are subjected to force, fraud, or coercion for the purpose of sexual exploitation or forced labor. (b) The Legislature finds that while many victims of human trafficking are forced to work in prostitution or the sexual entertainment industry, trafficking also occurs in forms of labor exploitation, such as domestic servitude, restaurant work, janitorial work, sweatshop factory work, and migrant agricultural work. (c) The Legislature finds that traffickers use various techniques to instill fear in victims and to keep them enslaved. Some traffickers keep their victims under lock and key. However, the most frequently used practices are less obvious techniques that include isolating victims from the public and family members; confiscating passports, visas, or other identification documents; using or threatening to use violence toward victims or their families; telling victims that they will be imprisoned or deported for immigration violations if they contact authorities; and controlling the victims' funds by holding the money ostensibly for safekeeping. (d) It is the intent of the Legislature that the perpetrators of human trafficking be penalized for their illegal conduct and that the victims of trafficking be protected and assisted by this state and its agencies. In furtherance of this policy, it is the intent of the Legislature that the state Supreme Court, The Florida Bar, and relevant state agencies prepare and implement training programs in order that judges, attorneys, law enforcement personnel, investigators, and others are able to identify traffickers and victims of human trafficking and direct victims to appropriate agencies for assistance. It is the intent of the Legislature that the Department of Children and Families and other state agencies cooperate with other state and federal agencies to ensure that victims of human trafficking can access social services and benefits to alleviate their plight. (2) As used in this section, the term: (a) "Coercion" means: 1. Using or threatening to use physical force against any person; 2. Restraining, isolating, or confining or threatening to restrain, isolate, or confine any person without lawful authority and against her or his will; 3. Using lending or other credit methods to establish a debt by any person when labor or services are pledged as a security for the debt, if the value of the labor or services as reasonably assessed is not applied toward the liquidation of the debt, the Length and nature of the labor or services are not respectively limited and defined; 4. Destroying, concealing, removing, confiscating, withholding, or possessing any actual or purported passport, visa, or other immigration document, or any other actual or purported government identification document, of any person; 5. Causing or threatening to cause financial harm to any person; 6. Enticing or luring any person by fraud or deceit; or 7. Providing a controlled substance as outlined in Schedule I or Schedule II of s. 893.03 to any person for the purpose of exploitation of that person. (b) "Commercial sexual activity" means any violation of chapter 796 or an attempt to commit any such offense, and includes sexually explicit performances and the production of pornography. (c) "Financial harm" includes extortionate extension of credit, loan sharking as defined in s. 687.071, or employment contracts that violate the statute of frauds as provided in s. 725.01. (d) "Human trafficking" means transporting, soliciting, recruiting, harboring, providing, enticing, maintaining, purchasing, patronizing, procuring, or obtaining another person for the purpose of exploitation of that person. (e) "Labor" means work of economic or financial value. (f) "Maintain" means, in relation to labor or services, to secure or make possible continued performance thereof, regardless of any initial agreement on the part of the victim to perform such type service. (g) "Obtain" means, in relation to labor, commercial sexual activity, or services, to receive, take possession of, or take custody of another person or secure performance thereof. (h) "Services" means any act committed at the behest of, under the supervision of, or for the benefit of another. The term includes, but is not limited to, forced marriage, servitude, or the removal of organs. (i) "Sexually explicit performance" means an act or show, whether public or private, that is live, photographed, recorded, or videotaped and intended to arouse or satisfy the sexual desires or appeal to the prurient interest. (j) "Unauthorized alien" means an alien who is not authorized under federal law to be employed in the United States, as provided in 8 U.S.C. s. 1324a(h)(3). The term shall be interpreted consistently with that section and any applicable federal rules or regulations. (k) "Venture" means any group of two or more individuals associated in fact, whether or not a legal entity. (3) Any person who knowingly, or in reckless disregard of the facts, engages in human trafficking, or attempts to engage in human trafficking, or benefits financially by receiving anything of value from participation in a venture that has subjected a person to human trafficking: (a)1. For labor or services of any child younger than 18 years of age or an adult believed by the person to be a child younger than 18 years of age commits a felony of the first degree, punishable as provided in s. 775.082, s. 775.083, or s. 775.084. 2. Using coercion for labor or services of an adult commits a felony of the first degree, punishable as provided in s. 775.08Z, s. 775.083, or s. 775.084. (b) Using coercion for commercial sexual activity of an adult commits a felony of the first degree, punishable as provided in s. 775.08Z, s. 775.083, or s. 775.084. (c)1. For labor or services of any child younger than 18 years of age or an adult believed by the person to be a child younger than 18 years of age who is an unauthorized alien commits a felony of the first degree, punishable as provided in s. 775.082, s. 775.083, or s. 775.084. 2. Using coercion for labor or services of an adult who is an unauthorized alien commits a felony of the first degree, punishable as provided in s. 775.082, s. 775.083, or s. 775.084. (d) Using coercion for commercial sexual activity of an adult who is an unauthorized alien commits a felony of the first degree, punishable as provided in s. 775.082, s. 775.083, or s. 775.084. (e)1. For labor or services who does so by the transfer or transport of any child younger than 18 years of age or an adult believed by the person to be a child younger than 18 years of age from outside this state to within this state commits a felony of the first degree, punishable as provided in s. 775.082, s. 775.083, or s. 775.084. 2. Using coercion for labor or services who does so by the transfer or transport of an adult from outside this state to within this state commits a felony of the first degree, punishable as provided in s. 775.082, s. 775.083, or s. 775.084. (f)1. For commercial sexual activity who does so by the transfer or transport of any child younger than 18 years of age or an adult believed by the person to be a child younger than 18 years of age from outside this state to within this state commits a felony of the first degree, punishable by imprisonment for a term of years not exceeding life, or as provided in s. 775.082, s. 775.083, or s. 775.084. 2. Using coercion for commercial sexual activity who does so by the transfer or transport of an adult from outside this state to within this state commits a felony of the first degree, punishable as provided in s. 775.08Z, s. 775.083, or s. 775.084. (g) For commercial sexual activity in which any child younger than 18 years of age or an adult believed by the person to be a child younger than 18 years of age, or in which any person who is mentally defective or mentally incapacitated as those terms are defined in s. 794.011(1), is involved commits a life felony, punishable as provided in s. 775.082(3)(a)6., s. 775.083, or s. 775.084. For each instance of human trafficking of any individual under this subsection, a separate crime is committed and a separate punishment is authorized. (4)(a) Any parent, legal guardian, or other person having custody or control of a minor who sells or otherwise transfers custody or control of such minor, or offers to sell or otherwise transfer custody of such minor, with knowledge or in reckless disregard of the fact that, as a consequence of the sale or transfer, the minor will be subject to human trafficking commits a life felony, punishable as provided in s. 775.082, s. 775.083, or s. 775.084. (b) Any person who, for the purpose of committing or facilitating an offense under this section, permanently brands, or directs to be branded, a victim of an offense under this section commits a second degree felony, punishable as provided in s. 775.082, s. 775.083, or s. 775.084. For purposes of this subsection, the term "permanently branded" means a mark on the individual's body that, if it can be removed or repaired at all, can only be removed or repaired by surgical means, laser treatment, or other medical procedure. (5) The Criminal Justice Standards and Training Commission shall establish standards for basic and advanced training programs for law enforcement officers in the subjects of investigating and preventing human trafficking crimes. Every basic skills course required for law enforcement officers to obtain initial certification must include training on human trafficking crime prevention and investigation. (6) Each state attorney shall develop standards of instruction for prosecutors to receive training on the investigation and prosecution of human trafficking crimes and shall provide for periodic and timely instruction. (7) Any real property or personal property that was used, attempted to be used, or intended to be used in violation of this section may be seized and shall be forfeited as provided by the Florida Contraband Forfeiture Act. After satisfying any liens on the property, the remaining proceeds from the sale of any property seized under this section and owned by a defendant convicted of a violation of this section must first be allocated to pay any order of restitution of a human trafficking victim in the criminal case for which the owner was convicted. If there are multiple human trafficking victims in the criminal case, the remaining proceeds must be allocated equally among the victims to pay restitution. If the proceeds are sufficient to pay any such order of restitution, any remaining proceeds must be disbursed as required by s. 932.7055(5)-(9). (8) The degree of an offense shall be reclassified as follows if a person causes great bodily harm, permanent disability, or permanent disfigurement to another person during the commission of an offense under this section: (a) A felony of the second degree shall be reclassified as a felony of the first degree. (b) A felony of the first degree shall be reclassified as a life felony. (9) In a prosecution under this section, the defendant's ignorance of the victim's age, the victim's misrepresentation of his or her age, or the defendant's bona fide belief of the victim's age cannot be raised as a defense. (10)(a) Information about the location of a residential facility offering services for adult victims of human trafficking involving commercial sexual activity, which is held by an agency, as defined in s. 119.011, is confidential and exempt from s. 119.07(1) and s. 24(a), Art. I of the State Constitution. This exemption applies to such confidential and exempt information held by an agency before, on, or after the effective date of the exemption. (b) Information about the location of a residential facility offering services for adult victims of human trafficking involving commercial sexual activity may be provided to an agency, as defined in s. 119.011, as necessary to maintain health and safety standards and to address emergency situations in the residential facility. (c) The exemptions from s. 119.07(1) and s. 24(a), Art. I of the State Constitution provided in this subsection do not apply to facilities licensed by the Agency for Health Care Administration. (11) A victim's lack of chastity or the willingness or consent of a victim is not a defense to prosecution under this section if the victim was under 18 years of age at the time of the offense. (12) The Legislature encourages each state attorney to adopt a pro -prosecution policy for human trafficking offenses, as provided in this section. After consulting the victim, or making a good faith attempt to consult the victim, the state attorney shall determine the filing, nonfiling, or diversion of criminal charges even in circumstances when there is no cooperation from a victim or over the objection of the victim, if necessary. (13) When a contract is executed, renewed, or extended between a nongovernmental entity and a governmental entity, the nongovernmental entity must provide the governmental entity with an affidavit signed by an officer or a representative of the nongovernmental entity under penalty of perjury attesting that the nongovernmental entity does not use coercion for labor or services as defined in this section. For purposes of this subsection, the term "governmental entity" has the same meaning as in s. 287.138(1). History.—s. 2, ch. 2004-391; s. 1, ch. 2006-168; s. 5, ch. 2012-97; s. 300, ch. 2014-19; s. 7, ch. 2014-160; s. 96, ch. 2015-2; s. 2, ch. 2015-147; s. 3, ch. 2016-24; s. 25, ch. 2016-105; s. 4, ch. 2016-199; s. 2, ch. 2020-49; s. 2, ch. 2021-189; s. 3, ch. 2023-86; s. 7, ch. 2024- 184. Copyright ©1995-2024 The Florida Legislature • Privacy Statement • Contact Us Page 1 of 2 AC RD1 CERTIFICATE OF LIABILITY INSURANCE DATE(MM/DD/YYYY) 02/05/2024 THIS CERTIFICATE IS ISSUED AS A MATTER OF INFORMATION ONLY AND CONFERS NO RIGHTS UPON THE CERTIFICATE HOLDER. THIS CERTIFICATE DOES NOT AFFIRMATIVELY OR NEGATIVELY AMEND, EXTEND OR ALTER THE COVERAGE AFFORDED BY THE POLICIES BELOW. THIS CERTIFICATE OF INSURANCE DOES NOT CONSTITUTE A CONTRACT BETWEEN THE ISSUING INSURER(S), AUTHORIZED REPRESENTATIVE OR PRODUCER, AND THE CERTIFICATE HOLDER. IMPORTANT: If the certificate holder is an ADDITIONAL INSURED, the policy(ies) must have ADDITIONAL INSURED provisions or be endorsed. If SUBROGATION IS WAIVED, subject to the terms and conditions of the policy, certain policies may require an endorsement. A statement on this certificate does not confer rights to the certificate holder in lieu of such endorsement(s). PRODUCER Willis Towers Watson Northeast, Inc. c/o 26 Century Blvd P.O. Box 305191 Nashville, TN 372305191 USA CONTACT Willis Towers Watson Certificate Center NAME: (A/CN No Ext): 1-877-945-7378 FAX No): 1-888-467-2378 E-MAIL certificates@willis.com ADDRESS: INSURER(S)AFFORDINGCOVERAGE NAIC# INSURER A: StarNet Insurance Company 40045 INSURED Riskonnect, Inc. 380 Interstate N. Pkwy SE Suite 400 Atlanta, GA 30339 INSURER B: Berkley Regional Insurance Company 29580 INSURER C: Indian Harbor Insurance Company 36940 INSURER D : INSURER E : INSURER F : COVERAGES CERTIFICATE NUMBER: W32624824 REVISION NUMBER: THIS IS TO CERTIFY THAT THE POLICIES OF INSURANCE LISTED BELOW HAVE BEEN ISSUED TO THE INSURE. ED ABOVE FOR THE POLICY PERIOD INDICATED. NOTWITHSTANDING ANY REQUIREMENT, TERM OR CONDITION OF ANY CONTRACT OR OTHER . • ENT WITH RESPECT TO WHICH THIS CERTIFICATE MAY BE ISSUED OR MAY PERTAIN, THE INSURANCE AFFORDED BY THE POLICIES DESCRI: ]I ' -EIN IS SUBJECT TO ALL THE TERMS, EXCLUSIONS AND CONDITIONS OF SUCH POLICIES. LIMITS SHOWN MAY HAVE BEEN REDUCED BY PAID Cis `_ INSR LTR TYPE OF INSURANCE ADDL INSD SUBR W VD POLICY NUMBER POLICY EFF (MM/DD/YYYY) POL �j (M • LIMITS A X COMMERCIAL GENERAL LIABILITY Y TCP7005396-19 11 oOTHER: A® 12/ / 0 ` 12/31/2024 EACH OCCURRENCE $ 1,000,000 CLAIMS -MADE X OCCUR DAMAGE TO RENTED PREMISES (Ea occurrence) $ 1,000,000 MED EXP (Any one person) $ 15,000 PERSONAL&ADVINJURY $ 1,000,000 GEN'L X AGGREGATE POLICY LIMIT APPLIES PRO-LOC JECT PER: GENERAL AGGREGATE $ 2,000,000 PRODUCTS - COMP/OPAGG $ 2,000,000 $ A AUTOMOBILE X LIABILITY ANY AUTO OWNED X SCHEDULED AUTOS NON -OWNED AUTOS ONLY /� / /d Nod TCP70053 6-1 /� (/1 V 12/31/2023 12/31/2024 COMBINED COMBINED SINGLE LIMIT accident) $ 1,000,000 BODILY INJURY (Per person) $ BODILY INJURY (Per accident) $ PROPERTY DAMAGE (Per accident) $ $ A X UMBRELLA LIAB EXCESS LIAB X OCCUR CLAIMS -MADE ` 7005396-19 _w\ 12/31/2023 12/31/2024 EACH OCCURRENCE $ 15, 000, 000 AGGREGATE $ 15,000,000 DED X RETENTION$ 0 Pers & Adv Inju $ 15,000,000 B WORKERSCOMPENSATION AND EMPLOYERS' LIABILITY ANYPROPRIETOR/PARTNER/EXECUTIVE OFFICER/MEMBER EXCLUDED? (Mandatory in NH) If yes, describe under.4(? DESCRIPTION OF OPERATIONS below Y / N NyA� TWC7005398-20 12/31/2023 12/31/2024 X STATUTE OTH- ER E.L. EACH ACCIDENT $ 1,000,000 E.L. DISEASE - EA EMPLOYEE 1,000,000 $ E.L. DISEASE - POLICY LIMIT $ 1,000,000 C (� Cyber/ Prof and Tech Liabilit� MTP9044635 02 02/01/2024 02/01/2025 Limit See Attachment DESCRIPTION OF OPERATIONS / LOCATIONS / VEHICLES (ACORD 101, Additional Remarks Schedule, may be attached if more space is required) Cyber/Professional Liability Retroactive Date: January 1, 2007 Riskonnect Entities: Riskonnect, Inc.; Riskonnect, Ltd.; Riskonnect Services Private Limited; Riskonnect Parent, LLC; Riskonnect Holdings Corp.; Marsh Clearsight, LLC; Riskonnect ClearSight LLC; Riskonnect ClearSight Limited; Riskonnect APAC Pty Ltd; Xactium Ltd; ICIX International, Inc.; ICIX North America, LLC; ICIX Pty. Ltd.; ICIX Trading Pty. Ltd.; Riskonnect Active Risk Group Ltd; Riskonnect Active Risk Ltd.; Riskonnect Active Risk GRC, Inc.; Riskonnect Active Pty CERTIFICATE HOLDER CANCELLATION City of Miami 444 SW 2nd Avenue 6th Floor Miami, Miami, FL 33130 SHOULD ANY OF THE ABOVE DESCRIBED POLICIES BE CANCELLED BEFORE THE EXPIRATION DATE THEREOF, NOTICE WILL BE DELIVERED IN ACCORDANCE WITH THE POLICY PROVISIONS. AUTHORIZED REPRESENTATIVE �� ACORD 25 (2016/03) © 1988-2016 ACORD CORPORATION. All rights reserved. The ACORD name and logo are registered marks of ACORD SR ID: 25381018 BATCH: 3318898 AGENCY CUSTOMER ID: LOC #: ACORO� ADDITIONAL REMARKS SCHEDULE Page 2 of 2 AGENCY Willis Towers Watson Northeast, Inc. POLICY NUMBER See Page 1 CARRIER See Page 1 NAIC CODE See Page 1 NAMED INSURED Riskonnect, Inc. 380 Interstate N. Pkwy SE Suite 400 Atlanta, GA 30339 EFFECTIVE DATE: See Page 1 ADDITIONAL REMARKS THIS ADDITIONAL REMARKS FORM IS A SCHEDULE TO ACORD FORM, FORM NUMBER: 25 FORM TITLE: Certificate of Liability Insurance Ltd.; Castellan Solutions, Inc.; Castellan Solutions, Ltd. Dba Clearview Continuity; Castellan Solutions LLC; Castellan Solutions EMEA Limited; Castellan Solutions Holdings Limited; Castellan Solutions Holdings, Inc; Castellan Solutions New Holdings Inc; RSK Holdings, Inc.; RSK Buyer, Inc. City of Miami is included as Additional Insured as respects to General Liability where required by written contract. General Liability (where required by written contract) and Cyber/Professional Liab policies shall be Primary and Non -Contributory with any other insurance in force for or which may be purchase b dditional Insured. V ok//1;\ ACORD 101 (2008/01) © 2008 ACORD CORPORATION. All rights reserved. The ACORD name and logo are registered marks of ACORD SR ID: 25381018 BATCH: 3318898 CERT: W32624824 RSK Topco, LP Riskonnect, Inc. 380 Interstate N. Pkwy. SE Suite 400 Atlanta, GA 30339 Lines of Business: Cyber Liability / Professional and Technology Liability Policy Period: 02/01/2024 — 02/01/2025 Layer Policy # Issuing Company $5,000,000 MTP9044635 02 Indian Harbor Insurance Company From: To: Cc: Subject: Date: Attachments: Gomez Jr., Francisco (Frank) Gandarilla. Aimee Quevedo, Terry; Aviles, Yesenia RE: PSA Riskonnect Clearsight, LLC Thursday, October 3, 2024 8:33:33 AM image002.pnq image004.pnq image005.pnq Good morning Aimee, The COI is adequate. Thanks, Frank Gomez, PIAM, CPI I Property & Casualty Manager City of Miami Risk Management (305) 416-174o Office (305) 416-176o Fax fgomez@miamigov.com "Serving, Enhancing, and Transforming our Community" k), From: Gandarilla, Aimee <AGandarilla@miamigov.com> Sent: Thursday, October 3, 2024 8:24 AM To: Gomez Jr., Francisco (Frank) <FGomez@miamigov.com> Cc: Quevedo, Terry <TQuevedo@miamigov.com>; Aviles, Yesenia <YAviles@miamigov.com> Subject: FW: PSA Riskonnect Clearsight, LLC Olivera, Rosemary From: Gandarilla, Aimee Sent: Friday, October 11, 2024 4:00 PM To: Hannon, Todd Cc: Olivera, Rosemary; Brown, Sadie; Roberts, Frankeetha Subject: PSA Riskonnect Clearsight, LLC (matter 24-396) Attachments: PSA Riskonnect Clearsight, LLC (matter 24-396).pdf Good afternoon Todd, Please find attached the fully executed copy of an agreement from DocuSign that is to be considered an original agreement for your records. Thank you, Aimee) candcailiai Procurement Assistant City of Miami Procurement Department 444 SW 2nd Avenue, 6thfloor, Miami, FL 33130 P (305) 416-1906 F (305) 400-5073 E agandarilla@miami.gov "Serving, Enhancing, and Transforming our Community" i