The URL can be used to link to this page

Home My WebLink About25212AGREEMENT INFORMATION AGREEMENT NUMBER 25212 NAME/TYPE OF AGREEMENT MICROSOFT CORPORATION DESCRIPTION CONSULTING SERVICES NO -COST WORK ORDER/COPILOT FOR MICROSOFT 365 RAPID DEPLOYMENT & ADOPTION/FILE ID: 16448/R-24-0331 /MATTER ID: 24-1871 EFFECTIVE DATE ATTESTED BY TODD B. HANNON ATTESTED DATE 10/11/2024 DATE RECEIVED FROM ISSUING DEPT. 10/11/2024 NOTE DOCUSIGN AGREEMENT BY EMAIL CITY OF MIAMI DOCUMENT ROUTING FORM ORIGINATING DEPARTMENT. _Department of Innovation and Technology (DolT) DEPT. CONTACT PERSON: Gee M. Chow EXT 1018/MS Teams NAME OF OTHER CONTRACTUAL PARTY/ENTITY: IS THIS AGREEMENT A RESULT OF A COMPETITIVE PROCUREMENT PROCESS? ❑ YES ❑ NO TOTAL CONTRACT AMOUNT: $ FUNDING INVOLVED? ❑ YES ❑ NO TYPE OF AGREEMENT: ❑ MANAGEMENT AGREEMENT ❑ PROFESSIONAL SERVICES AGREEMENT ❑ GRANT AGREEMENT ❑ EXPERT CONSULTANT AGREEMENT ❑ LICENSE AGREEMENT OTHER: (PLEASE SPECIFY) _ No -Cost Work Order ❑ PUBLIC WORKS AGREEMENT ❑ MAINTENANCE AGREEMENT ❑ INTER -LOCAL AGREEMENT ❑ LEASE AGREEMENT ❑ PURCHASE OR SALE AGREEMENT PURPOSE OF ITEM (BRIEF SUMMARY): _ Consulting Services No -Cost Work Order between the City of Miami and Microsoft to provide professional services for Copilot for Microsoft 365 Rapid Deployment and Adoption. COMMISSION APPROVAL DATE: 97 12/2024 FILE ID: ENACTMENT NO.: R-24-0331 IF THIS DOES NOT REQUIRE COMMISSION APPROVAL, PLEASE EXPLAIN: ROUTING INFORMATION Date PLEASE PRINT AND SIGN APPROVAL BY DEPARTMENTAL DIRECTOR 10/3/2024 PRINT: Gee Chow SIGNATURE: ,—Docus,9 SUBMITTED TO RISK MANAGEMENT 10/4/2024 PRINT: ANN-MAtifirSHARPE SIGNATURE: DocuStonetl by Fr k Go,,vy SUBMITTED TO CITY ATTORNEY Matter ID No. 2 4-18 71 10/7/2024 PRINT: GEORGE SIGNATURE: K. WYSONG ,..cus1QO.d ey rIt- (46 III APPROVAL BY ASSISTANT CITY MANAGER 10/10/24 PRINT: Barbara SIGNATURE: Hernandez �n,4..dbv Bo��sa APPROVAL BY DEPUTY CITY MANAGER 10/10/24 PRINT: Natasha� SIGNATURE: b'3T C""o Ye i'rook-Wi 11 i ams N W w . RECEIVED BY CITY MANAGER 10/11/24 PRINT: ART NI:IRMA SIGNATURE: �DocuSfgnetl by: anttutAir Nevtcla �85nGF,72nD421, PRINT: SIGNATURE: PRINT: SIGNATURE: PRINT: SIGNATURE: 1) ONE ORIGINAL TO CITY CLERK, 2) ONE COPY TO CITY ATTORNEY'S OFFICE, 3) REMAINING ORIGINAL(S) TO ORIGINATING DEPARTMENT PLEASE ATTACH THIS ROUTING FORM TO ALL DOCUMENTS THAT REQUIRE EXECUTION BY THE CITY MANAGER Microsoft Consulting Services No -Cost Work Order State and Local Government (For Microsoft Internal Purposes Only) SLG/E MCS WO GV50246-475328-608591 This No -Cost Work Order is made pursuant to the Microsoft Services Agreement #U5222173 effective as of 1/13/2017, by and between Miami -Dade County, FL and Microsoft Corporation ("we" "us," or "our"), as amended. As an Affiliate of Miami -Dade County, the City of Miami is permitted to utilize the agreement and enter into Work Orders with us. The City of Miami is referred as "you" or "Customer" in this Work Order. The terms of the agreement are incorporated herein by this reference. Any terms not otherwise defined herein will assume the meanings set forth in the agreement. This work order is comprised of this cover page and the work order terms below, which are incorporated herein by this reference. Customer Invoice Information Name of Customer Contact Name (This person receives invoices under this work order.) City of Miami, Florida City of Miami — Finance General Accounting Name of Customer Affiliate that executed the Agreement if different than the undersigned Street Address Contact E-mail Address Miami Riverside Center, 444 SW 2nd Street, 5th payables@miamigov.com Floor City State/Province Miami Florida Country Postal Code Fax USA 33130-1910 Invoicing Services under this Work Order are being offered on a gratuitous basis. No invoicing will occur. Contact Name: Contact E-mail address: Contact phone No.: Web site address: Commencement Date This Work Order will be effective and Professional Services can commence on the later of the below Signature Dates. This Work Order will expire on December 20, 2024. In order for Microsoft to continue work after the expiration date, Customer and Microsoft must agree in writing to a new Work Order or an amendment to this work order identifying the new expiration date and any other terms upon which Customer and Microsoft agree. Payments to Microsoft should be made to the following, include reference to our invoice number: By Check: Microsoft Enterprise Services, P.O. Box 844510, Dallas, TX 75284-4510 By Check (overnight courier): Microsoft Corporation c/o Bank of America Lockbox 844510, 1950 N. Stemmons Fwy, Ste 5010, Dallas, TX 75207 (214) 508-7262 By Wire: Microsoft Enterprise Services #844510, Acct 3750825354/ ABA#1100001-2, c/o Bank of America ❑ Attachments required with Invoice (Status Reports/Time /Expense Breakouts, Other): WorkOrder1 v8.0(USSLGE)(Apri12019) 1 Project Point of Contact (Customer Satisfaction Contact) Name of Customer Same as above Project leader (This person is Customer's point of contact for all service -related matters under this Work Order.) Street Address Contact E-mail Address City State/Province Phone Country USA Postal Code Fax By signing below the parties acknowledge and agree to be bound to the terms of the Agreement and this Work Order. Customer Microsoft Affiliate Name of Customer (Please Print) City of Miami, Florida Name Microsoft Corporation Signature flu 9° °ey gvi%u�' Wilt Signature =tlby. ----- — Name of person signing (Please Print) Arthur Noriega Name of person signing (Please Print) Nick Schenk Title of person signing (Please Print) City Manager Title of person signing (Please Print) Delivery Management Executive Signature date 10/11/24 Signature date 10/03/2024 Approved as to Insurance Requirements: DocuSigned by: be: 27395C6318214E7... Approved Correctness: as �Ds to Legal Form DocuSigned at,Oiel, and by: ( ,,a /(-42024 88776E9FE88248B... Attest: Signed by: DDoocuu�Si�gneddy by: ,�� aF^„ / E46D7560DCF1459... WorkOrder1v8.0(USSLGE)(Apri12019) 2 1. Services. Microsoft will perform for Customer those services as identified in the attached Statement of Work entitled "Copilot for Microsoft 365 Rapid Deployment and Adoption," dated 7/01/2024 (the "Statement of Work" or "SOW'). Any dates provided are estimates only. All services will be performed off -site at our facilities and will be coordinated with your project leader. Because we are performing the services under your direction, based on an estimated period of performance and level of effort, we do not warrant that any services deliverables will be completed or be satisfactory to you within the estimated period or level of effort. Microsoft resources and Microsoft subcontractors' resources may perform services remotely or on - site from Microsoft facilities, Customer facilities, or Microsoft partner's facilities. If the project schedule requires Microsoft resources and/or Microsoft subcontractors' resources to perform dedicated services at Customer site on a weekly basis, Microsoft will apply the following travel guidelines: • Resources will typically be on -site for 3 nights/4 days; arriving on Mondays and leaving on Thursdays. • Resources may stretch their daily work plan in order to accommodate project's weekly activities within those 4 days. • As needed, resources may perform project activities working remotely on Fridays. • All project hours will be billed as actual. 2. Fees. The services provided hereunder constitute "gratuitous" services and materials for which Customer shall have no legal or moral obligation to pay and for which Microsoft waives any entitlement to compensation. By providing these gratuitous services and materials it is Microsoft's intent to be in compliance with applicable laws and regulations regarding the provision of gratuitous services. Specifically, it is understood that all services and materials provided under this work order are for the sole benefit and use of Customer, directly or indirectly, and are not provided to or for any individual government employee. Financial Summary Country USA - SLG - Enterprise East Package Start Date End Date Currency Amount Copilot for M365 Rapid Deployment and Adoption 10/21/2024 12/20/2024 USD $150,862.40 Travel Expenses 10/21/2024 12/20/2024 USD $2,000.00 Sub Total $152,862.40 One Time Microsoft Investment $(152,862.40) Amount Due 0.00 Service Details Copilot for M365 Rapid Deployment USA- SLG - 10/21/2024 to Currency and Adoption Enterprise East 12/20/2024 USD Copilot for M365 Rapid Deployment and Adoption Qty Description Unit Amount 370 Delivery Consulting hr $125,500.00 46 Project Oversight hr $16,560.00 8 Quality Assurance hr $3,000.00 Adjustments $5,802.40 Sub Total $150,862.40 One Time Microsoft Investment $(150,862.40) Total 0.00 WorkOrder1 v8.0(USSLGE)(Apri12019) 3 Travel USA- SLG - Enterprise East 10/21/2024 to 12/20/2024 Currency USD Travel Expenses 3. Changes to the Work Order Term. Either party may terminate this Work Order if the other party is in material breach or default of any obligation that is not cured within thirty (30) days' written notice of such breach. Customer may terminate this Work Order at any time for convenience by providing Microsoft with thirty (30) days prior written notice, "Notice Period". In case of termination for convenience, Customer will pay Microsoft for all services provided up to the end of the Notice Period. 4. Cost or Pricing Data. We will not, under any circumstances, accept work that would require the submission of cost or pricing data. 6. Taxes. If any amounts are to be paid to Microsoft, the amounts owed are exclusive of any taxes. Customer shall pay all value added, goods and services, sales, gross receipts or other transaction taxes, fees, charges or surcharges or other similar taxes, chares or fees or any regulatory cost recovery and other surcharges that are owed under this Work Order and which Microsoft is permitted to collect from Customer under applicable law. Customer shall also be responsible for an applicable stamp taxes and for all other taxes that it is legally obligated to pay, including any taxes that arise on the distribution of provision of Professional Services by Customer to its Affiliates. Microsoft shall be responsible for payment of all taxes based upon its net income, gross receipts taxes imposed in lieu of taxes on income or profits, or taxes on Microsoft's property ownership. If any taxes are required to be withheld on payments made to Microsoft, Customer may deduct such taxes from the amount owed and pay them to the appropriate taxing authority; provided however, that Customer shall promptly secure and deliver an official receipt for those withholdings and other documents reasonably requested by Microsoft to claim a foreign tax credit or refund. Customer will ensure that any taxes withheld are minimized to the extent possible under applicable law. 8. Acceptable Use Policy Customer must not (and is not licensed to) use the Services Deliverables: • in a way prohibited by law, regulation, governmental order or decree; • to violate the rights of others; or • in any application or situation where use of the Service Deliverables could lead to the death or serious bodily injury of any person, or to severe physical or environmental damage, except in accordance with the High Risk Use section below. High Risk Use WARNING: Modern technologies may be used in new and innovative ways, and Customer must consider whether its specific use of these technologies is safe. The Services Deliverables are not designed or intended to support any use in which a service interruption, defect, error, or other failure of a Services Deliverable could result in the death or serious bodily injury of any person or in physical or environmental damage (collectively, "High Risk Use"). Accordingly, Customer must design and implement the Services Deliverables such that, in the event of any interruption, defect, error, or other failure of the Services Deliverables, the safety of people, property, and the environment are not reduced below a level that is reasonable, appropriate, and legal, whether in general or for a specific industry. Customer's High Risk Use of the Services Deliverables is at its own risk. Customer agrees Microsoft shall not be responsible, nor incur any liability hereunder, for any claims arising from a High Risk Use associated with the Services Deliverables, including any WorkOrder1v8.0(USSLGE)(Apri12019) 4 claims based in strict liability or that Microsoft was negligent in designing or providing the Services Deliverables to Customer in accordance with Customer's specifications. 9. Microsoft Professional Services Data Protection Addendum. "Professional Services Data" means all data, including all text, sound, video, image files, or software, that are provided to Microsoft by, or on behalf of, Customer (or that Customer authorizes Microsoft to obtain from an Online Service) or otherwise obtained or processed by or on behalf of Microsoft through an engagement with Microsoft to obtain Professional Services. The data protection terms applying to Professional Services in the Microsoft Products and Services Data Protection Addendum effective January 2, 2024 are incorporated herein by this reference. For liability arising out of either party's confidentiality obligations relating to Professional Services Data provided under this Work Order, each party's maximum, aggregate liability to the other is limited to direct damages finally awarded in an amount not to exceed the amounts Customer paid for the applicable Professional Services under this Work Order. (REMAINDER OF THIS PAGE INTENTIONALLY LEFT BLANK) WorkOrder1v8.0(USSLGE)(Apri12019) 5 Iit of Thxmi ANNIE PEREZ, CPPO ARTHUR NORIEGAV Procurement Director City Manager October 1, 2024 David Karalekas Microsoft Corporation 6750 N Andrews Ave Ste 400 Fort Lauderdale, FL 33309 RE: MICROSOFT COPILOT DONATION Dear Mr. Karalekas: SENT VIA EMAIL: David.Karalekas@microsoft.com On behalf of the City of Miami ("City"), it is with great appreciation that we accept this donation of in -kind consulting services from Microsoft Corporation ("Microsoft") for the City's Department of Innovation and Technology ("DolT"). The total value of the donated consulting services is one hundred sixty thousand dollars ($160,000). This generous donation will support the rapid deployment of Microsoft's Copilot program, an AI -powered tool, designed to enhance user productivity, creativity and communication, utilizing large language models ("LLMs") to integrate with Microsoft 365 applications and services. The City is pleased to accept Microsoft's donation with a total value of one hundred sixty thousand dollars ($160,000). With respect to the City's record of this gracious act, no goods or services of any value have been or shall be offered in exchange for this donation. Thank you. Respectfully, DocuSigned by: avguArNov�u�a Ar .1854eriegra4V.. City Manager Cc: Francis X. Suarez, Mayor Miguel Angel Gabela, Commissioner Damian Pardo, Commissioner Joe Carollo, Commissioner Manolo Reyes, Commissioner Christine King, Commissioner Larry Spring, CPA, Chief Financial Officer, Assistant City Manager Natasha Colebrook -Williams, Deputy City Manager Barbara Hernandez, Chief of Operations, Assistant City Manager Annie Perez, CPPO, Chief Procurement Officer, Director of Procurement Yadissa A. Calderon, CPPB, NIGP-CPP, Assistant Director of Procurement PR24261 City Commission Marked Agenda September 12, 2024 CA.2 RESOLUTION 16448 Department of Innovation and Technology A RESOLUTION OF THE MIAMI CITY COMMISSION, WITH ATTACHMENT(S), AUTHORIZING THE CITY MANAGER TO ACCEPT A DONATION OF IN -KIND SERVICES FROM THE MICROSOFT CORPORATION WITH AN ESTIMATED VALUE NOT TO EXCEED ONE HUNDRED SIXTY THOUSAND DOLLARS ($160,000.00) TO PROVIDE PROFESSIONAL SERVICES FOR THE "COPILOT FOR MICROSOFT 365 RAPID DEPLOYMENT AND ADOPTION" INITIATIVE AS DESCRIBED IN THE STATEMENT OF WORK, ATTACHED AND INCORPORATED AS EXHIBIT "A"; FURTHER AUTHORIZING THE CITY MANAGER TO NEGOTIATE AND EXECUTE A DONATION AGREEMENT FOR THE ACCEPTANCE AND ADMINISTRATION OF THE DONATION AND COMPLIANCE WITH THE TERMS AND CONDITIONS THEREOF, ALONG WITH ALL OTHER DOCUMENTS, ALL IN FORMS ACCEPTABLE TO THE CITY ATTORNEY, DEEMED NECESSARY FOR SAID PURPOSE; AND PROVIDING FOR AN EFFECTIVE DATE. ENACTMENT NUMBER: R-24-0331 This matter was ADOPTED on the Consent Agenda. CA.3 RESOLUTION 16371 Department of Police A RESOLUTION OF THE MIAMI CITY COMMISSION, WITH ATTACHMENT(S), AUTHORIZING THE CITY MANAGER TO EXECUTE A COMBINED VOLUNTARY COOPERATION AND OPERATIONAL ASSISTANCE MUTUAL AID AGREEMENT, IN SUBSTANTIALLY THE ATTACHED FORM, BETWEEN THE CITY OF MIAMI AND THE CITY OF FLORIDA CITY TO RECEIVE AND EXTEND MUTUAL AID IN THE FORM OF LAW ENFORCEMENT SERVICES AND RESOURCES TO ENSURE PUBLIC SAFETY AND ABILITY TO ADEQUATELY RESPOND TO INTENSIVE SITUATIONS, INCLUDING BUT NOT LIMITED TO NATURAL AND MAN-MADE DISASTERS OR EMERGENCIES AS DEFINED IN PART 1, CHAPTER 23, FLORIDA STATUTES, THE "FLORIDA MUTUAL AID ACT." ENACTMENT NUMBER: R-24-0332 This matter was ADOPTED on the Consent Agenda. City of Miami Page 7 Printed on 09/20/2024 Volume Licensing Microsoft Products and Services Data Protection Addendum Last updated January 2, 2024 Published in English on January 2, 2024. Translations will be published by Microsoft when available. These commitments are binding on Microsoft as of January 2, 2024. • Microsoft Microsoft Products and Services Data Protection Addendum (Worldwide English, Last updated January 2, 2024) 2 Table of Contents INTRODUCTION 3 Applicable DPA Terms and Updates 3 Electronic Notices 3 Prior Versions 3 DEFINITIONS 4 GENERAL TERMS 5 Compliance with Laws 5 DATA PROTECTION TERMS 5 Scope 5 Nature of Data Processing; Ownership 5 Disclosure of Processed Data 6 Processing of Personal Data; GDPR 7 Data Security 8 Security Incident Notification 9 Data Transfers and Location 9 Data Retention and Deletion 10 I ntroduction Processor Confidentiality Commitment 10 Notice and Controls on use of Subprocessors 10 Educational Institutions 11 CJIS Customer Agreement 11 HIPAA Business Associate 11 Telecommunication Data 11 California Consumer Privacy Act (CCPA) 11 Biometric Data 12 Supplemental Professional Services 12 How to Contact Microsoft 12 APPENDIX A — SECURITY MEASURES 13 APPENDIX B — DATA SUBJECTS AND CATEGORIES OF PERSONAL DATA 16 APPENDIX C —ADDITIONAL SAFEGUARDS ADDENDUM 18 ATTACHMENT 1— EUROPEAN UNION GENERAL DATA PROTECTION REGULATION TERMS 19 General Terms Data Protection Terms Attachments Microsoft Products and Services Data Protection Addendum (Worldwide English, Last updated January 2, 2024) 3 Introduction The parties agree that this Microsoft Products and Services Data Protection Addendum ("DPA") sets forth their obligations with respect to the processing and security of Customer Data, Professional Services Data, and Personal Data in connection with the Products and Services. The DPA is incorporated by reference into the Product Terms and other Microsoft agreements. The parties also agree that, unless a separate Professional Services agreement exists, this DPA governs the processing and security of Professional Services Data. Separate terms, including different privacy and security terms, govern Customer's use of Non -Microsoft Products. In the event of any conflict or inconsistency between the DPA Terms and any other terms in Customer's volume licensing agreement or other applicable agreements in connection with the Products and Services ("Customer's agreement"), the DPA Terms shall prevail. The provisions of the DPA Terms supersede any conflicting provisions of the Microsoft Privacy Statement that otherwise may apply to processing of Customer Data, Professional Services Data, or Personal Data, as defined herein. Microsoft makes the commitments in this DPA to all Customers with an existing Customer's agreement. These commitments are binding on Microsoft with regard to Customer regardless of (1) the Product Terms that are otherwise applicable to any given Product subscription or license, or (2) any other agreement that references the Product Terms. Applicable DPA Terms and Updates Limits on Updates When Customer renews or purchases a new subscription to a Product or enters into a work order for a Professional Service, the then -current DPA Terms will apply and will not change during Customer's subscription for that Product or term for that Professional Service. When Customer obtains a perpetual license to Software, the then -current DPA Terms will apply (following the same provision for determining the applicable then -current Product Terms for that Software in Customer's agreement) and will not change during Customer's license for that Software. New Features, Supplements, or Related Software Notwithstanding the foregoing limits on updates, when Microsoft introduces features, offerings, supplements or related software that are new (i.e., that were not previously included with the Products or Services), Microsoft may provide terms or make updates to the DPA that apply to Customer's use of those new features, offerings, supplements or related software. If those terms include any material adverse changes to the DPA Terms, Microsoft will provide Customer a choice to use the new features, offerings, supplements, or related software, without loss of existing functionality of a generally available Product or Professional Service. If Customer does not install or use the new features, offerings, supplements, or related software, the corresponding new terms will not apply. Government Regulation and Requirements Notwithstanding the foregoing limits on updates, Microsoft may modify or terminate a Product or Professional Service in any country or jurisdiction where there is any current or future government requirement or obligation that (1) subjects Microsoft to any regulation or requirement not generally applicable to businesses operating there, (2) presents a hardship for Microsoft to continue operating the Product or offering the Professional Service without modification, and/or (3) causes Microsoft to believe the DPA Terms or the Product or Professional Service may conflict with any such requirement or obligation. Electronic Notices Microsoft may provide Customer with information and notices about Products and Services electronically, including via email, through the portal for an Online Service, or through a web site that Microsoft identifies. Notice is given as of the date it is made available by Microsoft. Prior Versions The DPA Terms provide terms for Products and Services that are currently available. For earlier versions of the DPA Terms, Customer may refer to https://aka.ms/licensingdocs or contact its reseller or Microsoft Account Manager. Table of Contents / General Terms Table of Contents 4 Introduction General Terms 4 Data Protection Terms 4 Attachments Microsoft Products and Services Data Protection Addendum (Worldwide English, Last updated January 2, 2024) 4 Definitions Capitalized terms used but not defined in this DPA will have the meanings provided in Customer's agreement. The following defined terms are used in this DPA: "Customer Data" means all data, including all text, sound, video, or image files, and software, that are provided to Microsoft by, or on behalf of, Customer through use of the Online Service. Customer Data does not include Professional Services Data. "Data Protection Requirements" means the GDPR, Local EU/EEA Data Protection Laws, and any applicable laws, regulations, and other legal requirements relating to (a) privacy and data security; and (b) the use, collection, retention, storage, security, disclosure, transfer, disposal, and other processing of any Personal Data. "DPA Terms" means the terms in the DPA and any Product -specific terms in the Product Terms that specifically supplement or modify the privacy and security terms in the DPA for a specific Product (or feature of a Product). In the event of any conflict or inconsistency between the DPA and such Product -specific terms, the Product -specific terms shall prevail as to the applicable Product (or feature of that Product). "GDPR" means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation). "Local EU/EEA Data Protection Laws" means any subordinate legislation and regulation implementing the GDPR. "GDPR Terms" means the terms in Attachment 1, under which Microsoft makes binding commitments regarding its processing of Personal Data as required by Article 28 of the GDPR. "Personal Data" means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. "Product" has the meaning provided in the volume license agreement. For ease of reference, "Product" includes Online Services and Software, each as defined in the volume license agreement. "Products and Services" means Products and Professional Services. Product and Professional Service availability may vary by region and applicability of this DPA to specific Products and Professional Services is subject to the limitations in the Scope section in this DPA. "Professional Services" means the following services: (a) Microsoft's consulting services, consisting of planning, advice, guidance, data migration, deployment and solution/software development services provided under a Microsoft Enterprise Services Work Order or, when agreed to in the Project Description, under a Cloud Workload Acceleration Agreement that incorporates this DPA by reference; and (b) technical support services provided by Microsoft that help customers identify and resolve issues affecting Products, including technical support provided as part of Microsoft Unified Support or Premier Support Services, and any other commercial technical support services. The Professional Services do not include the Products or, for purposes of the DPA only, Supplemental Professional Services. "Professional Services Data" means all data, including all text, sound, video, image files or software, that are provided to Microsoft, by or on behalf of a Customer (or that Customer authorizes Microsoft to obtain from a Product) or otherwise obtained or processed by or on behalf of Microsoft through an engagement with Microsoft to obtain Professional Services. "2021 Standard Contractual Clauses" means the standard data protection clauses (processor -to -processor module) between Microsoft Ireland Operations Limited and Microsoft Corporation for the transfer of personal data from processors in the EEA to processors established in third countries which do not ensure an adequate level of data protection, as described in Article 46 of the GDPR and approved by the European Commission in decision 2021/914/EC, dated 4 June 2021. "Subprocessor" means other processors used by Microsoft to process Customer Data, Professional Services Data, and Personal Data, as described in Article 28 of the GDPR. "Supplemental Professional Services" means support requests escalated from support to a Product engineering team for resolution and other consulting and support from Microsoft provided in connection with Products or a volume license agreement that are not included in the definition of Professional Services. Lower case terms used but not defined in this DPA, such as "personal data breach", "processing", "controller", "processor", "profiling", "personal data", and "data subject" will have the same meaning as set forth in Article 4 of the GDPR, irrespective of whether GDPR applies. Table of Contents / General Terms Table of Contents I i Introduction 4 General Terms =1 4 Data Protection Terms 4 Attachments Microsoft Products and Services Data Protection Addendum (Worldwide English, Last updated January 2, 2024) 5 General Terms Compliance with Laws Microsoft will comply with all laws and regulations applicable to its providing the Products and Services, including security breach notification law and Data Protection Requirements. However, Microsoft is not responsible for compliance with any laws or regulations applicable to Customer or Customer's industry that are not generally applicable to information technology service providers. Microsoft does not determine whether Customer's data includes information subject to any specific law or regulation. All Security Incidents are subject to the Security Incident Notification terms below. Customer must comply with all laws and regulations applicable to its use of Products and Services, including laws related to biometric data, confidentiality of communications, and Data Protection Requirements. Customer is responsible for determining whether the Products and Services are appropriate for storage and processing of information subject to any specific law or regulation and for using the Products and Services in a manner consistent with Customer's legal and regulatory obligations. Customer is responsible for responding to any request from a third party regarding Customer's use of Products and Services, such as a request to take down content under the U.S. Digital Millennium Copyright Act or other applicable laws. Data Protection Terms This section of the DPA includes the following subsections: • Scope • Nature of Data Processing; Ownership • Disclosure of Processed Data • Processing of Personal Data; GDPR • Data Security • Security Incident Notification • Data Transfers and Location • Data Retention and Deletion • Processor Confidentiality Commitment • Notice and Controls on use of Subprocessors • Educational lnstitutions Scope • CJIS Customer Agreement • HIPAA Business Associate • Telecommunication Data • California Consumer Privacy Act (CCPA) • Biometric Data • Supplemental Professional Services • How to Contact Microsoft • Appendix A — Security Measures • Appendix B — Data Subjects and Categories of Personal Data • Appendix C—Additional Safeguards Addendum. The DPA Terms apply to all Products and Services except as described in this section. The DPA Terms will not apply to any Products or Professional Services specifically identified as excluded, or to the extent identified as excluded, in the Product Terms or applicable work order, which are governed by the privacy and security terms in the applicable Product -specific or work order specific terms. For clarity, the DPA Terms apply only to the processing of data in environments controlled by Microsoft and Microsoft's subprocessors. This includes data sent to Microsoft by Products and Services but does not include data that remains on Customer's premises or in any Customer selected third party operating environments. For Supplemental Professional Services, Microsoft only makes the commitments in the Supplemental Professional Services section below. Previews may employ lesser or different privacy and security measures than those typically present in the Products and Services. Unless otherwise noted, Customer should not use Previews to process Personal Data or other data that is subject to legal or regulatory compliance requirements. For Products, the following terms in this DPA do not apply to Previews: Processing of Personal Data; GDPR, Data Security, and HIPAA Business Associate. For Professional Services, offerings designated as Previews or Limited Release only meet the terms of the Supplemental Professional Services. Nature of Data Processing; Ownership Microsoft will use and otherwise process Customer Data, Professional Services Data, and Personal Data only as described and subject to the limitations provided below (a) to provide Customer the Products and Services in accordance with Customer's documented instructions and (b) for business operations incident to providing the Products and Services to Customer. As between the parties, Customer retains all right, title and interest in and to Customer Data and Professional Services Data. Microsoft acquires no rights in Customer Data or Professional Services Data, other than the rights Customer grants to Microsoft in this section. This paragraph does not affect Microsoft's rights in software or services Microsoft licenses to Customer. Table of Contents Introduction 4 General Terms I= - Data Protection Terms 41 Attachments Microsoft Products and Services Data Protection Addendum (Worldwide English, Last updated January 2, 2024) 6 Processing to Provide Customer the Products and Services For purposes of this DPA, "to provide" a Product consists of: • Delivering functional capabilities as licensed, configured, and used by Customer and its users, including providing personalized user experiences; • Troubleshooting (preventing, detecting, and repairing problems); and • Keeping Products up to date and performant, and enhancing user productivity, reliability, efficacy, quality, and security. For purposes of this DPA, "to provide" Professional Services consists of: • Delivering the Professional Services, including providing technical support, professional planning, advice, guidance, data migration, deployment, and solution/software development services. • Troubleshooting (preventing, detecting, investigating, mitigating, and repairing problems, including Security Incidents and problems identified in the Professional Services or relevant Product(s) during delivery of Professional Services); and • Enhancing delivery, efficacy, quality, and security of Professional Services and the underlying Product(s) based on issues identified while providing Professional Services, including fixing software defects and otherwise keeping Products and Services up to date and performant. In each case, providing the Products and Services is conducted in view of security obligations under Data Protection Requirements. When providing Products and Services, Microsoft will not use or otherwise process Customer Data, Professional Services Data, or Personal Data for: (a) user profiling, (b) advertising or similar commercial purposes, or (c) market research aimed at creating new functionalities, services, or products or any other purpose, unless such use or processing is in accordance with Customer's documented instructions. Processing for Business Operations Incident to Providing the Products and Services to Customer For purposes of this DPA, "business operations" means the processing operations authorized by customer in this section. Customer authorizes Microsoft: (i.) to create aggregated statistical, non -personal data from data containing pseudonymized identifiers (such as usage logs containing unique, pseudonymized identifiers); and (ii.) to calculate statistics related to Customer Data or Professional Services Data in each case without accessing or analyzing the content of Customer Data or Professional Services Data and limited to achieving the purposes below, each as incident to providing the Products and Services to Customer. Those purposes are: • billing and account management; • compensation such as calculating employee commissions and partner incentives; • internal reporting and business modeling, such as forecasting, revenue, capacity planning, and product strategy; and • financial reporting. When processing for these business operations, Microsoft will apply principles of data minimization and will not use or otherwise process Customer Data, Professional Services Data, or Personal Data for: (a) user profiling, (b) advertising or similar commercial purposes, or (c) any other purpose, other than for the purposes set out in this section. In addition, as with all processing under this DPA, processing for business operations remains subject to Microsoft's confidentiality obligations and commitments under Disclosure of Processed Data. Disclosure of Processed Data Microsoft will not disclose or provide access to any Processed Data except: (1) as Customer directs; (2) as described in this DPA; or (3) as required by law. For purposes of this section, "Processed Data" means: (a) Customer Data; (b) Professional Services Data; (c) Personal Data; and (d) any other data processed by Microsoft in connection with the Products and Services that is Customer's confidential information under Customer's agreement. All processing of Processed Data is subject to Microsoft's obligation of confidentiality under Customer's agreement. Microsoft will not disclose or provide access to any Processed Data to law enforcement unless required by law. If law enforcement contacts Microsoft with a demand for Processed Data, Microsoft will attempt to redirect the law enforcement agency to request that data directly from Customer. If compelled to disclose or provide access to any Processed Data to law enforcement, Microsoft will promptly notify Customer and provide a copy of the demand unless legally prohibited from doing so. Upon receipt of any other third -party request for Processed Data, Microsoft will promptly notify Customer unless prohibited by law. Microsoft will reject the request unless required by law to comply. If the request is valid, Microsoft will attempt to redirect the third party to request the data directly from Customer. Table of Contents Introduction General Terms Data Protection Terms 4 Attachments Microsoft Products and Services Data Protection Addendum (Worldwide English, Last updated January 2, 2024) 7 Microsoft will only disclose or provide access to any Processed Data as required by law provided that the laws and practices respect the essence of the fundamental rights and freedoms and do not exceed what is necessary and proportionate in a democratic society and, as applicable, to safeguard one of the objectives listed in Article 23(1) of GDPR. Microsoft will not provide any third party: (a) direct, indirect, blanket, or unfettered access to Processed Data; (b) platform encryption keys used to secure Processed Data or the ability to break such encryption; or (c) access to Processed Data if Microsoft is aware that the data is to be used for purposes other than those stated in the third party's request. In support of the above, Microsoft may provide Customer's basic contact information to the third party. Processing of Personal Data; GDPR All Personal Data processed by Microsoft in connection with providing the Products and Services is obtained as part of either (a) Customer Data, (b) Professional Services Data, or (c) data generated, derived or collected by Microsoft, including data sent to Microsoft as a result of a Customer's use of service -based capabilities or obtained by Microsoft from locally installed software. Personal Data provided to Microsoft by, or on behalf of, Customer through use of the Online Service is also Customer Data. Personal Data provided to Microsoft by, or on behalf of, Customer through use of the Professional Services is also Professional Services Data. Pseudonymized identifiers may be included in data processed by Microsoft in connection with providing the Products and are also Personal Data. Any Personal Data pseudonymized, or de -identified but not anonymized, or Personal Data derived from Personal Data is also Personal Data. To the extent Microsoft is a processor or subprocessor of Personal Data subject to the GDPR, the GDPR Terms in Attachment 1 govern, and the language in the sub -section ("Processing of Personal Data; GDPR") shall be deemed supplemental: Processor and Controller Roles and Responsibilities Customer and Microsoft agree that Customer is the controller of Personal Data and Microsoft is the processor of such data, except (a) when Customer acts as a processor of Personal Data, in which case Microsoft is a subprocessor; or (b) as stated otherwise in the Product -specific terms or this DPA. When Microsoft acts as the processor or subprocessor of Personal Data, it will process Personal Data only on documented instructions from Customer. Customer agrees that Customer's agreement (including the DPA Terms and any applicable updates), along with the product documentation and Customer's use and configuration of features in the Products, are Customer's complete documented instructions to Microsoft for the processing of Personal Data, or the Professional Services documentation and Customer's use of the Professional Services. Information on use and configuration of the Products can be found at https://docs.microsoft.com (or a successor location) or other agreement incorporating this DPA. Any additional or alternate instructions must be agreed to according to the process for amending Customer's agreement. In any instance where the GDPR applies and Customer is a processor, Customer warrants to Microsoft that Customer's instructions, including appointment of Microsoft as a processor or subprocessor, have been authorized by the relevant controller. To the extent Microsoft uses or otherwise processes Personal Data subject to the GDPR for business operations incident to providing the Products and Services to Customer, Microsoft will comply with the obligations of an independent data controller under GDPR for such use. Microsoft is accepting the added responsibilities of a data "controller" under GDPR for such processing to: (a) act consistent with regulatory requirements, to the extent required under GDPR; and (b) provide increased transparency to Customers and confirm Microsoft's accountability for such processing. Microsoft employs safeguards to protect Customer Data, Professional Services Data, and Personal Data in such processing, including those identified in this DPA and those contemplated in Article 6(4) of the GDPR. With respect to processing of Personal Data under this paragraph, Microsoft makes the commitments set forth in the Additional Safeguards section; for those purposes, (i) any Microsoft disclosure of Personal Data, as described in the Additional Safeguards section, that has been transferred in connection with business operations is deemed a "Relevant Disclosure" and (ii) the commitments in the Additional Safeguards section apply to such Personal Data. Processing Details The parties acknowledge and agree that: • Subject Matter. The subject -matter of the processing is limited to Personal Data within the scope of the section of this DPA entitled "Nature of Data Processing; Ownership" above and the GDPR. • Duration of the Processing. The duration of the processing shall be in accordance with Customer instructions and the terms of the DPA. • Nature and Purpose of the Processing. The nature and purpose of the processing shall be to provide the Products and Services pursuant to Customer's agreement and for business operations incident to providing the Products and Services to Customer (as further described in the section of this DPA entitled "Nature of Data Processing; Ownership" above). • Categories of Data. The types of Personal Data processed by Microsoft when providing the Products and Services include: (i) Personal Data that Customer elects to include in Customer Data and Professional Services Data; and (ii) those expressly identified in Article 4 of the GDPR that may be generated, derived or collected by Microsoft, including data sent to Microsoft as a result of a Customer's use of service -based capabilities or obtained by Microsoft from locally installed software. The types of Personal Data that Customer elects to include in Customer Data and Professional Services Data may be any categories of Personal Data identified in records maintained by Customer acting as controller pursuant to Article 30 of the GDPR, including the categories of Personal Data set forth in Appendix B. Table of Contents 4 Introduction General Terms - Data Protection Terms Attachments Microsoft Products and Services Data Protection Addendum (Worldwide English, Last updated January 2, 2024) 8 • Data Subjects. The categories of data subjects are Customer's representatives and end users, such as employees, contractors, collaborators, and customers, and may include any other categories of data subjects as identified in records maintained by Customer acting as controller pursuant to Article 30 of the GDPR, including the categories of data subjects set forth in Appendix B. Data Subject Rights; Assistance with Requests Microsoft will make available to Customer, in a manner consistent with the functionality of the Products and Services and Microsoft's role as a processor of Personal Data of data subjects, the ability to fulfill data subject requests to exercise their rights under the GDPR. If Microsoft receives a request from Customer's data subject to exercise one or more of its rights under the GDPR in connection with the Products and Services for which Microsoft is a data processor or subprocessor, Microsoft will redirect the data subject to make its request directly to Customer. Customer will be responsible for responding to any such request including, where necessary, by using the functionality of the Products and Services. Microsoft shall comply with reasonable requests by Customer to assist with Customer's response to such a data subject request. Records of Processing Activities To the extent the GDPR requires Microsoft to collect and maintain records of certain information relating to Customer, Customer will, where requested, supply such information to Microsoft and keep it accurate and up-to-date. Microsoft may make any such information available to the supervisory authority if required by the GDPR. Data Security Security Practices and Policies Microsoft will implement and maintain appropriate technical and organizational measures to protect Customer Data, Professional Services Data, and Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. Those measures shall be set forth in a Microsoft Security Policy. Microsoft will make that policy available to Customer, along with other information reasonably requested by Customer regarding Microsoft security practices and policies. In addition, those measures shall comply with the requirements set forth in ISO 27001, ISO 27002, and ISO 27018. A description of the security controls for these requirements is available to Customers. Each Core Online Service also complies with the control standards and frameworks shown in the table in the Product Terms. Each Core Online Service and Professional Service implements and maintains the security measures set forth in Appendix A for the protection of Customer Data and Professional Services Data. Microsoft implements and maintains the security measures set forth in Annex II of the 2021 Standard Contractual Clauses for the protection of Personal Data within the scope of the GDPR. Microsoft may add industry or government standards at any time. Microsoft will not eliminate ISO 27001, ISO 27002, ISO 27018 or any standard or framework in the table for Core Online Services in the Product Terms, unless it is no longer used in the industry and it is replaced with a successor (if any). Data Encryption Customer Data and Professional Services Data (each including any Personal Data therein) in transit over public networks between Customer and Microsoft, or between Microsoft data centers, is encrypted by default. Microsoft also encrypts Customer Data stored at rest in Online Services and Professional Services Data stored at rest. In the case of Online Services on which Customer or a third -party acting on Customer's behalf may build applications (e.g., certain Azure Services), encryption of data stored in such applications may be employed at the discretion of Customer, using either capabilities provided by Microsoft or obtained by Customer from third parties. Data Access Microsoft employs least privilege access mechanisms to control access to Customer Data and Professional Services Data (including any Personal Data therein). Role -based access controls are employed to ensure that access to Customer Data and Professional Services Data required for service operations is for an appropriate purpose and approved with management oversight. For Core Online Services and Professional Services, Microsoft maintains Access Control mechanisms described in the table entitled "Security Measures" in Appendix A; and there is no standing access by Microsoft personnel to Customer Data, and any required access is for a limited time. Customer Responsibilities Customer is solely responsible for making an independent determination as to whether the technical and organizational measures for Products and Services meet Customer's requirements, including any of its security obligations under applicable Data Protection Requirements. Customer acknowledges and agrees that (taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of the processing of its Personal Data as well as the risks to individuals) the security practices and policies implemented and maintained by Table of Contents Nr Introduction --i r General Terms Data Protection Terms Attachments Microsoft Products and Services Data Protection Addendum (Worldwide English, Last updated January 2, 2024) 9 Microsoft provide a level of security appropriate to the risk with respect to its Personal Data. Customer is responsible for implementing and maintaining privacy protections and security measures for components that Customer provides or controls (such as devices enrolled with Microsoft Intune or within a Microsoft Azure customer's virtual machine or application). Auditing Compliance Microsoft will conduct audits of the security of the computers, computing environment, and physical data centers that it uses in processing Customer Data, Professional Service Data, and Personal Data, as follows: • Where a standard or framework provides for audits, an audit of such control standard or framework will be initiated at least annually. • Each audit will be performed according to the standards and rules of the regulatory or accreditation body for each applicable control standard or framework. • Each audit will be performed by qualified, independent, third party security auditors at Microsoft's selection and expense. Each audit will result in the generation of an audit report ("Microsoft Audit Report"), which Microsoft will make available at https://servicetrust.microsoft.com/ or another location identified by Microsoft. The Microsoft Audit Report will be Microsoft's Confidential Information and will clearly disclose any material findings by the auditor. Microsoft will promptly remediate issues raised in any Microsoft Audit Report to the satisfaction of the auditor. If Customer requests, Microsoft will provide Customer with each Microsoft Audit Report. The Microsoft Audit Report will be subject to non -disclosure and distribution limitations of Microsoft and the auditor. To the extent Customer's audit requirements under the Data Protection Requirements cannot reasonably be satisfied through audit reports, documentation or compliance information Microsoft makes generally available to its customers, Microsoft will promptly respond to Customer's additional audit instructions. Before the commencement of an audit, Customer and Microsoft will mutually agree upon the scope, timing, duration, control and evidence requirements, and fees for the audit, provided that this requirement to agree will not permit Microsoft to unreasonably delay performance of the audit. To the extent needed to perform the audit, Microsoft will make the processing systems, facilities and supporting documentation relevant to the processing of Customer Data, Professional Services Data, and Personal Data by Microsoft, its Affiliates, and its Subprocessors available. Such an audit will be conducted by an independent, accredited third -party audit firm, during regular business hours, with reasonable advance notice to Microsoft, and subject to reasonable confidentiality procedures. Neither Customer nor the auditor shall have access to any data from Microsoft's other customers or to Microsoft systems or facilities not involved in providing the applicable Products and Services. Customer is responsible for all costs and fees related to such audit, including all reasonable costs and fees for any and all time Microsoft expends for any such audit, in addition to the rates for services performed by Microsoft. If the audit report generated as a result of Customer's audit includes any finding of material non-compliance, Customer shall share such audit report with Microsoft and Microsoft shall promptly cure any material non-compliance. Nothing in this section of the DPA varies or modifies the GDPR Terms or affects any supervisory authority's or data subject's rights under the Data Protection Requirements. Microsoft Corporation is an intended third -party beneficiary of this section. Security Incident Notification If Microsoft becomes aware of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Data, Professional Services Data, or Personal Data while processed by Microsoft (each a "Security Incident"), Microsoft will promptly and without undue delay (1) notify Customer of the Security Incident; (2) investigate the Security Incident and provide Customer with detailed information about the Security Incident; (3) take reasonable steps to mitigate the effects and to minimize any damage resulting from the Security Incident. Notification(s) of Security Incidents will be delivered to Customer by any means Microsoft selects, including via email. It is Customer's sole responsibility to ensure Customer maintains accurate contact information with Microsoft for each applicable Product and Professional Service. Customer is solely responsible for complying with its obligations under incident notification laws applicable to Customer and fulfilling any third - party notification obligations related to any Security Incident. Microsoft shall make reasonable efforts to assist Customer in fulfilling Customer's obligation under GDPR Article 33 or other applicable law or regulation to notify the relevant supervisory authority and data subjects about such Security Incident. Microsoft's notification of or response to a Security Incident under this section is not an acknowledgement by Microsoft of any fault or liability with respect to the Security Incident. Customer must notify Microsoft promptly about any possible misuse of its accounts or authentication credentials or any security incident related to the Products and Services. Data Transfers and Location Data Transfers Customer Data, Professional Services Data, and Personal Data that Microsoft processes on Customer's behalf may not be transferred to, or stored and processed in a geographic location except in accordance with the DPA Terms and the safeguards provided below in this section. Table of Contents Introduction rGeneral Terms Data Protection Terms Attachments Microsoft Products and Services Data Protection Addendum (Worldwide English, Last updated January 2, 2024) 10 Taking into account such safeguards, Customer appoints Microsoft to transfer Customer Data, Professional Services Data, and Personal Data to the United States or any other country in which Microsoft or its Subprocessors operate and to store and process Customer Data, and Personal Data to provide the Products, except as described elsewhere in the DPA Terms. All transfers of Customer Data, Professional Services Data, and Personal Data out of the European Union, European Economic Area, United Kingdom, and Switzerland to provide the Products and Services are subject to the terms of the 2021 Standard Contractual Clauses implemented by Microsoft. In addition, transfers from the United Kingdom are subject to the terms of the IDTA implemented by Microsoft. For purposes of this DPA, the "IDTA" means the International data transfer addendum to the European Commission's standard contractual clauses for international data transfers issued by the UK Information Commissioner's Office under S119A(1) of the UK Data Protection Act 2018. Microsoft will abide by the requirements of European Economic Area, United Kingdom, and Swiss data protection law regarding the collection, use, transfer, retention, and other processing of Personal Data from the European Economic Area, United Kingdom, and Switzerland. All transfers of Personal Data to a third country or an international organization will be subject to appropriate safeguards as described in Article 46 of the GDPR and such transfers and safeguards will be documented according to Article 30(2) of the GDPR. In addition, Microsoft is certified to the EU-U.S. and Swiss-U.S. Data Privacy Frameworks, the UK Extension to the EU-U.S. Data Privacy Framework and the commitments they entail. Microsoft agrees to notify Customer if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the principles of the Data Privacy Frameworks. Location of Customer Data For the Core Online Services, Microsoft will store Customer Data at rest within certain major geographic areas (each, a Geo) as set forth in the Product Terms. For EU Data Boundary Online Services, Microsoft will store and process Customer Data and Personal Data within the European Union as set forth in the Product Terms. Microsoft does not control or limit the regions from which Customer or Customer's end users may access or move Customer Data. Data Retention and Deletion At all times during the term of Customer's subscription or the applicable Professional Services engagement, Customer will have the ability to access, extract and delete Customer Data stored in each Online Service and Professional Services Data. Except for free trials and Linkedln services, Microsoft will retain Customer Data that remains stored in Online Services in a limited function account for 90 days after expiration or termination of Customer's subscription so that Customer may extract the data. After the 90-day retention period ends, Microsoft will disable Customer's account and delete the Customer Data and Personal Data stored in Online Services within an additional 90 days, unless authorized under this DPA to retain such data. For Personal Data in connection with the Software and for Professional Services Data, Microsoft will delete all copies after the business purposes for which the data was collected or transferred have been fulfilled or earlier upon Customer's request, unless authorized under this DPA to retain such data. The Online Service may not support retention or extraction of software provided by Customer. Microsoft has no liability for the deletion of Customer Data, Professional Services Data, or Personal Data as described in this section. Processor Confidentiality Commitment Microsoft will ensure that its personnel engaged in the processing of Customer Data, Professional Services Data, and Personal Data (i) will process such data only on instructions from Customer or as described in this DPA, and (ii) will be obligated to maintain the confidentiality and security of such data even after their engagement ends. Microsoft shall provide periodic and mandatory data privacy and security training and awareness to its employees with access to Customer Data, Professional Services Data, and Personal Data in accordance with applicable Data Protection Requirements and industry standards. Notice and Controls on use of Subprocessors Microsoft may hire Subprocessors to provide certain limited or ancillary services on its behalf. Customer consents to this engagement and to Microsoft Affiliates as Subprocessors. The above authorizations will constitute Customer's prior written consent to the subcontracting by Microsoft of the processing of Customer Data, Professional Services Data, and Personal Data if such consent is required under the Standard Contractual Clauses or the GDPR Terms. Microsoft is responsible for its Subprocessors' compliance with Microsoft's obligations in this DPA. Microsoft makes available information about Subprocessors on a Microsoft website. When engaging any Subprocessor, Microsoft will ensure via a written contract that the Subprocessor may access and use Customer Data, Professional Services Data, or Personal Data only to deliver the services Microsoft has retained them to provide and is prohibited from using Customer Data, Professional Services Data, or Personal Data for any other purpose. Microsoft will ensure that Subprocessors are bound by written agreements that require them to provide at least the level of data protection required of Microsoft by the Table of Contents Introduction General Terms Data Protection Terms Attachments Microsoft Products and Services Data Protection Addendum (Worldwide English, Last updated January 2, 2024) 11 DPA, including the limitations on disclosure of Processed Data. Microsoft agrees to oversee the Subprocessors to ensure that these contractual obligations are met. From time to time, Microsoft may engage new Subprocessors. Microsoft will give Customer notice and, as applicable, update the website and provide Customer with a mechanism to obtain notice of that update of any new Subprocessor at least 6 months in advance of providing that Subprocessor with access to Customer Data. Additionally, Microsoft will give Customer notice and, as applicable, update the website and provide Customer with a mechanism to obtain notice of that update of any new Subprocessor at least 30 days in advance of providing that Subprocessor with access to Professional Services Data or Personal Data other than that which is contained in Customer Data. If Microsoft engages a new Subprocessor for a new Product or Professional Service that processes Customer Data, Professional Services Data, or Personal Data, Microsoft will give Customer notice prior to availability of that Product or Professional Service. If Customer does not approve of a new Subprocessor for an Online Service or Professional Services, then Customer may terminate any subscription for the affected Online Service or the applicable Statements of Service for the applicable Professional Service, respectively, without penalty or termination fee by providing, before the end of the relevant notice period, written notice of termination. If Customer does not approve of a new Subprocessor for Software, and Customer cannot reasonably avoid use of the Subprocessor by restricting Microsoft from processing data as set forth in the documentation or this DPA, then Customer may terminate any license for the affected software product without penalty by providing, before the end of the relevant notice period, written notice of termination. Customer may also include an explanation of the grounds for non - approval together with the termination notice, in order to permit Microsoft to re-evaluate any such new Subprocessor based on the applicable concerns. If the affected Product is part of a suite (or similar single purchase of services), then any termination will apply to the entire suite. After termination, Microsoft will remove payment obligations for any subscriptions or other applicable unpaid work for the terminated Products or Services from subsequent invoices to Customer or its reseller. Educational Institutions If Customer is an educational agency or institution to which regulations under the Family Educational Rights and Privacy Act, 20 U.S.C. § 1232g (FERPA), apply, Microsoft acknowledges that for the purposes of the DPA, Microsoft is a "school official" with "legitimate educational interests" in the Customer Data and Professional Services Data, as those terms have been defined under FERPA and its implementing regulations, and Microsoft agrees to abide by the limitations and requirements imposed by 34 CFR 99.33(a) on school officials. Customer understands that Microsoft may possess limited or no contact information for Customer's students and students' parents. Consequently, Customer will be responsible for obtaining any parental consent for any end user's use of the Products and Services that may be required by applicable law and to convey notification on behalf of Microsoft to students (or, with respect to a student under 18 years of age and not in attendance at a postsecondary institution, to the student's parent) of any judicial order or lawfully -issued subpoena requiring the disclosure of Customer Data and Professional Services Data in Microsoft's possession as may be required under applicable law. CJIS Customer Agreement Microsoft provides certain government cloud services ("Covered Services") in accordance with the FBI Criminal Justice Information Services ("CJIS") Security Policy ("CJIS Policy"). The CJIS Policy governs the use and transmission of criminal justice information. All Microsoft CJIS Covered Services shall be governed by the terms and conditions in the CJIS Management Agreement. HIPAA Business Associate If Customer is a "covered entity" or a "business associate" and includes "protected health information" in Customer Data or Professional Services Data, as those terms are defined under the Health Insurance Portability and Accountability Act of 1996, as amended, and the regulations promulgated thereunder (collectively, "HIPAA"), execution of Customer's agreement includes execution of the HIPAA Business Associate Agreement ("BAA").The full text of the BM identifies the Online Services or Professional Services to which it applies and is available at http://aka.ms/BAA. Customer may opt out of the BAA by sending the following information to Microsoft in a written notice (under the terms of the Customer's agreement): • the full legal name of the Customer and any Affiliate that is opting out; and • if Customer has multiple agreements, Customer's agreement to which the opt out applies. Telecommunication Data To the extent Microsoft is processing traffic, content and other Personal Data in the provision of Products and Services that qualify as telecommunication services under applicable law, specific statutory obligations may apply. Microsoft will comply with all telecommunication specific laws and regulations applicable to its providing the Products and Services, including security breach notification, Data Protection Requirements, and telecommunication secrecy. California Consumer Privacy Act (CCPA) If Microsoft is processing Personal Data within the scope of the CCPA, Microsoft makes the following additional commitments to Customer. Microsoft will process Customer Data, Professional Services Data, and Personal Data on behalf of Customer and, not retain, use, or disclose that data for any purpose other than for the purposes set out in the DPA Terms and as permitted under the CCPA, including under any "sale" Table of Contents 4 r Introduction i-i r General Terms - Data Protection Terms Attachments Microsoft Products and Services Data Protection Addendum (Worldwide English, Last updated January 2, 2024) 12 exemption. In no event will Microsoft sell any such data. These CCPA terms do not limit or reduce any data protection commitments Microsoft makes to Customer in the DPA Terms, Product Terms, or other agreement between Microsoft and Customer. Biometric Data If Customer uses Products and Services to process Biometric Data, Customer is responsible for: (i) providing notice to data subjects, including with respect to retention periods and destruction; (ii) obtaining consent from data subjects; and (iii) deleting the Biometric Data, all as appropriate and required under applicable Data Protection Requirements. Microsoft will process that Biometric Data following Customer's documented instructions (as described in the "Processor and Controller Roles and Responsibilities" section above) and protect that Biometric Data in accordance with the data security and protection terms under this DPA. For purposes of this section, "Biometric Data" will have the meaning set forth in Article 4 of the GDPR and, if applicable, equivalent terms in other Data Protection Requirements. Supplemental Professional Services When used in the sections listed below, the defined term "Professional Services" includes Supplemental Professional Services, and the defined term "Professional Services Data" includes data obtained for Supplemental Professional Services. For Supplemental Professional Services, the following sections of the DPA apply in the same manner as they apply to Professional Services: "Introduction", "Compliance with Laws", "Nature of Processing; Ownership", "Disclosure of Processed Data", "Processing of Personal Data; GDPR", the first paragraph of "Security Practices and Policies", "Customer Responsibilities", "Security Incident Notification", "Data Transfer" (including the terms regarding the 2021 Standard Contractual Clauses), the third paragraph of "Data Retention and Deletion", "Processor Confidentiality Commitment", "Notice and Controls on use of Subprocessors", "HIPAA Business Associate" (to the extent applicable in the BM), "California Consumer Privacy Act (CCPA)", "Biometric Data", "How to Contact Microsoft", "Appendix B — Data Subjects and Categories of Personal Data", and "Appendix C — Additional Safeguards Addendum". How to Contact Microsoft If Customer believes that Microsoft is not adhering to its privacy or security commitments, Customer may contact customer support or use Microsoft's Privacy web form, located at http://go.microsoft.com/?linkid=9846224. Microsoft's mailing address is: Microsoft Enterprise Service Privacy Microsoft Corporation One Microsoft Way Redmond, Washington 98052 USA Microsoft Ireland Operations Limited is Microsoft's data protection representative for the European Economic Area and Switzerland. The privacy representative of Microsoft Ireland Operations Limited can be reached at the following address: Microsoft Ireland Operations, Ltd. Attn: Data Protection One Microsoft Place South County Business Park Leopardstown Dublin 18, D18 P521, Ireland Table of Contents / General Terms Table of Contents 4 Introduction General Terms Attachments Microsoft Products and Services Data Protection Addendum (Worldwide English, Last updated January 2, 2024) 13 Appendix A — Security Measures Microsoft has implemented and will maintain for Customer Data in the Core Online Services and Professional Services Data the following security measures, which in conjunction with the security commitments in this DPA (including the GDPR Terms), are Microsoft's only responsibility with respect to the security of that data. Domain Practice? Organization of Information Security Security Ownership. Microsoft has appointed one or more security officers responsible for coordinating and monitoring the security rules and procedures. Security Roles and Responsibilities. Microsoft personnel with access to Customer Data or Professional Services Data are subject to confidentiality obligations. Risk Management Program. Microsoft performed a risk assessment before processing the Customer Data or launching the Online Services service and before processing Professional Service Data or launching the Professional Services. Microsoft retains its security documents pursuant to its retention requirements after they are no longer in effect. Asset Management Asset Inventory. Microsoft maintains an inventory of all media on which Customer Data or Professional Services Data is stored. Access to the inventories of such media is restricted to Microsoft personnel authorized in writing to have such access. Asset Handling - Microsoft classifies Customer Data and Professional Services Data to help identify it and to allow for access to it to be appropriately restricted. - Microsoft imposes restrictions on printing Customer Data and Professional Services Data and has procedures for disposing of printed materials that contain such data. - Microsoft personnel must obtain Microsoft authorization prior to storing Customer Data or Professional Services Data on portable devices, remotely accessing such data, or processing such data outside Microsoft's facilities. Human Resources Security Security Training. Microsoft informs its personnel about relevant security procedures and their respective roles. Microsoft also informs its personnel of possible consequences of breaching the security rules and procedures. Microsoft will only use anonymous data in training. Physical and Environmental Security Physical Access to Facilities. Microsoft limits access to facilities where information systems that process Customer Data or Professional Services Data are located to identified authorized individuals. Physical Access to Components. Microsoft maintains records of the incoming and outgoing media containing Customer Data or Professional Services Data, including the kind of media, the authorized sender/recipients, date and time, the number of media and the types of such data they contain. Protection from Disruptions. Microsoft uses a variety of industry standard systems to protect against loss of data due to power supply failure or line interference. Component Disposal. Microsoft uses industry standard processes to delete Customer Data and Professional Services Data when it is no longer needed. Communications and Operations Management Operational Policy. Microsoft maintains security documents describing its security measures and the relevant procedures and responsibilities of its personnel who have access to Customer Data or Professional Services Data. Data Recovery Procedures - On an ongoing basis, but in no case less frequently than once a week (unless no updates have occurred during that period), Microsoft maintains multiple copies of Customer Data and Professional Services Data from which such data can be recovered. - Microsoft stores copies of Customer Data and Professional Services Data and data recovery procedures in a different place from where the primary computer equipment processing the Customer Data and Professional Services Data are located. - Microsoft has specific procedures in place governing access to copies of Customer Data and Professional Services Data. - Microsoft reviews data recovery procedures at least every six months, except for data recovery procedures for Professional Services and for Azure Government Services, which are reviewed every twelve months. Table of Contents Introduction General Terms Attachments Microsoft Products and Services Data Protection Addendum (Worldwide English, Last updated January 2, 2024) 14 Domain Practices - Microsoft logs data restoration efforts, including the person responsible, the description of the restored data and where applicable, the person responsible and which data (if any) had to be input manually in the data recovery process. Malicious Software. Microsoft has anti-malware controls to help avoid malicious software gaining unauthorized access to Customer Data and Professional Services Data, including malicious software originating from public networks. Data Beyond Boundaries - Microsoft encrypts, or enables Customer to encrypt, Customer Data and Professional Services Data that is transmitted over public networks. - Microsoft restricts access to Customer Data and Professional Services Data in media leaving its facilities. Event Logging. Microsoft logs, or enables Customer to log, access and use of information systems containing Customer Data or Professional Services Data, registering the access ID, time, authorization granted or denied, and relevant activity. Access Control Access Policy. Microsoft maintains a record of security privileges of individuals having access to Customer Data or Professional Services Data. Access Authorization Microsoft maintains and updates a record of personnel authorized to access Microsoft systems that contain Customer Data or Professional Services Data. Microsoft deactivates authentication credentials that have not been used for a period of time not to exceed six months. Microsoft identifies those personnel who may grant, alter or cancel authorized access to data and resources. Microsoft ensures that where more than one individual has access to systems containing Customer Data or Professional Services Data, the individuals have separate identifiers/log-ins. Least Privilege - Technical support personnel are only permitted to have access to Customer Data and Professional Services Data when needed. - Microsoft restricts access to Customer Data and Professional Services Data to only those individuals who require such access to perform their job function. Integrity and Confidentiality - Microsoft instructs Microsoft personnel to disable administrative sessions when leaving premises Microsoft controls or when computers are otherwise left unattended. - Microsoft stores passwords in a way that makes them unintelligible while they are in force. Authentication Microsoft uses industry standard practices to identify and authenticate users who attempt to access information systems. Where authentication mechanisms are based on passwords, Microsoft requires that the passwords are renewed regularly. Where authentication mechanisms are based on passwords, Microsoft requires the password to be at least eight characters long. Microsoft ensures that de -activated or expired identifiers are not granted to other individuals. Microsoft monitors, or enables Customer to monitor, repeated attempts to gain access to the information system using an invalid password. Microsoft maintains industry standard procedures to deactivate passwords that have been corrupted or inadvertently disclosed. Microsoft uses industry standard password protection practices, including practices designed to maintain the confidentiality and integrity of passwords when they are assigned and distributed, and during storage. Network Design. Microsoft has controls to avoid individuals assuming access rights they have not been assigned to gain access to Customer Data or Professional Services Data they are not authorized to access. Table of Contents Introduction General Terms 4 Attachments Microsoft Products and Services Data Protection Addendum (Worldwide English, Last updated January 2, 2024) 15 Domain Practices Information Security Incident Management Incident Response Process - Microsoft maintains a record of security breaches with a description of the breach, the time period, the consequences of the breach, the name of the reporter, and to whom the breach was reported, and the procedure for recovering data. - For each security breach that is a Security Incident, notification by Microsoft (as described in the "Security Incident Notification" section above) will be made without undue delay and, in any event, within 72 hours. - Microsoft tracks, or enables Customer to track, disclosures of Customer Data and Professional Services Data, including what data has been disclosed, to whom, and at what time. Service Monitoring. Microsoft security personnel verify logs at least every six months to propose remediation efforts if necessary. Business Continuity Management - Microsoft maintains emergency and contingency plans for the facilities in which Microsoft information systems that process Customer Data or Professional Services Data are located. - Microsoft's redundant storage and its procedures for recovering data are designed to attempt to reconstruct Customer Data and Professional Services Data in its original or last -replicated state from before the time it was lost or destroyed. Table of Contents Introduction General Terms Attachments Microsoft Products and Services Data Protection Addendum (Worldwide English, Last updated January 2, 2024) 16 Appendix B — Data Subjects and Categories of Personal Data Data subjects: Data subjects include the Customer's representatives and end -users including employees, contractors, collaborators, and customers of the Customer. Data subjects may also include individuals attempting to communicate or transfer personal information to users of the services provided by Microsoft. Microsoft acknowledges that, depending on Customer's use of the Products and Services, Customer may elect to include personal data from any of the following types of data subjects in the personal data: • Employees, contractors and temporary workers (current, former, prospective) of Customer; • Dependents of the above; • Customer's collaborators/contact persons (natural persons) or employees, contractors or temporary workers of legal entity collaborators/contact persons (current, prospective, former); • Users (e.g., customers, clients, patients, visitors, etc.) and other data subjects that are users of Customer's services; • Partners, stakeholders or individuals who actively collaborate, communicate or otherwise interact with employees of the Customer and/or use communication tools such as apps and websites provided by the Customer; • Stakeholders or individuals who passively interact with Customer (e.g., because they are the subject of an investigation, research or mentioned in documents or correspondence from or to the Customer); • Minors; or • Professionals with professional privilege (e.g., doctors, lawyers, notaries, religious workers, etc.). Categories of data: The personal data that is included in e-mail, documents and other data in an electronic form in the context of the Products and Services. Microsoft acknowledges that, depending on Customer's use of the Products and Services, Customer may elect to include personal data from any of the following categories in the personal data: • Basic personal data (for example place of birth, street name and house number (address), postal code, city of residence, country of residence, mobile phone number, first name, last name, initials, email address, gender, date of birth), including basic personal data about family members and children; • Authentication data (for example user name, password or PIN code, security question, audit trail); • Contact information (for example addresses, email, phone numbers, social media identifiers; emergency contact details); • Unique identification numbers and signatures (for example Social Security number, bank account number, passport and ID card number, driver's license number and vehicle registration data, IP addresses, employee number, student number, patient number, signature, unique identifier in tracking cookies or similar technology); • Pseudonymous identifiers; • Financial and insurance information (for example insurance number, bank account name and number, credit card name and number, invoice number, income, type of assurance, payment behavior, creditworthiness); • Commercial Information (for example history of purchases, special offers, subscription information, payment history); • Biometric Information (for example DNA, fingerprints and iris scans); • Location data (for example, Cell ID, geo-location network data, location by start call/end of the call. Location data derived from use of wifi access points); • Photos, video and audio; • Internet activity (for example browsing history, search history, reading, television viewing, radio listening activities); • Device identification (for example IMEI-number, SIM card number, MAC address); • Profiling (for example based on observed criminal or anti -social behavior or pseudonymous profiles based on visited URLs, click streams, browsing logs, IP-addresses, domains, apps installed, or profiles based on marketing preferences); • HR and recruitment data (for example declaration of employment status, recruitment information (such as curriculum vitae, employment history, education history details), job and position data, including worked hours, assessments and salary, work permit details, availability, terms of employment, tax details, payment details, insurance details and location and organizations); Table of Contents 4 r Introduction General Terms 7 4r Data Protection Terms Attachments Microsoft Products and Services Data Protection Addendum (Worldwide English, Last updated January 2, 2024) 17 • Education data (for example education history, current education, grades and results, highest degree achieved, learning disability); • Citizenship and residency information (for example citizenship, naturalization status, marital status, nationality, immigration status, passport data, details of residency or work permit); • Information processed for the performance of a task carried out in the public interest or in the exercise of an official authority; • Special categories of data (for example racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, data concerning a natural person's sex life or sexual orientation, or data relating to criminal convictions or offences); or • Any other personal data identified in Article 4 of the GDPR. Table of Contents Introduction General Terms Data Protection Terms Microsoft Products and Services Data Protection Addendum (Worldwide English, Last updated January 2, 2024) 18 Appendix C — Additional Safeguards Addendum By this Additional Safeguards Addendum to the DPA (this "Addendum"), Microsoft provides additional safeguards to Customer for the processing of personal data, within the scope of the GDPR, by Microsoft on behalf of Customer and additional redress to the data subjects to whom that personal data relates. This Addendum supplements and is made part of, but is not in variation or modification of, the DPA. 1. Challenges to Orders. In the event Microsoft receives an order from any third party for compelled disclosure of any personal data processed under this DPA, Microsoft shall: a. use every reasonable effort to redirect the third party to request data directly from Customer; b. promptly notify Customer, unless prohibited under the law applicable to the requesting third party, and, if prohibited from notifying Customer, use all lawful efforts to obtain the right to waive the prohibition in order to communicate as much information to Customer as soon as possible; and c. use all lawful efforts to challenge the order for disclosure on the basis of any legal deficiencies under the laws of the requesting party or any relevant conflicts with applicable law of the European Union or applicable Member State law. If, after the steps described in a. through c. above, Microsoft or any of its affiliates remains compelled to disclose personal data, Microsoft will disclose only the minimum amount of that data necessary to satisfy the order for compelled disclosure. For purpose of this section, lawful efforts do not include actions that would result in civil or criminal penalty such as contempt of court under the laws of the relevant jurisdiction. 2. Indemnification of Data Subjects. Subject to Sections 3 and 4, Microsoft shall indemnify a data subject for any material or non -material damage to the data subject caused by Microsoft's disclosure of personal data of the data subject that has been transferred in response to an order from a non-EU/EEA government body or law enforcement agency in violation of Microsoft's obligations under Chapter V of the GDPR (a "Relevant Disclosure"). Notwithstanding the foregoing, Microsoft shall have no obligation to indemnify the data subject under this Section 2 to the extent the data subject has already received compensation for the same damage, whether from Microsoft or otherwise. 3. Conditions of Indemnification. Indemnification under Section 2 is conditional upon the data subject establishing, to Microsoft's reasonable satisfaction, that: a. Microsoft engaged in a Relevant Disclosure; b. the Relevant Disclosure was the basis of an official proceeding by the non-EU/EEA government body or law enforcement agency against the data subject; and c. the Relevant Disclosure directly caused the data subject to suffer material or non -material damage. The data subject bears the burden of proof with respect to conditions a. though c. Notwithstanding the foregoing, Microsoft shall have no obligation to indemnify the data subject under Section 2 if Microsoft establishes that the Relevant Disclosure did not violate its obligations under Chapter V of the GDPR. 4. Scope of Damages. Indemnification under Section 2 is limited to material and non material damages as provided in the GDPR and excludes consequential damages and all other damages not resulting from Microsoft's infringement of the GDPR. 5. Exercise of Rights. Rights granted to data subjects under this Addendum may be enforced by the data subject against Microsoft irrespective of any restriction in Clauses 3 or 6 of the Standard Contractual Clauses. The data subject may only bring a claim under this Addendum on an individual basis, and not part of a class, collective, group or representative action. Rights granted to data subjects under this Addendum are personal to the data subject and may not be assigned. 6. Notice of Change. Microsoft agrees and warrants that it has no reason to believe that the legislation applicable to it or its sub -processors, including in any country to which personal data is transferred either by itself or through a sub -processor, prevents it from fulfilling the instructions received from the Customer and its obligations under this Addendum or the 2021 Standard Contractual Clauses and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by this Addendum or the Standard Contractual Clauses, it will promptly notify the change to Customer as soon as it is aware, in which case Customer is entitled to suspend the transfer of data and/or terminate the contract. Table of Contents I i Introduction General Terms Data Protection Terms - Attachments Microsoft Products and Services Data Protection Addendum (Worldwide English, Last updated January 2, 2024) 19 Attachment 1— European Union General Data Protection Regulation Terms Microsoft makes the commitments in these GDPR Terms, to all customers effective May 25, 2018. These commitments are binding upon Microsoft with regard to Customer regardless of (1) the version of the Product Terms and DPA that is otherwise applicable to any given Product subscription or license, or (2) any other agreement that references this attachment. For purposes of these GDPR Terms, Customer and Microsoft agree that Customer is the controller of Personal Data and Microsoft is the processor of such data, except when Customer acts as a processor of Personal Data, in which case Microsoft is a subprocessor. These GDPR Terms apply to the processing of Personal Data, within the scope of the GDPR, by Microsoft on behalf of Customer. These GDPR Terms do not limit or reduce any data protection commitments Microsoft makes to Customer in the Product Terms or other agreement between Microsoft and Customer. These GDPR Terms do not apply where Microsoft is a controller of Personal Data. Relevant GDPR Obligations: Articles 5, 28, 32, and 33 1. Microsoft supports Customer's accountability obligations via this DPA and the product documentation provided to Customer, and will continue to do so during the term of the term of Customer's subscription or the applicable Professional Services engagement pursuant to subsection 3(h) below. (Article 5(2)) 2. Microsoft shall not engage another processor without prior specific or general written authorisation of Customer. In the case of general written authorisation, Microsoft shall inform Customer of any intended changes concerning the addition or replacement of other processors, thereby giving Customer the opportunity to object to such changes. (Article 28(2)) 3. Processing by Microsoft shall be governed by these GDPR Terms under European Union (hereafter "Union") or Member State law and are binding on Microsoft with regard to Customer. The subject -matter and duration of the processing, the nature and purpose of the processing, the type of Personal Data, the categories of data subjects and the obligations and rights of the Customer are set forth in the Customer's licensing agreement, including these GDPR Terms. In particular, Microsoft shall: (a) process the Personal Data only on documented instructions from Customer, including with regard to transfers of Personal Data to a third country or an international organisation, unless required to do so by Union or Member State law to which Microsoft is subject; in such a case, Microsoft shall inform Customer of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest; (b) ensure that persons authorised to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; (c) take all measures required pursuant to Article 32 of the GDPR; (d) respect the conditions referred to in paragraphs 1 and 3 for engaging another processor; (e) taking into account the nature of the processing, assist Customer by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Customer's obligation to respond to requests for exercising the data subject's rights laid down in Chapter III of the GDPR; assist Customer in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR, taking into account the nature of processing and the information available to Microsoft; at the choice of Customer, delete or return all the Personal Data to Customer after the end of the provision of services relating to processing, and delete existing copies unless Union or Member State law requires storage of the Personal Data; (h) make available to Customer all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR and allow for and contribute to audits, including inspections, conducted by Customer or another auditor mandated by Customer. Microsoft shall immediately inform Customer if, in its opinion, an instruction infringes the GDPR or other Union or Member State data protection provisions. (Article 28(3)) 4. Where Microsoft engages another processor for carrying out specific processing activities on behalf of Customer, the same data protection obligations as set out in these GDPR Terms shall be imposed on that other processor by way of a contract or other legal act under Union or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the GDPR. Where that other processor fails to fulfil its data protection obligations, Microsoft shall remain fully liable to the Customer for the performance of that other processor's obligations. (Article 28(4)) (f) (g) Table of Contents Nr Introduction General Terms Data Protection Terms Attachments Microsoft Products and Services Data Protection Addendum (Worldwide English, Last updated January 2, 2024) 20 5. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Customer and Microsoft shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: (a) the pseudonymisation and encryption of Personal Data; (b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (c) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and (d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. (Article 32(1)) 6. In assessing the appropriate level of security, account shall be taken of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed. (Article 32(2)) 7. Customer and Microsoft shall take steps to ensure that any natural person acting under the authority of Customer or Microsoft who has access to Personal Data does not process them except on instructions from Customer, unless he or she is required to do so by Union or Member State law. (Article 32(4)) 8. Microsoft shall notify Customer without undue delay after becoming aware of a Personal Data breach. (Article 33(2)). Such notification will include that information a processor must provide to a controller under Article 33(3) to the extent such information is reasonably available to Microsoft. Table of Contents / General Terms Table of Contents Introduction General Terms Data Protection Terms �� Microsoft Statement of Work Copilot for Microsoft 365 Rapid Deployment and Adoption Prepared for: City of Miami, Florida Prepared by: Nick Schenk Date: 07/01/2024 Version: 1.5 r Microsoft Table of contents Introduction 1 1 Project objectives and scope 1 1.1. Objectives 1 1.2. Areas in scope 2 1.3. Areas out of scope 5 2. Project approach, timeline, and work products 7 2.1. Approach 7 2.2. Timeline 12 2.3. Work product acceptance 12 2.4. Project governance 12 2.5. Project completion 14 3. Project organization 14 3.1. Project roles and responsibilities 14 3.2. Microsoft ISD Project staffing 17 4. Customer responsibilities and project assumptions 18 4.1. Customer responsibilities 18 4.2. Project assumptions 19 5. Definitions/acronyms 20 6. Exhibits 20 This Statement of Work (SOW) and any exhibits, appendices, schedules, and attachments to it are made pursuant to Work Order (WO) GVS0246-475328-608591 and describes the work to be performed ("services") by Microsoft ("us," "we") for City of Miami, Florida ("Customer," "you," "your") relating Copilot for Microsoft 365 Rapid Deployment and Adoption (project). This SOW and the associated WO expire 30 days after their publication date, unless signed by both parties or formally extended in writing by Microsoft. Introduction This engagement will focus on supporting the customer to establish the adoption baseline for the smooth enablement of Microsoft Copilot throughout the environment, readying the end users and delivering an adoption campaign to drive benefit from usage. This SOW describes the Microsoft ISD Copilot for M365 rapid deployment and adoption and does not include the purchase or activation of the Microsoft 365 copilot service, which must be purchased by the Customer through a separate order, and technical remediation is the customer's responsibility. The Microsoft 365 copilot service is not customizable and cannot be modified beyond what is outlined in the Microsoft 365 Copilot Service Descriptions. The Customer acknowledges that the Service Descriptions meet or exceed the Customer's minimum requirements for the selected services. Microsoft Industry Solutions will collaborate with the Customer and Microsoft FastTrack and follow the standard Microsoft 365 FastTrack deployment methodology to carry out the services identified in this SOW. For additional information on the Microsoft FastTrack Benefit for Microsoft 365, refer to the following article on Microsoft Docs: https://docs.microsoft.com/en-us/fasttrack/m365-fasttrack-benefit-overview 1. Project objectives and scope 1.1. Objectives The primary goal of this project is to provide City of Miami, Florida with a team that will deliver the objectives as listed in the following table. Objective Description Facilitate an efficient enablement of Copilot across the organization by defining a path to adoption, with active usage within 30 days. • Establish a clear path to business use by providing business relevant adoption scenarios, target personas and associated adoption framework. • Provide the customer with the necessary support to drive M365 copilot adoption effectively. • Provide a rapid adoption plan and support the customers team with delivery of the 15t adoption campaign Industry Solutions Delivery Sow-COPM365RDEPADOPT-LEDv1.5(ww)(English)(JuIy2024) Microsoft Confidential Page 1 of 22 1.2.Areas in scope 1.2.1. General project scope The project will address the following scope areas. Any changes in the scope area will follow the change management process as described in Section 2.4.3 Change management process. The activities listed in the following table are limited to a single Microsoft 365 tenant. Change management process Area Description Assumptions Build, test, and learn (adoption accelerator) • Conduct workshops to understand the pre -defined scenarios, understand the benefit analysis, and what the adoption campaign approach is. • Document captured benefits related to the 3-pre-defined scenarios. • Design a Scorecard to track impact and benefit realization. • Develop resources for the adoption campaign, • Facilitate Customer's ownership and knowledge transfer to implement the adoption plan. • Support the Customer adoption activities for the 15t adoption wave, including capturing the initial baseline scorecard. • Capture additional embedded use cases leveraging adoption campaign feedback mechanisms and form recommendations for the next adoption campaign. Copilot Technical Prerequisites Remediation Checklist (Leveraging FastTrack Guida nce) • Provide guidance on the technical prerequisites needed to deploy/enable copilot. • The required Copilot for Microsoft 365 licenses are available within the Customer's tenant. • The Customer will: • Agree on the remediation list to be performed by the customer, with the support of FastTrack. Industry Solutions Delivery SOW-COPM365RDEPADOPT-LEDv1.5(ww)(English)(July2024) Microsoft Confidential o Identify and coordinate their participants' attendance at the workshops. o Provide access to technology usage metrics. o Provide census and organizational data. o Appoint a lead to implement the adoption plan. o Own tracking value for the adoption scorecard o Appoint at least one champion per persona group. o Include the Executive/C- suite persona group by default • Customers will leverage FastTrack benefits to support Copilot readiness assessment the execution of the remediation activities to technically enable Copilot. • The customer will need to meet the minimum technical pre -requisites Page 2 of 22 1.2.2. Software products and technologies The products and technology that are listed in the following table are required for the project. The Customer is responsible for obtaining all identified licenses and products, and for ensuring copilot for M365 is technically enabled for 1000 target users. Product and technology item Version Description Ready by Responsibility Microsoft 365 licenses Not applicable Copilot for Microsoft 365 licenses and Viva Insights, Engage and Learn. Microsoft Entra ID Microsoft 365 productivity clients Not applicable • Licenses must be allocated in the Start of Microsoft 365 environment for all project users and features that are in scope for deployment. • All team members will need access to technology usage and adoption data metrics through Microsoft 365 reporting tools, such as Microsoft Productivity Score. Licenses must be allocated in the Before Microsoft 365 environment for all users enablement in scope for this project. Not applicable Each Customer user must have a Before Microsoft Entra ID (formerly Azure enablement Active Directory) account. Current or • Word, Excel, and PowerPoint: Before monthly These should be first available in enablement channel web versions and later, desktop (current channel). • Outlook: Users need to be using the new Outlook for Windows or Apple macOS. • Teams: Users must be using Teams desktop or the web app. Industry Solutions Delivery SOW-COPM365RDEPADOPT-LEDv1.5(ww)(English)(July2024) Microsoft Confidential Customer Customer This is a FastTrack supported activity that the customer can use for guidance. Customer This is a FastTrack supported activity that the customer can use for guidance. Customer This is a FastTrack supported activity that the customer can use for guidance. Page 3 of 22 Product and technology item Version Description Ready by Responsibility WebSockets Not applicable OneDrive Current 1.2.3. Environments • Loop: Tenants must have Loop implemented (if in scope for the Customer) (wss://) allowed endpoints as defined Before in ID #46 of Microsoft 365 Common enablement and Office Online guidance.' Some features (such as file restoration and management) require a OneDrive for work or school account Before enablement Customer This is a FastTrack supported activity that the customer can use for guidance. Customer This is a FastTrack supported activity the customer can receive guidance from, including guidance on data migration (OneDrive) The following environments will be used by Microsoft to perform activities listed in this document and will be supplied and maintained by the Customer. Environment Location Responsible for Subscription configuration ownership and maintenance Ready by Production Customer Microsoft Azure, Microsoft 365 Customer Customer Start of engagement ' https://learn.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide Industry Solutions Delivery Sow-COPM365RDEPADOPT-LEDv1.5(ww)(English)(JuIy2024) Microsoft Confidential Page 4 of 22 1.3.Areas out of scope Any area not explicitly included in the Areas in scope section is out of scope for Microsoft during this engagement. Areas out of scope for this engagement are listed in the following table. Area Description Product licenses and subscriptions Hardware Product licenses (Microsoft or non -Microsoft) and cloud service subscriptions are not included, unless otherwise noted in the Software products and technologies section of this SOW. Microsoft will not provide hardware for this project. Client software Deployment and configuration of client software is out of scope for the project. Data cleansing Data cleansing activities are not in scope for this project. Data migration Data migration activities are not in scope for this project. System integration Modifications to commercially available third -party systems or external interfaces that support integration are not in scope for this project. Upgrades, updates, patches, and fixes Product upgrades, updates, patches, fixes, and design change requests for Microsoft products are not in scope for this project. Process reengineering Designing functional business components and business processes of the solution is not included. Organizational change management Designing —or redesigning —the Customer's functional organization is not included. User communications Microsoft will not manage any direct user communications associated with the engagement. Training Formal in -class user training related to products or technology that includes workshops, classrooms, and training materials is not in scope of this engagement unless explicitly listed in the in -scope section Deployment, installation, configuration, The following items are not included: and testing • Application deployment • Installation and configuration of Copilot for M365 Industry Solutions Delivery Sow-COPM365RDEPADOPT-LEDv1.5(ww)(English)(JuIy2024) Microsoft Confidential Page 5 of 22 Area Description User support Copilot Technical Remediation and Enablement Delivering the agreed -upon adoption plan Information security policies Regulatory compliance • Installation and configuration of server hardware or network resources • Installation, configuration, and testing of non - Microsoft software other than software identified as within scope • Testing and configuration of applications and services outside of those required to support the deployment of the solution • Troubleshooting or remediation of existing network and storage systems • Testing and configuration of applications and services outside of those required to support the deployment of the solution are not in scope • User issue troubleshooting is out of scope; the Customer is responsible for user support. • The customer is responsible for ensuring that technical remediation is completed within the first two weeks of the projects 4 week timeline. • Remediation of uncovered issues is customer responsibility, with assistance provided by Microsoft Fast Track • Any technical related activity related to tenant readiness and configuration. • Any technical activity related to user enablement and remediation assistance. • Any technical activity related to data classification setup, confidentiality, and privacy The Customer is responsible for delivering the agreed - upon adoption plan with capped 2-week continuous support from Microsoft for the first adoption wave. Creation of information security policies or application development security policies is out of scope. The Customer is solely responsible for its regulatory compliance and must highlight to Microsoft any technical adjustment required to be compliant. Any unforeseen technical adjustment will follow the change management process as described in Section 2.4.3 Change management processCha nge management process. Industry Solutions Delivery Sow-COPM365RDEPADOPT-LEDv1.5(ww)(English)(JuIy2024) Microsoft Confidential Page 6 of 22 2. Project approach, timeline, and work products 2.1.Approach The project will be structured to follow the first three phases of the Microsoft Solution Delivery Methodology: Envision, Plan, and Build. Each phase has distinct activities and work products that are described in the following sections. When activities are complete, the phase is considered complete. Envision Plan Build 2.1.1. Engagement Initiation phase Before beginning the project and dispatching resources, the following prerequisites must be completed, remotely where applicable. Category Description Microsoft activities The activities to be performed by Microsoft Customer activities The activities to be performed by the Customer Work products • Conduct an initiation call to commence team formation and communicate expectations. • Document the project launch prerequisites using input from this SOW. • Track the status of prerequisites and adjust the Engagement Initiation phase start date accordingly. • Conduct a detailed walk-through of the SOW with the Customer and agree on an initial project schedule and approach. • Attend and participate in the initiation call. • Assign responsibilities for project initiation and launch prerequisites to accountable Customer resources. Establish target completion dates. • Complete the project initiation and launch prerequisites. • Staff the project with the required Customer resources in the time frames that were agreed upon in the initiation call. Name Description Responsibility Initiation call minutes E-Mail will be sent to provide presented content, decisions, and actions taken during the initiation call. Industry Solutions Delivery Sow-COPM365RDEPADOPT-LEDv1.5(ww)(English)(July2024) Microsoft Confidential Microsoft Page 7 of 22 2.1.2. Envision phase During the Envision phase, the teams (Microsoft and Customer) will reach agreement on a shared vision for the project, including verification of the identified scope, activities, and assumptions required to realize the vision. Category Description Microsoft activities The activities to be performed by Microsoft Customer activities The activities to be performed by the Customer • Conduct 3 pre -defined Scenario workshops (4 hours maximum each) to: o Review all scenarios listed in section Exhibits as inputs to these workshops. o Prioritize the personas & scenarios with the customer, confirming the 3 scenarios & personas for adoption. ■ Executive / C-Suite persona group is included by default. o Capture the benefits for selected scenarios. o Agree on to the focus scenario and the personas as the basis for delivering the adoption plan. • Analyze and document the anticipated benefits related to the 3 pre -defined scenarios in the Scenario Description Document. • Design a Scorecard to be implemented by the customer to track scenario impact and benefit realization. • Provide guidance on the technical perquisites required to enable copilot for M365. (Limited to 8 hours maximum) • Identify and commit sponsors, leaders, change champions, and a change management lead. o Commit at least 1 champion for each persona group. Ideally, the champion should be a representative of said persona group. • Verify leaders and change champions' attendance and workshop participation. • Make a management lead accountable for change management campaigns to the field. • Provide census and organizational data for the Copilot for Microsoft 365 assessment. • Complete Copilot for Microsoft 365 scorecard baseline metrics. • Provide access to technology usage metrics. • Customers will leverage FastTrack benefits to support Copilot readiness assessment the execution of the remediation activities to technically enable Copilot. Industry Solutions Delivery SOW-COPM365RDEPADOPT-LEDv1.5(WW)(English)(July2024) Microsoft Confidential Page 8 of 22 Category Key assumptions Work products Name Scenario description document Scorecard design document Remediation Checklist Description • The executive persona is included by default. • Required Copilot for Microsoft 365 licenses are available within Customer tenants. • All activities are limited to a single Microsoft 365 tenant. • Customers will leverage FastTrack benefits to support Copilot readiness assessment the execution of the remediation activities to technically enable Copilot. Description Responsibility A PowerPoint document that includes detailed information about the 3 pre -defined scenarios, including anticipated benefits. A PowerPoint document that displays the targeted scorecard that will be used to measure the potential benefits of the scenarios during adoption. PowerPoint listing the technical prerequisites required for Copilot for M365, leveraging FastTrack guidance. Microsoft Microsoft Microsoft 2.1.3. Plan phase During the Plan phase, the team will develop a detailed plan for the project that includes a list of activities that are to be completed and confirm the project schedule. Category Description Microsoft activities The activities to be performed by Microsoft Customer activities The activities to be performed by the Customer • Develop the adoption campaign plan for document scenarios and personas. • Develop resources to support the adoption campaign, • Engage in knowledge sharing with the Customer's Sponsors, Leaders, and Champions (two workshops 4-hour maximum). • Ensure Leaders and Change Champions' attendance for workshop participation and campaign planning. • Provide information requested by the Microsoft team. • Review of the proposed campaign plan Industry Solutions Delivery SOW-COPM365RDEPADOPT-LEDv1.5(WW)(English)(July2024) Microsoft Confidential Page 9 of 22 Category Description Key assumptions Work products • Commit resources to execute the campaign plan • Ensure copilot for M365 is technically enabled for 1000 target users. • Required Copilot for Microsoft 365 licenses are available within in -scope Customer tenants. • All activities are limited to a single Microsoft 365 tenant. Name Description Responsibility Campaign Materials Awareness PowerPoint documentation describing the scenario campaign plan, and end users/target personas materials accelerate adoption. Microsoft 2.1.4. Build phase During the Build phase, the team will support Customer adoption and technical blocker remediation. Category Description Microsoft activities The activities to be performed by Microsoft • Help the Customer deliver the first adoption wave, providing adoption support from Day 1 of the adoption campaign. o Engage and educate priority personas about the 3 core scenarios. o Support adoption campaign communication across priority persona groups, including monitoring feedback mechanisms. o Conduct knowledge transfer that empowers sponsors, leaders, and champions to drive ongoing adoption. o Help the Customer create a baseline scorecard that lists the potential benefits persona groups can receive in the first adoption wave (limited to 1 week of usage data). • Capture additional embedded use cases using adoption campaign feedback mechanisms and form recommendations for the next adoption campaign (included in the retrospective workshop report). Industry Solutions Delivery SOW-COPM365RDEPADOPT-LEDv1.5(WW)(English)(July2024) Microsoft Confidential Page 10 of 22 Category Description • Conduct a retrospective workshop (4 hours maximum) to review work performed and provide recommendations on the next adoption activities. Customer activities The activities to be performed by the Customer • Work with Microsoft FastTrack to ensure all technical & licensing prerequisites are in place prior to enabling copilot for end- users. • Leverage Fasttrack benefits to implement the remediation activities (should be completed latest week 2 of the project) • Assign at least one champion per persona group to co -lead adoption and manage persona feedback mechanisms. • Ensure sponsors, leaders, champions participate in train -the - trainer, and adoption knowledge transfer. • Engage in the 15t adoption wave with Microsoft support. • Ensure the Executive / C-Suite persona is included in the first adoption campaign. • Assist the retrospective workshop preparation and provide consensus on next adoption activities. • Executive sponsor to participate in the retrospective workshop, review the build work products, and facilitate alignment and agreement on the recommendations for scaling and accelerating enablement and adoption Key assumptions Work products • Build activities are limited to 2 weeks. • Required Copilot for Microsoft 365 licenses are available within Customer tenants in scope. • All activities are limited to a single Microsoft 365 tenant. • The Customer has a Unified support contract with Microsoft to open support tickets. Name Description Responsibility Build Support Report A PowerPoint presentation that includes detailed information about support activities delivered to the Customer during the Build phase and analysis of the scorecard that was implemented by the Customer. Retrospective workshop A PowerPoint presentation that includes detailed Report information about work performed and Industry Solutions Delivery SOW-COPM365RDEPADOPT-LEDv1.5(WW)(English)(July2024) Microsoft Confidential Microsoft Microsoft Page 11 of 22 Al Transformation Recommendations 2.2. Timeline recommendations on scaling and accelerating enaagement and adoption. PowerPoint describing next step business opportunities, use cases and recommendations on scaling adoption and copilot business impact. Microsoft During project planning, the timeline will be confirmed. The following timeline is a high-level representation. All durations are related to the project start date and are estimates only. If the project timeline changes significantly, a change request might be issued following the change management process described in this SOW. Engagement Initiation 1 week Envision and Plan 2 weeks Build 2 weeks 2.3. Work product acceptance No work product in this engagement is subject to Customer's formal acceptance. 2.4. Project governance The governance structure and processes the team will adhere to for the project are described in the following sections. 2.4.1. Project communication The following will be used to communicate during the project: • Status reports: The Microsoft team will prepare and issue status reports to project stakeholders weekly. • Status meetings: The Microsoft team will schedule weekly status meetings to review the overall project status, and open problems and risks. 2.4.2. Risk and issue management The following general procedure will be used to manage active project issues and risks during the project: • Identify: Identify and document project issues (current problems) and risks (potential events that affect the project). • Analyze and prioritize: Assess the impact and determine the highest priority risks and issues that will be managed actively. Industry Solutions Delivery SOW-COPM365RDEPADOPT-LEDv1.5(WW)(English)(JuIy2024) Microsoft Confidential Page 12 of 22 • Plan and schedule: Decide how to manage high -priority risks and assign responsibility for risk management and problem resolution. • Track and report: Monitor and report the status of risks and issues. • Escalate: Escalate to project sponsors the high -impact issues and risks that the team is unable to resolve. • Control: Review the effectiveness of the risk and issue management actions. Active issues and risks will be monitored and reassessed on a weekly basis. 2.4.3. Change management process During the project, either party can request modifications to the services described in this SOW. These changes take effect only when the proposed change is agreed upon by both parties. The change management process steps are: • The change is documented: Microsoft will document all change requests in a Microsoft change request form. The change request form includes: o A description of the change. o The estimated effect of implementing the change, including the impact on the project scope, schedule, and fees. • The change is submitted: Microsoft will provide the change request form to the Customer. • The change is accepted or rejected: The Customer will have three business days to confirm the following to Microsoft: o Acceptance —the Customer must sign and return the change request form. o Rejection —if the Customer does not want to proceed with the change or does not provide an approval within three business days, no changes will be performed. • Any delays due to Customer dependencies, deliverables, or changes in listed assumptions or scope might affect the project schedule, effort, and cost, and will be managed by the change management process outlined in this section. During the project, either party can request, in writing, additions, deletions, or modifications to the services described in this SOW ("change"). Approved changes will be managed through amendments and could lead to additional costs and schedule impacts. We shall have no obligation to commence work in connection with any change until the details of the change are agreed upon in an amendment signed by the authorized signatories from both parties. Within three consecutive business days of receipt of the proposed amendment, you must either indicate acceptance of the proposed change by signing the amendment or advise us not to perform the change. If you advise us not to perform the change, we will proceed with the original agreed -upon services only. In the absence of your acceptance or rejection within the previously noted time frame, we will not perform the proposed change. 2.4.4. Escalation path The Microsoft project manager will work closely with the Customer project manager, sponsor, and other designees to manage project issues, risks, and change requests as described previously. The Customer will Industry Solutions Delivery Sow-COPM365RDEPADOPT-LEDv1.5(ww)(English)(JuIy2024) Microsoft Confidential Page 13 of 22 provide reasonable access to the sponsor or sponsors to expedite resolution. The standard escalation path for review, approval, or dispute resolution is as follows: • Project team member (Microsoft or the Customer) • Project manager (Microsoft and the Customer) • Microsoft delivery management executive • Microsoft and the Customer project sponsor 2.5. Project completion Microsoft will provide services defined in this SOW to the extent of the fees available and the period of performance specified in the WO. If additional services are required, the change management process will be followed, and the contract modified. The project will be considered complete when at least one of the following conditions has been met: • All fees available have been utilized for services delivered and expenses incurred. • The period of performance (Term) of the project has expired. • All Microsoft activities and in -scope items have been completed. • The WO has been terminated. 3. Project organization 3.1. Project roles and responsibilities The key project roles and the responsibilities are as follows. 3.1.1. Customer Role Responsibilities Project sponsor Architecture lead Avg. commitment needed: 4 h/w Project manager • Provide the estimated project commitment: 20 hours per week • 8Make key project decisions. • Serve as a point of escalation to support clearing project roadblocks. • Approve change requests. • Partner with the Microsoft architecture lead to review business needs and objectives. • Serve as the primary technical point of contact for the Microsoft partner team. • Provide requirements and make decisions related to the architecture and migration plan. • Review engagement work products and provide feedback. • Advise on prioritization decisions. • Manage and coordinate the overall engagement and deliver it on schedule. Industry Solutions Delivery Sow-COPM365RDEPADOPT-LEDv1.5(ww)(English)(July2024) Microsoft Confidential Page 14 of 22 Role Responsibilities Avg. commitment needed: 8 h/w • Take responsibility for Customer resource allocation, risk management, engagement priorities, and communication with executive management. • Collaborate with the Microsoft project manager on progress tracking and reporting. • Collaborate with the Microsoft or partner project manager to remove impediments that affect progress of the team. • Coordinate decisions within 3 business days, or according to an otherwise agreed -upon timeline. Change management lead (including sponsors, leaders, and champions) Avg. commitment needed: 24 h/w • Manage and coordinate change management activities, and identify sponsors, leaders, and champions. • Attend activities, sessions, workshops, or classes relevant to his or her scope of influence and help drive the change program. • Identify, schedule, and assist with coordinating interviews and gathering organizational information. • Drive persona group adoption activities, including ongoing business value measurement. Executive sponsor Avg. commitment needed: 1 h/w • Secure and allocate resources, including budget, personnel, and technology needed to support the project's objectives and scope. • Support adoption efforts, verifying that the organization is ready for the changes the project will bring. This includes endorsing the change and helping manage resistance from within the organization. • Act as the project's champion within the organization, advocating for the project's value and importance to confirm continued support and resources. Microsoft 365 service administrators • Take collective responsibility for the Microsoft 365 tenant and services that are in scope for the engagement. • Participate in interviews and provide information about the current environment. • Review engagement work products. • Provide access to environments as required to complete engagement work. • Complete assigned work items, including identified preparation work required for the completion of the Microsoft engagement scope. • Participate in testing. • Provide support for the migration and engage Microsoft for assistance, as required. Devices and endpoint management lead • Take responsibility for managed desktops, client software distribution, and management tools. • Complete assigned work items, including identified preparation work required for the completion of the Microsoft engagement scope. • Deploy any required scripts on Customer devices. Industry Solutions Delivery SOW-COPM365RDEPADOPT-LEDv1.5(ww)(English)(July2024) Microsoft Confidential Page 15 of 22 Role UAT lead User communications lead Help desk lead Security contact 3.1.2. Microsoft Responsibilities • Participate in testing. • Provide support for the engagement and engage Microsoft or partner for assistance, as required. • Create test plans for user acceptance testing (UAT) and coordinate all Customer resources needed for testing, including application owners. • Coordinate UAT during testing and enaagement pilots. • Notify the delivery team of any defects identified during UAT. • Draft and send all user communications related to the engagement. • Work with the Microsoft team to verify the technical accuracy of user communications. • Prepare the help desk to support production changes and migration. • Oversee the help desk during and after migration, manage all user support, and escalate systemic problems to the Microsoft or partner team as necessary. • Provide technical documentation for the contract -identified or engagement -specific data protection requirements, standards, and other identified Customer security and privacy expectations. • Complete post -project review, credential rotation, and access removal. Role Responsibilities Delivery management executive Microsoft project manager Solution Architect • Serve as the point of escalation to support clearing engagement roadblocks. • Lead the executive steering committee with the Microsoft project manager. • Serve as the arbiter of engagement issues. • Serve as the primary point of contact and take accountability for work products. • Manage and coordinate the overall Microsoft project delivery. • Serve as the point of contact for contract extensions, personnel matters, and billing. • Take responsibility for issue and risk management, change management, project priorities, status communications, and status meetings. • Coordinate Microsoft and Microsoft subcontractor resources (if any), but not Customer resources. Note: Project management might be delivered remotely. • Provide technical oversight. Industry Solutions Delivery Sow-COPM365RDEPADOPT-LEDv1.5(ww)(English)(July2024) Microsoft Confidential Page 16 of 22 Role Responsibilities Organizational Enablement architect (ACM) • Verify that Microsoft -recommended practices are being followed. • Take responsibility for overall solution design. • Help evaluate the implications of trade-off decisions. • Capture key architecture decisions. • Effectively communicate, collaborate, and align with relevant IT and business stakeholders. • Provide technical oversight and governance. • Provide oversight and governance for the build and test learn scope (ACSM). • Take responsibility for Organizational Enablement resource allocation, risk management, engagement priorities, and communication with executive management. • Verify that the work is completed according to the plan. • Provide Organizational Enablement thought leadership. • Deliver Organizational Enablement sessions, workshops, classes, and work products in accordance with the engagement scope. Technical consultants (Optional) • Take responsibility for assigned activities aligned to the plan. • Provide the combined expertise required for the delivery of in -scope work. • Participate in status meetings and workshops (when required). Organizational Enablement consultants (ACSM) • Have deep knowledge of, and skills in, specific Organizational Enablement domains. • Take responsibility for the Organizational Enablement delivery of sessions, workshops, and work products relative to their areas of expertise. 3.2. Microsoft ISD Project staffing Microsoft ISD plans to staff the project as follows. Role Quantity Full-time/part-time Delivery management executive Microsoft project manager Architect Organizational Enablement consultants (ACSM) 1 2 Part-time Part-time 2 Part-time 2 Full-time Industry Solutions Delivery SOW-COPM365RDEPADOPT-LEDv1.5(ww)(English)(July2024) Microsoft Confidential Page 17 of 22 4. Customer responsibilities and project assumptions 4.1.Customer responsibilities In addition to Customer activities defined in the Approach section, the Customer is also required to: • Provide information: o This includes accurate, timely (within three business days or as mutually agreed upon), and complete information required for the engagement. • Provide access to people and resources. o This includes access to knowledgeable Customer personnel, including business user representatives, and access to funding if additional budget is needed to deliver the project scope. • Acquire and install the cloud capacity that is needed to support the environments as defined in the Areas in scope section of this SOW. • Provide access to systems. o This includes access to all necessary Customer work locations, networks, systems, and applications (remote and onsite). • For onsite work, provide a suitable work environment o This consists of suitable workspaces, including desks, chairs, and Internet access. • Manage non -Microsoft resources. o The Customer will assume responsibility for the management of all Customer personnel and vendors who are not managed by Microsoft. • Manage external dependencies. o The Customer will facilitate any interactions with related projects or programs to manage external project dependencies. • Troubleshoot systems that are not being developed by Microsoft. • Confirm regulatory compliance. • Provide standard product training. • Other general responsibilities. o The Customer will assign a team to collaborate on the project with the Microsoft team. o Monitor network activity. o Provide application support. o Take responsibility for the financial costs associated with hardware purchasing, software licensing, or purchasing of Microsoft or third -party tools. o Take responsibility for bug fixing and troubleshooting problems that are related to applications or other third -party software, hardware products, or applications that are not explicitly mentioned as in scope. o Prepare documentation about processes, standards, policies, or existing guidelines. o Plan, design, customize, enhance, troubleshoot, or resolve problems that are related, but not limited, to supporting the infrastructure listed here: • Firewalls • Storage area networks • Networks Industry Solutions Delivery Sow-COPM365RDEPADOPT-LEDv1.5(ww)(English)(JuIy2024) Microsoft Confidential Page 18 of 22 4.2. Project assumptions The project scope, services, fees, timeline, and our detailed solution are based on the information provided by the Customer to date. During the project, the information and assumptions in this SOW will be validated, and if a material difference is present, this could result in Microsoft initiating a change request to cover additional work or extend the project duration. In addition, the following assumptions have been made: • Workday: o The standard workday for the Microsoft project team is between 8 am and 5 pm, Monday through Friday local time where the team is working. Note hours can be adjusted based on usual subsidiary working hours • Standard holidays: o Observance of consultants' country -of -residence holidays is assumed. • Remote work: o The Microsoft project team will perform services remotely. • All onsite services provided in this engagement will be subject to reimbursable travel expenses charged at actual cost. • The place of performance under the SOW might be a Microsoft facility, or various remote and offsite locations (including Microsoft employee home offices). • Language: o All project communications and documentation will be in English. Local language support and translations will be provided by the Customer. • Staffing: o If necessary, Microsoft will make staffing changes. These might include, but are not limited to, the number of resources, individuals, and project roles. o Resource mobilization for staffing the project will be 2-3 weeks. • Informal knowledge transfer: o Customer staff members who work alongside Microsoft staff will be provided with information knowledge transfer throughout the project. No formal training materials will be developed or delivered as part of this informal knowledge transfer. • Other assumptions: o All project resources will have the appropriate level of security access needed to complete project -related efforts. o Holidays, vacation, and training time have not been factored into this SOW. o All work is to be contiguously scheduled. Any breaks in the engagement calendar must be scheduled four weeks in advance, or work will be billed without interruption. • Client compliance training for highly regulated industries is not included in the estimation. This includes: o Security training o Internal onboarding o Financial compliance training o Healthcare compliance training o Procedures outside of Microsoft standard compliance Industry Solutions Delivery Sow-COPM365RDEPADOPT-LEDv1.5(ww)(English)(JuIy2024) Microsoft Confidential Page 19 of 22 o Additional training o Background checks, fingerprinting, badging, and authentication • The Customer agrees that Microsoft can associate the Customer's online services with professional services accounts through configuration of the Customer's subscriptions, Azure resources, or deployed applications. • Browser compatibility o Browser compatibility testing is not part of the estimate. It may be added, but it will affect the overall duration and cost of the engagement. • The Customer will meet the necessary requirements to verify that the solution design meets regulatory requirements. • If localization support is required (support for additional languages), the change management process must be followed to amend scope. • Azure services and technology o Azure services and Azure -supported Microsoft technologies will be used to develop the solution. The components to be developed by Microsoft will be cloud -hosted. 5. Definitions/acronyms The following acronyms, abbreviations, initialisms, and terms are used throughout this document. Term Definition ACSM Scope SOW Work product 6. Exhibits Adoption, Change, and Services Management The overall engagement scope Statement of Work Work products are tangible outcomes or artifacts produced during project delivery. They might not always be fully completed scope items, but rather evolving representations of the intended scope, serving as evidence of progress without needing formal Customer review or approval. Adoption activities will focus on the predefined Copilot for Microsoft 365 scenarios in the following table, which require no custom development. This functionality is native to Copilot for Microsoft 365. The personas targeted for the scenarios shown in the following table: Human Resources (HR), Procurement (PC), Administration (AD), Legal (LE), Finance (FI), and Executives (EX). The recommendation is to focus on executives as the first persona group, and for the Customer to elect at least one champion for each persona group. Industry Solutions Delivery Sow-COPM365RDEPADOPT-LEDv1.5(ww)(English)(JuIy2024) Microsoft Confidential Page 20 of 22 Scenario Meeting collaboration with Copilot for Microsoft 365 Capabilities Automated agenda preparation Meeting summary and notes gene Meeting or chat recap creation Live sentiment analysis Next step actions Language translation Ability to ask questions about a m chat Collaborative brainstorming Content generation with Copilot for Microsoft 365 Transforming existing text into a presentation First draft creation Content editing and formatting Ability to add more context Presentation content summarizatio Extraction of next steps Summarization of long texts Ability to ask questions about doc content Personal productivity with L Author or get coaching on the cre new email Industry Solutions Delivery SOW-COPM365RDEPADOPT-LEDv1.5(ww)(English)(July2024) Microsoft Confidential HR PC AD FI EX LE X X X X X X .ation X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X eting or X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X n X X X X X X X X X X X X iment X X X X X X X X X X X X tion of X X X X X X Page 21 of 22 Scenario Capabilities Copilot for Microsoft 365 Thread reply suggestions Summarization of long threads Question and answer and ideas ge in chat Note summary creation Creation of to-do lists Industry Solutions Delivery SOW-COPM365RDEPADOPT-LEDv1.5(ww)(English)(July2024) Microsoft Confidential HR PC AD FI EX LE X X X X X X X X X X X X aeration X X X X X X X X X X X X X X X X X X Page 22 of 22 Work Order_City of Miami_Copilot Rapid_091924_Final Final Audit Report 2024-09-24 Created: 2024-09-24 By: Christy Sparks (Christy.Sparks@microsoft.com) Status: Signed Transaction ID: CBJCHBCAABAAV4MmGQV2csamxvcr6-2vOAFKhOhPsO-K "Work Order_City of Miami_Copilot Rapid_091924_Final" History Document created by Christy Sparks (Christy.Sparks@microsoft.com) 2024-09-24 - 2:34:02 PM GMT- IP address: 74.193.10.141 Document emailed to Nick Schenk (SLGE) (nickolas@microsoft.com) for signature 2024-09-24 - 2:38:57 PM GMT Email viewed by Nick Schenk (SLGE) (nickolas@microsoft.com) 2024-09-24 - 2:39:52 PM GMT- IP address: 73.211.175.185 Document e-signed by Nick Schenk (SLGE) (nickolas@microsoft.com) Signature Date: 2024-09-24 - 2:40:32 PM GMT - Time Source: server- IP address: 73.211.175.185 Agreement completed. 2024-09-24 - 2:40:32 PM GMT g■ Microsoft Powered by Adobe Acrobat Sign DocuSign Envelope ID: 188D4842-9373-4ABC-B161-2B37F3E6C4F9 Microsoft Master Services Agreement — State and Local (Non -Standard) Microsoft Master Services Agreement Number Microsoft affiliate to complete Miami -Dade County Agreement Number Miami -Dade County to complete This Microsoft Master Services Agreement ("Agreement" or "Contract") is entered into between the following entities as of the effective date identified below. This agreement is comprised of this cover page and the attached terms and conditions, the terms of which are incorporated herein by this reference. This agreement contains terms of the relationship between you and us. If you contract for services from us under this agreement, the specific terms of those transactions will be contained in this agreement and any statement of services incorporating this agreement. If the first statement of services entered into under this agreement is given an effective date that is earlier than the effective date of this agreement, the effective date of this agreement will be that earlier date for the purposes of that statement of services. By signing below, each party acknowledges that it has read and understood the terms of this agreement and agrees to be bound by these terms. Customer Name of Customer (please print) Miami -Dade County, FL Signre Name of person signing (p a rint) ai Title of person signing (please print) Microsoft Affiliate Name Microsoft Corporation Signature C5F4FFFE6A2E45D D-4V4t T. Gket � Name of person%it pfrigr(31 es@spi nf) Ga I gher_ David. T. Gallagher Signature date Assistant County Attorney Miami -Dade County (Approved as to Form and Legal Su iency) Title of person signing (please print) Director of Contracts Signature date (may be different than Effective Date) 1/13/2017 Effective Date (may be different than Signature Date) 1/13/2017 DocuSign Envelope ID: 188D4842-9373-4ABC-B161-2B37F3E6C4F9 Miami -Dade County, FL Microsoft Master Services Agreement — State and Local Contact information. Each party will notify the other in writing if any of the information in the following table changes. The * indicates required fields. By providing contact information, you consent to its use for purposes of administering this agreement by us, our affiliates, and other parties that help us administer this agreement. Customer Name of Customer * kw -mu beat &towly Street Address * Contact Name *(This person receives notices under this agreement pursuant to Section 12 (Notices)). 11.40A tig/Adatif Contact Email Address * �o 9 7 P ve. 1 iO4 I`1aincJ )kLj rv►uN+i�tda�le- City * Statgrovince * Phone 30 S"- 594 - e 200 Country * Microsoft Postal Code * Fax 33r13 Notices to Microsoft should be sent to (Microsoft affiliate to complete): ' Kevin Hartley Senior Attorney Microsoft Corporation 5335 Wisconsin Ave., NW Suite 600 Washington, DC 20015 Copies should be sent to: Microsoft Law and Corporate Affairs One Microsoft Way Redmond, WA 98052 USA Services Attorney (425) 936-7329 fax SLG Microsoft Master Services Agreement, v6.5 (Jan 2014) 2 DocuSign Envelope ID: 188D4842-9373-4ABC-B161-2B37F3E6C4F9 Miami -Dade County, FL Microsoft Master Services Agreement — State and Local Terms and Conditions 1. Definitions. In this agreement, a "party" or "parties" means you and/or us as the context requires. "You" or "County' means the entity that has entered into this agreement and may also refer, as the context requires, to your affiliates who enter into a statement of services under this agreement. "We", "us", or "our" means, the Microsoft entity that has entered into this agreement and may also refer, as the context requires, to our affiliates. In addition, the following definitions apply: "affiliate" means (i) with regard to you, any government agency, department, office, instrumentality, division, unit or other entity of your state or local government that is supervised by or is part of you, or which supervises you or of which you are a part, or which is under common supervision with you; together with, as mandated by law, any county, borough, commonwealth, city, municipality, town, township, special purpose district, or other similar type of governmental instrumentality located within your state's jurisdiction and geographic boundaries; provided that a state and its affiliates shall not, for purposes of this definition, be considered to be affiliates of the federal government and its affiliates; and (ii) with regard to us, any legal entity that we own, which owns us, or which is under common ownership with us. "Ownership" means more than 50% ownership. "contractor(s)" means any third party supplier or other provider of computer technology or related services; "developments" means any computer code or materials (other than products, fixes or pre-existing work) developed by us or in collaboration with you which is provided to you in the course of performance of a statement of services; "fixes" means product fixes, modifications or enhancements or their derivatives that we either release generally, (such as commercial product service packs) or that we provide to you when performing services (such as workarounds, patches, bug fixes, beta fixes and beta builds); "joint ownership" means each party has the right to independently exercise any and all rights of ownership now known or here after created or recognized, including without limitation the rights to use, reproduce, modify and distribute the developments for any purpose, without the need for further authorization to exercise any such rights or any obligation of accounting or payment of royalties; "open source license terms" means license terms that require computer code to be generally (i) disclosed in source code form to third parties; (ii) licensed to third parties for the purpose of making derivative works; or (iii) redistributable to third parties at no charge; "pre-existing work" means computer code or materials (other than products and fixes) developed or otherwise obtained independently of the efforts of a party under a statement of services; "product" means any computer code, web -based services, or materials comprising commercially released, pre-release or beta products (whether licensed for a fee or no charge) and any derivatives of the foregoing we make available to you for license which is published by us, our affiliates, or a third party; "service deliverables" means any computer code or materials, other than products or fixes, that we leave with you at the conclusion of our performance of services; "services" means all support, consulting and other services or advice, including any resulting deliverables provided to you under the terms and conditions of this agreement; "statement of services" means any work orders, services descriptions, or other statement of services referencing this agreement. 2. Services. The precise scope of the services will be specified in a statement of services. You or any of your affiliates may enter into statements of services under this agreement with our local affiliate. Our ability to deliver the services depends upon your full and timely cooperation, as well as the accuracy and completeness of any information you provide. This agreement does not obligate either party or its affiliates to enter into any SLG Microsoft Master Services Agreement, v6.5 (Jan 2014) 3 DocuSign Envelope ID: 188D4842-9373-4ABC-B161-2B37F3E6C4F9 Miami -Dade County, FL Microsoft Master Services Agreement- State and Local A statements of services. Information technology consulting and product support services supplied by us under this Agreement are provided to assist the County. The County shall be responsible for the operation and use of any deliverables provided under any statement of service resulting from this Agreement, and for ensuring that they meet the County's requirements. The County understands that our performance may be dependent on the County's timely and effective satisfaction of its responsibilities under this Agreement and timely decision and approvals by the County. We shall be entitled to rely on all decision and approvals of the County in connection with its services under this Agreement. 3. Ownership and license of service deliverables. a. Products and fixes. All products, related solutions and fixes provided under a statement of services will be licensed according to the terms of the license agreement packaged with or otherwise applicable to such product. You are responsible for paying any licensing fees associated with products. b. Pre-existing work. All pre-existing work will remain the sole property of the party providing the pre- existing work. During the performance of services, each party grants to the other (and our contractors as necessary) a temporary, non-exclusive license to use, reproduce and modify any of its pre-existing work provided to the other party solely for the performance of such services. Except as may be otherwise explicitly agreed to in a statement of services, upon payment in full, we grant you a non-exclusive, perpetual, fully paid -up license to use, reproduce and modify (if applicable) our pre-existing work in the form delivered to you as part of the service deliverables only for your internal business operations. The perpetual license to our pre-existing work that we leave to you at the conclusion of our performance of the services is conditioned upon your compliance with the terms of this agreement and the applicable statement of services. c. Developments. Except as may be otherwise explicitly agreed to in a statement of services, upon payment in full we grant you joint ownership in the developments. You agree to exercise your rights for your internal business operations only and you will not resell or distribute the developments to any third party. Each party shall be the sole owner of any modifications that it makes based upon the developments. d. Affiliates rights and sublicensing to affiliates. Except as may be otherwise explicitly agreed to in a statement of services, you may sublicense the rights to the service deliverables granted hereunder to your affiliates, but you or your affiliates may not further sublicense these rights. Any sublicensing of the service deliverables to your affiliates, if permitted, must be consistent with the license terms in this agreement or in any statement of services. e. Open source license restrictions. Because certain third party software is subject to open source license terms, the license rights that each party has granted to any computer code (or any intellectual property associated therewith) do not include any license, right, power or authority to incorporate, modify, combine and/or distribute that computer code with any other computer code in a manner which would subject the other's computer code to open source license terms. Furthermore, each party warrants that it will not provide or give to the other party computer code that is governed by open source license terms. f. Reservation of Rights. All rights not expressly granted in this section are reserved. 4. Restrictions on use. You may not: a) Rent, lease, lend, host or otherwise distribute service deliverables or fixes, except as otherwise provided in a statement of services; or SLG Microsoft Master Services Agreement, v6.5 (Jan 2014) 4 DocuSign Envelope ID: 188D4842-9373-4ABC-B161-2B37F3E6C4F9 Miami -Dade County, FL Microsoft Master Services Agreement - State and Local b) Reverse engineer, de -compile, or disassemble fixes or service deliverables, except to the extent expressly permitted by applicable law despite this limitation. Fixes and service deliverables licensed under this agreement are subject to U.S. export jurisdiction. You must comply with all applicable international and national laws, including the U.S. Export Administration Regulations, the International Traffic in Arms Regulations, and end -user, end use and destination restrictions by U.S. and other governments related to Microsoft products, services, and technologies. For additional information related to Microsoft compliance with export rules, see www.microsoft.com/exportinq. 5. Supportability. We may add support for new products or discontinue support for existing products from time -to -time. If we discontinue support for a product, we will inform you six months in advance of the discontinuation by posting the information at http://support.microsoft.com or any successor site. If we sell a product to another company, we will give you notice of the sale at the time of such notice will either (i) arrange for the other company to continue the support; or (ii) continue support ourselves for 90 days to give you time to make alternative arrangements. There may be cases where your implementation of our products cannot be effectively supported. As part of providing the support services, we will notify you if we reach that conclusion. If you don't not modify the implementation to make it effectively supportable within sixty (60) calendar days after the notice, we will not be obligated to provide additional support services for that implementation, however we will continue to provide support for your other supportable implementations covered by the statement of services. For statements of services for support, we will use commercially reasonable efforts to provide the support services for those products covered in the statement of services, provided they are validly licensed by you. 6. a. Method and Times of Payment. Microsoft agrees that under the provisions of this Agreement, as reimbursement for those actual, reasonable and necessary costs incurred by Microsoft, which are directly attributable or properly allocable to the Services, Microsoft may bill the County periodically, but not more than once per month, upon invoices certified by Microsoft pursuant to the Price Schedule. All invoices shall be taken from the books of account kept by Microsoft, shall be supported by copies of payroll distribution, receipt bills or other documents reasonably required by the County, shall show the County's contract number, and shall have a unique invoice number assigned by Microsoft. It is the policy of Miami -Dade County that payment for all purchases by County agencies and the Public Health Trust shall be made in a timely manner and that interest payments be made on late payments. All firms, including Small Business Enterprises, providing goods and services to the County, shall receive payment to maintain sufficient cash flow. In accordance with Florida Statutes, Section 218.74 and Section 2-8.1.4 of the Miami -Dade County Code, the time at which payment shall be due from the County or the Public Health Trust shall be forty-five (45) days from the date of a proper invoice. Billings from prime Contractors under services and goods contracts with the County or Public Health Trust, that are Small Business Enterprise contract set -aside, bid preference or contain a subcontractor goal, shall be promptly reviewed and payment made by the County or Trust on those amounts not under dispute within fourteen (14) calendar days of receipt of such billing by the County or the Trust pursuant to Sections 2-8.1.1.1.1 and 2-8.1.1.1.2 of the Miami -Dade County Code. All payments due from the County or the Public Health Trust, and not made within the time specified by this section shall bear interest from thirty (30) days after the due date at the rate of one percent (1%) per month on the unpaid balance. Further, proceedings to resolve disputes for payment of obligations shall be concluded by final written decision of the County Mayor, or his or her designee(s), not later than sixty (60) days after the date on which the proper invoice was received by the County or the Public Health Trust. In accordance with Miami -Dade County Implementing Order 3-9, Accounts Receivable Adjustments, if money is owed by Microsoft to the County, whether under this Contract or for any other purpose, the County reserves the right to retain such amount from payment due by County to Microsoft under this Contract. Such retained amount shall be applied to the amount owed by Microsoft to the SLG Microsoft Master Services Agreement, v6.5 (Jan 2014) 5 DocuSign Envelope ID: 188D4842-9373-4ABC-B161-2B37F3E6C4F9 Miami -Dade County, FL Microsoft Master Services Agreement - State and Local County. Microsoft shall have no further claim to such retained amounts which shall be deemed full accord and satisfaction of the amount due by the County to Microsoft for the applicable payment due herein. Invoices and associated back-up documentation shall be submitted in duplicate by Microsoft to the County as identified in the related purchase order. The County may at any time designate a different address and/or contact person by giving written notice to the other party. b. Fees. As of the Effective Date of this Agreement, the following documents govern fees for Microsoft Premier Support Services and labor rates for information technology consulting services: 1. Microsoft Premier Support Services Description Schedule: Fee and Named Contacts incorporated hereto as Attachment A, as may be revised on annual basis, not to exceed a 3% increase year over year; and 2. FY17 Public Sector Published Price List - Microsoft Consulting Services incorporated hereto as Attachment B. Microsoft reserves the right to revise its labor rates not more than once in any 12-month period. Otherwise, our rates may be adjusted off our then current labor rates for such services, for project or volume hours, by mutual agreement of you and us. Estimated total fees for under each statement of services will be as agreed by the parties in statement of services. Microsoft will not change our hourly rates identified in a statement of services during its term, but may adjust its hourly rates prior to entering any new or amended statement of services. Microsoft's fees exclude any taxes, duties, tariffs, levies or other governmental charges or expenses (including, without limitation, any value added taxes), which will be billed to and paid by County. Microsoft is responsible for taxes based upon its personal property ownership and net income. Any future documents that may be released which reflect pricing adjustments are hereby included in this agreement by reference. 3. With respect to travel costs and travel -related expenses, Microsoft agrees to adhere to Section 112.061 of the Florida Statutes as they pertain to out-of-pocket expenses, including employee lodging, transportation, per diem, and all miscellaneous cost and fees. The County shall not be liable for any such expenses that have not been approved in advance, in writing, by the County. 7. Confidentiality. Subject to the requirements of your public records and trade secret laws (if any): a. Confidential information. The terms and conditions of this Agreement are not confidential. "Confidential Information" is non-public information that is designated "confidential", proprietary, or "trade secret" by Microsoft or an Enrolled Affiliate and which is protected from unlawful disclosure by applicable federal law or applicable state law. Confidential Information does not include information that (a) was known before receipt from the other party or becomes publicly available without a breach of this agreement, (b) was lawfully known or received by the receiving party without an obligation to keep it confidential, (c) is independently developed, or (d) is a comment or suggestion one party volunteers about the other's business, products or services. SLG Microsoft Master Services Agreement, v6.5 (Jan 2014) 6 DocuSign Envelope ID: 188D4842-9373-4ABC-B161-2B37F3E6C4F9 Miami -Dade County, FL Microsoft Master Services Agreement - State and Local b. Use of confidential information. For a period of five years after initial disclosure, neither party will use the other's confidential information without the other's written consent except in furtherance of this business relationship or as expressly permitted by this agreement or disclose the other's confidential information except (i) to obtain advice from legal or financial consultants, or (ii) if compelled by law, in which case the party compelled to make the disclosure will use its best efforts to give the other party notice of the requirement so that the disclosure can be contested. Each party will take reasonable precautions to safeguard the others confidential information. Such precautions will be at least as great as those each party takes to protect its own confidential information. Each party will disclose the others confidential information to its employees, consultants or contractors only on a need -to -know basis, provided that such employees, consultants or contractors are subject to confidentiality obligations no less restrictive than those contained herein. When confidential information is no longer necessary to perform any obligation under any statement of services, each of us will return it to the other party or destroy it at the other's request. Either party may provide suggestions, comments or other feedback to the other with respect to the other's products and services. Feedback is voluntary and the party receiving feedback may use it for any purpose without obligation of any kind except that the party receiving feedback will not disclose the source of feedback without the consent of the party providing it. c. Cooperation in the event of disclosure. Each party will immediately notify the other upon discovery of any unauthorized use or disclosure of the other party's confidential information and will cooperate in any reasonable way to help the other regain possession of the confidential information and prevent further unauthorized use or disclosure. d. Knowledge base. We may use any technical information we derive from providing services related to our products for problem resolution, troubleshooting, product functionality enhancements and fixes, for our knowledge base. We agree not to identify you or disclose any of your confidential information in any item in the knowledge base. 8. Warranties. a. Services. We warrant that all services will be performed with professional care and skill. b. No other warranties. TO THE EXTENT PERMITTED BY APPLICABLE LAW, WE DISCLAIM AND EXCLUDE ALL REPRESENTATIONS, WARRANTIES, AND CONDITIONS WHETHER EXPRESS, IMPLIED OR STATUTORY OTHER THAN THOSE IDENTIFIED EXPRESSLY IN THIS AGREEMENT (INCLUDING ANY STATEMENT OF SERVICES THAT INCORPORATES THESE TERMS), INCLUDING BUT NOT LIMITED TO WARRANTIES OR CONDITIONS OF TITLE, NON -INFRINGEMENT, SATISFACTORY QUALITY, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE PRODUCTS, FIXES, SERVICE DELIVERABLES, RELATED MATERIALS AND SERVICES. WE WILL NOT BE LIABLE FOR ANY SERVICE(S) OR PRODUCT(S) PROVIDED BY THIRD PARTY VENDORS, DEVELOPERS OR CONSULTANTS IDENTIFIED OR REFERRED TO YOU BY US UNLESS SUCH THIRD PARTY PRODUCTS OR SERVICES ARE PROVIDED UNDER OUR WRITTEN AGREEMENT BETWEEN YOU AND US, AND THEN ONLY TO THE EXTENT EXPRESSLY PROVIDED IN THIS AGREEMENT. 9. Defense of infringement and misappropriation claim. We will defend you against any claims made by an unaffiliated third party that any service deliverable infringes its patent, copyright, or trademark or misappropriates its trade secret, and will pay the amount of any resulting adverse final judgment (or settlement to which we consent). SLG Microsoft Master Services Agreement. v6.5 (Jan 2014) 7 DocuSign Envelope ID: 188D4842-9373-4ABC-B161-2B37F3E6C4F9 Microsoft Master Miami -Dade County, FL Services Agreement— ; State and Local You must notify us promptly in writing of the claim and give us sole control over its defense or settlement. You agree to provide us with reasonable assistance in defending the claim, and we will reimburse you for reasonable out of pocket expenses that you incur in providing that assistance. The terms "misappropriation" and "trade secret" are used as defined in the Uniform Trade Secrets Act. Our obligations will not apply to the extent that any claim or adverse final judgment is based on (i) computer code or materials (e.g. specifications) you provide; (ii) your use of a fix or service deliverables after we notify you to discontinue use due to such a claim; (iii) your combining a fix or service deliverables with a non -Microsoft product, data or business process; (iv) damages attributable to the value of the use of a non -Microsoft product, data or business process; (v) an alteration of fixes or service deliverables by someone other than us or our contractors; (vi) your distribution of the fix or services deliverables to, or its use for the benefit of, any third party other than permitted by an applicable statement of services; (vii) your use of our trademark(s) without express written consent to do so; or (viii) any trade secret claim that is a result of your acquiring a trade secret (a) through improper means; (b) under circumstances giving rise to a duty to maintain its secrecy or limit its use; or (c) from a person (other than us or our affiliates) who owed to the party asserting the claim a duty to maintain the secrecy or limit the use of the trade secret. You will reimburse us for any costs or damages that result from these actions. If we receive information concerning an infringement claim related to a fix or service deliverables, we may, at our expense and without obligation to do so, either (i) procure for you the right to continue to use the allegedly infringing fix or service deliverables as permitted by the applicable statement of services; or (ii) modify the fix or service deliverables or replace it with a non -infringing functional equivalent, to make it non -infringing, in which case you will stop using the allegedly infringing fix or service deliverables immediately. If as a result of an infringement claim, your use of a fix or service deliverables is enjoined by a court of competent jurisdiction, we will, at our option, either i) procure the right to continue its use; ii) modify it to make it non -infringing; iii) replace it with a non -infringing functional equivalent; or iv) refund the amount paid for the infringing fix or service deliverables and terminate the license for (or as applicable, your ownership rights in) the infringing fix or service deliverable. If any other type of third party claim is brought against you regarding our intellectual property, you must notify us promptly in writing. We may, at our option, choose to treat these claims as being covered by this Section 9. This Section 9 provides your exclusive remedy for third party infringement and trade secret misappropriation claims. 10. Limitations of liability. a. Limitation on Direct Damages. There may be situations in which you have a right to claim damages or payment from us. Except as otherwise specifically provided in this paragraph, whatever the legal basis for your claims, our total liability (and that of our contractors) will be limited, to the maximum extent permitted by applicable law, to direct damages up to the amount you have paid under the applicable statement of services for the services giving rise to the claims. In the event services or any service deliverables are provided to you on a gratuitous or no -charge basis, our total liability to you will not exceed US$5000. The limitations contained in this paragraph will not apply with respect to the following: (i) our obligations under Section 9; (ii) our liability for damages for gross negligence or willful misconduct, to the extent caused by us or our contractors and awarded by a court of final adjudication; and (iii) our obligations under Section 7. b. NO LIABILITY FOR CERTAIN DAMAGES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, NEITHER PARTY NOR THEIR AFFILIATES, SUPPLIERS OR CONTRACTORS WILL BE LIABLE FOR ANY INDIRECT DAMAGES (INCLUDING WITHOUT LIMITATION, CONSEQUENTIAL, SPECIAL, OR INCIDENTAL DAMAGES, DAMAGES FOR LOSS OF PROFITS OR REVENUES, BUSINESS INTERRUPTION, OR LOSS OF BUSINESS INFORMATION), ARISING IN CONNECTION WITH THIS AGREEMENT, ANY STATEMENT OF SERVICES, SERVICES, SERVICE DELIVERABLES, FIXES, PRODUCTS, OR ANY SLG Microsoft Master Services Agreement, v6.5 (Jan 2014) 8 DocuSign Envelope ID: 188D4842-9373-4ABC-B161-2B37F3E6C4F9 Miami -Dade County, FL Microsoft Master Services Agreement — State and Local OTHER MATERIALS OR INFORMATION, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR IF SUCH POSSIBILITY WAS REASONABLY FORESEEABLE. THIS EXCLUSION OF LIABILITY DOES NOT APPLY TO EITHER PARTY'S LIABILITY TO THE OTHER FOR VIOLATION OF ITS CONFIDENTIALITY OBLIGATION, REDISTRIBUTION OR OF THE OTHER PARTY'S INTELLECTUAL PROPERTY RIGHTS. c. Application. Except as specified expressly in this Section 10, the limitations on and exclusions of liability for damages in this agreement apply regardless of whether the liability is based on breach of contract, tort (including negligence), strict liability, breach of warranties, or any other legal theory. 11. Term and termination. The Contract shall become effective on January 1, 2017 (or the date of the parties signature, whichever is later), and shall continue through May 31, 2017. The parties signing the cover page of this agreement may terminate it at any time by giving the other party at least 60 calendar days prior written notice. Either party signing the cover page may terminate this agreement if the other party is in material breach or default of any obligation that is not cured within 30 calendar days' notice of such breach. The sole effect of terminating this agreement will be to terminate the ability of either party to enter into subsequent statements of services that incorporate the terms of this agreement. Termination of this agreement will not, by itself, result in the termination of any statements of services previously entered into (or extensions of the same) that incorporate the terms of this agreement, and the terms of this agreement will continue in effect for purposes of such statements of services unless and until the statement of services itself is terminated or expires. The term of any statement of services will be set forth in an applicable statement of services. In addition, unless otherwise provided in a statement of services, your affiliate that signed the statement of services may terminate it for any reason by giving our affiliate that signed the statement of services 30 calendar days prior written notice. Either party signing a statement of services may terminate it if the other party is (i) in material breach or default of any obligation that is not cured within 30 calendar days' notice of such breach or (ii) fails to pay any invoice that is more than 60 calendar days outstanding. You agree to pay all fees for services performed and expenses incurred prior to termination and any additional amounts that may be specified in a statement of services. 12. Notices. All notices, authorizations, and requests given or made in connection with this agreement must be sent by post, express courier, facsimile or email to the addresses indicated on the cover page of this agreement or on an applicable statement of services, if different. Notices will be deemed delivered on the date shown on the postal return receipt or on the courier, or facsimile or email confirmation of delivery. 13. Insurance. We will procure and maintain the following insurance coverage, at all times when performing services on your premises under this agreement, via either commercial insurance, self-insurance, a combination of the two or any other similar risk financing alternative: a) Commercial General Liability covering bodily injury and tangible property damage liability with a limit of not less than U.S. $2,000,000 each occurrence; b) Workers' Compensation (or maintenance of a legally permitted and governmentally -approved program of self-insurance) covering Microsoft employees pursuant to applicable state workers' compensation laws for work -related injuries suffered by our employees; c) Employer's Liability with limits of not less than U.S. $1,000,000 per accident; d) Professional Liability/Errors & Omissions Liability covering damages arising out of negligent acts, errors, or omissions committed by us or our employees in the performance of services, with a limit of liability of not less than U.S. $2,000,000 per claim; and e) Automobile Liability (if vehicles are brought on your premises or used in the performance of the services) with $2,000,000 combined single limit per occurrence, for bodily injury and property damage combined covering owned, non -owned and hired vehicles. Upon County's notification, Microsoft shall furnish to the Internal Services Department, SLG Microsoft Master Services Agreement, v6.5 (Jan 2014) 9 DocuSign Envelope ID: 188D4842-9373-4ABC-B161-2B37F3E6C4F9 Miami -Dade County, FL Microsoft Master Services Agreement - State and Local Procurement Management Division, Certificates of Insurance that indicate that insurance coverage has been obtained. The mailing address of Miami -Dade County as the certificate holder must appear on the certificate of insurance as follows: Miami -Dade County 111 N.W. 1st Street Suite 1300 Miami, Florida 33128-1974 Compliance with the foregoing requirements shall not relieve Microsoft of this liability and obligation under this section or under any other section in this Agreement. Award of this Contract is contingent upon the receipt of the insurance documents, as required, within ten (10) business days. If the insurance certificate is received within the specified timeframe but not in the manner prescribed in this Agreement, Microsoft shall have an additional five (5) business days to submit a corrected certificate to the County. If Microsoft fails to submit the required insurance documents in the manner prescribed in this Agreement within fifteen (15) business days, Microsoft shall be in default of the contractual terms and conditions and award of Contract may be rescinded, unless such timeframe for submission has been extended by the County. Microsoft shall assure that the Certificates of Insurance required in conjunction with this Section remain in full force for the term of the Contract, including any renewal or extension periods that may be exercised by the County. If the Certificate(s) of Insurance is scheduled to expire during the term of the Contract, the successful Bidder shall submit new or renewed Certificate(s) of Insurance to the County a minimum of ten (10) calendar days before such expiration. In the event that expired Certificates of Insurance are not replaced or renewed to cover the Contract period, the County may suspend the Contract until the new or renewed certificates are received by the County in the manner prescribed herein. If such suspension exceeds thirty (30) calendar days, the County may, at its sole discretion, terminate the Contract for cause and Microsoft shall be responsible for all direct and indirect costs associated with such termination. 14. Miscellaneous. a. Assignment and right to subcontract. Neither party may assign this agreement or any statement of services without the written consent of the other. We may use contractors to perform services and we will be responsible for their performance subject to the terms of this agreement. b. Independent contractor. We provide our services as an independent contractor, and will be responsible for any and all social security, unemployment, workers' compensation and other withholding taxes for all of our employees. You and we are free to develop products independently without the use of the other's confidential information. Neither you nor we are obligated to restrict the future work assignments of people who have had access to confidential information. In addition, you, we and these people are free to use the information that these people remember related to information technology, including ideas, concepts, know-how or techniques, so long as confidential information of the other party is not disclosed in violation of this agreement in the course of such use. This use shall not grant either party any rights under the other's copyrights or patents and does not require payment of royalties or separate license. c. Applicable law; dispute resolution. This agreement together with the applicable statement of services will be governed by the laws of your state, without giving effect to its conflict of law provisions. Disputes relating to this agreement will be subject to applicable mandatory dispute resolution statutes and regulations of your state. SLG Microsoft Master Services Agreement, v6.5 (Jan 2014) 10 DocuSign Envelope ID: 188D4842-9373-4ABC-B161-2B37F3E6C4F9 Miami -Dade County, FL Microsoft Master Services Agreement - State and Local d. Entire agreement. This agreement, and any amendments hereto, and the statements of services constitute the parties' entire agreement concerning the subject matter hereof, and supersede any other prior and contemporaneous communications. The terms of these documents will control in the following order: (i) this agreement; and (ii) any statement of services. Any terms and conditions maintained by you or your affiliates or contained in any purchase order, other than those mandatory terms required by law, will not apply. The parties signing the cover page of this agreement may amend this agreement only in writing when signed by both parties. The parties signing a statement of services may amend the statement of services only in writing when signed by both parties. e. Survival. The sections regarding ownership and license, restrictions on use, fees, confidentiality, no other warranties, defense of infringement and misappropriation claims, limitations of liability, term and termination, notices, and miscellaneous of this agreement wit survive any termination or expiration of this agreement or any statement of services. Additionally, as provided in Section 11 above, if this agreement is terminated all its terms shall survive termination for purposes of any remaining statement of services in existence at the time this agreement is terminated. f. Severability. If a court holds any provision of this agreement or a statement of services to be illegal, invalid or unenforceable, the remaining provisions will remain in full force and effect and the parties will amend the agreement or statement of services to give effect to the stricken clause to the maximum extent possible. g. Waiver. No waiver of any breach of this agreement or statement of services will be a waiver of any other breach, and no waiver will be effective unless made in writing and signed by an authorized representative of the waiving party. h. Force majeure. To the extent that either party's performance is prevented or delayed, either totally or in part, for reasons beyond that party's control, then that party will not be liable, so long as it resumes performance as soon as practicable after the reason preventing or delaying performance no longer exists. Counterparts. This agreement and any statements of services may be executed in any number of counterparts, each of which will be an original, and such counterparts together will constitute one and the same instrument. Execution may be effected by delivery of facsimiles of signature pages (and the parties will follow such delivery by prompt delivery of originals of such pages). Cost or pricing data. We will not, under any circumstances, accept any statement of services that would require the submission of cost or pricing data. k. Non -exclusivity. This agreement (including any statement of services incorporating these terms) is non-exclusive. Nothing contained in it requires you to license, use or promote Microsoft software or services exclusively. You may, if you choose, enter into agreements with other parties to license, use or promote non -Microsoft software or services. 15. Order of Precedence. If there is a conflict between or among the provisions of this Agreement, the order of precedence is as follows: 1) these terms and conditions including any amendments hereto, 2) Microsoft's statement of services, 3) any associated addenda or attachments. 16. Reserved. 17. Audits. Pursuant to Section 2-481 of the Miami -Dade County Code, Microsoft will grant access to the Commission Auditor to all directly related financial and performance records, property, and equipment purchased in whole or in part with government funds. SLG Microsoft Master Services Agreement, v6.5 (Jan 2014) 11 DocuSign Envelope ID: 188D4842-9373-4ABC-B161-2B37F3E6C4F9 Miami -Dade County, FL 18. Subcontractual Relations. Microsoft Master Services Agreement - State and Local a) If Microsoft will cause any part of this Agreement to be performed by a Subcontractor, the provisions of this Contract will apply to such Subcontractor and its officers, agents and employees in all respects as if it and they were employees of Microsoft; and Microsoft will not be in any manner thereby discharged from its obligations and liabilities hereunder, but will be liable hereunder for all acts and negligence of the Subcontractor, its officers, agents, and employees, as if they were employees of Microsoft. The services performed by the Subcontractor will be subject to the provisions hereof as if performed directly by Microsoft. b) Microsoft, before making any subcontract for any portion of the services, will state in writing to the County the name of the proposed Subcontractor, the portion of the Services which the Subcontractor is to do, the place of business of such Subcontractor, and such other information as the County may require. The County will have the right to require Microsoft not to award any subcontract to a person, firm or corporation disapproved by the County. c) Before entering into any subcontract hereunder, Microsoft will inform the Subcontractor fully and completely of all provisions and requirements of this Agreement relating either directly or indirectly to the Services to be performed. Such Services performed by such Subcontractor will strictly comply with the requirements of this Contract. d) In order to qualify as a Subcontractor satisfactory to the County, in addition to the other requirements herein provided, the Subcontractor must be prepared to prove to the reasonable satisfaction of the County that it has the necessary facilities, skill and experience, and ample financial resources to perform the Services in a satisfactory manner. To be considered skilled and experienced, the Subcontractor must show to the reasonable satisfaction of the County that it has satisfactorily performed services of the same general type which is required to be performed under this Agreement. e) The County shall have the right to withdraw its consent to a subcontract if it appears to the County that the subcontract will delay, prevent, or otherwise impair the performance of Microsoft's obligations under this Agreement. All Subcontractors are required to protect the confidentiality of the County's proprietary and confidential information. Contractor shall furnish to the County copies of all subcontracts between it and its Subcontractors/suppliers for statements of service written under this Agreement. Within each such subcontract, there shall be a clause for the benefit of the County in the event the County finds Microsoft in breach of this Contract, permitting the County to request completion by the Subcontractor of its performance obligations under the subcontract. The clause shall include an option for the County to pay the Subcontractor directly for the performance by such Subcontractor. Notwithstanding, the foregoing shall neither convey nor imply any obligation or liability on the part of the County to any subcontractor hereunder as more fully described herein. 19. Vendor Registration/Conflict of Interest. a) Vendor Registration Microsoft shall be a registered vendor with the County - Internal Services Department, Procurement Management Division, for the duration of this Agreement. In becoming a Registered Vendor with Miami -Dade County, Microsoft confirms its knowledge of and commitment to comply with the following: SLG Microsoft Master Services Agreement, v6.5 (Jan 2014) 12 DocuSign Envelope ID: 188D4842-9373-4ABC-8161-2837F3E6C4F9 Miami -Dade County, FL 1. Miami -Dade County Ownership Disclosure Affidavit (Section 2-8.1 of the County Code) 2. Miami -Dade County Employment Disclosure Affidavit (Section 2.8-1(d)(2) of the County Code) 3. Miami -Dade Employment Drug -free Workplace Certification (Section 2-8.1.2(b) of the County Code) 4. Miami -Dade Disability and Nondiscrimination Affidavit (Section 2-8.1.5 of the County Code) 5. Miami -Dade County Debarment Disclosure Affidavit (Section 10.38 of the County Code) 6. Miami -Dade County Vendor Obligation to County Affidavit (Section 2-8.1 of the County Code) 7. Miami -Dade County Code of Business Ethics Affidavit (Section 2-8.1(1) and 2-11(b)(1) of the County Code through (6) and (9) of the County Code and Section 2- 11.1(c) of the County Code) 8. Miami -Dade County Family Leave Affidavit (Article V of Chapter 11 of the County Code) 9. Miami -Dade County Living Wage Affidavit (Section 2-8.9 of the County Code) 10. Miami -Dade County Domestic Leave and Reporting Affidavit (Article 8, Section 11A-60 11A-67 of the County Code) 11. Subcontracting Practices (Ordinance 97-35) 12. Miami -Dade County E-Verify Affidavit (Executive Order 11-116) Microsoft Master Services Agreement - State and Local 13. Subcontractor/Supplier Listing (Section 2-8.8 of the County Code) 14. Environmentally Acceptable Packaging (Resolution R-738-92) 15. W-9 and 8109 Forms (as required by the Internal Revenue Service) 16. FEIN Number or Social Security Number In order to establish a file, Microsoft's Federal Employer Identification Number (FEIN) must be provided. If no FEIN exists, the Social Security Number of the owner or individual must be provided. This number becomes Contractor's "County Vendor Number". To comply with Section 119.071(5) of the Florida Statutes relating to the collection of an individual's Social Security Number, be aware that the County requests the Social Security Number for the following purposes: • Identification of individual account records • To make payments to individual/Contractor for goods and services provided to Miami - Dade County • Tax reporting purposes • To provide a unique identifier in the vendor database that may be used for searching and sorting departmental records 17. Office of the Inspector General (Section 2-1076 of the County Code) 18. Small Business Enterprises The County endeavors to obtain the participation of all small business enterprises pursuant to Sections 2-8.2, 2-8.2.3 and 2-8.2.4 of the County Code and Title 49 of the Code of Federal Regulations. 19. Antitrust Laws By acceptance of any contract, Microsoft agrees to comply with all antitrust laws of the United States and the State of Florida. b) Conflict of Interest/Code of Ethics Section 2-11.1(d) of Miami -Dade County Code requires that any County employee or any member of the employee's immediate family who has a controlling financial interest, direct or indirect, with Miami -Dade County or any person or agency acting for Miami - Dade County, competing or applying for a contract, must first request a conflict of interest opinion from the County's Ethics Commission prior to their or their immediate family member's entering into any contract or transacting any business through a firm, corporation, partnership or business entity in which the employee or any member of the employee's immediate family has a controlling financial interest, direct or indirect, with Miami -Dade County or any person or agency acting for Miami -Dade County. Any such contract or business engagement entered in violation of this subsection, as amended, shall be rendered voidable. All autonomous personnel, quasi-judicial personnel, advisory personnel, and employees wishing to do business with the County are hereby advised they must comply with the applicable provisions of Section 2-11.1 of the Miami - Dade County Code relating to Conflict of Interest and Code of Ethics. In accordance with 2-11.1 (y), the Miami Dade County Commission on Ethics and Public Trust (Ethics SLG Microsoft Master Services Agreement, v6.5 (Jan 2014) 13 DocuSign Envelope ID: 188D4842-9373-4ABC-B161-2B37F3E6C4F9 Miami -Dade County, FL Microsoft Master k Services Agreement - State and Local Commission) shall be empowered to review, interpret, render advisory opinions and letters of instruction and enforce the Conflict of Interest and Code of Ethics Ordinance. 20. Inspector General Reviews. Independent Private Sector Inspector General Reviews Pursuant to Miami -Dade County Administrative Order 3-20, the County has the right to retain the services of an Independent Private Sector Inspector General (hereinafter "IPSIG'), whenever the County deems it appropriate to do so. Upon written notice from the County, Microsoft shall make available to the IPSIG retained by the County, all requested records and documentation pertaining to this Agreement for inspection and reproduction. The County shall be responsible for the payment of these IPSIG services, and under no circumstance shall Microsoft's prices and any changes thereto approved by the County, be inclusive of any charges relating to these IPSIG services. The terms of this provision apply to Microsoft, its officers, agents, employees, subcontractors and assignees. Nothing contained in this provision shall impair any independent right of the County to conduct an audit or investigate the operations, activities and performance of Microsoft in connection with this Agreement. The terms of this Article shall not impose any liability on the County by Microsoft or any third party. Miami -Dade County Inspector General Review According to Section 2-1076 of the Code of Miami -Dade County, Miami -Dade County has established the Office of the Inspector General which may, on a random basis, perform audits on all County contracts, throughout the duration of said contracts. The cost of the audit for this Contract shall be one quarter (1/4) of one (1) percent of the total contract amount which cost shall be included in the total contract amount. The audit cost will be deducted by the County from progress payments to Microsoft. The audit cost shall also be included in all change orders and all contract renewals and extensions. The Miami -Dade County Inspector General is authorized and empowered to review past, present and proposed County and Public Health Trust contracts, transactions, accounts, records and programs. In addition, the Inspector General has the power to subpoena witnesses, administer oaths, require the production of records and monitor existing projects and programs. Monitoring of an existing project or program may include a report concerning whether the project is on time, within budget and in conformance with plans, specifications and applicable law. The Inspector General is empowered to analyze the necessity of and reasonableness of proposed change orders to the Contract. The Inspector General shall have the power to audit, investigate, monitor, oversee, inspect and review operations, activities, performance and procurement process, including but not limited to project design, specifications, proposal submittals, activities of Microsoft, its officers, agents and employees, lobbyists, County staff and elected officials to ensure compliance with contract specifications and to detect fraud and corruption. Upon written notice to Microsoft from the Inspector General or IPSIG retained by the Inspector General, Microsoft shall make all requested records and documents available to the inspector General or IPSIG for inspection and copying. The Inspector General and IPSIG shall have the right to inspect and copy all documents and records in Microsoft's possession, custody or control which, in the Inspector General's or IPSIG's sole judgment, pertain to the performance of the contract, including, but not limited to original estimate files, change order estimate files, worksheets, proposals and agreements form and which successful and unsuccessful subcontractors and suppliers, all project -related correspondence, memoranda, instructions, financial documents construction documents, proposal and contract documents, back -charge documents, all documents, and records which involve cash, trade or volume discounts, insurance proceeds, rebates, or dividends received, payroll and personnel records, and supporting documentation for the aforesaid documents and records. SLG Microsoft Master Services Agreement, v6.5 (Jan 2014) 14 DocuSign Envelope ID: 188D4842-9373-4ABC-B161-2837F3E6C4F9 Microsoft Master Miami -Dade County, FL Services Agreement - State and Local 21. Local, State, and Federal Compliance Requirements. Contractor agrees to comply, subject to applicable professional standards, with the provisions of any and all applicable Federal, State and the County orders, statutes, ordinances, rules and regulations which may pertain to the Services required under this Agreement. 22. Nondiscrimination. During the performance of this Contract, Contractor agrees to not discriminate against any employee or applicant for employment because of race, color, religion, ancestry, national origin, sex, pregnancy, age, disability, marital status, familial status, sexual orientation, gender identity or gender expression, status as victim of domestic violence, dating violence or stalking, or veteran status, and on housing related contracts the source of income, and will take affirmative action to ensure that employees and applicants are afforded equal employment opportunities without discrimination. Such action shall be taken with reference to, but not limited to: recruitment, employment, termination, rates of pay or other forms of compensation, and selection for training or retraining, including apprenticeship and on the job training. By entering into this Contract, Microsoft attests that it is not in violation of the Americans with Disabilities Act of 1990 (and related Acts) or Miami -Dade County Resolution No. R-385-95. If Microsoft or any owner, subsidiary or other firm affiliated with or related to Microsoft is found by the responsible enforcement agency or the County to be in violation of the Act or the Resolution, such violation shall render this Contract void. This Contract shall be void if Microsoft submits a false affidavit pursuant to this Resolution or Microsoft violates the Act or the Resolution during the term of this Contract, even if Microsoft was not in violation at the time it submitted its affidavit. 23. Governing Law. This Contract, including appendices, and all matters relating to this Contract (whether in contract, statute, tort (such as negligence), or otherwise) shall be governed by, and construed in accordance with, the laws of the State of Florida. Venue shall be Miami -Dade County 24. County User Access Program (UAP). a) User Access Fee Pursuant to Section 2-8.10 of the Miami -Dade County Code, this Contract is subject to a user access fee under the County User Access Program (UAP) in the amount of two percent (2%). All sales resulting from this Contract, or any contract resulting from the solicitation referenced on the first page of this Contract, and the utilization of the County Contract price and the terms and conditions identified herein, are subject to the two percent (2%) UAP. This fee applies to all Contract usage whether by County Departments or by any other governmental, quasi -governmental or not -for -profit entity. The Contractor providing goods or services under this Contract shall invoice the Contract price and shall accept as payment thereof the Contract price less the 2% UAP as full and complete payment for the goods and/or services specified on the invoice. The County shall retain the 2% UAP for use by the County to help defray the cost of the procurement program. Contractor participation in this invoice reduction portion of the UAP is mandatory. b) Joint Purchase Only those entities that have been approved by the County for participation in the County's Joint Purchase and Entity Revenue Sharing Agreement are eligible to utilize or receive County Contract pricing and terms and conditions. The County will provide to approved entities a UAP Participant Validation Number. The Contractor must obtain the participation number from the entity prior to filling any order placed pursuant to this SLG Microsoft Master Services Agreement, v6.5 (Jan 2014) 15 DocuSign Envelope ID: 188D4842-9373-4ABC-B161-2B37F3E6C4F9 Miami -Dade County, FL Microsoft Master Services Agreement- State and Local Section. Contractor participation in this joint purchase portion of the UAP, however, is voluntary. The Contractor shall notify the ordering entity, in writing, within three (3) business days of receipt of an order, of a decision to decline the order. For all ordering entities located outside the geographical boundaries of Miami -Dade County, the Contractor shall be entitled to ship goods on an "FOB Destination, Prepaid and Charged Back" basis. This allowance shall only be made when expressly authorized by a representative of the ordering entity prior to shipping the goods. The County shall have no liability to the Contractor for the cost of any purchase made by an ordering entity under the UAP and shall not be deemed to be a party thereto. All orders shall be placed directly by the ordering entity with Microsoft and shall be paid by the ordering entity less the 2% UAP. c) Contractor Compliance If a Contractor fails to comply with this Article, that Contractor may be considered in default by the County. 25. First Source Hiring Referral Program. Pursuant to Section 2-2113 of the Code of Miami -Dade County, for all contracts for goods and services, the Contractor, prior to hiring to fill each vacancy arising under a County contract shall (1) first notify the South Florida Workforce Investment Board ("SFWIB"), the designated Referral Agency, of the vacancy and list the vacancy with SFWIB according to the Code, and (2) make good faith efforts as determined by the County to fill a minimum of fifty percent (50%) of its employment needs under the County contract through the SFWIB. If no suitable candidates can be employed after a Referral Period of three to five days, the Contractor is free to fill its vacancies from other sources. Contractor will be required to provide quarterly reports to the SFWIB indicating the name and number of employees hired in the previous quarter, or why referred candidates were rejected. Sanctions for non-compliance shall include, but not be limited to: (i) suspension of contract until Contractor performs obligations, if appropriate; (ii) default and/or termination; and (iii) payment of $1,500/employee, or the value of the wages that would have been earned given the noncompliance, whichever is less. Registration procedures and additional information regarding the FSHRP are available at https://iapps.careersourcesfl.com/firstsource/. 26. Public Records and Contracts for Services Performed on Behalf of Miami -Dade County. Microsoft shall comply with the Public Records Laws of the State of Florida, including by not limited to, (1) keeping and maintaining all public records that ordinarily and necessarily would be required by the County in order to perform the service; (2) providing the public with access to public records on the same terms and conditions that the County would provide the records and at a cost that does not exceed the cost provided in Chapter 119, F.S., or as otherwise provided by law; (3) ensuring that public records that are exempt or confidential and exempt from public records disclosure requirements are not disclosed except as authorized by law; and (4) meeting all requirements for retaining public records and transferring, at no cost, to the County all public records in possession of Microsoft upon termination of the contract and destroying any duplicate public records that are exempt or confidential and exempt from public records disclosure requirements upon such transfer. In addition, all records stored electronically must be provided to the County in a format that is compatible with the information technology systems of the County. Failure to meet any of these provisions or to comply with Florida's Public Records Laws as applicable shall be a material breach of this Agreement and shall be enforced in accordance with the terms and conditions of the Agreement. IF THE CONTRACTOR HAS QUESTIONS REGARDING THE APPLICATION OF CHAPTER 119, FLORIDA STATUTES, TO THE CONTRACTOR'S DUTY TO PROVIDE PUBLIC RECORDS SLG Microsoft Master Services Agreement, v6.5 (Jan 2014) 16 DocuSign Envelope ID: 188D4842-9373-4ABC-B161-2B37F3E6C4F9 Miami -Dade County, FL Microsoft Master Services Agreement- State and Local RELATING TO THIS CONTRACT, CONTACT THE CUSTODIAN OF PUBLIC RECORDS AT (305) 375-5773, ISD- VSS@MIAMIDADE.GOV, 111 NW 1st STREET, SUITE 1300, MIAMI, FLORIDA 33128 27. Inability to Indemnify or Hold Harmless. County and all affiliates that are state agencies or subdivisions, as defined in section 768.28, Florida Statutes, have no statutory authority to indemnify or hold harmless. Nothing in this Agreement as amended shall be construed as an obligation for County or an Affiliate to hold Microsoft harmless, to indemnify Microsoft, or to defend Microsoft and its suppliers from and against any claims or lawsuits, including attorney's fees for any reason whatsoever. Nothing in this Agreement as amended shall be construed to be a waiver of sovereign immunity by the County or the Affiliate to which sovereign immunity applies. Nothing in this Agreement as amended shall be construed as consent by a state agency or subdivision of the State of Florida to be sued by third parties in any matter. SLG Microsoft Master Services Agreement. v6.5 (Jan 2014) 17 DocuSign Envelope ID: 188D4842-9373-4ABC-B161-2B37F3E6C4F9 Miami -Dade County, FL Microsoft Master Services Agreement — State and Local Attachment A Microsoft Premier Support Services Description Schedule SLG Microsoft Master Services Agreement, v6.5 (Jan 2014) 18 State and Local Government — Microsoft Premier Support Services Description (Microsoft Affiliate to complete) Services Description Number (For Microsoft Internal Purposes Only) MSL Number This services description ("Services Description") is made pursuant to the Microsoft Master Services Agreement, (the "Agreement") effective as of 1/13/2017, which is incorporated herein by this reference. In this Services Description "You", "Your" or "Customer" means the undersigned customer and "We," "Us," or "Our" means the undersigned Microsoft affiliate. Any terms not otherwise defined herein will assume the meanings set forth in the Agreement. This Services Description is comprised of this cover page and the Services Description terms below, which are incorporated herein by this reference. Customer Invoice Information Name of Customer Contact Name (This person receives invoices under this Services Description unless otherwise specified on Your purchase order.) Miami -Dade County, FL Name of Customer or Affiliate that executed the Agreement if different than the undersigned Street Address Contact E-mail Address City State/Province Phone Country Postal Code Fax USA Invoicing Premier Support is a prepaid service and all fees and any applicable taxes are due upon acceptance of this Services Description. We must be in receipt of a purchase order, check, or other acceptable form of payment before We will begin providing Services. We will invoice You for additional Services performed and expenses incurred. Our invoices are payable in full within 30 days of receipt by You and will be directed to Your representative for payment at the address shown above unless otherwise provided in a purchase order. Notwithstanding the foregoing, multi -year Service Descriptions will be invoiced upon Our acceptance of this Services Description for year one and the remaining installments will be invoiced at the subsequent anniversaries of the Commencement Date as defined on the Fee and Named Contacts Schedule(s). We reserve the right to adjust Our fees prior to entering into any new Fee and Named Contacts Schedule(s). Term This Services Description will commence on 01/01/2017 and will expire on 05/31/2017 (the "Expiration Date") unless otherwise extended by a subsequent FNC(s). By signing below the parties acknowledge and agree to be bound to the terms of the Agreement and this Services Description. Customer Name of Customer (please print) Miami -Dade County, FL Microsoft Affiliate Name Microsoft Corporation Signature Name of person signing (please print) Prem ier6.4ServicesDescription (NorthAmerica)(US)(Eng lish)(April 2010) JOM4 .. 5 —n—...� Page 1 of 11 CouNry tP Z .* Title of person signing (please print) fn or Title of person signing (please print) Date aO 1 7 Date 1. OVERVIEW. This Services Description describes the various types of services that may be obtained (the "Services"). In addition, it sets forth the parties' respective responsibilities, prerequisites and assumptions that underlie the provision of the Services, applicable fees, and additional terms and conditions. The Services focus on the following key areas: Support Account Management from an assigned Microsoft resource ("Services Resource") helps to build and maintain relationships with Your management and service delivery staff and helps You arrange each element of the Premier Support to meet Your business requirements. Workshops help You to prevent problems, increase system availability and assist with creating products and solutions based on Microsoft technologies. Problem Resolution Support provides assistance for problems with specific symptoms encountered while using Microsoft products, where there is a reasonable expectation that the problem is caused by Microsoft products. Support Assistance provides short-term advice and guidance for problems not covered with Problem Resolution Service as well as requests for consultative assistance for design, development and deployment issues. Information Services provide Your staff with the latest knowledge on Microsoft technologies to enhance Your in-house support capabilities. 2. AVAILABLE SERVICES. You may utilize any combination of the following Services. Unless We specify otherwise, the Services are charged on an hourly basis and will be deducted from the total number of hours You have purchased as set forth in the attached Fee and Named Contacts Schedule(s). The complete list of Services below may not be available in all countries. For a detailed list of Services available outside the US, please contact Your Services Resource. 2.1 Support Account Management. Support Account Management services are intended to help coordinate the support and services relationship. The Services Resource is Your advocate within Microsoft and facilitates a team that can provide Workshops, Problem Resolution Support, and Support Assistance. The Services Resource also serves as the point of information delivery and provides Your feedback regarding the Services to other Microsoft groups. The Services Resource will engage with You in the following activities which will be deducted from the pre -paid hours listed in the "Premier Support Fees" section below: a. Planning and Resource Facilitation. At the commencement of this Service Description, an orientation and planning session can be conducted with Your management and staff via teleconference or onsite if an onsite visit has been purchased. The purpose of this meeting is to discuss the Services available, gather input regarding Your support needs, and jointly plan Your use of the Services. b. Status Meetings and Reporting. A standard status report can be prepared on a regular basis, to summarize the Services delivered during the previous reporting period. Status meetings will be conducted to discuss Service activities, monitor Your satisfaction levels, and discuss actions or adjustments that may be required. Customized reporting can be provided at Your request and any additional related labor will be deducted from Your Support Assistance hours. c. Escalation Management. Support issues that require escalation to other resources within Microsoft can be closely managed by the Services Resource to expedite resolution. 2.2 Workshops and Events. The goal of Workshops and Events is to provide You proactive technical information to assist in the design, development or deployment of Microsoft technologies. All registration requirements for Workshops and Events must be completed by You 60 days prior to the expiration date of the applicable Fee and Named Premier6.4ServicesDescription(NorthAmerica)(US)(English)(April 2010) Page 2 of 11 Contacts Schedule(s). Additional benefits may include instruction to help reduce the number and minimize the impact of problems related to Microsoft Products that You experience. Workshops and Events can include the following: a. Workshops. We can conduct instructor -led training sessions that emphasize Microsoft technologies at Your facility or on location at Microsoft. If You elect to have a Workshop conducted at Your facility, We will provide You with specifications for configuring Your environment prior to the delivery of the Workshops. Workshops are individually scoped and priced depending upon the length, delivery location and material presented. Your Services Resource can provide You with a current list of available Workshops. b. Events. We can provide broad and deep technical development -focused presentations, combined with hands-on labs that provide training and facilitate Your implementations of Microsoft technologies. These Events provide the opportunity to interact with Microsoft product groups, Premier support development resources and marketing contacts. Your Services Resource can provide You with notification of scheduled Events. 2.3 Problem Resolution Support. Problem Resolution Support provides assistance for problems with specific symptoms encountered while using Microsoft products, where there is a reasonable expectation that the problems are caused by Microsoft products. Problem Resolution Support is available 24 hours a day, 7 days a week. Requests for support may be submitted via telephone or electronically through the Premier online website by Your designated contacts, except for Severity 1 and A which must be submitted via telephone as set forth below in Section 2.3(a). Problem Resolution Support can include any combination of the following: a. Problem Request (Break -Fix). An assisted break -fix support request, also known as an incident, is defined as a single support issue and the reasonable effort needed to resolve it. A single support issue is a problem that cannot be broken down into subordinate issues. If a problem consists of subordinate issues, each shall be considered a separate incident. Incidents requiring an onsite visit will be charged on an hourly basis and will include charges for reasonable travel and living expenses. In certain situations, We may provide You with a modification to the commercially available Microsoft product software code to address specific critical problems ("Hotfix(es)") in response to an assisted break -fix support request. Hotfixes are designed to address Your specific problems and are not regression tested. Except as otherwise provided herein or in an Exhibit, Hotfixes may not be distributed to unaffiliated third parties without Our express written consent. You may purchase either (but not a combination) of the following types of Problem Resolution Support: • Fixed Priced Incidents include the commercially reasonable amount of Services necessary to troubleshoot and help resolve the support issue. The total number of incidents is set forth in the attached Fee and Named Contacts Schedule(s). • Hours -based Incidents are charged on an hourly basis and include the commercially reasonable amount of hours of Services necessary to troubleshoot and help resolve the support issue. Hours -based incidents are deducted from the pre -paid hours set forth in the attached Fee and Named Contacts Schedule(s) or charged to You in arrears if all pre -paid hours have been exhausted. You are responsible for setting the initial severity level in consultation with Us and You can request a change in severity level at any time. The incident severity will determine the response levels within Microsoft and estimated response times and Your responsibilities are defined in the following table: Severity: 1 Submission via phone only Situation • Catastrophic business impact: • Complete loss of a core (mission critical) business process and work cannot reasonably continue • Needs immediate attention Our ExpectedResponse • 151 call response in 1 hour or less • Our Resources at Your site as soon as possible. • Continuous effort on a 24x7 basis • Rapid Escalation within Microsoft to Product teams • Notification of Our Senior Executives Your Expected Response • Notification of Your Senior executives • Allocation of appropriate resources to sustain continuous effort on a 24x7 basis2 • Rapid access and response from change control authority Premier6.4ServicesDescription(NorthAmerica)(US)(English)(April 2010) Page 3 of 11 A • Critical business impact: • 1s' call response in 1 hour or • Allocation of appropriate Submission • Significant loss or less resources to sustain continuous via phone degradation of services • Our Resources at Your site as effort on a 24x7 basis2 only • Needs attention within 1 hour • required. Continuous effort on a 24x7 basis • • Rapid access and response from change control authority Management notification • Notification of Our Senior Managers B • Moderate business impact: • 1" call response in 2 hours or • Allocation of appropriate Submission • Moderate loss or less resources to sustain Business via phone degradation of services but • Effort during Business Hours' Hours' continuous effort or web work can reasonably continue in an impaired manner. only • Access and response from change control authority within 4 Business Hours' • Needs attention within 2 Business Hours' C • Minimum business impact: • 1" call response in 4 hours or • Accurate contact information Submission • Substantially functioning less on case owner via phone or web with minor or no impediments of services. • Effort during Business Hours' only • Responsive within 24 hours. • Needs attention within 4 Business Hours' Business Hours are defined as 6AM to 6PM Pac'fic Time, Monday through Friday excluding holidays. 2 We may need to downgrade the severity level if You are not able to provide adequate resources or responses to enable Us to continue with problem resolution efforts. You may be required to perform problem determination and resolution activities as requested by Us. Problem determination and resolution activities may include performing network traces, capturing error messages, collecting configuration information, changing product configurations, installing new versions of software or new components, or modifying processes. You are responsible for implementing the procedures necessary to safeguard the integrity and security of Your software and data from unauthorized access and to reconstruct lost or altered files resulting from catastrophic failures. b. Rapid Onsite Support Services. You can request on -site support as an additional billable service. Our ability to provide onsite support is subject to Our resource availability, and the tasks performed will vary depending on the situation, environment, and business impact of the issue. c. Software Assurance Benefits. You may elect to convert Your Software Assurance 24x7 Problem Resolution Support Incidents (SA PRS Incidents) to Premier Problem Resolution Support (PPRS) hours or incidents for use consistent with Your Premier service plan at the time of transfer. This conversion is based on a local rate calculation that will be provided by your Services Resource. You may be required to purchase additional Support Account Management hours before converting SA PRS incidents/hours. All SA PRS Incidents You transfer are subject to this Services Description. 2.4 Support Assistance. Support Assistance provides short-term advice and guidance for problems not covered with Problem Resolution Support as well as requests for consultative assistance for design, development and deployment issues. Your Services Resource will work with You to determine Your specific Support Assistance needs. The following are types of Support Assistance that can be utilized under this Services Description: a. Infrastructure Support Assistance. Infrastructure Support Assistance includes informal advice, guidance and knowledge transfer intended to help You implement Microsoft technologies in ways that avoid common support issues and decrease the likelihood of system outages. These services also help You to resolve problems that are not attributed to Microsoft Products including: • Errors caused by Your networking infrastructure, hardware, non -Microsoft software, operational procedures, architecture, IT service management process, system configuration or human error. Premier6.4ServicesDescription(NorthAmerica)(US)(English)(April 2010) Page 4 of 11 • Multi -vendor coordination interoperability problems. Upon Your request, We will collaborate with third - party software suppliers to help resolve complex multi -vendor product interoperability issues. b. Reviews. A review is an assessment of a specific system, application or architecture to address design, development, deployment, and supportability issues for current or planned implementations of Microsoft technologies. Each review is individually scoped and estimated prior to scheduling resources, and a written report is produced to document findings and recommendations. All requests for reviews and the applicable data must be submitted to Us no later than 60 days prior to expiration date of the applicable Fee and Named Contacts Schedule(s). c. Development Support Assistance. Development Support Assistance helps You in Your creation and development of internal applications on the Microsoft platform that integrate Microsoft technologies. Development Support Assistance specializes in Microsoft development tools and technologies. d. Lab Access. Microsoft can provide You with access to a lab facility to assist You with product development, benchmarking and testing, prototyping and migration activities on Microsoft products. These facilities must be scheduled in advance and are subject to availability. 2.5 Information Services. Information Services provide You with technical information about Microsoft products and support tools that help You to implement and operate Microsoft products in a more efficient and effective manner. Information Services can include any combination of the following: a. Premier online website. The Premier online website provides access to the following information resources at no additional charge: • Regularly updated product news flashes documenting key support and operational information about Microsoft products. • Critical problem alerts notifying You of potentially high -impact problems. • Web response tool for submitting and checking the status of support incidents. • Microsoft KnowledgeBase of technical articles and troubleshooting tools and guides. b. Support Webcasts. Support webcasts are regularly scheduled webcast discussions led by Our program managers, developers and professionals covering key areas of Microsoft technology. These are provided at no additional charge and require high speed internet access to participate. 2.6 Additional Services. You may request changes or additions to this Services Description at any time. Additional Services that are available for purchase, and the specific terms and conditions applicable to those Services, may be set forth in this Services Description, an attached Exhibit and/or Fee and Named Contacts Schedule(s). Additional Services will be invoiced at the prevailing price at the time the Services are rendered or upon acceptance of an Exhibit and/or Fee and Named Contacts Schedule(s) referencing this Services Description. If you purchase additional Problem Resolution Support hours or convert Software Assurance hours to Problem Resolution Support hours, you may also be required to purchase additional Services Management hours. Prior to delivering additional Services, We must be in receipt of a purchase order, check or other acceptable form of payment. 3. PREREQUISITES AND ASSUMPTIONS. Our delivery of Services under this Services Description is based upon the following Prerequisites and Assumptions: a. All Services will be provided remotely to Your locations in the United States unless otherwise set forth in an Exhibit to this Services Description (see section 3(k) below). Where additional onsite visits are mutually agreed, and not pre -paid and defined on your Fee and Named Contacts Schedule, You will be billed for reasonable travel and living expenses in arrears. Alternatively, You agree that any travel related expenses incurred by Microsoft may be decremented from the Support Assistance hours if You so choose. You certify that You possess the authority for this approval and such conversion is in compliance with any applicable government procurement and audit rules or regulations. Premier6.4ServicesDescription(NorthAmerica)(US)(English)(April 2010) Page 5 of 11 b. All Services will be provided in the English language unless otherwise agreed to by You and Us in writing or in an Exhibit to this Services Description. c. We will provide support for all United States versions of commercially released generally available Microsoft products unless otherwise set forth in an Exhibit to this Services Description or specifically excluded on the Premier online website. Support for those Microsoft products that have entered the Extended Support Phase , as defined on the Premier online website, will be charged on an hourly basis only. Non -security related Hotfix support is not available for Microsoft products that have entered the Extended Phase of support unless You have purchased such support in an Exhibit to this Services Description. d. Support for pre-release products is not provided except as otherwise provided in an attached Exhibit. e. ALL SERVICES, INCLUDING ANY ADDITIONAL. SERVICES PURCHASED DURING THE TERM OF FEE AND NAMED CONTACTS SCHEDULE(S) SHALL BE FORFEITED IF NOT UTILIZED DURING THE TERM OF THE APPLICABLE FEE AND NAMED CONTACTS SCHEDULE(S). f. Support Assistance is dependent upon the availability of resources. 9• We can access Your system via remote dial -in to analyze problems at Your request. Our personnel will access only those systems authorized by You. We may provide You with software to assist with problem diagnosis and/or resolution. Such software is Microsoft's property and must be returned to Us promptly upon request. In order to utilize remote dial -in assistance, You must provide Us with the appropriate access and necessary equipment. h. You must have access to the Internet in order to take advantage of Internet -based services. i. Additional Prerequisites and Assumption may be set forth in relevant Exhibits. 1• When purchasing Problem Resolution Support, we will require a corresponding quantity of Support Account Management to facilitate delivery of your Problem Resolution Support. If you purchase additional Problem Resolution Support, Support Assistance, or if you convert Software Assurance hours to Problem Resolution Support hours or incidents, you may be required to purchase additional Support Account Management. k. Resource Site Visits (number of trips to Your location) are mutually agreed upon at acceptance of this Services Description and the total fixed price amount for these visits are included in Your Fee and Named Contacts Schedule. 4. YOUR RESPONSIBILITIES. This section sets forth Your performance obligations under this Services Description. Our performance is predicated upon You fulfilling the following responsibilities in addition to those set forth in Section 2.3 and any applicable Exhibits. Failure to comply with the following responsibilities may result in delays of Service. a. You can designate named contacts as set forth in the attached Fee and Named Contacts Schedule(s), one of which will be the Customer Support Manager ("CSM") for support related activities. The CSM is responsible for leading Your team and will manage all of Your support activities, and internal processes for submitting support requests to Us. Each contact will be supplied with an individual account number for access to the Premier online website, support issue submission and access to Your Services Resource. In addition to the named contacts, You may also identify two types of group contacts as follows: • One type will receive a shared account ID that provides access to the Premier online website for information content and the ability to submit support requests through the Premier online website or by telephone. • One type will receive a shared account ID that provides access to the Premier online website for information content only. b. You agree to work with Us to plan for the utilization of Services based upon the service level You purchased. Premier6.4ServicesDescription(NorthAmerica)(US)(English)(April 2010) Page 6 of 11 c. You agree to provide an internal escalation process to facilitate communication between Your management and Us as appropriate. d. You agree to respond to customer satisfaction surveys We may provide to You from time -to -time regarding the Services. e. You agree to provide reasonable office space, telephone and high speed internet access, and access to Your internal systems and diagnostic tools to Our Services Resources that are required to be on -site. f. You are responsible for any travel and expenses incurred by Your employees or contractors. 5. ADDITIONAL TERMS AND CONDITIONS. Except as otherwise set forth in an Exhibit (or attachment to an Exhibit) to this Services Description, this section governs the ownership and use rights of any computer code or other materials that may be provided under this Services Description. a. Pre-existing Work. All rights in any computer code or materials developed or otherwise obtained by or for Us or Our affiliates, or You or Your affiliates independently of this Services Description ("Pre-existing Work") shall remain the sole property of the Party providing the Pre-existing Work. During the performance of the Services for this Services Description, each Party grants to the other Party (and Our contractors as necessary) a temporary, non-exclusive license to use, reproduce and modify any of its Pre-existing Work provided to the other Party solely for the performance of such Services. We grant You a non-exclusive, perpetual, fully paid -up license to use, reproduce and modify (if applicable) Our Pre-existing Work in the form delivered to You for Your internal business operations without any obligation of accounting or payment of royalties. Your licenses to Our Pre-existing Work are conditioned upon Your compliance with the terms of the Agreement and this Services Description and the perpetual license applies solely to Our Pre-existing Work that is left to You at the conclusion of Our performance of the Services. b. Materials. All rights in any materials developed by Us (other than software code) and provided to You in connection with the Services ("Materials") shall be owned by Us except to the extent such Materials constitute Your Pre-existing Work. Upon payment in full, We grant You a non-exclusive, perpetual, fully paid -up license to use, reproduce and modify the Materials solely for Your internal business operations and without any obligation of accounting or payment of royalties. You may sublicense the rights granted herein to Your Affiliates. All rights not expressly granted, are reserved. c. Sample Code. We grant You a nonexclusive, perpetual, royalty -free right to use and modify any software code provided by Us for the purposes of illustration ("Sample Code") and to reproduce and distribute the object code form of the Sample Code, provided that You agree: (i) to not use Our name, logo, or trademarks to market Your software product in which the Sample Code is embedded; (ii) to include a valid copyright notice on Your software product in which the Sample Code is embedded; and (iii) to indemnify, hold harmless, and defend Us and Our suppliers from and against any claims or lawsuits, including attorneys' fees, that arise or result from the use or distribution of the Sample Code. d. Open Source License Restrictions. Because certain third party license terms require that computer code be generally (i) disclosed in source code form to third parties; (ii) licensed to third parties for the purpose of making derivative works; or (iii) redistributable to third parties at no charge (collectively, "open source license terms"), the license rights that each Party has granted to any computer code (or any intellectual property associated therewith) do not include any license, right, power or authority to incorporate, modify, combine and/or distribute that computer code with any other computer code in a manner which would subject the other's computer code to open source license terms. Furthermore, each Party warrants that it will not provide or give to the other Party computer code that is governed by open source license terms. e. Reservation of Rights. All rights not expressly granted in this Section 5 are reserved.. Premier6.4ServicesDescription(NorthAmerica)(US)(English)(April 2010) Page 7 of 11 Microsoft Premier Support Services Description Schedule: Fee and Named Contacts (Microsoft Affiliate to complete) Premier Support Services Description Number (Microsoft Affiliate to complete) Schedule Number Customer Name: Miami -Dade County, FL REN_001452448 This Schedule is made pursuant to the Microsoft Premier Support Services Description identified above (the "Services Description"). The terms of the Services Description and applicable Exhibits are incorporated herein by this reference and by accepting Our performance of Services under this Schedule You agree to be bound by these terms. Any terms not otherwise defined herein will assume the meanings set forth in the Agreement and the Services Description. Regardless of any terms and conditions contained in any purchase order, the terms of this Schedule apply. Term This Schedule will commence on 01/01/2017 (the "Commencement Date") and will expire on 05/31/2017 (the "Expiration Date"). 1. PREMIER SUPPORT SERVICES AND FEES. The quantities listed in the table below represent the amount of Services that You have pre -purchased for use during the term of this Schedule and applicable fees. a. Fee Summary Services Summary Total Price (US$) Country: United States Miami Dade County ITD $26,394 Miami Dade County Virtualization $7,633 Miami Dade Water and Sewer $86,424 Miami Dade Aviation $26,840 Miami Dade Police $61,192 Miami Dade Public Library $22,662 Total Amount Due $231,145 b. Services by Support Location Country : United States : Miami Dade County ITD (Premier Support Standard) • Support Account Management (estimated at 50) • Up to 17 hours for Support Assistance* • Up to 50 hours for Problem Resolution Support Five (5) Onsite Services Resource Site Visits Unlimited Access to Premier Online Services PremierFNCSv7.5(NA)(US)(English)(Dec2014) Page 9 of 11 Country : United States : Miami Dade County Virtualization (Premier Support Standard) • Support Account Management (estimated at 15) • Up to 4 hours for Support Assistance* • Up to 15 hours for Problem Resolution Support • Unlimited Access to Premier Online Services Country : United States : Miami Dade Water and Sewer (Premier Support Standard) • Support Account Management (estimated at 100) • Up to 227 hours for Support Assistance* • Up to 50 hours for Problem Resolution Support • Three (3) Onsite Services Resource Site Visits • Unlimited Access to Premier Online Services Country : United States : Miami Dade Aviation (Premier Support Standard) • Support Account Management (estimated at 50) • Up to 50 hours for Support Assistance* • Up to 17 hours for Problem Resolution Support • Three (3) Onsite Services Resource Site Visits • Unlimited Access to Premier Online Services Country : United States : Miami Dade Police (Premier Support Standard) • Support Account Management (estimated at 100) • Up to 86 hours for Support Assistance* • Up to 84 hours for Problem Resolution Support • Three (3) Onsite Services Resource Site Visits • Unlimited Access to Premier Online Services Country: United States: Miami Dade Public Library (Premier Support Standard) • Support Account Management (estimated at 34) • Up to 17 hours for Support Assistance* • Up to 50 hours for Problem Resolution Support • Unlimited Access to Premier Online Services * All registration requirements for Workshops and Events must be completed by You no later than 60 days prior to the expiration date of this Fee and Named Contacts Schedule(s). 2. MICROSOFT CONTACT Microsoft Contact: Contact for questions and notices about this Schedule and the Services Description: Microsoft Contact Name: Michael Murphy Phone: (980) 776-7767 Fax: (425) 936-7329 Email: micmur@microsoft.com PremierFNCSv7.5(NA)(US)(English)(Dec2014) Page 10 of 11 Olivera, Rosemary From: Sent: To: Cc: Subject: Attachments: Good evening Rosemary, Britos, Nina Friday, October 11, 2024 6:17 PM Olivera, Rosemary; Ewan, Nicole; Hannon, Todd Chow, Gee; Trogner, Kaira Matter ID No. 24-1871 - No -Cost Work Order for Microsoft Copilot Deployment & Adoption Matter ID No. 24-1871 - No -Cost Work Order for Microsoft Copilot Deployment & Adoption (10-11-2024).pdf I'm so sorry about that, please see attached the correct document from DocuSign that is to be considered an original agreement for your records. Thank you, Nina Britos, MBA Assistant to the Director Department of Innovation and Technology 444 SW 2nd Avenue, 5th Floor, Miami, FL 33130 0: (305) 416-1659 I M: (305) 781-9500 NBritos@miamigov.com From: Olivera, Rosemary <ROlivera@miamigov.com> Sent: Friday, October 11, 2024 5:42 PM To: Britos, Nina <NBritos@miamigov.com>; Ewan, Nicole <newan@miamigov.com>; Hannon, Todd <thannon@miamigov.com> Cc: Chow, Gee <GChow@miamigov.com>; Trogner, Kaira <Ktrogner@miamigov.com> Subject: RE: Matter ID No. 24-1871 - No -Cost Work Order for Microsoft Copilot Deployment & Adoption Importance: High Hi Nina, This document is incomplete. The original document was 80 pages. This document only contains 55 pages. Please forward me the entire document for our records. From: Britos, Nina <NBritos@miamigov.com> Sent: Friday, October 11, 2024 4:03 PM To: Olivera, Rosemary <ROlivera@miamigov.com>; Ewan, Nicole <newan@miamigov.com>; Hannon, Todd <thannon@miamigov.com> Cc: Chow, Gee <GChow@miamigov.com>; Trogner, Kaira <Ktrogner@miamigov.com> Subject: Matter ID No. 24-1871 - No -Cost Work Order for Microsoft Copilot Deployment & Adoption 1 Good afternoon City Clerk's Office, Please find attached the fully executed copy of Consulting Services No -Cost Work Order between the City of Miami and Microsoft to provide professional services for Copilot for Microsoft 365 Rapid Deployment and Adoption. Thank you, Nina Britos, MBA Assistant to the Director Department of Innovation and Technology 444 SW 2' Avenue, 5th Floor, Miami, FL 33130 0: (305) 416-1659 I M: (305) 781-9500 NBritos@miamigov.com 2