-
Notifications
You must be signed in to change notification settings - Fork 0
/
SF-Contract-Requirements.txt
1411 lines (1367 loc) · 101 KB
/
SF-Contract-Requirements.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
City and County of San Francisco Technology Marketplace
Software as a Service Term Sheet
This Software as a Service (“SaaS”) Term Sheet (“Term Sheet”) is attached and incorporated as
though fully set forth therein, to each Purchase Order for the purchase of Software as a Service
hereby issued by the City and County of San Francisco (“City”) pursuant to any of the
Technology Marketplace Agreements identified in Exhibit 1 (“Technology Marketplace
Agreements”), heretofore entered into by and between the City and those Contractors selected by
City pursuant to a Request for Proposals 99400 issued by City on or about July 2018.
Article 1 Definitions
The following definitions apply to this Agreement:
1.1 “Acceptance” means notice from the City to Contractor that the SaaS
Application meets the specifications and requirements contained in the Documentation and the
accompanying Purchase Order and Corresponding Documents.
1.2 “Acceptance Period” means the period allocated by City to test the SaaS
Application to determine whether it conforms to the applicable specifications and, if appropriate,
properly operates in the defined operating environment, is capable of running on a repetitive
basis, and is otherwise in compliance with the service level obligations without failure.
1.3 “Authorized Users” means a person authorized by City to access the City's
Portal and use the SaaS Application, including any City employee, contractor, or agent, or any
other individual or entity authorized by City.
1.4 “Back-Up Environment” means the Contractor’s back-up Data Center for
the SaaS Services.
1.5 "City" or "the City" means the City and County of San Francisco, a
municipal corporation, acting by and through both its Director of the Office of Contract
Administration or the Director’s designated agent, hereinafter referred to as “Purchasing”.
1.6 “City Data” means that data as described in Article 13 of this Term Sheet
which includes, without limitation, all data collected, used, maintained, processed, stored, or
generated by or on behalf of the City in connection with this Term Sheet, including data resulting
from use of the SaaS Service. City Data includes, without limitation, Confidential Information.
1.7 “City Portal” means an electronic gateway to a secure entry point via
Contractor’s Website that allows City and its Authorized Users to log in to an area where they
can view and download information or request assistance regarding the SaaS Application and
Services.
1.8 “City’s Project Manager” means the individual specified by the City
pursuant to Section 4.2.1 hereof, as the Project Manager authorized to administer this Term
Sheet on the City’s behalf.
1.9 "CMD" means the Contract Monitoring Division of the City.
1.10 “Confidential Information” means confidential City information including,
but not limited to, personally-identifiable information (PII), protected health information, or
individual financial information (collectively, “Proprietary or Confidential Information”) that is
P-648 (6-17) (SaaS Term Sheet) Page 2
subject to local, state or federal laws restricting the use and disclosure of such information. These
laws include, but are not limited to, Article 1, Section 1 of the California Constitution; the
California Information Practices Act (Civil Code § 1798 et seq.); the California Confidentiality
of Medical Information Act (Civil Code § 56 et seq.); the federal Gramm-Leach-Bliley Act (15
U.S.C. §§ 6801(b) and 6805(b)(2)); the privacy and information security aspects of the
Administrative Simplification provisions of the federal Health Insurance Portability and
Accountability Act (45 CFR Part 160 and Subparts A, C, and E of part 164); and San Francisco
Administrative Code Chapter 12M (Chapter 12M). Confidential Information includes, without
limitation, City Data.
1.11 "Contractor" shall mean the Contractor with whom the City has entered
into the Technology Marketplace Agreement identified in Exhibit 1 and the entity to whom a
Purchase Order is hereby issued for the purchase of SaaS.
1.12 “Contractor Project Manager” means the individual specified by
Contractor pursuant to Section 4.2.1 hereof, as the Project Manager authorized to administer this
Term Sheet on Contractor's behalf.
1.13 “Contractor’s Website” means the Website that provides Authorized User
access to the SaaS Application Services.
1.14 “Data Breach” means any access, destruction, loss, theft, use, modification
or disclosure of City Data by an unauthorized party or that is in violation of this Term Sheet
terms and/or applicable local, state or federal law.
1.15 “Data Center(s)” means a physical location within the United States where
the Contractor (or its subcontractor) houses and operates the hardware (including computer
servers, routers, and other related equipment) on which Contractor hosts on the Internet the SaaS
Application and City Data pursuant to this Term Sheet.
1.16 "Deliverables" means Contractor' work product resulting from the
Services that are provided by Contractor to City during the course of Contractor's performance of
the Services detailed in the accompanying Purchase Order, Corresponding Documents and this
Term Sheet, including without limitation, the work product described in the “SaaS
Implementation and Training Services,” if any, attached to the accompanying Purchase Order.
1.17 “Disabling Code” means computer instructions or programs, subroutines,
code, instructions, data or functions (including but not limited to viruses, worms, date bombs or
time bombs), including but not limited to other programs, data storage, computer libraries and
programs that self-replicate without manual intervention, instructions programmed to activate at
a predetermined time or upon a specified event, and/or programs purporting to do a meaningful
function but designed for a different function, that alter, destroy, inhibit, damage, interrupt,
interfere with or hinder the operation of the City's access to the SaaS Services through the
Contractor's Website and/or Authorized User's processing environment, the system in which it
resides, or any other software or data on such system or any other system with which it is
capable of communicating.
1.18 “Documentation” means technical publications provided by Contractor to
City relating to use of the SaaS Application, such as reference, administrative, maintenance, and
programmer manuals.
P-648 (6-17) (SaaS Term Sheet) Page 3
1.19 “End Users” means any Authorized User who accesses the Contractor’s
Website and uses the SaaS Application and Services.
1.20 “Internet” means that certain global network of computers and devices
commonly referred to as the “internet,” including, without limitation, the World Wide Web.
1.21 "Mandatory City Requirements" means those City laws set forth in the
San Francisco Municipal Code, including the duly authorized rules, regulations, and guidelines
implementing such laws, which impose specific duties and obligations upon Contractor.
1.22 “Open Source Software” means software with either freely obtainable
source code, a license for modification, or permission for free distribution.
1.23 "Party" and "Parties" mean the City and Contractor either collectively or
individually.
1.24 “Performance Credit” means credit, if any, due to City by Contractor with
regard to Contractor’s service level obligations in the accompanying Purchase Order,
Corresponding Documents and/or Exhibit 3 (Service Level Obligations: Minimum
Requirements), as the case may be.
1.25 “Personally Identifiable Information (PII)” means any information about
an individual, including information that can be used to distinguish or trace an individual’s
identity, such as name, social security number, date and place of birth, mother’s maiden name, or
biometric records; and any other information that is linked to an individual, such as medical,
educational, financial, and employment information.
1.26 “Purchase Order” means the accompanying Purchase Order and any other
corresponding documents, such as a SaaS Agreement submitted by Contractor to City
(“Corresponding Documents”) in response to a request for quote by City for the SaaS described
in the Purchase Order. The Purchase Order is issued by City to Contractor pursuant to a
Technology Marketplace Agreement, which agreement is identified in the Purchase Order. The
Purchase Order and all Corresponding Documents are incorporated into this Term Sheet as
though fully set forth herein.
1.27 “SaaS” means Software as a Service.
1.28 “SaaS Application/SaaS Software” means the licensed and hosted
computer program and associated documentation, as listed in this Term Sheet and Exhibits, and
any modification or Upgrades or modifications to the program(s), residing in Contractor's servers
that provides the SaaS Services that may be accessed by Authorized Users through the Internet.
1.29 “SaaS Application Patch” means an update to the SaaS Application
comprised of code inserted (or patched) into the code of the SaaS Application, and which may be
installed as a temporary fix between full releases of a SaaS Application Revision or SaaS
Application Version. Such a patch may address a variety of issues including without limitation
fixing a software bug, installing new drivers, addressing new security vulnerabilities, addressing
software stability issues, and upgrading the software. SaaS Application Patches are included in
the annual payments made by City to Contractor for the SaaS Services under this Term Sheet.
1.30 “SaaS Implementation and Training Services” means the necessary
services, if any, by which the Contractor will implement all necessary Software configurations
and modules necessary to make the SaaS Application available and accessible to City.
P-648 (6-17) (SaaS Term Sheet) Page 4
1.31 “SaaS Issue” means a problem with the SaaS Services identified by the
City that requires a response by Contractor to resolve.
1.32 “SaaS Maintenance Services” means the activities to investigate, resolve
SaaS Application and Services issues and correct product bugs arising from the use of the SaaS
Application and Services in a manner consistent with the published specifications and functional
requirements defined during implementation.
1.33 “SaaS Services” means the Services performed by Contractor to host the
SaaS Application to provide the functionality listed in the Documentation.
1.34 “SaaS Severity Level” means a designation of the effect of a SaaS Issue
on the City. The severity of a SaaS Issue is initially defined by the City and confirmed by
Contractor. Until the SaaS Issue has been resolved, the Severity Level may be raised or lowered
based on Contractor’s analysis of impact to business.
1.35 “SaaS Software” means those SaaS licensed programs and associated
documentation licensed to City by Contractor as listed in this Term Sheet and Exhibits, and any
modification or Upgrades or modifications to the program(s) provided under this Agreement.
1.36 “SaaS Software Error” means any failure of SaaS Software to conform in
all material respects to the requirements of this Term Sheet or Contractor’s published
specifications.
1.37 “SaaS Software Error Correction” means either a modification or addition
that, when made or added to the SaaS Software, brings the SaaS Software into material
conformity with the published specifications, or a procedure or routine that, when observed in
the regular operation of the SaaS Software, avoids the practical adverse effect of such
nonconformity.
1.38 “SaaS Software Revision” means an update to the current SaaS Software
Version of the SaaS Software code that consists of minor enhancements to existing features and
code corrections. SaaS Software Revisions are provided and included with the annual service
payments made by City to Contractor for the SaaS Service.
1.39 “SaaS Software Version” means the base or core version of the SaaS
Software that contains significant new features and significant fixes and is available to the City.
SaaS Software Versions may occur as the SaaS Software architecture changes or as new
technologies are developed. The nomenclature used for updates and upgrades consists of major,
minor, build, and fix and these correspond to the following digit locations of a release, a,b,c,d, an
example of which would be NCC 7.4.1.3, where the 7 refers to the major release, the 4 refers to
the minor release, the 1 refers to the build, and the 4 refers to a fix. All SaaS Software Versions
are provided and included as part of this Term Sheet upon request or approval from City for the
upgrade.
1.40 “Scheduled SaaS Maintenance” means the time (in minutes) during the
month, as measured by Contractor, in which access to the SaaS Services is scheduled to be
unavailable for use by the City due to planned system maintenance and major version upgrades.
1.41 "Services" means the work performed by Contractor pursuant to the
accompanying Purchase Order, Corresponding Documents and this Term Sheet, including all
P-648 (6-17) (SaaS Term Sheet) Page 5
services, labor, supervision, materials, equipment, actions and other requirements to be
performed and furnished by Contractor under this Term Sheet.
1.42 “Software” means the SaaS Software and Contractor provided Third-Party
Software, if any. All Software, revisions and versions provided by Contractor shall be subject to
the terms and conditions of this Term Sheet, including any amendments thereto.
1.43 “Successor Service Provider” means a new service provider, if any,
selected by City in the event the SaaS Services are terminated under this Term Sheet.
1.44 “Term Sheet” means this document, the accompanying Purchase Order, all
attached exhibits, and all applicable City Ordinances and Mandatory City Requirements in the
Technology Marketplace Agreement between City and Contractor that are specifically
incorporated into this Term Sheet by reference as provided herein.
1.45 “Third-Party Software” means the software described in the
accompanying Purchase Order.
1.46 “Transition Services” means that assistance reasonably requested by City
to effect the orderly transition of the SaaS Services, in whole or in part, to City or to Successor
Service Provider.
Article 2 Term of the Term Sheet
2.1 Term. The term of this Term Sheet shall reflect the term of the SaaS set
forth in the accompanying Purchase Order, unless earlier terminated in accordance with the
provisions of this Term Sheet or the applicable Technology Marketplace Agreement.
Article 3 Reserved (Financial Matters)
Article 4 SaaS Services and Resources
4.1 SaaS Licensed Software. Subject to the terms and conditions of this
Term Sheet, Contractor hereby grants City and Authorized Users a renewable, irrevocable, nonexclusive,
royalty-free, and worldwide license to access, display, and execute the SaaS
Application and SaaS Services during the Term of this Term Sheet and any renewals thereof, if
any.
4.1.1 Click-Wrap Disclaimer. No “click to accept” agreement that may be
required for the City and/or Authorized Users’ access to the SaaS Services or Contractor's
Website and no “terms of use” or “privacy policy” referenced therein or conditioned for use of
the SaaS Services or Contractor's Website shall apply. Only the provisions of this Term Sheet as
amended from time to time shall apply to City and/or Authorized Users for access thereto and
use thereof. The Parties acknowledge that City and/or each Authorized User may be required to
click "Accept" as a condition of access to the SaaS Services through the Contractor's Website,
but the provisions of such “click to accept” agreement and other terms (including Terms of Use
and Privacy Policy) referenced therein shall be null and void for City and/or each such
Authorized User. The foregoing does not apply to the City’s own click-wrap agreements in the
event the City chooses to have Contractor include terms of use, terms or service, privacy
policies, or similar requirements drafted and approved by the City.
4.1.2 Authorized APIs. City shall be permitted to access and use Contractor’s
SaaS Application Program Interfaces (APIs) when commercially available to develop and
P-648 (6-17) (SaaS Term Sheet) Page 6
modify, as necessary, macros and user interfaces for use with any existing or future City systems
and infrastructure. For purposes of this Term Sheet, such development shall be deemed an
authorized modification but will not be supported by Contractor unless provided for in this Term
Sheet. Functionality and compatibility of City developed macros will be sole responsibility of
City. Any such macros or user interfaces developed by City shall become the property of City.
All flat-file exchanges will be over an encrypted file transport service (ftps/vsftpd/scp/sftp) to a
secure private ftp site.
4.2 Project Managers; Services Contractor Agrees to Perform.
4.2.1 Project Managers. If applicable, Contractor and City shall each
designate a Project Manager, who shall be accessible by telephone throughout the duration of the
accompanying Purchase Order and Corresponding Documents and shall be available 9 a.m. to 5
p.m. Monday through Friday, excluding City-designated holidays. These hours may be adjusted
by mutual agreement of City and Contractor. Contractor shall use its best efforts to maintain the
same Project Manager throughout the duration of the accompanying Purchase Order. However,
if Contractor needs to replace its Project Manager, Contractor shall provide City with written
notice thereof at least forty-five (45) days prior to the date the Project Manager shall be replaced.
Notwithstanding the foregoing, Contractor will have the right to appoint temporary Project
Managers in connection with short term unavailability, sick leave or reasonable vacations.
Contractor shall notify City in advance of any such temporary appointments. City may require
Contractor to replace its Project Manager, by giving Contractor notification thereof and City’s
objective reasons therefor. The Project Managers, if any, of the City and Contractor are
identified in the accompanying Purchase Order.
4.2.2 Services Contractor Agrees to Perform. During the Term of this Term
Sheet, Contractor will perform all of the services set forth in the accompanying Purchase Order
and Corresponding Documents and the following:
(a) Provide all hardware, software and other equipment at Contractor's
hosting site as described in the accompanying Purchase Order and Corresponding Documents
(and any applicable disaster recovery site) as necessary to host and deliver the SaaS Application
and Services described in the Purchase Order and Corresponding Documents.
(b) Provide Authorized Users access to the SaaS Application and
Services pursuant to the grant of access in Section 4.1.
(c) Meet or exceed the Service Level Obligations described in Exhibit
3. It is mutually agreed and understood, that the Service Level Obligations will be applied
beginning on the first full calendar month following the Acceptance of the SaaS Application and
Services.
(d) Maintain the correct operation of the SaaS Application and
Services, Contractor's Website, and provide SaaS Maintenance Services and support services as
specified in this Term Sheet.
(e) Provide telephone support for Authorized Users in the operation of
the SaaS Application and Services.
(f) Provide Disaster Recovery Services that meets or exceeds what is
described in Section 14.4 and Exhibit 4.
P-648 (6-17) (SaaS Term Sheet) Page 7
4.3 Acceptance Testing; Document Delivery; Training.
4.3.1 After City has obtained access to the SaaS Application and Services, and
subsequent to each SaaS Software version upgrade, revision and patch, City and Contractor shall
conduct user acceptance testing as outlined in the accompanying Purchase Order and
Corresponding Documents to verify that the SaaS Application and Services substantially
conform to the specifications and City’s requirements contained therein. In the event that the
City determines that the SaaS Services do not meet such specifications, the City shall notify the
Contractor in writing, and Contractor shall modify or correct the SaaS Services so that it satisfies
the Acceptance criteria. The date of Acceptance will be that date upon which City provides
Contractor with written notice of satisfactory completion of Acceptance testing. If City notifies
Contractor after the Acceptance Testing Period that the SaaS Services do not meet the
Acceptance criteria outlined in and the accompanying Purchase Order and Corresponding
Documents, then City shall be entitled to terminate this Term Sheet in accordance with the
procedures specified in Article 8 herein, and shall be entitled to a full refund of any fees paid as
part of this Term Sheet prior to termination.
4.3.2 Document Delivery. Contractor will deliver completed Documentation in
electronic format for the SaaS Application and Services at the time it gives City access to the
SaaS Application and Services. The Documentation will accurately and completely describe the
functions and features of the SaaS Application and Services, including all subsequent revisions
thereto. The Documentation shall be understandable by a typical end user and shall provide
Authorized Users with sufficient instruction such that an Authorized User can become selfreliant
with respect to access and use of the SaaS Application and Services. City shall have the
right to make any number of additional copies of the Documentation at no additional charge.
The City may withhold its issuance of the notice of final Acceptance until City receives the
completed Documentation.
4.4 Qualified Personnel. Contractor shall utilize only competent personnel
under the supervision of and/or in the employment of, Contractor (or Contractor's authorized
subcontractors) to perform the Services. Contractor will comply with City’s reasonable requests
regarding assignment and/or removal of personnel, but all personnel, including those assigned at
City’s request, must be supervised by Contractor. Contractor shall commit adequate resources to
allow timely completion within the project schedule specified in this Term Sheet.
4.5 Warranty. Contractor warrants to City that the Services will be
performed with the degree of skill and care that is required by current, good and sound
professional procedures and practices, and in conformance with generally accepted professional
standards prevailing at the time the Services are performed so as to ensure that all Services
performed are correct and appropriate for the purposes contemplated in this Term Sheet.
Article 5 Indemnity and Warranties
5.1 Indemnification
5.1.1 General Indemnification. Contractor shall indemnify and hold harmless
City and its officers, agents and employees from, and, if requested, shall defend them from and
against any and all liabilities (legal, contractual, or otherwise), losses, damages, costs, expenses,
or claims for injury or damages (collectively, “Claims”), arising from or in any way connected
with Contractor’s performance of the Term Sheet, including but not limited to, any: (i) injury to
P-648 (6-17) (SaaS Term Sheet) Page 8
or death of a person, including employees of City or Contractor; (ii) loss of or damage to
property; (iii) violation of local, state, or federal common law, statute or regulation, including but
not limited to privacy or personally identifiable information, health information, disability and
labor laws or regulations; (iv) strict liability imposed by any law or regulation; or (v) losses
arising from Contractor's execution of subcontracts not in accordance with the requirements of
this Term Sheet applicable to subcontractors; except where such Claims are the result of the sole
active negligence or willful misconduct of City. The foregoing indemnity shall include, without
limitation, reasonable fees of attorneys, consultants and experts and related costs and City’s costs
of investigating any claims against the City. In addition to Contractor’s obligation to indemnify
City, Contractor specifically acknowledges and agrees that it has an immediate and independent
obligation to defend City from any claim which actually or potentially falls within this
indemnification provision, even if the allegations are or may be groundless, false or fraudulent,
which obligation arises at the time such Claim is tendered to Contractor by City and continues at
all times thereafter.
5.1.2 Infringement Indemnification. If notified promptly in writing of any
judicial action brought against City based on an allegation that City’s use of the SaaS
Application and Services infringes a patent, copyright, or any right of a third-party or constitutes
misuse or misappropriation of a trade secret or any other right in intellectual property
(Infringement), Contractor will hold City harmless and defend such action at its own expense.
Contractor will pay the costs and damages awarded in any such action or the cost of settling such
action, provided that Contractor shall have sole control of the defense of any such action and all
negotiations or its settlement or compromise, provided, however, that Contractor shall not agree
to any injunctive relief or settlement that obligates the City to perform any obligation, make an
admission of guilt, fault or culpability or incur any expense, without City’s prior written consent,
which shall not be unreasonably withheld or delayed. If notified promptly in writing of any
informal claim (other than a judicial action) brought against City based on an allegation that
City’s use of the SaaS Application and/or Services constitutes Infringement, Contractor will pay
the costs associated with resolving such claim and will pay the settlement amount (if any),
provided that Contractor shall have sole control of the resolution of any such claim and all
negotiations for its settlement, provided, however, that Contractor shall not agree to any
injunctive relief or settlement that obligates the City to perform any obligation, make an
admission of guilt, fault or culpability or incur any expense, without City’s prior written consent,
which shall not be unreasonably withheld or delayed. In the event a final injunction is obtained
against City’s use of the SaaS Application and Services by reason of Infringement, or in
Contractor’s opinion City’s use of the SaaS Application and Services is likely to become the
subject of Infringement, Contractor may at its option and expense: (a) procure for City the right
to continue to use the SaaS Application and Services as contemplated hereunder, (b) replace the
SaaS Application and Services with a non-infringing, functionally equivalent substitute SaaS
Application and Services, or (c) suitably modify the SaaS Application and Services to make its
use hereunder non-infringing while retaining functional equivalency to the unmodified version of
the SaaS Application and Services. If none of these options is reasonably available to
Contractor, then the applicable Purchase Order and Corresponding Documents or relevant part of
such Purchase Order and Corresponding Documents may be terminated at the option of either
Party hereto and Contractor shall refund to City all amounts paid under this Term Sheet for the
license of such infringing SaaS Application and/or Services. Any unauthorized modification or
attempted modification of the SaaS Application and Services by City or any failure by City to
P-648 (6-17) (SaaS Term Sheet) Page 9
implement any improvements or updates to the SaaS Application and Services, as supplied by
Contractor, shall void this indemnity unless City has obtained prior written authorization from
Contractor permitting such modification, attempted modification or failure to implement.
Contractor shall have no liability for any claim of Infringement based on City’s use or
combination of the SaaS Application and Services with products or data of the type for which the
SaaS Application and Services was neither designed nor intended to be used.
5.2 Warranties of Contractor
5.2.1 Warranty of Authority; No Conflict. Each Party warrants to the other
that it is authorized to enter into this Term Sheet and that its performance of the Term Sheet will
not conflict with any other addendum to the Agreement.
5.2.2 Warranty of Performance. Contractor warrants that when fully
implemented, the SaaS Application to be configured and provided under this Term Sheet shall
perform in accordance with the specifications applicable thereto. With respect to all Services to
be performed by Contractor under this Term Sheet, Contractor warrants that it will use
reasonable care and skill. All services shall be performed in a professional, competent and timely
manner by Contractor personnel appropriately qualified and trained to perform such services. In
the event of a breach of the foregoing warranty relating to any service under this Term Sheet
within twelve (12) months from the date of provision such services, Contractor shall, at its sole
cost and expense, re-perform such services.
5.2.3 Compliance with Description of Services. Contractor represents and
warrants that the SaaS Application and Services specified in this Term Sheet and all updates and
improvements to the SaaS Application and Services will comply in all material respects with the
specifications and representations specified in the Documentation (including performance,
capabilities, accuracy, completeness, characteristics, specifications, configurations, standards,
functions and requirements) as set forth (i) herein or in any amendment hereto, and (ii) the
updates thereto.
5.2.4 Title. Contractor represents and warrants to City that it is the lawful
owner or license holder of all Software, materials and property identified by Contractor as
Contractor-owned and used by it in the performance of the SaaS Services contemplated
hereunder and has the right to permit City access to or use of the SaaS Application and Services
and each component thereof. To the extent that Contractor has used Open Source Software
(“OSS”) in the development of the SaaS Application and Services, Contractor represents and
warrants that it is in compliance with any applicable OSS license(s) and is not infringing.
5.2.5 Disabling Code. Contractor represents and warrants that the SaaS
Application and Services, and any information, reports or other materials provided to Authorized
Users as a result of the operation of the SaaS Application and Services, including future
enhancements and modifications thereto, shall be free of any Disabling Code.
5.2.6 Warranty of Suitability for Intended Purpose. Contractor warrants that
the SaaS Application and Services will be suitable for the intended purpose of the City.
Article 6 Reserved (Liability of the Parties)
Article 7 Reserved (Payment of Taxes)
P-648 (6-17) (SaaS Term Sheet) Page 10
Article 8 Termination; Disposition of Content; Survival
8.1 Termination for Cause and/or Convenience. City shall have the right,
without further obligation or liability to Contractor:
8.1.1 To immediately terminate this Term Sheet if Contractor commits any
breach of this Term Sheet or default (see Section 8.2 below) and fails to remedy such breach or
default within ten (10) days after written notice by City of such breach (10-day cure period), in
which event, Contractor shall refund to City all amounts paid under this Term Sheet for the SaaS
Application and/or Services in the same manner as if City ceased to use the SaaS Application
due to infringement under Section 5.1.2. At City’s sole election, the 10-day cure period will not
apply to termination for data breach and/or breach of confidentiality; or
8.1.2 To terminate this Term Sheet upon thirty (30) days prior written notice for
City's convenience and without cause, provided that except for termination due to an uncured
breach as set forth in this Section and in the event of Infringement, City shall not be entitled to a
refund of any amounts previously paid under this Term Sheet.
8.2 Each of the following shall constitute an immediate event of default
(“Event of Default”) under this Term Sheet:
8.2.1 Contractor fails or refuses to perform or observe any term, covenant or
condition contained in any of the following Sections of this Term Sheet:
8.2.2 Contractor fails or refuses to perform or observe any other term, covenant
or condition contained in this Term Sheet, including any obligation imposed by ordinance or
statute and incorporated by reference herein, and such default continues for a period of ten (10)
days after written notice thereof from City to Contractor.
8.2.3 Contractor (i) is generally not paying its debts as they become due; (ii)
files, or consents by answer or otherwise to the filing against it of a petition for relief or
reorganization or arrangement or any other petition in bankruptcy or for liquidation or to take
advantage of any bankruptcy, insolvency or other debtors’ relief law of any jurisdiction; (iii)
makes an assignment for the benefit of its creditors; (iv) consents to the appointment of a
custodian, receiver, trustee or other officer with similar powers of Contractor or of any
substantial part of Contractor’s property; or (v) takes action for the purpose of any of the
foregoing.
8.2.4 A court or government authority enters an order (i) appointing a custodian,
receiver, trustee or other officer with similar powers with respect to Contractor or with respect to
any substantial part of Contractor’s property, (ii) constituting an order for relief or approving a
petition for relief or reorganization or arrangement or any other petition in bankruptcy or for
liquidation or to take advantage of any bankruptcy, insolvency or other debtors’ relief law of any
jurisdiction or (iii) ordering the dissolution, winding-up or liquidation of Contractor.
8.2.5 On and after any Event of Default, City shall have the right to exercise its
legal and equitable remedies, including, without limitation, the right to terminate this Term Sheet
Article 5 Insurance; Indemnity and
Warranties
13.2 Proprietary or
Confidential Information
P-648 (6-17) (SaaS Term Sheet) Page 11
or to seek specific performance of all or any part of this Term Sheet. In addition, where
applicable, City shall have the right (but no obligation) to cure (or cause to be cured) on behalf of
Contractor any Event of Default; Contractor shall pay to City on demand all costs and expenses
incurred by City in effecting such cure, with interest thereon from the date of incurrence at the
maximum rate then permitted by law. City shall have the right to offset from any amounts due to
Contractor under this Term Sheet or any other Term Sheet between City and Contractor: (i) all
damages, losses, costs or expenses incurred by City as a result of an Event of Default; and (ii)
any liquidated damages levied upon Contractor pursuant to the terms of this Term Sheet; and
(iii), any damages imposed by any ordinance or statute that is incorporated into this Term Sheet
by reference, or into any other Term Sheet with the City.
8.3 Bankruptcy. In the event that Contractor shall cease conducting business
in the normal course, become insolvent, make a general assignment for the benefit of creditors,
suffer or permit the appointment of a receiver for its business or assets or shall avail itself of, or
become subject to, any proceeding under the Federal Bankruptcy Code or any other statute of
any state relating to insolvency or the protection of rights of creditors, then at City’s option this
Term Sheet shall terminate and be of no further force and effect. Notwithstanding anything to
the contract set forth in the Purchase Order and Corresponding Documents, upon termination of
this Term Sheet pursuant to this Section, Contractor shall within forty-eight (48) hours return
City’s Data in an agreed-upon machine readable format. Once Contractor has received written
confirmation from City that City’s Data has been successfully transferred to City, Contractor
shall within thirty (30) calendar days clear, purge or physically destroy all City Data from its
hosted servers or files and provide City with written certification within five (5) calendar days
that such clear, purge and/or physical destruction has occurred. Secure disposal shall be
accomplished by “clearing,” “purging” or “physical destruction,” in accordance with National
Institute of Standards and Technology (NIST) Special Publication 800-88 or most current
industry standard.
8.4 Transition Services and Disposition of City Data. Notwithstanding
anything to the contract set forth in the Purchase Order and Corresponding Documents, upon
expiration or termination of the SaaS Services under this Term Sheet:
8.4.1 Contractor may immediately discontinue the SaaS Services and City shall
immediately cease accessing the SaaS Application and Services. Contractor shall within five (5)
calendar days of the expiration or termination of the SaaS Services return City’s data in an
agreed-upon machine readable format. This provision shall also apply to all City Data that is in
the possession of subcontractors, agents or auditors of Contractor. Such data transfer shall be
done at no cost to the City. Once Contractor has received written confirmation from City that
City’s Data has been successfully transferred to City, Contractor shall within thirty (30) calendar
days clear, purge or physically destroy all City Data from its hosted servers or files and provide
City with written certification within five (5) calendar days that such clear or purge and/or
physical destruction has occurred. Secure disposal shall be accomplished by “clearing,”
“purging” or “physical destruction,” in accordance with National Institute of Standards and
Technology (NIST) Special Publication 800-88 or most current industry standard.
8.4.2 Contractor shall provide to City and/or Successor Service Provider
assistance requested by City to effect the orderly transition of the SaaS Services, in whole or in
part, to City or to Successor Service Provider. During the transition period, SaaS and City Data
access shall continue to be made available to City without alteration. Such Transition Services
P-648 (6-17) (SaaS Term Sheet) Page 12
shall be provided on a time and materials basis if the City opts to return to its own servers or City
chooses a Successor Service Provider. Transition costs may include: (a) developing a plan for
the orderly transition of the terminated SaaS Services from Contractor to Successor Service
Provider; (b) if required, transferring the City Data to Successor Service Provider; (c) using
commercially reasonable efforts to assist City in acquiring any necessary rights to legally and
physically access and use any third-party technologies and documentation then being used by
Contractor in connection with the Services; (d) using commercially reasonable efforts to make
available to City, pursuant to mutually agreeable terms and conditions, any third-party services
then being used by Contractor in connection with the SaaS Services; and, (e) such other activities
upon which the Parties may agree. Notwithstanding the foregoing, should City terminate this
Term Sheet due to Contractor’s material breach, City may elect to use the Services for a period
of no greater than six (6) months from the date of termination at a reduced rate of twenty (20%)
percent off of the then-current Services Fees for the terminated Services. All applicable terms
and conditions of this Term Sheet shall apply to the Transition Services. This Section shall
survive the termination of this Term Sheet.
8.5 Remedies. All remedies provided for in this Term Sheet may be exercised
individually or in combination with any other remedy available hereunder or under applicable
laws, rules and regulations. The exercise of any remedy shall not preclude or in any way be
deemed to waive any other remedy. Nothing in this Term Sheet shall constitute a waiver or
limitation of any rights that City may have under applicable law.
8.6 Notice of Default. Any notice of default must be sent by registered mail
to the address set forth in Section 11.1, “Notices to the Parties.”
8.7 Non-Waiver of Rights. The omission by either Party at any time to
enforce any default or right reserved to it, or to require performance of any of the terms,
covenants, or provisions hereof by the other Party at the time designated, shall not be a waiver of
any such default or right to which the Party is entitled, nor shall it in any way affect the right of
the Party to enforce such provisions thereafter.
8.8 Survival.
8.8.1 This Section and the following Sections of this Term Sheet listed below,
shall survive termination or expiration of this Term Sheet: shall be works for hire as defined under Title 17 of the United States Code, and all copyrights in such works shall be the property of the City. If any Deliverables created by Contractor or its subcontractor(s) under this Term Sheet are ever
determined not to be works for hire under U.S. law, Contractor hereby assigns all Contractor's
copyrights to such Deliverables to the City, agrees to provide any material and execute any
documents necessary to effectuate such assignment, and agrees to include a clause in every
subcontract imposing the same duties upon subcontractor(s). With City's prior written approval,
Contractor and its subcontractor(s) may retain and use copies of such works for reference and as
documentation of their respective experience and capabilities.
Article 10 Reserved (Additional Requirements Incorporated by Reference)
Article 11 General Provisions
11.1 Modification of this Term Sheet. This Term Sheet may not be modified,
nor may compliance with any of its terms be waived except by written instrument executed and
approved in the same manner as this Term Sheet.
11.2 Compliance with Laws. Contractor shall keep itself fully informed of the
City’s Charter, codes, ordinances and duly adopted rules and regulations of the City and of all
state, and federal laws in any manner affecting the performance of this Term Sheet, and must at
all times comply with such local codes, ordinances, and regulations and all applicable laws as
they may be amended from time to time.
11.3 Severability. Should the application of any provision of this Term Sheet
to any particular facts or circumstances be found by a court of competent jurisdiction to be
invalid or unenforceable, then (a) the validity of other provisions of this Term Sheet shall not be
affected or impaired thereby, and (b) such provision shall be enforced to the maximum extent
possible so as to effect the intent of the Parties and shall be reformed without further action by
the Parties to the extent necessary to make such provision valid and enforceable.
11.4 Incorporation of Recitals. The matters recited above are hereby
incorporated into and made part of this Term Sheet.
11.5 Term Sheet Made in California; Venue. The formation, interpretation
and performance of this Term Sheet shall be governed by the laws of the State of California.
P-648 (6-17) (SaaS Term Sheet) Page 14
Venue for all litigation relative to the formation, interpretation and performance of this Term
Sheet shall be in San Francisco.
11.6 Order of Precedence. This Term Sheet may be modified only as
provided in Section 11.1, “Modification of this Term Sheet.” Should the terms of this Term
Sheet conflict with the Purchase Order, Corresponding Documents and/or the Technology
Marketplace Agreement into which this Term Sheet is hereby incorporated, the terms of the
Technology Marketplace Agreement shall control, followed by this Term Sheet shall control.
11.7 Notices to the Parties. Unless otherwise indicated in this Term Sheet, all
written communications sent by the Parties may be by U.S. mail or e-mail, and shall be
addressed as set forth in the accompanying Purchase Order and Corresponding Documents.
Any notice of default must be sent by registered mail. Either Party may change the address to
which notice is to be sent by giving written notice thereof to the other Party. If email notification
is used, the sender must specify a receipt notice.
Article 12 Reserved (Department Specific Terms)
Article 13 Data and Security
13.1 City Data.
13.1.1 Ownership of City Data. Notwithstanding anything to the contract set
forth in the Purchase Order and Corresponding Documents, the Parties agree that as between
them, all rights, including all intellectual property rights, in and to the City Data and any
derivative works of the City Data is the exclusive property of the City. The Contractor warrants
that the SaaS Application does not, without express written approval by City, maintain, store, or
export the City Data using a database structure, data model, entity relationship diagram or
equivalent.
13.1.2 Use of City Data. Contractor is provided a limited non-exclusive license
to use the City Data solely for performing its obligations under the Term Sheet and not for
Contractor’s own purposes or later use. Nothing herein shall be construed to confer any license
or right to the City Data, including user tracking and exception City Data within the system, by
implication, estoppel or otherwise, under copyright or other intellectual property rights, to any
third-party. Unauthorized use of City Data by Contractor, subcontractors or other third-parties is
prohibited. For purpose of this requirement, the phrase “unauthorized use” means the data
mining or processing of data, stored or transmitted by the service, for unrelated commercial
purposes, advertising or advertising-related purposes, or for any purpose other than security or
service delivery analysis that is not explicitly authorized.
13.1.3 Access to and Extraction of City Data. City shall have access to City
Data 24-hours a day, 7 days a week. The SaaS Application shall be capable of creating a digital,
reusable copy of the City Data, in whole and in parts, as a platform independent and machinereadable
file. Such file formats include, without limitation, plain text files such as commadelimited
tables, extensible markup language, and javascript object notation. City Data that is
stored in binary formats, including without limitation portable document format, JPEG, and
P-648 (6-17) (SaaS Term Sheet) Page 15
portable network graphics files, shall instead be reproducible in the same format in which it was
loaded into the SaaS Application. This reusable copy must be made available in a publicly
documented and non-proprietary format, with a clearly-defined data structure and a data
dictionary for all terms of art contained in the data. For purposes of this section, non-proprietary
formats include formats for which royalty-free codecs are available to End Users. Contractor
warrants that City shall be able to extract City Data from the SaaS Application on demand, but
no later than 24-hours of City’s request, without charge and without any conditions or
contingencies whatsoever (including but not limited to the payment of any fees to Contractor).
13.1.4 Backup and Recovery of City Data. As a part of the SaaS Services,
Contractor is responsible for maintaining a backup of City Data and for an orderly and timely
recovery of such data in the event of data corruption or interruption of the SaaS Services. Unless
otherwise described in the accompanying Purchase Order and Corresponding Documents,
Contractor shall maintain a contemporaneous backup of City Data that can be recovered within
the requirements in this Term Sheet and as outlined in the accompanying Purchase Order,
Corresponding Documents and/or Exhibit 3, as the case may be, and maintaining the security of
City Data as further described herein. Contractor’s backup of City Data shall not be considered
in calculating storage used by City.
13.1.5 Data Breach; Loss of City Data. Notwithstanding anything to the
contract set forth in the Purchase Order and Corresponding Documents, in the event of any Data
Breach, act, SaaS Software Error, omission, negligence, misconduct, or breach that compromises
or is suspected to compromise the security, confidentiality, or integrity of City Data or the
physical, technical, administrative, or organizational safeguards put in place by Contractor that
relate to the protection of the security, confidentiality, or integrity of City Data, Contractor shall,
as applicable:
(a) Notify City immediately following discovery, but no later than
twenty-four (24) hours, of becoming aware of such occurrence or suspected occurrence.
Contractor’s report shall identify:
(i) the nature of the unauthorized access, use or disclosure;
(ii) the Confidential Information accessed, used or disclosed;
(iii) the person(s) who accessed, used, disclosed and/or received
protected information (if known);
(iv) what Contractor has done or will do to mitigate any
deleterious effect of the unauthorized access, use or
disclosure, and
(v) what corrective action Contractor has taken or will take to
prevent future unauthorized access, use or disclosure.
(b) In the event of a suspected Breach, Contractor shall keep the City
informed regularly of the progress of its investigation until the uncertainty is resolved;
(c) Contractor shall coordinate with the City in its breach response
activities including without limitation:
P-648 (6-17) (SaaS Term Sheet) Page 16
(i) Immediately preserve any potential forensic evidence
relating to the breach, and remedy the breach as quickly as
circumstances permit;
(ii) Promptly (within 2 business days) designate a contact
person to whom the City will direct inquiries, and who will
communicate Contractor responses to City inquiries;
(iii) As rapidly as circumstances permit, apply appropriate
resources to remedy the breach condition, investigate,
document, restore City service(s) as directed by the City,
and undertake appropriate response activities;
(iv) Provide status reports to the City on Data Breach response
activities, either on a daily basis or a frequency approved
by the City;
(v) Make all reasonable efforts to assist and cooperate with the
City in its Breach response efforts;
(vi) Ensure that knowledgeable Contractor staff are available on
short notice, if needed, to participate in City-initiated
meetings and/or conference calls regarding the Breach; and
(vii) Cooperate with City in investigating the occurrence,
including making available all relevant records, logs, files,
data reporting, and other materials required to comply with
applicable law or as otherwise required by City.
(d) In the case of personally identifiable information (PII) or protected
health information (PHI), at City’s sole election, (a) notify the affected individuals as soon as
practicable but no later than is required to comply with applicable law, or, in the absence of any
legally required notification period, within five (5) calendar days of the occurrence; or, (b)
reimburse City for any costs in notifying the affected individuals;
(e) In the case of PII, provide third-party credit and identity
monitoring services to each of the affected individuals who comprise the PII for the period
required to comply with applicable law, or, in the absence of any legally required monitoring
services, for no fewer than eighteen (18) months following the date of notification to such
individuals;
(f) Perform or take any other actions required to comply with
applicable law as a result of the occurrence;
(g) Recreate lost City Data in the manner and on the schedule set by
City without charge to City; and
(h) Provide to City a detailed plan within ten (10) calendar days of the
occurrence describing the measures Contractor will undertake to prevent a future occurrence.
(i) Notification to affected individuals, as described above, shall
comply with applicable law, be written in plain language, and contain (at the City's election)
information that may include: name and contact information of Contractor’s (or City’s)
P-648 (6-17) (SaaS Term Sheet) Page 17
representative; a description of the nature of the loss; a list of the types of data involved; the
known or approximate date of the loss; how such loss may affect the affected individual; what
steps Contractor has taken to protect the affected individual; what steps the affected individual
can take to protect himself or herself; contact information for major credit card reporting
agencies; and, information regarding the credit and identity monitoring services to be provided
by Contractor.
(j) Contractor shall retain and preserve City Data in accordance with
the City’s instruction and requests, including without limitation any retention schedules and/or
litigation hold orders provided by the City to Contractor, independent of where the City Data is
stored.
(k) City shall conduct all media communications related to such Data
Breach, unless in its sole discretion, City directs Contractor to do so.
13.2 Proprietary or Confidential Information
13.2.1 Proprietary or Confidential Information of City. Contractor
understands and agrees that, in the performance of the work or services under this Term Sheet
may involve access to City Data that is Confidential Information. Contractor and any
subcontractors or agents shall use Confidential Information only in accordance with all
applicable local, state and federal laws restricting the access, use and disclosure of Confidential
Information and only as necessary in the performance of this Term Sheet. Contractor’s failure to
comply with any requirements of local, state or federal laws restricting access, use and disclosure
of Confidential Information shall be deemed a material breach of this Term Sheet, for which City
may terminate the Term Sheet. In addition to termination or any other remedies set forth in this
Term Sheet or available in equity or law, the City may bring a false claim action against the
Contractor pursuant to Chapter 21 of the Administrative Code, or debar the Contractor.
Contractor agrees to include all of the terms and conditions regarding Confidential Information
contained in this Term Sheet in all subcontractor or agency contracts providing services under
this Term Sheet.
13.2.2 Obligation of Confidentiality. Subject to San Francisco Administrative
Code Section 67.24(e), any state open records or freedom of information statutes, and any other
applicable laws, the Contractor agrees to hold all Confidential Information in strict confidence
and not to copy, reproduce, sell, transfer, or otherwise dispose of, give or disclose such
Confidential Information to third-parties other than its employees, agents, or authorized
subcontractors who have a need to know in connection with this Term Sheet or to use such
Confidential Information for any purposes whatsoever other than the performance of this Term
Sheet. Contractor agrees to advise and require its respective employees, agents, and
subcontractors of their obligations to keep all Confidential Information confidential.
13.2.3 Nondisclosure. Contractor agrees and acknowledges that it shall have no
proprietary interest in any proprietary or Confidential Information and will not disclose,
communicate or publish the nature or content of such information to any person or entity, nor
use, except in connection with the performance of its obligations under this Term Sheet or as
otherwise authorized in writing by City, any of the Confidential Information it produces,
receives, acquires or obtains from City. Contractor shall take all necessary steps to ensure that
the Confidential Information is securely maintained. Contractor’s obligations set forth herein
shall survive the termination or expiration of this Term Sheet. In the event Contractor becomes
P-648 (6-17) (SaaS Term Sheet) Page 18
legally compelled to disclose any of the Confidential Information, it shall provide City with
prompt notice thereof and shall not divulge any information until the City has had the
opportunity to seek a protective order or other appropriate remedy to curtail such disclosure. If
such actions by City are unsuccessful, or City otherwise waives its right to seek such remedies,
Contractor shall disclose only that portion of the Confidential Information that it is legally
required to disclose.
13.2.4 Litigation Holds. Contractor shall retain and preserve City Data in
accordance with the City’s instructions and requests, including without limitation any retention
schedules and/or litigation hold orders provided by the City to Contractor, independent of where
the City Data is stored.
13.2.5 Notification of Legal Requests. Contractor shall immediately notify City
upon receipt of any subpoenas, service of process, litigation holds, discovery requests and other
legal requests (“Legal Requests”) related to City’s Data under this Term Sheet, or which in any
way might reasonably require access to City’s Data, and in no event later than 24 hours after it
receives the request. Contractor shall not respond to Legal Requests related to City without first
notifying City other than to notify the requestor that the information sought is potentially covered
under a non-disclosure agreement. Contractor shall retain and preserve City Data in accordance
with the City’s instructions and requests, including, without limitation, any retention schedules
and/or litigation hold orders provided by the City to Contractor, independent of where the City
Data is stored.
13.2.6 Cooperation to Prevent Disclosure of Confidential Information.
Contractor shall use its best efforts to assist the City in identifying and preventing any
unauthorized use or disclosure of any Confidential Information. Without limiting the foregoing,
Contractor shall advise the City immediately in the event Contractor learns or has reason to
believe that any person who has had access to Confidential Information has violated or intends to
violate the terms of this Term Sheet and Contractor will cooperate with the City in seeking
injunctive or other equitable relief against any such person.
13.2.7 Remedies for Breach of Obligation of Confidentiality. Contractor
acknowledges that breach of its obligation of confidentiality may give rise to irreparable injury to
the City, which damage may be inadequately compensable in the form of monetary damages.
Accordingly, City may seek and obtain injunctive relief against the breach or threatened breach
of the foregoing undertakings, in addition to any other legal remedies that may be available, to
include, at the sole election of City, the immediate termination of this Term Sheet, without
liability to City.
13.2.8 Surrender of Confidential Information upon Termination. Upon
termination of this Term Sheet, including but not limited to expiration of the term, early
termination or termination for convenience, Contractor shall, within the number of calendar days
specified by City from the date of termination, return to City any and all Confidential
Information received from the City, or created or received by Contractor on behalf of the City,
which are in Contractor’s possession, custody, or control. The return of Confidential Information
to City shall follow the timeframe and procedure described further in this Term Sheet (Article 8).
13.2.9 Data Security. To prevent unauthorized access or “hacking” of City
Data, Contractor shall at all times during the Term provide and maintain up-to-date security with
respect to (a) the Services, (b) the Contractor’s Website, (c) Contractor's physical facilities, and
P-648 (6-17) (SaaS Term Sheet) Page 19
(d) Contractor's networks. Contractor shall provide security for its networks and all Internet
connections consistent with best practices observed by well-managed SaaSs working in the
financial services industry, and shall promptly install all patches, fixes, upgrades, updates and
new versions of any security software it employs. Contractor will maintain appropriate
safeguards to restrict access to City's Data to those employees, agents or service providers of
Contractor who need the information to carry out the purposes for which it was disclosed to
Contractor. For information disclosed in electronic form, Contractor agrees that appropriate
safeguards include electronic barriers (e.g., most current industry standard encryption for
transport and storage, intrusion prevention/detection or similar barriers) and secure
authentication (e.g., password protected) access to the City's Confidential Information and hosted
City Data. For information disclosed in written form, Contractor agrees that appropriate
safeguards include secured storage of City Data. City Data classified as Confidential
Information shall be encrypted at rest and in transit with controlled access. Contractor shall also
establish and maintain any additional physical, electronic, administrative, technical and
procedural controls and safeguards to protect City Data that are no less rigorous than accepted
industry practices (including, as periodically amended or updated, the International Organization
for Standardization’s standards: ISO/IEC 27001:2005 – Information Security Management
Systems – Requirements and ISO-IEC 27002:2005 – Code of Practice for International Security
Management, NIST Special Publication 800-53 Revision 4 or its successor, NIST Special
Publication 800-18 or its successor, the Information Technology Library (ITIL) standards, the
Control Objectives for Information and related Technology (COBIT) standards, or other
applicable industry standards for information security), and shall ensure that all such controls and
safeguards, including the manner in which Confidential Information is collected, accessed, used,
stored, processed, disposed of and disclosed, comply with applicable data protection and privacy
laws, as well as the terms and conditions of this Term Sheet. Contractor warrants to the City
compliance with the California Information Practices Act (Civil Code §§ 1798 et seq) (as
periodically amended or updated).
13.2.10 Data Privacy and Information Security Program. Without limiting
Contractor’s obligation of confidentiality as further described herein, Contractor shall establish
and maintain a data privacy and information security program, including physical, technical,
administrative, and organizational safeguards, that is designed to: (i) ensure the security and
confidentiality of the City Data; (ii) protect against any anticipated threats or hazards to the
security or integrity of the City Data; (iii) protect against unauthorized disclosure, access to, or
use of the City Data; (iv) ensure the proper disposal of City Data; and, (v) ensure that all of
Contractor’s employees, agents, and subcontractors, if any, comply with all of the foregoing.
13.2.11 City’s Right to Termination for Deficiencies. City reserves the
right, at its sole election, to immediately terminate this Term Sheet, without limitation and
without liability, if City reasonably determines that Contractor fails or has failed to meet its
obligations under this Article 13.
13.2.12 Data Transmission. The Contractor shall ensure that all electronic
transmission or exchange of system and application data with City and/or any other parties
expressly designated by City shall take place via encrypted secure means (e.g. HTTPS or SFTP
or most current industry standard established by NIST). The Contractor shall also ensure that all
data exchanged shall be used expressly and solely for the purposes enumerated in the Term
Sheet. Data shall not be distributed, repurposed or shared across other applications,
P-648 (6-17) (SaaS Term Sheet) Page 20
environments, or business units of the Contractor. The Contractor shall ensure that no City Data
of any kind shall be copied, modified, destroyed, deleted, transmitted, exchanged or otherwise
passed to other vendors or interested parties except on a case-by-case basis as specifically agreed
to in writing by City. Contractor is prohibited from accessing City Data from outside the
continental United States.
13.3 SSAE 16, SOC 2, Type II Report, and/or SOC 1 Audit Report.
13.3.1 If applicable and upon request by City, Contractor shall provide to City,
on an annual basis, an SSAE 16, SOC 2, Type II Report, and/or an SSAE SOC 1 audit report, to
be conducted by an independent third party (“Audit Reports”) (if Contractor is using a hosting
service provider, Contractor shall provide such Audit Reports it receives from its service
provider or providers) as follows: (a) the Audit Reports shall include a 365 day (12-month)
testing period; and (b) the Audit Reports shall be available to City no later than thirty (30) days
after they are received by Contractor. Upon City’s written request, Contractor shall provide a socalled
“negative assurance opinion” to City as soon as said opinion is received by Contractor.
Contractor shall implement reasonably required safeguards as identified by any audit of
Contractor’s data privacy and information security program. In the event that an annual Audit
Report that finds a material data privacy or information security issue, Contractor shall, upon
written request by City, provide to City any additional Audit Reports and “negative assurance
opinions” as City may reasonably request in order to help enable City to see if Contractor’s
mitigation measures have been effective in addressing such issue(s).
13.3.2 Audit of Contractor’s Policies. Contractor agrees to make its policies,
procedures and practices regarding Data Security available to City, if needed, and agrees that
City reserves the rights, including, but not limited to, making a site visit, scanning for malicious
codes, and hiring a third-party to perform a security audit if City determines that the Audit
Report is unsatisfactory.
13.3.3 Information Security Audits. Upon request by the City, Contractor must
contract with an independent third party to perform yearly information security audits of their
primary and backup Data Centers. The annual audits must include an outside
penetration/vulnerability test, and internal penetration and vulnerability tests with the third party
directly on the internal network. The summary results of the audits must be shared with the City.
All audit findings must be remedied.
13.3.4 Audit Findings. Contractor shall implement reasonably required
safeguards as identified by City or by any audit of Contractor’s data privacy and information
security program.
13.4 Payment Card Industry (“PCI”) Requirements. If Contractors is
providing services and products that handle, transmit or store cardholder data, Contractor shall
be subject to the following requirements:
13.4.1 Applications shall be compliant with the Payment Application Data
Security Standard (PA-DSS) and validated by a Payment Application Qualified Security
Assessor (PA-QSA). A Contractor whose application has achieved PA-DSS certification must
then be listed on the PCI Councils list of PA-DSS approved and validated payment applications.
13.4.2 Gateway providers shall have appropriate Payment Card Industry Data
Security Standards (PCI DSS) certification as service providers
P-648 (6-17) (SaaS Term Sheet) Page 21
(https://www.pcisecuritystandards.org/index.shtml). Compliance with the PCI DSS shall be
achieved through a third-party audit process. The Contractor shall comply with Visa Cardholder
Information Security Program (CISP) and MasterCard Site Data Protection (SDP) programs.
13.4.3 For any Contractor that processes PIN Debit Cards, payment card devices
supplied by Contractor shall be validated against the PCI Council PIN Transaction Security
(PTS) program.
13.4.4 For items 13.4.1 to 13.4.3 above, Contractor shall provide a letter from
their qualified security assessor (QSA) affirming their compliance and current PCI or PTS
compliance certificate.
13.4.5 Contractor shall be responsible for furnishing City with an updated PCI
compliance certificate 30 calendar days prior to its expiration.
13.4.6 Bank Accounts. Collections that represent funds belonging to the City
and County of San Francisco shall be deposited, without detour to a third-party’s bank account,
into a City and County of San Francisco bank account designated by the Office of the Treasurer
and Tax Collector.
Article 14 Force Majeure
14.1 Liability. No Party shall be liable for delay in the performance of its
obligations under this Term Sheet if and to the extent such delay is caused, directly or indirectly,
by: fire, flood, earthquake, elements of nature or acts of God, riots, civil disorders, or any other
cause beyond the reasonable control of such Party (a "Force Majeure Event"). In the case of a
Force Majeure Event, Contractor shall immediately commence disaster recovery services as
described in Section 14.4.
14.2 Duration. In a Force Majeure Event, the non-performing Party shall be
excused from further performance or observance of the obligation(s) so affected for as long as
such circumstances prevail and such Party continues to use its best efforts to recommence
performance or observance whenever and to whatever extent possible without delay. Any Party
so delayed in its performance shall immediately notify the Party to whom performance is due by
telephone (to be confirmed in writing within two (2) days of the inception of such delay) and
describe at a reasonable level of detail the circumstances causing such delay.
14.3 Effect. If a Force Majeure Event substantially prevents, hinders, or delays
performance of the Services as critical for more than fifteen (15) consecutive days, then at City's
option: (i) City may terminate any portion of this Term Sheet so affected and the charges payable
hereunder shall be equitably adjusted to reflect those terminated Services; or (ii) City may
terminate this Term Sheet without liability to City or Contractor as of a date specified by City in
a written notice of termination to Contractor. Contractor shall not have the right to any
additional payments from City for costs or expenses incurred by Contractor as a result of any
force majeure condition that lasts longer than three (3) days.
14.4 Disaster Recovery. In the event of a disaster, as defined below,
Contractor shall be provide disaster recovery services in accordance with the provisions of the
disaster recovery plan attached as Exhibit 4 hereto, or as otherwise set forth in this Term Sheet
and attached Exhibits. Notwithstanding Section 14.1, a Force Majeure Event shall not excuse
P-648 (6-17) (SaaS Term Sheet) Page 22
Contractor of its obligations for performing disaster recovery services as provided in this
Section. In the event that a disaster occurs and Contractor fails to restore the hosting services
within 24 hours of the initial disruption to Services, City may, in its discretion, deem such
actions to be a material default by Contractor incapable of cure, and City may immediately
terminate this Term Sheet. For purposes of this Term Sheet, a "disaster" shall mean an
interruption in the hosting services or the inability of Contractor to provide City with the SaaS
Application and hosting services for any reason that could not be remedied by relocating the
SaaS Application and hosting services to a different physical location outside the proximity of its
primary Data Center.
Article 15 Exhibits
15.1 Additional Exhibits. The following exhibits are hereby attached and
incorporated into this Term Sheet as though fully set forth herein and together form the complete
Term Sheet between the Parties:
Exhibits:
1. Technology Marketplace Agreements
2. SaaS Application & Hosting Services: Minimum Requirements
3. Service Level Obligations: Minimum Requirements
4. Disaster Recovery Plan: Minimum Requirements
Exhibit 2
SaaS Application & Hosting Services: Minimum Requirements
The following represent minimum requirements that Contractor shall meet or exceed with regard
to its SaaS Application & Hosting Services.
I. Description of the SaaS Application and Hosted Services
II. SaaS Data Centers
III. SaaS Maintenance Services.
IV. City Responsibilities
V. Technical Support & Training
I. Description of the SaaS Application and Hosted Services: “SaaS Application and
Hosted Services” are set forth in the accompanying Purchase Order and Corresponding
Documents.
A. Software: Use of Contractor’s Software operating on hosted equipment located
at Contractor’s facility and/or any Data Center as further outlined under Section II (SaaS Data
Centers) of this Exhibit 2.
B. Third-Party Software:
1. Providing certain third-party software required to operate the SaaS
Software and other bundled third-party software packages required to support the operation of
the SaaS Software.
2. Inclusion of regular Software and Contractor-supplied third-party software
updates, patches and fixes as scheduled by Contractor.
C. Remote Software: Contractor shall provide access to and use of a remote
software tool for City management of Authorized Users, access rights and other similar rolebased
controls as they pertain to the SaaS Services. Method will be published through
Contractor portal and be made available to Authorized Users with elevated privileges.
D. Back-Up of City’s Data:
1. Contractor shall provide up to thirty-six (36) months of on-line hourly data
retention for SaaS Software operation and functionality.
2. Contractor shall provide incremental City Data backups at a minimum of
every four (4) hours to an off-site location other than the primary hosting center.
3. Contractor shall provide weekly, off-site backups with a duration that
matches the agreed-upon backup schedule and retention to a location other than the primary
hosting center. Off-site backups to include previous eight (8) weeks.
P-648 (6-17) (SaaS Term Sheet – Exhibit 2) Page 2
E. SaaS Environments: The SaaS Application and Hosted Services shall be hosted
in a certified and secure Tier-3 data hosting center.
1. A single Back-up Environment available as needed to serve as the backup
or “failover” environment for the SaaS and Hosted Services
2. A single test environment available to the City and Contractor for the
evaluation and eventual promotion of SaaS Software updates, patches, fixes or otherwise deemed
tests. Test Environment shall perform at 50% or better of production environment.
F. Reporting: Contractor shall provide electronic notification within 2 hours of
discovery and subsequent monthly reporting of any incidents or breaches that had occurred
within the environment or to the hosted application. In the event of a breach, Contractor shall
follow the procedures set forth in Section 13.1.5 of the Term Sheet.
G. Availability of SaaS Services: Contractor (or its Hosting Service contractor)
shall host the SaaS Services on computers owned or controlled by the Contractor (or its
contractor) and shall provide the City with access to both a production environment with SaaS
Application and data and a test environment with SaaS Application via Internet-access to use
according to the terms herein.
1. Hosted System Uptime: Other than Scheduled SaaS Maintenance
Services as outlined in Section III, emergency maintenance described below, Force Majeure as
described in the Term Sheet and lack of Internet availability as described below, Contractor shall
provide uptime to the SaaS Application and Hosted Service to achieve a 99.9% Service Level
Availability.
2. Scheduled SaaS Maintenance
A. Contractor shall conduct Scheduled SaaS Maintenance during the
following hours: Saturdays between 12 AM (Pacific Time) and 8 AM (Pacific Time), with the
same exclusions noted in subsection 1, above.
B. Scheduled SaaS Maintenance shall not exceed an average of 4
hours per month over a twelve (12) month period except for major scheduled upgrades.
3. Unscheduled SaaS Maintenance. Contractor shall use commercially
reasonable efforts to prevent more than one (1) hour of continuous down time during business
hours in any month for which unscheduled SaaS maintenance is required. If Contractor fails to
meet this obligation for a period of three successive calendar months, Contractor shall furnish
City with a Performance Credit in the amount of 10% of the Services Fees (as calculated on a
monthly basis for the reporting month).
4. Emergency Maintenance. If Force Majeure Events or emergencies arise
or continue, Contractor shall be entitled to take any actions that Contractor, in good faith,
determines is necessary or advisable to prevent, remedy, mitigate, or otherwise address actual or
potential harm, interruption, loss, threat, security or like concern to any of the SaaS systems or
P-648 (6-17) (SaaS Term Sheet – Exhibit 2) Page 3
the SaaS Software. Such emergency maintenance may include, but is not limited to: analysis,
testing, repair, maintenance, re-setting and other servicing of the hardware, cabling, networks,
software and other devices, materials and systems through which access to and/or use of the
SaaS Software by City is made available. Contractor shall endeavor to provide advance written