The URL can be used to link to this page

Redhawk Network Security LLC ~ C200056 CITY OF TIGARD,OREGON-CONTRACT SUMMARY FORM (THIS FORMMUSTACCOMPANYEVERY CONTRACT) Contract Title: Managed SIEM Number: Contractor: Redhawk Network Security LLC Contract Total: I, S Contract Overview: Managed Security information and event management and incident response Assistance. Initial Risk Level: ❑ Extreme ❑ High ® Moderate ❑ Low Risk Reduction Steps: Redhawk staff will work in conjunction with Tigard IT when performing work on our network and security devices. Risk Comments: Risk Signature: Contract Manager: Mike Nolop Ext: 2757 Department: FIS Type: ❑ Purchase Agreement ❑ Personal Service ❑ General Service ❑ Public Improvement ❑ IGA ® Other: Professional Service Start Date: 1/1/2020_ End Date: �Iasla�z� Quotes/Bids/Proposal: FIRM AMOUNT/SCORE Redhawk $71,505.00 / 1 Right! / Artic Wolf $67,432.98 / 2 TIG / ThreatWatch $64,801.00 / 3 Account String: Fund-Division-Account Work Order—Activity Type Amount FY 20 600-2300-54006 PS 71,505.00 FY FY FY FY Approvals - LCRB Date: Department Comments: 'N Department Signature: 4�414Z Purchasing Comments: " Purchasing Signature: CltV Manager Commen s: City Manager Signature: 4 After securing all required approvals, forward original copy to the Contracting and Purchasing Office along with a completed Contract Checklist. C42�Contract CITY OF TIGARD, OREGON PROFESSIONAL SERVICES AGREEMENT MANAGED SECURITY INFORMATION AND EVENT MANAGEMENT(SIEM) THIS AGREEMENT,made and entered into this 18`h day of December,2019,by and between the City of Tigard, a municipal corporation, hereinafter referred to as the "City," and Redhawk Network Security,LLC,hereinafter referred to as the "Contractor." RECITALS WHEREAS, the City's Fiscal Year 2020 budget provides for database analysis services and WHEREAS, the accomplishment of the work and services described in this Agreement is necessary and essential to the program of the City; and WHEREAS,the City desires to engage the Contractor to render professional managed SIEM services for the city's IT infrastructure described in this Agreement,and the Contractor is willing and qualified to perform such services; THEREFORE,in consideration of the promises and covenants contained herein,the parties hereby agree as follows: 1. Scope of Services Contractor will perform professional managed SIEM services in accordance with the terms and conditions set forth herein, and as provided in Exhibit A,which is attached hereto and by this reference made a part of this Agreement. 2. Effective Date and Duration This Agreement is effective upon the date of execution and expires on February 28,2021,unless otherwise terminated or extended. All work under this Agreement must be completed prior to the expiration of this Agreement. 3. Compensation A. The maximum that Contractor may be paid on this Agreement is hereafter the "not to exceed" amount of Seventy-One Five Hundred Five and No/100 Dollars ($71,505.00) without prior written authorization. The "not to exceed" amount includes all payments to be made pursuant to this Agreement,including reimbursable expenses,if any. Nothing in this Agreement requires the City to pay for work that does not meet the standard of care that would ordinarily be used by similar professionals in this community in similar circumstances or other requirements of the Agreement. The actual amount to be paid to Contractor may be less than the "not to exceed" amount. B. Contractor is entitled to receive progress payments for its work pursuant to the Agreement as provided below. The City will pay Contractor based on these invoices for acceptable work performed and approved until the "not to exceed" amount is reached. Thereafter, Contractor must complete work based on the Agreement without additional compensation unless there is a change to the scope of work. C. Any estimate of the hours necessary to perform the work is not binding on the City. Contractor remains responsible if the estimate proves to be incorrect. Exceeding the number of estimated hours of work does not impose any liability on the City for additional payment. D. Payment will be made upon receipt of billings based on the work completed. Contractor will submit billings to City periodically, but not more frequently than monthly. Payment by the City releases the City from any further obligation for payment to Contractor for service or services performed or expenses incurred as of the date of the statement of services. Payment will be made only for work actually completed as of the date of invoice. Payment will not be considered acceptance or approval of any work or waiver of any defects therein. E. Contractor must furnish certified cost records for all billings to substantiate all charges. Contractor's accounts are subject to audit by the City. Contractor will submit billings in a form satisfactory to the City. At a minimum,each billing will identify the task order under which such work is performed, work completed during the billing period, percentage of work completed to date, and percentage of budget used to date for each task. Billings must also include Contractor's employer identification number or social security number, as the City deems applicable. F. General Terms: 1) Contractor must make payments promptly, as due, to all persons supplying labor or materials for the performance of the work provided for in this Agreement. 2) Contractor may not permit any lien or claim to be filed or prosecuted against the City on any account of any labor or material furnished. 3) Contractor will pay to the Department of Revenue all sums withheld from employees pursuant to ORS 316.167. 4) Contractor will pay all contributions or amounts due the Industrial Accident Fund from the contractor or any subcontractor. 5) If Contractor fails,neglects,or refuses to make prompt payment of any claim for labor or services furnished to Contractor or a subcontractor by any person as such claim becomes due, City's Finance Director may pay such claim and charge the amount of the payment against funds due or to become due the Contractor. The payment of the claim in this manner does not relieve Contractor or their surety from obligation with respect to any unpaid claims. 6) Contractor will promptly, as due, make payment to any person, co-partnership, association, or corporation, furnishing medical, surgical, and hospital care or other needed care and attention, incident to sickness or injury, to the employees of Contractor, of all sums that Contractor agrees to pay for the services and all moneys and sums that Contractor collected or deducted from the wages of employees pursuant to any law, contract,or agreement for the purpose of providing or paying for services. 7) Contractor and its employees, if any, are not active members of the Oregon Public Employees Retirement System and are not employed for a total of 600 hours or more in the calendar year by any public employer participating in the Retirement System. 8) Contractor must obtain, prior to the execution of any performance under this Agreement, a City of Tigard Business License. The Tigard Business License is based 2 1 Pale ProfSA Template—Revised 7/2019 i on a calendar year with a December 31st expiration date. New businesses operating i in Tigard after June 30th of the current year will pay a pro-rated fee though the end of the calendar year. 1' 9) The City certifies that sufficient funds are available and authorized for this Agreement during the current fiscal year. Funding during future fiscal years is subject to budget approval by Tigard's City Council. 4. Ownership of Plans and Documents: Records A. The field notes, design notes, and original drawings of the construction plans, as instruments of service, are the property of Contractor; however, the City may request, at no additional cost,one set of previously approved reproducible drawings,as well as storage device such as thumb drive or SD card in "DWG" or "DXF" format, of the original drawings of the work. The City has unlimited authority to use the materials received from Contractor in any way the City deems necessary. B. The City may make copies,for the use of and without cost to Contractor,of all of its maps, records, laboratory tests, or other data pertinent to the work to be performed by the Contractor pursuant to this Agreement, and also make available any other maps,records, or other materials available to the City from any other public agency or body. C. The Contractor will furnish to the City, copies of all maps, records, field notes, and soil tests which were developed in the course of work for the City and for which compensation has been received by Contractor at no additional expense to the City, except as provided elsewhere in this Agreement. 5. Assignment/Delegation Neither party may assign, sublet or transfer any interest in or duty under this Agreement without the written consent of the other and no assignment has any force or effect unless and until the other party has consented. If City agrees to assignment of tasks to a subcontract, Contractor is fully responsible for the acts or omissions of any subcontractors and of all persons employed by them. Neither the approval by City of any subcontractor nor j anything contained herein creates any contractual relation between the subcontractor and City. The provisions of this Agreement are binding upon and will inure to the benefit of the parties to the Agreement and their respective successors and assigns. 6. Status of Contractor as Independent Contractor Contractor certifies that: A. Contractor acknowledges that for all purposes related to this Agreement,Contractor is an independent contractor as defined by ORS 670.600 and not an employee of City. Contractor is not entitled to benefits of any kind to which an employee of City is entitled and is solely responsible for all payments and taxes required by law. Furthermore,in the event that Contractor is found by a court of law or any administrative agency to be an employee of City for any purpose, City is entitled to offset compensation due, or to demand repayment of any amounts paid to Contractor under the terms of this Agreement, to the full extent of any benefits or other remuneration Contractor receives (from City or 3 1 Pagc: ProfSA Template—Revised 7/2019 I third party) as a result of said finding and to the full extent of any payments that City is required to make (to Contractor or to a third party) as a result of said finding. B. Contractor is not an officer,employee,or agent of the City as those terms are used in ORS 30.265. 7. Conflict of Interest The undersigned Contractor hereby represents that no employee of the City, or any partnership or corporation in which a City employee has an interest, has or will receive any remuneration of any description from Contractor, either directly or indirectly, in connection with the letting or performance of this Agreement,except as specifically declared in writing. If this payment is to be charged against Federal funds, Contractor certifies that he/she is not currently employed by the Federal Government and the amount charged does not exceed his or her normal charge for the type of service provided. S. Indemnification A. City has relied upon the professional ability and training of Contractor as a material inducement to enter into this Agreement. Contractor represents that all of its work will be performed in accordance with generally accepted professional practices and standards as well as the requirements of applicable federal, state, and local laws, it being understood that acceptance of a Contractor's work by City will not operate as a waiver or release. Acceptance of documents by City does not relieve Contractor of any responsibility for design deficiencies, errors or omissions. B. Claims for other than Professional Liability. Contractor agrees to indemnify,defend, save, and hold harmless the City of Tigard, its officers, employees, agents, and representatives from all claims,suits,or actions and all expenses incidental to the investigation and defense thereof, of whatsoever nature, including intentional acts resulting from or arising out of the activities of Contractor or its subcontractors, sub-consultants, agents or employees in performance of this contract at both trial and appeal level,whether or not a trial or appeal ever takes place including any hearing before federal or state administrative agencies. If any aspect of this indemnity is found to be illegal or invalid for any reason whatsoever, such illegality or invalidity does not affect the validity of the remainder of this indemnification. C. Claims for Professional Liability. Contractor agrees to indemnify, defend, save, and hold harmless the City of Tigard, its officers, employees, agents, and representatives from all claims,suits,or actions and all expenses incidental to the investigation and defense thereof, arising out of the professional negligent acts, errors or omissions of Contractor or its subcontractors, sub-consultants, agents or employees in performance of professional services under this agreement. Any work by Contractor that results in a design of a facility that is not readily accessible to and usable by individuals with disabilities will be considered a professionally negligent act, error,or omission. D. As used in subsections B and C of this section, a claim for professional liability is a claim made against the City in which the City's alleged liability results directly or indirectly, in 41Page ProfSA Template—Revised 7/2019 whole or in part, from the quality of the professional services provided by Contractor, regardless of the type of claim made against the City in performance of this Agreement. A claim for other than professional liability is a claim made against the City in which the City's alleged liability results from an act or omission by Contractor unrelated to the quality of professional services provided by Contractor in performance of this Agreement. 9. Insurance Contractor and its subcontractors must maintain insurance acceptable to City in full force and effect throughout the term of this contract. Such insurance must cover risks arising directly or indirectly out of Contractor's activities or work hereunder, including the operations of its subcontractors of any tier. The policy or policies of insurance maintained by the Contractor must provide at least the following limits and coverages: A. Commercial General Liability Insurance Contractor will obtain,at Contractor's expense,and keep in effect during the term of this contract,Comprehensive General Liability Insurance covering Bodily Injury and Property Damage on an "occurrence" form (CG 2010 1185 or equivalent). This coverage must include Contractual Liability insurance for the indemnity provided under this contract. The following insurance will be carried: Coverage Limit General Aggregate $3,000,000 Products-Completed Operations Aggregate $2,000,000 Personal&Advertising Injury $1,000,000 Each Occurrence $2,000,000 Fire Damage (Any one fire) $50,000 B. Professional Liabilitv Contractor must obtain, at Contractor's expense, and keep in effect during the term of this contract, Professional Liability Insurance covering any damages caused by any actual or alleged negligent act, error, or omission in the rendering of or failure to render Professional Services. Combined single limit per claim may not be less than$2,000,000,or the equivalent. Annual aggregate limit may not be less than$3,000,000 and filed on a"claims-made" form. C. Commercial Automobile Insurance Contractor must also obtain, at Contractor's expense, and keep in effect during the term of the contract, Commercial Automobile Liability coverage including coverage for all owned, hired, and non-owned vehicles on an "occurrence" form. The Combined Single Limit per occurrence may not be less than$1,000,000. If Contractor uses a personally-owned vehicle for business use under this contract, the Contractor will obtain, at Contractor's expense, and keep in effect during the term of the contract,business automobile liability coverage for all owned vehicles on an"occurrence" form. The Combined Single Limit per occurrence may not be less than $1,000,000. 51Page ProfSA Template—Revised 7/2019 D. Workers'Compensation Insurance The Contractor, its subcontractors, if any, and all employers providing work, labor, or materials under this Contract that are subject employers under the Oregon Workers' Compensation Law must comply with ORS 656.017, which requires them to provide workers' compensation coverage that satisfies Oregon law for all their subject workers. Out-of-state employers must provide Oregon workers' compensation coverage for their workers who work at a single location within Oregon for more than 30 days in a calendar year. Contractors who perform work without the assistance or labor of any employee need not obtain workers' compensation coverage. All non-exempt employers must provide Employer's Liability Insurance with coverage limits of not less than $1,000,000 each accident. E. Additional Insured Provision All required insurance policies, other than Workers' Compensation and Professional Liability, must name the City its officers, employees, agents, and representatives as additional insureds with respect to this Agreement. F. Extended Reporting Coverage If any of the required liability insurance is arranged on a "claims-made" basis, Extended Reporting coverage will be required at the completion of this contract to a duration of 24 months or, if less than 24 months, the maximum time-period Contractor's insurer will provide. Contractor will be responsible for furnishing certification of Extended Reporting coverage as described or continuous "claims-made" liability coverage for 24 months following contract completion. Continuous "claims-made" coverage will be acceptable in lieu of Extended Reporting coverage,provided its retroactive date is on or before the effective date of this contract. Coverage will be endorsed to provide a"per project"aggregate. G. Insurance Carrier Rating Coverages provided by the Contractor must be underwritten by an insurance company deemed acceptable by the City. All policies of insurance must be written by companies having an A.M.Best rating of"A-VII"or better,or equivalent. The City reserves the right to reject all or any insurance carrier(s) with an unacceptable financial rating. H. Self-Insurance The City understands that some contractors may self-insure for business risks and the City will consider whether such self-insurance is acceptable if it meets the minimum insurance requirements for the type of coverage required. If Contractor is self-insured for commercial general liability or automobile liability insurance, Contractor must provide evidence of such self-insurance. Contractor must provide a Certificate of Insurance showing evidence of the coverage amounts on a form acceptable to the City. The City reserves the right in its sole discretion to determine whether self-insurance is adequate. I. Certificates of Insurance As evidence of the insurance coverage required by the contract, Contractor will furnish a Certificate of Insurance to the City. No contract is effective until the required Certificates of Insurance have been received and approved by the City. The certificate will specify and 61Page ProfSA Template—Revised 7/2019 I 1 document all provisions within this contract and include a copy of Additional Insured Endorsement. A renewal certificate will be sent to the below address prior to coverage expiration. J. Primary Coverage Clarification The parties agree that Contractor's coverage is primary to the extent permitted by law. The parties further agree that other insurance maintained by the City is excess and not contributory insurance with the insurance required in this section. K. Cross-Liability Clause A cross-liability clause or separation of insureds clause will be included in all general liability,professional liability,pollution,and errors and omissions policies required by this Agreement. A certificate in form satisfactory to the City certifying to the issuance of such insurance will be forwarded to: City of Tigard Attn: Contracts and Purchasing Office 13125 SW Hall Blvd. Tigard, Oregon 97223 At the discretion of the City, a copy of each insurance policy, certified as a true copy by an authorized representative of the issuing insurance company, may be required to be forwarded to the above address. Such policies or certificates must be delivered prior to commencement of the work. The procuring of such required insurance will not be construed to limit Contractor's liability hereunder. Notwithstanding said insurance, Contractor is obligated for the total amount of any damage, injury, or loss caused by negligence or neglect connected with this Agreement. 10. Method&Place of Submitting Notice,Bills, and Payments All notices,bills and payments will be made in writing and may be given by personal delivery, mail,or by fax. Payments may be made by personal delivery,mail,or electronic transfer. The following addresses will be used to transmit notices,bills,payments,and other information: 1tEDHA.wx NETWORK SECURITY",LLC Attn: Mike Nolop Attn: Benjamin Gallo Address: 13125 SW Hall Blvd Address: 62958 Layton Ave Ste 1 Tigard, OR 97223 Bend OR 97701 Phone: (503) 718-2757 Phone: (541) 382-4360 Email: mikengdgard-or. ov Email: ben. alio redhawksecuri .com Notice will be deemed given upon deposit in the United States mail,postage prepaid,or when so faxed,upon successful fax. In all other instances,notices,bills and payments will be deemed given at the time of actual delivery. Changes may be made in the names and addresses of the i 7 1 Page ProfSA Template—Revised 7/2019 person to who notices, bills, and payments are to be given by giving written notice pursuant to this paragraph. 11. Survival j The terms, conditions, representations, and warranties contained in this Agreement survive the termination or expiration of this Agreement. 12. Merger This writing is intended both as a final expression of the Agreement between the parties with respect to the included terms and as a complete and exclusive statement of the terms of the Agreement. No modification of this Agreement will be effective unless and until it is made in writing and signed by both parties. 13. Termination Without Cause At any time and without cause, City has the right in its sole discretion to terminate this Agreement by giving notice to Contractor. If City terminates this Agreement pursuant to this paragraph, City will pay Contractor for services rendered to the date of termination and the cost of the third-party license fees for the remainder of the contract term. 14. Termination for Cause A. City may terminate this Agreement effective upon delivery of written notice to Contractor, or at such later date as may be established by City,under any of the following conditions: 1) If City funding from federal, state, local, or other sources is not obtained and continued at levels sufficient to allow for the purchase of the indicated quantity of services. This Agreement may be modified to accommodate a reduction in funds. 2) If Federal or State regulations or guidelines are modified, changed, or interpreted in such a way that the services are no longer allowable or appropriate for purchase under this Agreement. 3) If any license or certificate required by law or regulation to be held by Contractor, its subcontractors, agents, and employees to provide the services required by this Agreement is for any reason denied, revoked,or not renewed. 4) If Contractor becomes insolvent,if voluntary or involuntary petition in bankruptcy is filed by or against Contractor,if a receiver or trustee is appointed for Contractor, or if there is an assignment for the benefit of creditors of Contractor. Any such termination of this Agreement under paragraph (A)will be without prejudice to any obligations or liabilities of either party already accrued prior to such termination. B. City, by written notice of default (including breach of contract) to Contractor, may terminate the whole or any part of this Agreement: 1) If Contractor fails to provide services called for by this Agreement within the time specified, or 2) If Contractor fails to perform any of the other provisions of this Agreement, or fails to pursue the work as to endanger performance of this Agreement in accordance with its terms, and after receipt of written notice from City, fails to correct such failures 81Page ProfSA Template—Revised 7/2019 within ten (10) days or such other period as City may authorize. The rights and remedies of City provided above related to defaults (including breach of contract) by Contractor are not exclusive and are in addition to any other rights and remedies provided by law or under this Agreement. If City terminates this Agreement under paragraph (B), Contractor will be entitled to receive as full payment for all services satisfactorily rendered and expenses incurred, provided, that the City may deduct the amount of damages,if any, sustained by City due to breach of contract by Contractor. Damages for breach of contract include those allowed by Oregon law, reasonable and necessary attorney fees, and other costs of litigation at trial and upon appeal. If City terminates this Agreement under paragraph (B), Contractor is not entitled to payment of any third-party SIEM license fees or other financial penalties Contractor may incur as a result of early termination. 15. Access to Records City will have access to such books, documents, papers and records of Contractor as are directly pertinent to this Agreement for the purpose of making audit, examination, excerpts and transcripts. 16. Hazardous Materials Contractor will comply with all federal Occupational Safety and Health Administration (OSHA) requirements and all Oregon safety and health requirements. In accordance with OSHA and Oregon OSHA Hazard Communication Rules,if any goods or services provided under this Agreement may release,or otherwise result in an exposure to,a hazardous chemical under normal conditions of use (for example,employees of a construction contractor working on-site), it is the responsibility of Contractor to provide the City with the following information: all applicable Safety Data Sheet, the identity of the chemical/s, how Contractor will inform employees about any precautions necessary,an explanation of any labeling system, and the safe work practices to prevent exposure. In addition, Contractor must label, tag, or mark such goods. 17. Force Majeure Neither City nor Contractor will be considered in default because of any delays in completion and responsibilities hereunder due to causes beyond the control and without fault or negligence on the part of the parties so disenabled, including but not restricted to, an act of God or of a public enemy, civil unrest,volcano, earthquake, fire, flood, epidemic, quarantine restriction, area-wide strike, freight embargo, unusually severe weather or delay of subcontractor or supplies due to such cause;provided that the parties so disenabled will within ten (10) days from the beginning of such delay, notify the other party in writing of the cause of delay and its probable extent. Such notification will not be the basis for a claim for additional compensation. Each party will,however,make all reasonable efforts to remove or eliminate such a cause of delay or default and will, upon cessation of the cause, diligently pursue performance of its obligation under the Agreement. 18. Non-Waiver The failure of City to insist upon or enforce strict performance by Contractor of any of the terms of this Agreement or to exercise any rights hereunder should not be construed as a 91Page ProfSA Template—Revised 7/2019 waiver or relinquishment to any extent of its rights to assert or rely upon such terms or rights on any future occasion. 19. Hours of Labor, Pay Ecquity In accordance with ORS 279B.235, the following are hereby incorporated in full by this reference: A. Contractor may not employ an individual for more than 10 hours in any one day, or 40 hours in any one week, except as provided by law. For contracts for personal services,as defined in ORS 279A.055,Contractor must pay employees at least time and a half pay for all overtime the employees work in excess of 40 hours in any one week, except for employees who are excluded under ORS 653.010 to 653.261 or under 29 U.S.C. 201 to 209 from receiving overtime. B. Contractor must give notice in writing to employees who work on a public contract,either at the time of hire or before commencement of work on the contract, or by positing a notice in a location frequented by employees, of the number of hours per day and days per week that the employees may be required to work. C. Contractor may not prohibit any of Contractor's employees from discussing the employee's rate of wage, salary,benefits or other compensation with another employee or another person and may not retaliate against an employee who discusses the employee's u rate of wage, salary, benefits or other compensation with another employee or another person. D. Contractor must comply with the pay equity provisions in ORS 652.220. Compliance is a material element of this Agreement and failure to comply will be deemed a breach that entitles City to terminate this Agreement for cause. 20. Non-Discrimination Contractor will comply with all federal,state,and local laws,codes,regulations,and ordinances applicable to the provision of services under this Agreement,including,without limitation: A. Title VI of the Civil Rights Act of 1964; B. Section V of the Rehabilitation Act of 1973; C. The Americans with Disabilities Act of 1990, as amended by the ADA Amendments Act (ADAAA) of 2008 (Pub L No 101- 336);and i D. ORS 659A.142,including all amendments of and regulations and administrative rules,and all other applicable requirements of federal and state civil rights and rehabilitation statutes, rules and regulations. 21. Errors Contractor will perform such additional work as may be necessary to correct errors in the work required under this Agreement without undue delays and without additional cost. 101Page ProfSA Template—Revised 7/2019 22. Extra Work, Changes Only the City's Project Manager for this Agreement may change or authorize additional work. Failure of Contractor to secure authorization for extra work constitutes a waiver of all right to adjust the contract price or contract time due to such unauthorized extra work and Contractor will not be entitled to compensation for the performance of unauthorized work. 23. Warranties Contractor will guarantee work for a period of one year after the date of final acceptance of the work by the owner. Contractor warrants that all practices and procedures,workmanship and materials are the best available unless otherwise specified in the profession. Neither acceptance of the work nor payment therefore relieves Contractor from liability under warranties contained in or implied by this Agreement. Any intellectual property rights delivered to the City under this Agreement and Contractor's services rendered in the performance of Contractor's obligations under this Agreement, will be provided to the City free and clear of any and all restrictions on or conditions of use, transfer, modification, or assignment, and be free and clear of any and all liens, claims, mortgages, security interests,liabilities,charges,and encumbrances of any kind. 24. Attorney's Fees In the event an action, suit of proceeding, including appeal, is brought for failure to observe any of the terms of this Agreement, each party is responsible for that party's own attorney fees, expenses, costs and disbursements for the action, suit,proceeding, or appeal. 25. Choice of Law,Venue The provisions of this Agreement are governed by Oregon law. Venue will be the State of Oregon Circuit Court in Washington County or the U.S.District Court for Oregon,Portland. 26. Compliance with State and Federal Laws/Rules Contractor will comply with all applicable federal, state and local laws, rules and regulations applicable to the work in this Agreement. 27. Conflict Between Terms In the event of a conflict between the terms of this Agreement and Contractor's proposal,this Agreement will control. In the event of conflict between a provision in the main body of the Agreement and a provision in the Exhibits,the provision in the main body of the Agreement will control. In the event of an inconsistency between Exhibit A and Exhibit B, Exhibit A will i control. 28. Audit Contractor will maintain records to assure conformance with the terms and conditions of this Agreement and to assure adequate performance and accurate expenditures within the contract period. Contractor agrees to permit City, the State of Oregon, the federal government, or their duly authorized representatives to audit all records pertaining to this Agreement to assure the accurate expenditure of funds. 29. Severability 111 Page ProfSA Template—Revised 7/2019 III In the event any provision or portion of this Agreement is held to be unenforceable or invalid by any court of competent jurisdiction,the validity of the remaining terms and provisions will not be impaired unless the illegal or unenforceable provision affects a significant right or responsibility, in which case the adversely affected party may request renegotiation of the Agreement and,if negotiations fail,may terminate the Agreement. 30. Compliance with Tax Laws Contractor represents and warrants that Contractor is, to the best of the undersigned's knowledge,not in violation of any Oregon tax laws including but not limited to ORS 305.620 and ORS Chapters 316, 317,and 318. Contractor's failure to comply with the tax laws of this state or a political subdivision of this state before the Contractor executed this Agreement or during the term of this Agreement is a default for which the City may terminate this Agreement and seek damages and other relief available under the terms of this Agreement or applicable law. IN WITNESS WHEREOF,City and Contractor have caused this Agreement to be executed by their duly authorized officials. CITY O TIGARD REDHAWK NETWORK SECURITY,LLC B B Name: Y-ff41 Name: Benjamin C. Gallo Title: /-(I, Title: President Date: ( �` Date: 12/19/2019 12 Pagc ProfSA Template—Revised 7/2019 EXHIBIT A SCOPE OF SERVICES The city has been mandated by Federal requirements for Security Event and log monitoring. Contractor will provide the following services below: Contractor will provide managed SIEM services for City of Tigard IT infrastructure including Virtual Desktops,Endpoints,Servers, Firewalls, Switches,Databases, 0365 accounts. o SIEM virtual machine setup,installation, and initial tuning o Alert response configuration o Log review o Policy updates o AlienLab licensing and subscription updates 0 1TB/month of raw data ingestion ■ 30 days searchable and 12 months of accessible archive raw data ■ SIEM Sensor Services to be provided: A. Alert/Incident On-call alert response to respond to alers and follow escalation path provided by city. Hours may be used for continued tuning,policy updates,incident mitigation and troubleshooting as it relates to the SIEM appliance. Remediation of other devices (Servers, firewalls, routers, ets.) available on a time and material basis. Any hours not used do not have a carryover value and may not be used for any projects or installations B. Secruity Analyst Meeting Will be done on a quarterly basis. a. Analyst to provide up to 1 hour of log and incident review. b. Provide security analysis and recommendations based on security best practices any relative compliance requirements. C. Network Engineer Meeting Will be done on a quarterly basis. a. Asset count review b. Review any current events, tickets or potential action items c. Review any alerting changes or reporting requirements d. Review and update escalation and contacts as needed Contractor will not provide the following services: A. Support for unsupported deployments, custom scripts, third-party software or other functionality that the city or a thrid party contractor/vendor has added. B. Installing HIDS,NIDS, or Syslog on switches, servers or configuration of any agents or sensors on the connected equipment. C. Management or monitoring of individual security or netword equipment (firewalls,routers, switches, access points, servers, and work stations) is not included with this services. D. Notifying end users 13 1 Pale ProfSA Template—Revised 7/2019 Cost of Services • Ongoing Alerting and Incident Response o $21,500 professional services available with a guarantee of$10,500 (prepayment for initial hours) and remaining$10,500 billed on an as used basis o $175/hour Tier 1 and Tier 2 alert response o $195/hour for Tier 2 Network Engineer o $225/hour Tier 3 Network Engineer and Security Analyst Monthly billing for Managed SIEM service to begin after the (2) month configuration and tuning period (approximately March 1,2020) i 14 Page ProfSA Template—Revised 7/2019 Exhibit B Contractors Proposal MANAGED AND MONITORED SIEM City of Tigard Account Manager: Rob Wille ,. ,,./ REDHAWK Account Manager Email: Rob.Wille@redhawksecurity.com �z Redhawk Network Security, LLC 62958 Layton Ave., Suite One O Bend, OR 97701 O0 Agreement to Perform Security Incident and Event Management Services for City of Tigard. WSOW 10526: Managed and Monitored SIEM Effective Date Services Performed By: Services Performed For: LU March 1, 2020 Redhawk Network Security, LLC City of Tigard 62958 Layton Ave., Suite One 13125 SW HALL BLVD., Bend, OR 97701 TIGARD, OR 97223 C) Contents 1. Executive Summary..........................................................................................................2 2. Services Overview ............................................................................................................2 3. Configuration and Deployment Schedule............................................................................7 4. Deployment Engagement Resources..................................................................................7 5. Fees &Payment...............................................................................................................8 6. Project Contacts...............................................................................................................9 7. Customer Assistance Required ..........................................................................................9 8. Assumptions ....................................................................................................................9 9. Term and Termination......................................................................................................2 10. Project Change Control Procedure.....................................................................................2 11. Miscellaneous...................................................................................................................3 12. Execution of SOW 10526 ..................................................................................................4 CONFIDENTIAL -Managed and Monitored STEM Contract for City of Tigard•Effective:March 1, 1 2020 This Statement of Work 10526: Managed and Monitored SIEM Statement of Work ("SOW") between Redhawk Network Security, LLC ("Redhawk") and City of Tigard ("Customer") is effective as of the last signature date below and is governed by the terms of the online Master Agreement ("Agreement") located at: https://redhawksecurity.com/legal/masteragreement. 1 . Executive Summary Customer has contracted Redhawk to provide Monthly Security Event and Incident Management (STEM) services for a Subscription Term of one (1) year commencing on the Effective Date. The objective of the services is to provide Customer 24x7 Security Incident and Event Management (STEM), monitoring, and incident logging and correlation. Redhawk shall be the first point of contact for alerting and events and serve as Customer's security operations center. Redhawk will work closely with Customer to deploy the SIEM and provide expert level tuning to hone the device to environment and business requirements. Customer will have the ability to establish escalation and incident paths and set the bar for asset value status, enabling Customer to adjust alerts for mission-critical assets. 2. Services Overview The parties are entering into this SOW for the purpose of Redhawk to provide the following services: Managed and Monitored SIEM referred to herein as "Project" or"Projects." Redhawk Managed SIEM Services Redhawk shall Install and Integrate the SIEM Virtual Machine to Include the Following: Redhawk to deploy, interconnect, and perform initial set up of SIEM Virtual Appliance. Onsite install is available for an additional fee. Customer is responsible for virtual environment where the agent will reside and should follow the below requirements for the specific Customer virtual environment. Hyper-V virtual Environment Requirements Customer is responsible for Hyper-V virtual environment set up which requires a virtual machine with: Minimum Requirements: • Physical Host operating system must be Windows Server 2012 R2 with either Hyper-V Manager or System Center Virtual Manager (SCVMM) 2012, or Windows Server 2016. • Hyper-V virtual machine with four cores and 12 GB of statically assigned memory, 150 GB of disk space. CONFIDENTIAL -Managed and Monitored SIEM Contract for City of Tigard•Effective:March 1, 2 2020 • Internet connectivity from the virtual machine. Recommended Requirements: • If DHCP is unavailable, a static IP for the management interface and local DNS information. o Important:Alien Vault strongly recommends assigning a static IP to deploy the USM Anywhere Sensor. If DHCP changes the IP address of the sensor,you must update all the IP addresses on all the devices that are forwarding logs to the Sensor through syslog. • Network topology information to run asset discovery • Port mirroring setup for network monitoring (see Configure Windows Server 2012 R2 or Windows Server 2016 Hyper-V Virtual Machines for Port Mirroring for more information) • Administrative credentials for remote hosts to support authenticated asset scans • Administrative credentials for devices that require configuration to forward logs to the Hyper-V sensor • (Optional) A span port to monitor network traffic for IDS VMware Sensor virtual Environment Requirements Customer is responsible for Hyper-V virtual environment set up which requires a virtual machine with: Minimum Requirements: • Access to VMware ESXi.1 or later • Dedicated 4 CPUs and 12 GB of reserved memory • Internet connectivity to the network where you plan to install the VMware Sensor Recommended Requirements: • A vSphere or vCenter user account to use for USM Anywhere Sensor configuration with an assigned role that has permissions equivalent to the read-only default role. o Note: The read-only role allows a user limited read access to the system without any other privileges. Credentials with this assigned role allow the deployed USM Anywhere Sensor to collect vCenter and vSphere events and run asset discovery. • Installed VMware Tools for hosts in your vSphere or vCenter environment. o With configured vSphere or vCenter credentials, the VMware sensor uses the VMware APIs to run asset discovery. For hosts that do not have VMware Tools installed, the asset does not have an assigned IP address and this can result in the asset being missed from asset discovery or in duplicate assets CONFIDENTIAL -Managed and Monitored SIEM Contract for City of Tigard•Effective:March 1, 3 2020 created during subsequent discoveries. These tools also enable the Sensor to collect more detailed information about the asset. • If DHCP is not available, a configured static IP for the management interface and local DNS information. • Port mirroring set up for network monitoring (see Configuring VMware ESX Virtual Switches for Port Monitoring). • Administrative credentials for devices that require configuration to forward logs to the VMware sensor. • Administrative credentials for remote hosts to support authenticated asset scans. • Configuration on firewall or other security device to send UDP or TCP syslog (if it is capable of exporting security logs through UDP or TCP syslog). • Network topology information to run asset discovery. • (Optional) Access to a span port to monitor network traffic for intrusion detection systems (IDSes) Services include the following Assets Device/Asset Table: D- Quantity Firewalls I 2 Routers y Switches 2 Windows Servers 100 Linux Servers 40 Windows Database 10 Office 365 400 Number of locations Note:All City of Tigard sites are connected via dark fiber and are on the same network. 1 I Sophos Instances 350 Domain Controller/Active Directory 2 Endpoints 100 Total Assets 1,016 2.a Responsibility and Supported Tasks for 51EM Configuration Matrix Redhawk uses a responsibility matrix for included and additional services. P = Primary Responsibility (Customer or Redhawk to maintain primary responsibility of the task/service). A = Assist Responsibility (Customer or Redhawk to provide help to complete). Each responsibility and or task is associated with the owner of the responsibility, as indicated below. CONFIDENTIAL -Managed and Monitored SIEM Contract for City of Tigard•Effective:March 1, 4 2020 Service Description Initial Device Device tuning to provide tuning on listed devices or assets,adjustment of alarms Up to 40 Hours Tuning and connected applications Assets Initial tuning of assets 505 Standard Tasks/Services Customer Redhawk Configure and Deploy Agent in Virtual Environment, P A Configure and Deploy sensors P A Initial classification and tuning of devices connecting to SIEM A P Ensure Sensors are correctly deployed(requires Customer to install HIDS, NIDS, j A P and configure Syslog) Ensure Network IDs are correctly configured A P Install license and perform any updates required/necessary A P Install sensors on connected devices or cloud applications P A I i Up to two hours of initial training on interface A P Define and save customer data views A P Establish Threat Intelligence Subscriptions A P Set up Customer specific reporting frequency A P During the initial four-week tuning period, After-Hours alert responses will be disabled(M-F 6 PM—6 AM and weekends). Uptime message will notify the Customer that the tuning period has ended and 24x7 alerting has commenced. *Tuning for assets exceeding number in this SOW will be charged at T&M rates. 2.b Monthly Monitored Services 2.b.1 Monitored Services Matrix Redhawk alerting provides incident and alert response and documentation. All alerts will be logged in the Redhawk Cybersecurity Portal as well as emailed in accordance with the customer provided escalation path. Monitored alerting includes the following: Standard Tasks/Services Customer Redhawk Included Monitoring Services 240 Monitoring of SIEM(for critical/high alerts and events)Analystalert P response available on a time and materials basis. 8x5xNBD for non-critical alert response P Logging of detected Minor and Major events in Cybersecurity Portal. P Included Managed Services SIEM Maintenance and Updates/Upgrades A P CONFIDENTIAL -Managed and Monitored SIEM Contract for Clty of Tigard•Effective;March 1, 5 2020 SIEM Reports and Documentation P a STEM Configuration Backups P 2.b.2 Managed Services Matrix Hours specified are for services outlined in the Responsibility and Support Tasks and Services Matrix below and have no carry over value. Unused hours may not be used toward projects, installs, or other services. Escalation and incident response outside of included block of hours such as troubleshooting beyond initial verification of issue, change requests, repairs, and installations are provided on a time and material basis by Redhawk Support agreed upon rate based on level of support provided. Description "i's/Frequency On-call alert response to respond to alerts and follow escalation path provided by Customer. Hours may be used for continued tuning,policy updates,incident Alert/Incident mitigation,and troubleshooting as it relates to the SIEM appliance. Remediation of other devices(Servers,firewalls, routers,etc.)available on a time and p Response materials basis. Hours not used have no carryover value and may not be used for Projects or j installations. • Analyst to provide up to 1 hours of log and incident review. Security Analyst Provide security analysis and recommendations based on security best Meeting practices any relative compliance requirements. Quarterly I � • Asset count review. Network Review any current events,tickets,or potential action items. Engineer Review any alerting changes or reporting requirements. Quarterly Meeting Review and update escalation and contacts as needed. StandardAddendum . Required Alert Response P Asset Tuning A P Remote Incident Response A P Log Review A P Policy Updates A P AlienLabs Subscription Adjustments A P Adding additional assets, log collection bandwidth or applications A P Yes CONFIDENTIAL -Managed and Monitored SIEM Contract for City of Tigard•Effective:March 1, 6 2020 Out of Scope No deliverables or services, other than those listed in the section above, shall be determined as within the scope of this Project. The Customer shall be responsible for performing any additional work not listed above; or requesting a Project change request. Items specifically listed below are not included in the requirements to be provided by Redhawk. 1. Support for unsupported deployments, custom scripts, third-party software, or other functionality that the Customer or a third party has added. 2. Installing HIDS, NIDS, or Syslog on switches, servers, or configuration of any agents or sensors on the connected equipment. 3. Management or monitoring of individual security or network equipment (firewalls, routers, switches, access points, servers, and work stations) is not included with this service. 4. Notifying end users. 3. Configuration and Deployment Schedule Redhawk shall schedule a Project kick off call with Customer after the receipt of the executed SOW and any other required paperwork. During the Project kick off call, Redhawk shall work with Customer to develop an agreed-upon engagement schedule.The schedule will outline the specified turn-up dates, times, Redhawk allocated resources and any Customer resources required with timelines. Once scheduling has been committed to by Customer and Redhawk, Redhawk will allocate the internal resources needed to complete the project as originally scheduled. Redhawk will request that Customer schedule their resources required to remain on target with the mutually agreed upon schedule. 4. Deployment Engagement Resources ➢ Senior Network Engineer ➢ Network Engineer Tier 2 ➢ Project Manager CONFIDENTIAL -Managed and Monitored SIEM Contract for City of Tigard•Effective:March 1, 7 2020 5. Fees & Payment Redhawk will provide the Managed Services according to this SOW for the fees and terms set forth below. TotalMonthly Recurring Services Managed and Monitored STEM—1 TB Includes up to 1TB of raw data ingestion per month $3,885.00 Includes 30 days of searchable event storage and 12 months of accessible archived storage SIEM Sensor(s)—Subscription license for 1 virtual sensors Included Alert and Incident Response hours included in monthly fee:0 Hours Included Total Monthly Recurring Charges $3,885.00 1-Year Total Contract Commitment $46,620.00 $195.00/hour for Tier 2 Alert and incident response hours exceeding 0 hours per month will be billed at: $225.00/hour for Security Analyst One Time Fees SIEM Virtual Machine Set up and Installation and initial Tuning $6,177.00 Sign by 12/31/2019 in conjunctin with SOW 10615 Discount -$2,292.00 *Total One Time Fees $3,885.00 Payment Terms. Upon signing of this SOW an invoice for the one-time fees and the first month of services will be billed and due upon receipt.Thereafter, all recurring charges will be invoiced monthly. Any mitigation efforts, policy changes, overages, time and materials, and adjustments are progress billed monthly. Customer shall pay all undisputed invoices within twenty (20) days after receipt of invoice. *Discount and Monthly recurring rate are contingent on the signing of Statement of Work 10615 All prices are exclusive of expenses and travel costs (e.g., airfare, car rental, parking, tolls, etc.) which are billed at actual costs. Any deficiencies, as determined by generally accepted professional standards, shall be reported by Customer to Redhawk within 30 days after receipt of the deliverable or services involved. Redhawk will correct such timely reported deficiencies in its deliverables, services or work within a mutually agreeable period. CONFIDENTIAL -Managed and Monitored SIEM Contract for City of Tigard-Effective:March 1, 8 2020 6. Project Contacts City of Tigard Bill o Address I City of Tigard Primary Contact Primary Contact Email 13125 SW HALL BLVD., TIGARD, OR 97223 j Mike Nolop miken@tigard-or.gov 7. Customer Assistance Required To optimize the effectiveness of Redhawk team members, City of Tigard shall provide access to systems, services, and employees.To perform the work specified in this SOW, Redhawk will require the following from Customer: • Access to relevant personnel • Relevant documentation • Asset list • Network Diagram • A primary point of contact • Coordination of events with City of Tigard team members • Customer onboarding documentation 8. Assumptions 1. Redhawk and Customer understand that due to the nature of the services unintentional service disruption is feasible. Redhawk is not responsible for interruptions of Customer's network services during completion of tasks described in this Statement of Work and Services described herein. 2. In some cases, the manufacturer may release an update or patch that adversely affects the Customer's environment.While Redhawk will do everything within our power to determine conflicts between updates by the manufacturer and your environment, Redhawk cannot be liable for additional work that is required to develop alternative configurations, re-design solutions or provide workarounds. In this instance, Redhawk will work with you to determine the best workaround and obtain a change order approval. 3. Customer hereby grants to Redhawk the right to install any Redhawk-provided equipment or virtual appliance as identified in this SOW within the Customer premises and Customer will provide such equipment an operating environment equivalent or better than Redhawk's or equipment vendor's specifications for electrical, airflow, and clearance. Customer shall not permit any liens to be placed against any Redhawk-provided equipment or software. CONFIDENTIAL -Managed and Monitored SIEM Contract for City of Tigard•Effective:March 1, 9 2020 4. Agreement Enabling Expenses— Redhawk will perform the work using tools selected by Redhawk. Customer will provide any additional hardware, software, connectivity, and training expenses required by Customer(if any), to complete delivery of services. 5. Travel and Expenses - Redhawk and Customer agree that the engagement meetings will be conducted using teleconference calls and all work will be executed at a Redhawk facility unless other arrangements have been agreed upon or stated in the Statement of Work. If Customer requires Redhawk personnel to travel to perform work on or visit Customer site or attend a meeting with Customer staff, standard business expenses (e.g., travel, food and lodging) Redhawk personnel incur in connection with provisioning services under this Statement of Work shall be invoiced separately. 6. Redhawk and Customer understand and agree that the performance of the Services, as provided in accordance with this SOW, may improve your security posture, these Services can neither identify nor eliminate all risks by unauthorized or authorized parties to affect your environment. 7. Not included with this SOW: a. De-installation or re-installation of product(s) or application(s) other than Managed Services listed in this SOW. b. Installing cables external to the rack outside of what is indicated in this SOW c. Installation of any hardware or software other than as specified in this SOW. d. Installation of any product into an unsupported rack. e. Any activities other than those specifically noted in this SOW. 8. Re-installation of STEM appliance and associated tuning will be billed on a T&M basis. 9. Customer agrees to complete a backup of all existing data and programs on all affected systems prior to the delivery of this service. REDHAWK WILL HAVE NO LIABILITY FOR LOSS OR RECOVERY OF DATA OR PROGRAMS or loss of use of systems arising out of the services or support or any act or omission, including negligence, by Redhawk or a third-party service provider. 10. Additional assets added to SIEM after initial set up will incur an hourly fee unless included in an upgraded contract. 11. Additional assets added beyond 1500 Assets shall be charged $25.00 per asset per month for the remainder of the contract. 12. Asset decreases will not affect the price or life of the contract. 13. Customer agrees to set up and maintain the virtual environment for the AlienVault SIEM agent to reside. It is the responsibility of the Customer to maintain their virtual environment throughout the course of the agreement. 14. All lead time objectives and service level objectives are located at https://redhawksecurity/legal/supportservices. CONFIDENTIAL -Managed and Monitored SIEM Contract for City of Tigard•Effective:March 1, 1 2020 9. Term and Termination This executed SOW has an agreed term of one (1) year. The Term and billing will begin on the SOW Effective Date and shall continue in full force and effect unless terminated in accordance with the provisions contained within the Agreement. Customer may renew this agreement for two (2) additional one (1) year terms at the rates stated within this SOW if a) Customer's data ingestion rate does not require a higher volume of monthly ingested data, and b) the manufacturer SIEM licensing costs do not increase more than 5% per contract year. Should Redhawk be unable to obtain the SIEM licening within these cost parameters, the Monthly Recurring Charges may increase at Customer expense. If Customer terminates this SOW prior to its agreed-upon expiration date for reason other than Redhawk breach, then Customer will pay Redhawk any and all outstanding balances due Redhawk for Services provided up to the date of termination and a termination charge (as liquidated damages and not as a penalty) consisting of the full amount of the remaining monthly charges for the remainder of the then-current Term. 10. Project Change Control Procedure As Redhawk personnel begin to work through the above scope of work, it is common that elements occur that have not been considered as part of the included scope of work. In the instance that Redhawk discovers elements that are not included in the scope of work but that should be included, Redhawk will notify Customer and work will be discontinued and the following process will be followed if a change to this SOW is required: • A Project Change Request (PCR)will be the vehicle for communicating change. The PCR will describe the change, the rationale for the change, and the effect the change will have on the project including costs, procedures, and/or deliverables. • The designated Project Manager of the requesting party, Redhawk or Customer, will review the proposed change with the other party to determine desired changes to the SOW in order to achieve the mutually understood result. • Once both parties have agreed that a change is required and approved, a PCR will be prepared and must be signed by the Customer to authorize implementation of the changes to the SOW. • Redhawk will invoice Customer for any such charges as outlined in the PCR. The PCR will document the effect that the implementation of the changes will have on SOW price, schedule, and other conditions of the Agreement. CONFIDENTIAL -Managed and Monitored STEM Contract for City of Tigard•Effective;March 1, 2 2020 11 . Miscellaneous Capitalized terms not defined in this SOW will have the meanings set forth in the Agreement. In the event of any conflict between the terms and conditions of this SOW and the terms and conditions of the Agreement, the terms of the Agreement (as applicable) will govern unless expressly otherwise stated in this SOW. CONFIDENTIAL -Managed and Monitored STEM Contract for City of Tigard•Effective:March 1, 3 2020 12. Execution of SOW 10526 This SOW must be executed by 12/31/2019 To execute this SOW, please sign and provide any additional information listed in Section: Customer Assistance Required and return to Redhawk with signed related documents and information as described above. IN WITNESS WHEREOF, the parties hereto have caused this contract to be valid as of the day, month and year dated below. City of Tigard Redhawk Network Security, LLC. Signature: Signature: Name: Name: Benjamin C. Gallo Title: Title: President Date: Date: 12/19/2019 PO Reference: CONFIDENTIAL -Managed and Monitored STEM Contract for City of Tigard•Effective. March 1, 4 2020 NETWORK CONSULTING City of Tigard -_ ,.. , REDHAWK Account Manager: Rob Wille Email Contact: Rob.Wille@redhawksecurity.com Table of Contents 1. Executive Summary...................................................................................................................3 2. Services Overview.....................................................................................................................3 3. Deliverables...............................................................................................................................4 4. Engagement Schedule..............................................................................................................4 5. Engagement Resources............................................................................................................5 6. Fees and Payment.....................................................................................................................5 7. Project Contacts ........................................................................................................................6 8. Customer Assistance Required.................................................................................................6 9. Assumptions..............................................................................................................................7 10. Project Change Control Procedure............................................................................................8 11. Miscellaneous............................................................................................................................8 12. Execution of Statement of Work (SOW 10615).........................................................................8 CONFIDENTIAL-Statement of Work for City of Tigard -December 4, 2019 2 V Redhawk Network Security, LLC / REDHAWK 62958 Layton Ave., Suite One O Bend, OR 97701 Agreement to Perform Professional Network Services for City of O Tigard +— SOW 10615: Alerting and Network Support Hours Date Services Performed By: Services Performed For: December 4, 2019 Redhawk Network Security, LLC City of Tigard 62958 Layton Ave., Suite One 13125 SW HALL BLVD., TIGARD, ^1 Bend, OR 97701 OR 97223 This Statement of Work 10615: Network Professional Services ("SOW") between Redhawk Network �— Security, LLC ("Redhawk") and City of Tigard ("Customer") is made effective as of the latest date set forth in the signature block below(the "Effective Date"), and is governed by the terms of the online Master Agreement ("Agreement') located at: https://redhawksecurity.com/legal/masteragreement. 1 . Executive Summary Redhawk Network Security (Redhawk) uses a risk-based methodology to Information Security Services. We provide an approach to developing solutions that meet customer business requirements for scalability, reliability, performance, security, timeline, and budget, with an emphasis on delivering maximum results and a return on corporate information security investments. Redhawk shall provide alert response and troubleshooting for a period of one year. 2. Services Overview All Services herein may be referred to as "Project'or"Projects" and include the following Services: Redhawk shall provide up to 120 hours of professional service hours. Hours used are based on rates and services below defined in Section "5 Engagement Resources." Customer will have the ability create a ticket, call, or email Redhawk Support for support requests. Alerting hours and SIEM tuning shall be initiated by Redhawk after the intial tuning process is complete and the Managed SIEM Servcies has been approved for 24x7 alerting. CONFIDENTIAL -Statement of Work for City of Tigard -December 4, 2019 3 Onsite Work Onsite work is not in scope for this project. Should onsite work be required estimated travel fees can be found in section 6 Fees and Payment. Out of Scope No deliverables, other than those listed in the section above, will be determined as within the scope of this project. Customer will be responsible for performing any additional work not listed above; or requesting a project change request. Items specifically listed below are not included in the requirements to be provided by Redhawk. 1. Equipment procurement 3. Deliverables Redhawk will conduct the Services as described in this Proposal. 4. Engagement Schedule Redhawk shall schedule a project kick off call with Customer after the receipt of the executed SOW and any other required paperwork. During the project kick off call, Redhawk shall work with Customer to develop an agreed upon engagement schedule. The schedule will outline the specified project dates, times, Redhawk allocated resources and any Customer resources required with timelines. Once scheduling has been committed to by Customer and Redhawk, Redhawk will allocate the internal resources required to complete the project as originally scheduled. Redhawk will request that Customer schedule their required resources to remain on target with the mutually agreed upon schedule. Work is scheduled to begin based on the availability of all resources at the time of the executed SOW and kick off call. During busier seasons this could require a three to eight-week lead time. During the engagement process, if Customer cancels a mutually agreed upon in-person or onsite meeting within seven (7) calendar days of a scheduled meeting, Redhawk will require a $500 reschedule fee to cover the cost of rescheduling the meeting. Customer understands that delays of three (3)or more months on this Project may require the engagement to be rescoped and will incur additional hours to be billed at the rate of resources utilized. CONFIDENTIAL-Statement of Work for City of Tigard •December 4, 2019 4 5. Engagement Resources Resource Matrix Resources Rate - - SIEM alert response, SIEM Alert Tier 1 and 2 Alert Response $175.00/hr* basic investigation, SIEM troubleshooting and tuning. Basic Network equipment (firewall, router, switch, and AP) 1 Tier 2 Network Engineer $195.00/hr troubleshooting, basic i configuration review, firmware updates or upgrades. Network design, complex routing or configuration changes and Tier 3 Network Engineer $225.00/hr review, complex network troubleshooting, network analysis and review. Security Analyst $225.00/hr Security incident response, alert or logging review, security analysis. Hours cannot be used for equipment procurement. Services type is an approximation of services and resource will depend upon the resource requirements for the service requested. *Discounted rate for Alert Respone, STEM troubleshooting, and STEM tuning is contingent on the signing of Statement of Work 10526. 6. Fees and Payment Redhawk is being hired on a time and materials basis to perform the Professional Services and provide the Deliverables specified in this SOW at an hourly rate based upon the Resource used at the time of service. Set forth in the chart below is an estimate of the number of hours and the associated Fees that Redhawk anticipates will be required under this SOW. This Estimate is based upon the information set forth in this SOW. Estimated Services ResourceF Estimated Number of Hours Estimated Total Value of 120 Alert Response Hours $23,400.00 Alert Response discount for signing with SOW 10526 - $2,400.00 Estimated Total $21,000.00 j CONFIDENTIAL -Statement of Work for City of Tigard -December 4, 2019 5 Any of the above resources that are required to perform services after hours (weekdays 6PM-6AM, weekends, and holidays)will be billed at 1.5 times the hourly rate stated above. Redhawk will bill for actual resource and time used. All prices are exclusive of expenses, which are estimated below. All travel costs (e.g., airfare, car rental, parking, tolls, etc.) are billed at actual costs. Estimated Travel Locations for the Assessment Travel Rates Estimated Travel UnitValue Quantity Total Value of Resource Estimated Per Diem $275.00 0 $0.00 Estimated Travel Time $100.00 0 $0.00 Additional Travel costs billed at actual costs—Mileage,Airfare,car rental, parking,tolls,etc. Estimated Annual Travel $0.00 Payment Terms. Upon the signing of this SOW, an invoice for 50% of the planned total will be billed and due upon receipt. Thereafter, Professional Services will be progress billed monthly. Customer shall pay all undisputed invoices within twenty (20) days after receipt of invoice. Any deficiencies, as determined by generally accepted professional standards, shall be reported by Customer to Redhawk within 30 days after receipt of the deliverable or services involved. Redhawk will correct such deficiencies in its deliverables, services or work within a mutually agreeable period. 7. Project Contacts City of Tigard Bill to Address City of Tigard Project Manager Redhawk Implementation Officer 13125 SW HALL BLVD., TIGARD, OR 97223 Mike Nolop miken@tigard-or.gov 1__.. ______ _._.._ ___.__._ _ ._-- l___--._ _._ _.__ _____._._ - _--___-_-_ _ -- 8. 8. Customer Assistance Required To optimize the effectiveness of Redhawk team members, City of Tigard shall provide access to systems, services, and employees. To perform the work specified in this SOW, Redhawk requires the following from Customer: • Access to relevant personnel • Relevant documentation • A primary point of contact • Coordination of events with Customer team members CONFIDENTIAL-Statement of Work for City of Tigard .December 4, 2019 6 • Customer Onboarding Documentation 9. Assumptions 1. Redhawk and Customer understand that due to the nature of the services being performed, unintentional service disruption is feasible even with destructive probing disabled. Redhawk is not responsible for interruptions of your network services during the completion of tasks described in this SOW and Services described herein. 2. In some cases, the manufacturer may release an update or patch that adversely affects the Customer's environment. While Redhawk will do everything within our power to determine conflicts between updates by the manufacturer and your environment, Redhawk cannot be liable for additional work that is required to develop alternative configurations, re-design solutions or provide workarounds. In this instance, Redhawk will work with you to determine the best workaround and obtain a change order approval. 3. Agreement Enabling Expenses— Redhawk will perform the work using tools selected by Redhawk. Any additional hardware, software, connectivity, and training expenses required by Customer(if any), to complete delivery of services will be provided by Customer. 4. Travel and Expenses - Redhawk and Customer agree that the engagement meetings will be conducted using teleconference calls and all work will be executed at a Redhawk facility unless other arrangements have been agreed upon or stated in the SOW. If Customer requires Redhawk personnel to travel to perform work on or visit a Customer site, or attend a meeting with Customer staff, standard business expenses (e.g., travel, food, and lodging) Redhawk personnel incur in connection with provisioning services under this SOW shall be invoiced separately. 5. Redhawk and Customer understand and agree that the performance of the Services, as provided in accordance with this SOW, may improve your security posture. These services can neither identify nor eliminate all risks by unauthorized or authorized parties to affect your environment. 6. Not included with this service: a. De-installation or re-installation of product(s)or application(s). b. Installing cables external to the rack outside of what is indicated in this SOW. c. Installation of any hardware or software other than as specified in this SOW. d. Installation of any product into an unsupported rack. e. Any activities other than those specifically noted in this SOW. 7. Customer agrees to complete a backup of all existing data and programs on all affected systems prior to the delivery of this service. REDHAWK WILL HAVE NO LIABILITY FOR LOSS OR RECOVERY OF DATA OR PROGRAMS or loss of use of systems arising out of the services or support or any act or omission, including negligence, by Redhawk or a third- party service provider. CONFIDENTIAL-Statement of Work for City of Tigard -December 4, 2019 7 10. Project Change Control Procedure As Redhawk personnel begin to work through the above scope of work, it is common that elements occur that have not been considered as part of the included scope of work. In the instance that Redhawk discovers elements that are not included in the scope of work but that should be included, Redhawk will notify Customer and work will be discontinued and the following process will be followed if a change to this SOW is required: • A Project Change Request (PGR)will be the vehicle for communicating change. The PCR will describe the change, the rationale for the change, and the effect the change will have on the project including costs, procedures, and/or deliverables. • The designated Project Manager of the requesting party, Redhawk or Customer, will review the proposed change with the other party to determine desired changes to the SOW in order to achieve the mutually understood result. • Once both parties have agreed that a change is required and approved, a PCR will be prepared and must be signed by the Customer to authorize implementation of the changes to the SOW. • Redhawk will invoice Customer for any such charges as outlined in the PCR. The PCR will document the effect that the implementation of the changes will have on SOW price, schedule, and other conditions of the Agreement. 11 . Miscellaneous Capitalized terms not defined in this SOW will have the meanings set forth in the Agreement. In the event of any conflict between the terms and conditions of this SOW and the terms and conditions of the Agreement, the terms of the Agreement(as applicable)will govern unless expressly otherwise stated in this SOW. 12. Execution of Statement of Work (SOW 10615) This SOW must be executed by 12/31/2019 To execute this SOW, please sign and provide any additional information listed in Section: Customer Assistance Required and return to Redhawk with signed related documents and information as described above. IN WITNESS WHEREOF, the parties hereto have caused this contract to be valid as of the day, month, and year dated below. CONFIDENTIAL -Statement of Work for City of Tigard -December 4, 2019 8 City of Tigard Redhawk Network Security, LLC. _:�;�� Signature: Signature. Name: Name: Benjamin C. Gallo Title: Title: President Date: Date: 12/19/2019 PO Reference: CONFIDENTIAL -Statement of Work for City of Tigard -December 4, 2019 9