Documents
State of Michigan 2020 Kaseware contract
Sep. 21 2021 — 4:57 p.m.

STATE OF MICHIGAN PROCUREMENT
Department of Technology, Management & Budget
525 W. Allegan Street, Lansing, Ml 48909
NOTICE OF CONTRACT
NOTICE OF CONTRACT NO. 171-200000000425
between
THE STATE OF MICHIGAN
and
Various
Phone Number
Email Address
Jarrod Barron
CONTRACT SUMMARY
DESCRIPTION: MSP Enter rise Criminal lntelli ence S stem
Agency
Acron m
DTMB
INITIAL EFFECTIVE DATE INITIAL EXPIRATION DATE INITIAL AVAILABLE
OPTIONS
EXPIRATION DATE BEFORE
CHANGE S NOTED BELOW
01/31/2020 01/31/2025 5-1 year
PAYMENT TERMS
Net45
ALTERNATE PAYMENT OPTIONS
D P-card D Payment Request (PRC)
MINIMUM DELIVERY REQUIREMENTS
N/A
MISCELLANEOUS INFORMATION
New Contract established from RFP# 190000001010.
Program Managers:
1. MSP: Troy Allen,
2. DTMB: Gordon
ESTIMATED CONTRACT VALUE AT TIME OF EXECUTION
D Other
01/31/2025
DELIVERY TIMEFRAME
N/A
EXTENDED PURCHASING
~ Yes D No
$3,293,000.00

CONTRACT NO. 171-200000000425
FOR THE CONTRACTOR:
Kaseware, Inc.
Company Name
Authorized Agent Signature
Mark Dodge
Authorized Agent (Print or Type)
Date
FOR THE STATE:
Signature
Jarrod Barron – IT Category Specialist
Name & Title
DTMB – Central Procurement Services
Agency
Date
01 / 28 / 2020
1/29/2020

STATE OF MICHIGAN
CONTRACT TERMS
Software Contract
This Software Contract (this "Contract") is agreed to between the State of Michigan (the "State") and
Kaseware, Inc. ("Contractor"), a Delaware corpo ration. This Contract is effective on January 31, 2020
("Effective Date"), and unless earlier terminated , will expire on January 31, 2025 (the "Term").
This Contract may be renewed for up to five additional one-year periods . Renewal must be by written notice
from the State and will automatically extend the Term of this Contract.
1. Definitions. For the purposes of this Contract, the following terms have the following meanings:
"Acceptance" has the meaning set forth in Section 12.5.
"Acceptance Tests" means such tests as may be conducted in accordance with Section 12 and the
Statement of Work to determine whether the Software meets the requirements of this Contract and the
Documentat ion.
"Affiliate" of a Person means any other Person that directly or indirectly, through one or more
intermedia ries, controls, is controlled by, or is under common control with, such Person. For purposes of
this definition, the term "control" (including the terms "controlled by" and "under common control with")
means the direct or indirect ownersh ip of more than fifty percent (50%) of the voting securities of a
Person.
"Allegedly Infringing Materials" has the mean ing set forth in Section 27.3(b)(ii).
"API" means all App lication Programm ing Interfaces and assoc iated API Documentat ion provided by
Contractor, and as updated from time to time , to allow the Software to integrate with various State and
Third Party Software.
"Approved Open-Source Components" means Open-Source Components that may be included in
or used in connect ion with the Softwa re and are spec ifica lly identified in an exhibit to the Statement of
Work , and approved by the State.
"Authorized Users" means all Persons authorized by the State to access and use the Software
under this Contract , subject to the maximum number of users spec ified in the applicable Statement of
Work .
"Business Day" means a day other than a Saturday, Sunday or other day on which the State is
authorized or required by Law to be closed for business.

“Business Owner” is the individual appointed by the agency buyer to (a) act as the agency’s
representative in all matters relating to the Contract, and (b) co-sign off on notice of Acceptance for the
Software. The Business Owner will be identified in the Statement of Work.
“Business Requirements Specification” means the initial specification setting forth the State’s
business requirements regarding the features and functionality of the Software, as set forth in the
Statement of Work.
“Change” has the meaning set forth in Section 2.2.
“Change Notice” has the meaning set forth in Section 2.2(b).
“Change Proposal” has the meaning set forth in Section 2.2(a).
“Change Request” has the meaning set forth in Section 2.2.
“Confidential Information” has the meaning set forth in Section 20.1.
“Configuration” means State-specific changes made to the Software without Source Code or
structural data model changes occurring.
“Contract” has the meaning set forth in the preamble.
“Contract Administrator” is the individual appointed by each party to (a) administer the terms of this
Contract, and (b) approve any Change Notices under this Contract. Each party’s Contract Administrator
will be identified in the Statement of Work.
“Contractor” has the meaning set forth in the preamble.
“Contractor’s Bid Response” means the Contractor’s proposal submitted in response to the RFP.
“Contractor Personnel” means all employees of Contractor or any Permitted Subcontractors
involved in the performance of Services hereunder.
“Contractor’s Test Package” has the meaning set forth in Section 11.2.
“Criminal Justice Information Data” or “CJI Data” means data necessary for criminal justice
agencies to perform their mission and enforce the laws.
“Deliverables” means the Software, and all other documents and other materials that Contractor is
required to or otherwise does provide to the State under this Contract and otherwise in connection with
any Services, including all items specifically identified as Deliverables in the Statement of Work.
“Dispute Resolution Procedure” has the meaning set forth in Section 32.1.
“Documentation” means all user manuals, operating manuals, technical manuals and any other
instructions, specifications, documents or materials, in any form or media, that describe the functionality,
installation, testing, operation, use, maintenance, support, technical or other components, features or
requirements of the Software.

“DTMB” means the Michigan Department of Technology, Management and Budget.
“Effective Date” has the meaning set forth in the preamble.
“Fees” means collectively, the License Fees, Implementation Fees, and Support Services Fees.
“Financial Audit Period” has the meaning set forth in Section 30.1.
“Force Majeure” has the meaning set forth in Section 33.1.
“Harmful Code” means any: (a) virus, trojan horse, worm, backdoor or other software or hardware
devices the effect of which is to permit unauthorized access to, or to disable, erase, or otherwise harm,
any computer, systems or software; or (b) time bomb, drop dead device, or other software or hardware
device designed to disable a computer program automatically with the passage of time or under the
positive control of any Person, or otherwise prevent, restrict or impede the State's or any Authorized
User's use of such software.
“HIPAA” has the meaning set forth in Section 19.1.
“Implementation Fees” has the meaning set forth in Section 16.2.
“Implementation Plan” means the schedule included in the Statement of Work setting forth the
sequence of events for the performance of Services under the Statement of Work, including the
Milestones and Milestone Dates.
“Integration Testing” has the meaning set forth in Section 12.1(c).
“Intellectual Property Rights” means all or any of the following: (a) patents, patent disclosures, and
inventions (whether patentable or not); (b) trademarks, service marks, trade dress, trade names, logos,
corporate names, and domain names, together with all of the associated goodwill; (c) copyrights and
copyrightable works (including computer programs), mask works and rights in data and databases; (d)
trade secrets, know-how and other confidential information; and (e) all other intellectual property rights, in
each case whether registered or unregistered and including all applications for, and renewals or
extensions of, such rights, and all similar or equivalent rights or forms of protection provided by applicable
Law in any jurisdiction throughout the world.
“Key Personnel” means any Contractor Personnel identified as key personnel in the Statement of
Work.
“Law” means any statute, law, ordinance, regulation, rule, code, order, constitution, treaty, common
law, judgment, decree or other requirement or rule of any federal, state, local or foreign government or
political subdivision thereof, or any arbitrator, court or tribunal of competent jurisdiction.
“License Fee” has the meaning set forth in Section 16.1.
“Loss or Losses” means all losses, damages, liabilities, deficiencies, claims, actions, judgments,
settlements, interest, awards, penalties, fines, costs or expenses of whatever kind, including reasonable
attorneys' fees and the costs of enforcing any right to indemnification hereunder and the cost of pursuing
any insurance providers.

“Maintenance Release” means any update, upgrade, release or other adaptation or modification of
the Software, including any updated Documentation, that Contractor may generally provide to its
licensees from time to time during the Term, which may contain, among other things, error corrections,
enhancements, improvements or other changes to the user interface, functionality, compatibility,
capabilities, performance, efficiency or quality of the Software.
“Milestone” means an event or task described in the Implementation Plan under the Statement of
Work that must be completed by the corresponding Milestone Date.
“Milestone Date” means the date by which a particular Milestone must be completed as set forth in
the Implementation Plan under the Statement of Work.
“New Version” means any new version of the Software that the Contractor may from time to time
introduce and market generally as a distinct licensed product, as may be indicated by Contractor's
designation of a new version number.
“Nonconformity” or “Nonconformities” means any failure or failures of the Software to conform to
the requirements of this Contract, including any applicable Documentation.
“Open-Source Components” means any software component that is subject to any open-source
copyright license agreement, including any GNU General Public License or GNU Library or Lesser Public
License, or other obligation, restriction or license agreement that substantially conforms to the Open
Source Definition as prescribed by the Open Source Initiative or otherwise may require disclosure or
licensing to any third party of any source code with which such software component is used or compiled.
“Open-Source License” has the meaning set forth in Section 4.
“Operating Environment” means, collectively, the platform, environment and conditions on, in or
under which the Software is intended to be installed and operate, as set forth in the Statement of Work,
including such structural, functional and other features, conditions and components as hardware,
operating software and system architecture and configuration.
“Permitted Subcontractor” has the meaning set forth in Section 9.4.
“Person” means an individual, corporation, partnership, joint venture, limited liability company,
governmental authority, unincorporated organization, trust, association or other entity.
“Pricing” means any and all fees, rates and prices payable under this Contract, including pursuant to
any Schedule or Exhibit hereto.
“Pricing Schedule” means the schedule attached as Schedule B, setting forth the License Fees,
Implementation Fees, Support Services Fees, and any other fees, rates and prices payable under this
Contract.
“Project Manager” is the individual appointed by each party to (a) monitor and coordinate the day-today activities of this Contract, and (b) for the State, to co-sign off on its notice of Acceptance for the
Software. Each party’s Project Manager will be identified in the Statement of Work.

“Representatives” means a party's employees, officers, directors, partners, shareholders, agents,
attorneys, successors and permitted assigns.
“RFP” means the State’s request for proposal designed to solicit responses for Services under this
Contract.
“Services” means any of the services Contractor is required to or otherwise does provide under this
Contract, the Statement of Work, the Service Level Agreement.
“Service Level Agreement” means the service level agreement attached as Schedule C to this
Contract, setting forth Contractor’s obligations with respect to the hosting, management and operation of
the Software.
“Site” means the physical location designated by the State in, or in accordance with, this Contract or
the Statement of Work for delivery and installation of the Software.
“Software” means Contractor’s software set forth in the Statement of Work, and any Maintenance
Releases or New Versions provided to the State and any Configurations made by or for the State
pursuant to this Contract, and all copies of the foregoing permitted under this Contract.
“Source Code” means the human readable source code of the Software to which it relates, in the
programming language in which the Software was written, together with all related flow charts and
technical documentation, including a description of the procedure for generating object code, all of a level
sufficient to enable a programmer reasonably fluent in such programming language to understand, build,
operate, support, maintain and develop modifications, upgrades, updates, adaptations, enhancements,
new versions and other derivative works and improvements of, and to develop computer programs
compatible with, the Software.
“Specifications” means, for the Software, the specifications collectively set forth in the Business
Requirements Specification, Technical Specification, Documentation, RFP or Contractor’s Bid Response,
if any, for such Software, or elsewhere in the Statement of Work.
“State” means the State of Michigan.
“State Data” has the meaning set forth in Section 19.1.
“State Materials” means all materials and information, including documents, data, know-how, ideas,
methodologies, specifications, software, content and technology, in any form or media, directly or
indirectly provided or made available to Contractor by or on behalf of the State in connection with this
Contract.
“State Resources” has the meaning set forth in Section 10.1(a).
“Statement of Work” means any statement of work entered into by the parties and attached as a
schedule to this Contract. The initial Statement of Work is attached as Schedule A, and subsequent
Statements of Work shall be sequentially identified and attached as Schedules A-1, A-2, A-3, etc.
“Stop Work Order” has the meaning set forth in Section 25.

“Support Services” means the software maintenance and support services Contractor is required to
or otherwise does provide to the State under the the Service Level Agreement.
“Support Services Commencement Date” means, with respect to the Software, the date on which
the Warranty Period for the Software expires or such other date as may be set forth in the Statement of
Work.
“Support Services Fees” has the meaning set forth in Section 16.3.
“Technical Specification” means, with respect to any Software, the document setting forth the
technical specifications for such Software and included in the Statement of Work.
“Term” has the meaning set forth in the preamble.
“Test Data” has the meaning set forth in Section 11.2.
“Test Estimates” has the meaning set forth in Section 11.2.
“Testing Period” has the meaning set forth in Section 12.1(b).
“Third Party” means any Person other than the State or Contractor.
“Transition Period” has the meaning set forth in Section 24.3
“Transition Responsibilities” has the meaning set forth in Section 24.3.
“Unauthorized Removal” has the meaning set forth in Section 9.3(b).
“Unauthorized Removal Credit” has the meaning set forth in Section 9.3(c).
“User Data” means all data, information and other content of any type and in any format, medium or
form, whether audio, visual, digital, screen, GUI or other, that is input, uploaded to, placed into or
collected, stored, processed, generated or output by any device, system or network by or on behalf of the
State, including any and all works, inventions, data, analyses and other information and materials
resulting from any use of the Software by or on behalf of the State under this Contract, except that User
Data does not include the Software or data, information or content, including any GUI, audio, visual or
digital or other display or output, that is generated automatically upon executing the Software without
additional user input.
“Warranty Period” means the ninety (90) calendar-day period commencing on the date of the State's
Acceptance of the Software.
“Work Product” means all State-specific deliverables that Contractor is required to, or otherwise
does, provide to the State under this Contract including but not limited to computer scripts, macros, user
interfaces, reports, project management documents, forms, templates, and other State-specific
documents and related materials together with all ideas, concepts, processes, and methodologies
developed in connection with this Contract whether or not embodied in this Contract.
2. Statements of Work. Contractor shall provide Services and Deliverables pursuant to Statements of
Work entered into under this Contract. No Statement of Work shall be effective unless signed by each

party’s Contract Administrator. The term of each Statement of Work shall commence on the parties' full
execution of the Statement of Work and terminate when the parties have fully performed their obligations.
The terms and conditions of this Contract will apply at all times to any Statements of Work entered into by
the parties and attached as a schedule to this Contract. The State shall have the right to terminate such
Statement of Work as set forth in Section 24. Contractor acknowledges that time is of the essence with
respect to Contractor’s obligations under each Statement of Work and agrees that prompt and timely
performance of all such obligations in accordance with this Contract and the Statements of Work
(including the Implementation Plan and all Milestone Dates) is strictly required.
2.1 Statement of Work Requirements. Each Statement of Work will include the following:
(a) names and contact information for Contractor’s Contract Administrator, Project Manager
and Key Personnel;
(b) names and contact information for the State’s Contract Administrator, Project Manager and
Business Owner;
(c) a detailed description of the Services to be provided under this Contract, including any
training obligations of Contractor;
(d) a detailed description of the Software to be provided under this Contract, including the:
(i) version and release number of the Software;
(ii) Business Requirements Specification;
(iii) Technical Specification; and
(iv) a description of the Documentation to be provided;
(e) an Implementation Plan, including all Milestones, the corresponding Milestone Dates and
the parties’ respective responsibilities under the Implementation Plan;
(f) the due dates for payment of Fees and any invoicing requirements, including any
Milestones on which any such Fees are conditioned, and such other information as the parties deem
necessary;
(g) disclosure of all Open-Source Components (each identified on a separate exhibit to the
Statement of Work), in each case accompanied by such related documents as may be required by this
Contract;
(h) description of all liquidated damages associated with this Contract; and
(i) a detailed description of all State Resources required to complete the Implementation
Plan.
2.2 Change Control Process. The State may at any time request in writing (each, a “Change
Request”) changes to the Statement of Work, including changes to the Services and Implementation
Plan (each, a “Change”). Upon the State’s submission of a Change Request, the parties will evaluate
and implement all Changes in accordance with this Section 2.2.

(a) As soon as reasonably practicable, and in any case within twenty (20) Business Days
following receipt of a Change Request, Contractor will provide the State with a written proposal for
implementing the requested Change (“Change Proposal”), setting forth:
(i) a written description of the proposed Changes to any Services or Deliverables;
(ii) an amended Implementation Plan reflecting: (A) the schedule for commencing and
completing any additional or modified Services or Deliverables; and (B) the effect of
such Changes, if any, on completing any other Services under the Statement of
Work;
(iii) any additional State Resources Contractor deems necessary to carry out such
Changes; and
(iv) any increase or decrease in Fees resulting from the proposed Changes, which
increase or decrease will reflect only the increase or decrease in time and expenses
Contractor requires to carry out the Change.
(b) Within thirty (30) Business Days following the State’s receipt of a Change Proposal, the
State will by written notice to Contractor, approve, reject, or propose modifications to such Change
Proposal. If the State proposes modifications, Contractor must modify and re-deliver the Change
Proposal reflecting such modifications, or notify the State of any disagreement, in which event the parties
will negotiate in good faith to resolve their disagreement. Upon the State’s approval of the Change
Proposal or the parties’ agreement on all proposed modifications, as the case may be, the parties will
execute a written agreement to the Change Proposal (“Change Notice”), which Change Notice will be
signed by the State’s Contract Administrator and will constitute an amendment to the Statement of Work
to which it relates; and
(c) If the parties fail to enter into a Change Notice within fifteen (15) Business Days following
the State’s response to a Change Proposal, the State may, in its discretion:
(i) require Contractor to perform the Services under the Statement of Work without the
Change;
(ii) require Contractor to continue to negotiate a Change Notice;
(iii) initiate a Dispute Resolution Procedure; or
(iv) notwithstanding any provision to the contrary in the Statement of Work, terminate this
Contract under Section 24.
(d) No Change will be effective until the parties have executed a Change Notice. Except as
the State may request in its Change Request or otherwise in writing, Contractor must continue to perform
its obligations in accordance with the Statement of Work pending negotiation and execution of a Change
Notice. Contractor will use its best efforts to limit any delays or Fee increases from any Change to those
necessary to perform the Change in accordance with the applicable Change Notice. Each party is
responsible for its own costs and expenses of preparing, evaluating, negotiating, and otherwise
processing any Change Request, Change Proposal, and Change Notice.
(e) The performance of any functions, activities, tasks, obligations, roles and responsibilities
comprising the Services as described in this Contract are considered part of the Services and, thus, will

not be considered a Change. This includes the delivery of all Deliverables in accordance with their
respective Specifications, and the diagnosis and correction of Non-Conformities discovered in
Deliverables prior to their Acceptance by the State or, subsequent to their Acceptance by the State, as
necessary for Contractor to fulfill its associated warranty requirements and its Support Services under this
Contract.
(f) Contractor may, on its own initiative and at its own expense, prepare and submit its own
Change Request to the State. However, the State will be under no obligation to approve or otherwise
respond to a Change Request initiated by Contractor.
3. License Grant and Restrictions.
3.1 Contractor License Grant. Contractor hereby grants to the State, exercisable by and through its
Authorized Users, a nonexclusive, royalty-free, irrevocable (except as provided herein) right and license
during the Term and such additional periods, if any, as Contractor is required to perform Services under
this Contract or any Statement of Work, to:
(a) access and use the Hosted Services, including in operation with other software, hardware,
systems, networks and services, for the State’s business purposes, including for Processing State Data;
(b) generate, print, copy, upload, download, store and otherwise Process all GUI, audio,
visual, digital and other output, displays and other content as may result from any access to or use of the
Services;
(c) prepare, reproduce, print, download and use a reasonable number of copies of the
Specifications and Documentation for any use of the Services under this Contract; and
(d) access and use the Services for all such non-production uses and applications as may be
necessary or useful for the effective use of the Hosted Services hereunder, including for purposes of
analysis, development, configuration, integration, testing, training, maintenance, support and repair,
which access and use will be without charge and not included for any purpose in any calculation of the
State’s or its Authorized Users’ use of the Services, including for purposes of assessing any Fees or other
consideration payable to Contractor or determining any excess use of the Hosted Services as described
in Section 3.3.
3.2 License Restrictions. The State will not: (a) rent, lease, lend, sell, sublicense, assign, distribute,
publish, transfer or otherwise make the Hosted Services available to any third party, except as expressly
permitted by this Contract or in any Statement of Work; or (b) use or authorize the use of the Services or
Documentation in any manner or for any purpose that is unlawful under applicable Law.
3.3 Use. The State will pay Contractor the corresponding Fees set forth in the Statement of Work
for all Authorized Users access and use of the Service Software. Such Fees will be Contractor’s sole and
exclusive remedy for use of the Service Software, including any excess use.

3.4 State License Grant. The State hereby grants to Contractor a limited, non-exclusive, nontransferable license (i) to use the State's (or individual agency’s, department’s or division’s) name,
trademarks, service marks or logos, solely in accordance with the State’s specifications, and (ii) to
display, reproduce, distribute and transmit in digital form the State’s (or individual agency’s, department’s
or division’s) name, trademarks, service marks or logos in connection with promotion of the Services as
communicated to Contractor by the State. Use of the State’s (or individual agency’s, department’s or
division’s) name, trademarks, service marks or logos will be specified in the applicable Statement of
Work.
4. Open-Source Licenses. Any use hereunder of Open-Source Components shall be governed by,
and subject to, the terms and conditions of the applicable open-source license (“Open-Source License”).
Contractor shall maintain an exhibit available to the State upon request that lists all open-source licenses
being utilized and identifies the URL where these licenses are publicly available.
5. Software Implementation.
5.1 Implementation. Contractor will deliver, install, configure, integrate, and otherwise provide and
make fully operational the Software on or prior to the applicable Milestone Date in accordance with the
criteria set forth in the Statement of Work.
5.2 Site Preparation. Unless otherwise set forth in the Statement of Work, Contractor is responsible
for ensuring the relevant Operating Environment is set up and in working order to allow Contractor to
deliver and install the Software on or prior to the applicable Milestone Date. Contractor will provide the
State with such notice as is specified in the Statement of Work, prior to delivery of the Software to give
the State sufficient time to prepare for Contractor’s delivery and installation of the Software. If the State is
responsible for Site preparation, Contractor will provide such assistance as the State requests to
complete such preparation on a timely basis.
6. Hosting. Contractor will maintain the Availability Requirement and the Support Service Level
Requirement set forth in the Service Level Agreement attached as Schedule C to this Contract.
7. Support Services
7.1 Support Services. Contractor shall provide the State with the Support Services described in the
Service Level Agreement attached as Schedule C to this Contract. Such Support Services shall be
provided:
(a) Free of charge during the Warranty Period, it being acknowledged and agreed that the
License Fee includes full consideration for such Services during such period.
(b) Thereafter, for so long as the State elects to receive Support Services for the Software, in
consideration of the State's payment of Support Services Fees in accordance with Section 16 and the
rates set forth in the Pricing Schedule.
8. Data Privacy and Information Security.
8.1 Undertaking by Contractor. Without limiting Contractor’s obligation of confidentiality as further
described, Contractor is responsible for establishing and maintaining a data privacy and information

security program, including physical, technical, administrative, and organizational safeguards, that is
designed to: (a) ensure the security and confidentiality of the State Data; (b) protect against any
anticipated threats or hazards to the security or integrity of the State Data; (c) protect against
unauthorized disclosure, access to, or use of the State Data; (d) ensure the proper disposal of State Data;
and (e) ensure that all Contractor Representatives comply with all of the foregoing. In no case will the
safeguards of Contractor’s data privacy and information security program be less stringent than the
safeguards used by the State, and Contractor must at all times comply with all applicable State IT policies
and standards, which are available at http://www.michigan.gov/dtmb/0,4568,7-150-56355 56579 56755--
-,00.html.
8.2 To the extent that Contractor has access to the State’s computer system, Contractor must
comply with the State’s Acceptable Use Policy, see http://michigan.gov/cybersecurity/0,1607,7-217-
34395 34476---,00.html. All Contractor Personnel will be required, in writing, to agree to the State’s
Acceptable Use Policy before accessing the State’s system. The State reserves the right to terminate
Contractor’s access to the State’s system if a violation occurs.
8.3 Right of Audit by the State. Without limiting any other audit rights of the State, the State has the
right to review Contractor’s data privacy and information security program prior to the commencement of
Services and from time to time during the term of this Contract. During the providing of Services, on an
ongoing basis from time to time and without notice, the State, at its own expense, is entitled to perform, or
to have performed, an on-site audit of Contractor’s data privacy and information security program. In lieu
of an on-site audit, upon request by the State, Contractor agrees to complete, within forty-five (45)
calendar days of receipt, an audit questionnaire provided by the State regarding Contractor’s data privacy
and information security program.
8.4 Audit Findings. With respect to State Data, Contractor must implement any required safeguards
as identified by the State or by any audit of Contractor’s data privacy and information security program.
8.5 State’s Right to Termination for Deficiencies. The State reserves the right, at its sole election,
to immediately terminate this Contract or the Statement of Work without limitation and without liability if
the State determines that Contractor fails or has failed to meet its obligations under this Section 8.
8.6 Security Requirements. Contractor shall comply with the security requirements set forth in
Schedule D to this Contract.
9. Performance of Services. Contractor will provide all Services and Deliverables in a timely,
professional and workmanlike manner and in accordance with the terms, conditions, and Specifications
set forth in this Contract and the Statement of Work.
9.1 Contractor Personnel.
(a) Contractor is solely responsible for all Contractor Personnel and for the payment of their
compensation, including, if applicable, withholding of income taxes, and the payment and withholding of
social security and other payroll taxes, unemployment insurance, workers’ compensation insurance
payments and disability benefits.
(b) Prior to any Contractor Personnel performing any Services, Contractor will:
(i) ensure that such Contractor Personnel have the legal right to work in the United
States;

(ii) upon request, require such Contractor Personnel to execute written agreements, in
form and substance acceptable to the State, that bind such Contractor Personnel to
confidentiality provisions that are at least as protective of the State’s information
(including all Confidential Information) as those contained in this Contract; and
(iii) upon request, perform background checks on all Contractor Personnel prior to their
assignment. The scope is at the discretion of the State and documentation must be
provided as requested. Contractor is responsible for all costs associated with the
requested background checks. The State, in its sole discretion, may also perform
background checks on Contractor Personnel.
(c) Contractor and all Contractor Personnel will comply with all rules, regulations, and policies
of the State that are communicated to Contractor in writing, including security procedures concerning
systems and data and remote access, building security procedures, including the restriction of access by
the State to certain areas of its premises or systems, and general health and safety practices and
procedures.
(d) The State reserves the right to require the removal of any Contractor Personnel found, in
the judgment of the State, to be unacceptable. The State’s request must be written with reasonable detail
outlining the reasons for the removal request. Replacement personnel for the removed person must be
fully qualified for the position. If the State exercises this right, and Contractor cannot immediately replace
the removed personnel, the State agrees to negotiate an equitable adjustment in schedule or other terms
that may be affected by the State’s required removal.
9.2 Contractor’s Project Manager. Throughout the Term of this Contract, Contractor must maintain
a Contractor employee acceptable to the State to serve as Contractor’s Project Manager, who will be
considered Key Personnel of Contractor. Contractor’s Project Manager will be identified in the Statement
of Work.
(a) Contractor’s Project Manager must:
(i) have the requisite authority, and necessary skill, experience, and qualifications, to
perform in such capacity;
(ii) be responsible for overall management and supervision of Contractor’s performance
under this Contract; and
(iii) be the State’s primary point of contact for communications with respect to this
Contract, including with respect to giving and receiving all day-to-day approvals and
consents.
(b) Contractor’s Project Manager must attend all regularly scheduled meetings as set forth in
the Implementation Plan, and will otherwise be available as set forth in the Statement of Work.
(c) Contractor will maintain the same Project Manager throughout the Term of this Contract,
unless:
(i) the State requests in writing the removal of Contractor’s Project Manager;
(ii) the State consents in writing to any removal requested by Contractor in writing;

(iii) Contractor’s Project Manager ceases to be employed by Contractor, whether by
resignation, involuntary termination or otherwise.
(d) Contractor will promptly replace its Project Manager on the occurrence of any event set
forth in Section 9.2(c). Such replacement will be subject to the State's prior written approval.
9.3 Contractor’s Key Personnel.
(a) The State has the right to recommend and approve in writing the initial assignment, as well
as any proposed reassignment or replacement, of any Key Personnel. Before assigning an individual to
any Key Personnel position, Contractor will notify the State of the proposed assignment, introduce the
individual to the State’s Project Manager, and provide the State with a resume and any other information
about the individual reasonably requested by the State. The State reserves the right to interview the
individual before granting written approval. In the event the State finds a proposed individual
unacceptable, the State will provide a written explanation including reasonable detail outlining the
reasons for the rejection.
(b) Contractor will not remove any Key Personnel from their assigned roles on this Contract
without the prior written consent of the State. The Contractor’s removal of Key Personnel without the
prior written consent of the State is an unauthorized removal (“Unauthorized Removal”). An
Unauthorized Removal does not include replacing Key Personnel for reasons beyond the reasonable
control of Contractor, including illness, disability, leave of absence, personal emergency circumstances,
resignation, or for cause termination of the Key Personnel’s employment. Any Unauthorized Removal
may be considered by the State to be a material breach of this Contract, in respect of which the State
may elect to terminate this Contract for cause under Section 24.1.
(c) It is further acknowledged that an Unauthorized Removal will interfere with the timely and
proper completion of this Contract, to the loss and damage of the State, and that it would be impracticable
and extremely difficult to fix the actual damage sustained by the State as a result of any Unauthorized
Removal. Therefore, Contractor and the State agree that in the case of any Unauthorized Removal in
respect of which the State does not elect to exercise its rights under Section 24.1, Contractor will issue to
the State an amount equal to $25,000 per individual (each, an “Unauthorized Removal Credit”).
(d) Contractor acknowledges and agrees that each of the Unauthorized Removal Credits
assessed under Subsection (c) above: (i) is a reasonable estimate of and compensation for the
anticipated or actual harm to the State that may arise from the Unauthorized Removal, which would be
impossible or very difficult to accurately estimate; and (ii) may, at the State’s option, be credited or set off
against any Fees or other charges payable to Contractor under this Contract.
9.4 Subcontractors. Contractor will not, without the prior written approval of the State, which
consent may be given or withheld in the State’s sole discretion, engage any Third Party to perform
Services. The State’s approval of any such Third Party (each approved Third Party, a “Permitted
Subcontractor”) does not relieve Contractor of its representations, warranties or obligations under this
Contract. Without limiting the foregoing, Contractor will:
(a) be responsible and liable for the acts and omissions of each such Permitted Subcontractor
(including such Permitted Subcontractor's employees who, to the extent providing Services or
Deliverables, shall be deemed Contractor Personnel) to the same extent as if such acts or omissions
were by Contractor or its employees;

(b) name the State a third party beneficiary under Contractor’s Contract with each Permitted
Subcontractor with respect to the Services;
(c) be responsible for all fees and expenses payable to, by or on behalf of each Permitted
Subcontractor in connection with this Contract, including, if applicable, withholding of income taxes, and
the payment and withholding of social security and other payroll taxes, unemployment insurance, workers'
compensation insurance payments and disability benefits; and
(d) notify the State of the location of the Permitted Subcontractor and indicate if it is located
within the continental United States.
10. State Obligations.
10.1 State Resources and Access. The State is responsible for:
(a) providing the State Materials and such other resources as may be specified in the
Statement of Work (collectively, “State Resources”); and
(b) if the Software is internally hosted on State systems, providing Contractor Personnel with
such access to the Site(s) and Operating Environment as is necessary for Contractor to perform its
obligations on a timely basis as set forth in the Statement of Work.
10.2 State Project Manager. Throughout the Term of this Contract, the State will maintain a State
employee to serve as the State’s Project Manager under this Contract. The State’s Project Manager will
be identified in the Statement of Work. The State’s Project Manager will be available as set forth in the
Statement of Work.
11. Pre-Delivery Testing.
11.1 Testing By Contractor. Before delivering and installing the Software, Contractor must:
(a) test the Software to confirm that it is fully operable, meets all applicable Specifications and
will function in accordance with the Specifications and Documentation when properly installed in the
Operating Environment;
(b) scan the Software using industry standard scanning software and definitions to confirm it is
free of Harmful Code; and
(c) remedy any Non-Conformity or Harmful Code identified and retest and rescan the
Software.
11.2 Test Data and Estimates. Unless otherwise specified in the Statement of Work, Contractor shall
provide to the State all test data and testing scripts used by Contractor for its pre-delivery testing (“Test
Data”), together with the results Contractor expects to be achieved by processing the Test Data using the
Software (“Test Estimates,” and together with Test Data, “Contractor’s Test Package”).
12. Acceptance Testing.
12.1 Acceptance Testing.

(a) Unless otherwise specified in the Statement of Work, upon installation of the Software,
Acceptance Tests will be conducted as set forth in this Section 12 to ensure the Software conforms to
the requirements of this Contract, including the applicable Specifications and Documentation. The State
may, but is not obligated, to perform its own pretest on the Software utilizing Contractor’s Test Package.
If the State does perform a pretest, and Contractor’s Test Package does not successfully pass the Test
Data or Test Estimate scripts as described by Contractor, the State, at its discretion, is not obligated to
move into the formal Acceptance Tests set forth in this Section. The State may elect to send Contractor’s
Test Package back to Contractor to correct any problems encountered with the Test Data or Test
Estimates.
(b) All Acceptance Tests will take place at the designated Site(s) in the Operating
Environment described in the Statement of Work, commence on the Business Day following installation of
the Software and be conducted diligently for up to thirty (30) Business Days, or such other period as may
be set forth in the Statement of Work (the “Testing Period”). Acceptance Tests will be conducted by the
party responsible as set forth in the Statement of Work or, if the Statement of Work does not specify, the
State, provided that:
(i) for Acceptance Tests conducted by the State, if requested by the State, Contractor
will make suitable Contractor Personnel available to observe or participate in such
Acceptance Tests; and
(ii) for Acceptance Tests conducted by Contractor, the State has the right to observe or
participate in all or any part of such Acceptance Tests.
Contractor is solely responsible for all costs and expenses related to Contractor’s performance of,
participation in, and observation of Acceptance Testing.
(c) Upon delivery and installation of any API, Configuration or Customization to the Software
under the Statement of Work, additional Acceptance Tests will be performed on the modified Software as
a whole to ensure full operability, integration, and compatibility among all elements of the Software
(“Integration Testing”). Integration Testing is subject to all procedural and other terms and conditions
set forth in Section 12.1, Section 12.3, and Section 12.4.
(d) The State may suspend Acceptance Tests and the corresponding Testing Period by
written notice to Contractor if the State discovers a material Non-Conformity in the tested Software or part
or feature of the Software. In such event, Contractor will immediately, and in any case within ten (10)
Business Days, correct such Non-Conformity, whereupon the Acceptance Tests and Testing Period will
resume for the balance of the Testing Period.
12.2 Notices of Completion, Non-Conformities, and Acceptance. Within fifteen (15) Business Days
following the completion of any Acceptance Tests, including any Integration Testing, the party responsible
for conducting the tests will prepare and provide to the other party written notice of the completion of the
tests. Such notice must include a report describing in reasonable detail the tests conducted and the
results of such tests, including any uncorrected Non-Conformity in the tested Software.
(a) If such notice is provided by either party and identifies any Non-Conformities, the parties’
rights, remedies, and obligations will be as set forth in Section 12.3 and Section 12.4.

(b) If such notice is provided by the State, is signed by the State’s Business Owner and
Project Manager, and identifies no Non-Conformities, such notice constitutes the State's Acceptance of
such Software.
(c) If such notice is provided by Contractor and identifies no Non-Conformities, the State will
have thirty (30) Business Days to use the Software in the Operating Environment and determine, in the
exercise of its sole discretion, whether it is satisfied that the Software contains no Non-Conformities, on
the completion of which the State will, as appropriate:
(i) notify Contractor in writing of Non-Conformities the State has observed in the
Software and of the State’s non-acceptance thereof, whereupon the parties’ rights,
remedies and obligations will be as set forth in Section 12.3 and Section 12.4; or
(ii) provide Contractor with a written notice of its Acceptance of such Software, which
must be signed by the State’s Business Owner and Project Manager.
12.3 Failure of Acceptance Tests. If Acceptance Tests identify any Non-Conformities, Contractor, at
Contractor’s sole cost and expense, will remedy all such Non-Conformities and re-deliver the Software, in
accordance with the requirements set forth in the Statement of Work. Redelivery will occur as promptly
as commercially possible and, in any case, within thirty (30) Business Days following, as applicable,
Contractor’s:
(a) completion of such Acceptance Tests, in the case of Acceptance Tests conducted by
Contractor; or
(b) receipt of the State’s notice under Section 12.1(a) or Section 12.2(c)(i), identifying any
Non-Conformities.
12.4 Repeated Failure of Acceptance Tests. If Acceptance Tests identify any Non-Conformity in the
Software after a second or subsequent delivery of the Software, or Contractor fails to re-deliver the
Software on a timely basis, the State may, in its sole discretion, by written notice to Contractor:
(a) continue the process set forth in this Section 12;
(b) accept the Software as a nonconforming deliverable, in which case the Fees for such
Software will be reduced equitably to reflect the value of the Software as received relative to the value of
the Software had it conformed; or
(c) deem the failure to be a non-curable material breach of this Contract and the Statement of
Work and terminate this Contract for cause in accordance with Section 24.1.
12.5 Acceptance. Acceptance (“Acceptance”) of the Software (subject, where applicable, to the
State’s right to Integration Testing) will occur on the date that is the earliest of the State’s delivery of a
notice accepting the Software under Section 12.2(b), or Section 12.2(c)(ii).
13. Training. Contractor shall provide training on all uses of the Software permitted hereunder in
accordance with the times, locations and other terms set forth in the Statement of Work and the Pricing
Schedule. Upon the State's request, Contractor shall timely provide training for additional Authorized
Users or other additional training on all uses of the Software for which the State requests such training, at
such reasonable times and locations and pursuant to such rates and other terms as are set forth in the
Pricing Schedule.

14. Maintenance Releases; New Versions
14.1 Maintenance Releases. Provided that the State is current on its Support Services Fees, during
the Term, Contractor shall provide the State, at no additional charge, with all Maintenance Releases,
each of which will constitute Software and be subject to the terms and conditions of this Contract.
14.2 New Versions. Provided that the State is current on its Support Services Fees, during the
Term, Contractor shall provide the State, at no additional charge, with all New Versions, each of which will
constitute Software and be subject to the terms and conditions of this Contract.
14.3 Installation. The State has no obligation to install or use any Maintenance Release or New
Versions. If the State wishes to install any Maintenance Release or New Version, the State shall have the
right to have such Maintenance Release or New Version installed, in the State's discretion, by Contractor
or other authorized party as set forth in the Statement of Work. Contractor shall provide the State, at no
additional charge, adequate Documentation for installation of the Maintenance Release or New Version,
which has been developed and tested by Contractor and Acceptance Tested by the State. The State’s
decision not to install or implement a Maintenance Release or New Version of the Software will not affect
its right to receive Support Services throughout the Term of this Contract.
15. Source Code Escrow
15.1 Escrow Contract. The parties may enter into a separate intellectual property escrow
agreement. Such escrow agreement will govern all aspects of Source Code escrow and release.
16. Fees
16.1 License Fee. In consideration of, and as payment in full for, the rights and license to use the
Software and Documentation as provided in this Contract, the State shall pay to Contractor the license
fees (the “License Fee”) set forth on the Pricing Schedule, subject to and in accordance with the terms
and conditions of this Contract, including the applicable timetable and other provisions of the Statement of
Work and this Section 16.
16.2 Implementation Fees. In consideration of, and as payment in full for, Contractor’s provision of
implementation services as provided in this Contract and the Statement of Work, the State shall pay to
Contractor the implementation fees (the “Implementation Fees”) set forth on the Pricing Schedule,
subject to and in accordance with the terms and conditions of this Contract, including the applicable
timetable and other provisions of the Statement of Work and this Section 16.
16.3 Support Service Fees. In consideration of Contractor providing the Support Services as
required under the Service Level Agreement , the State shall pay to Contractor the Support Services fees
(the “Support Service Fees”) set forth in the Pricing Schedule, subject to and in accordance with the
terms and conditions of this Contract, including the applicable provisions of the Service Level Agreement
and this Section 16.
16.4 Firm Pricing/Fee Changes. All Pricing set forth in this Contract is firm and will not be increased,
except as otherwise expressly provided in this Section 16.4.
(a) The License Fee will not be increased at any time except for the addition of additional
licenses, the fees for which licenses will also remain firm in accordance with the Pricing set forth in the
Pricing Schedule.

17. Invoices and Payment.
17.1 Invoices. Contractor will invoice the State for Fees in accordance with the requirements set
forth in the Statement of Work, including any requirements that condition the rendering of invoices and
the payment of Fees upon the successful completion of Milestones. Contractor must submit each invoice
in both hard copy and electronic format, via such delivery means and to such address as are specified by
the State in the Statement of Work. Each separate invoice must:
(a) clearly identify the Contract and purchase order number to which it relates, in such manner
as is required by the State;
(b) list each Fee item separately;
(c) include sufficient detail for each line item to enable the State to satisfy its accounting and
charge-back requirements;
(d) for Fees determined on a time and materials basis, report details regarding the number of
hours performed during the billing period, the skill or labor category for such Contractor Personnel and
the applicable hourly billing rates;
(e) include such other information as may be required by the State as set forth in the
Statement of Work; and
(f) Itemized invoices must be submitted to .
17.2 Payment. Invoices are due and payable by the State, in accordance with the State’s standard
payment procedures as specified in 1984 Public Act no. 279, MCL 17.51, et seq., within forty-five (45)
calendar days after receipt, provided the State determines that the invoice was properly rendered. The
State will only disburse payments under this Contract through Electronic Funds Transfer (EFT).
Contractor must register with the State at http://www.michigan.gov/SIGMAVSS to receive electronic fund
transfer payments. If Contractor does not register, the State is not liable for failure to provide payment
17.3 Taxes. The State is exempt from State sales tax for direct purchases and may be exempt from
federal excise tax, if Services or Deliverables purchased under this Contract are for the State’s exclusive
use. Notwithstanding the foregoing, all Fees are inclusive of taxes, and Contractor is responsible for all
sales, use and excise taxes, and any other similar taxes, duties and charges of any kind imposed by any
federal, state, or local governmental entity on any amounts payable by the State under this Contract.
17.4 Payment Disputes. The State may withhold from payment any and all payments and amounts
the State disputes in good faith, pending resolution of such dispute, provided that the State:
(a) timely renders all payments and amounts that are not in dispute;
(b) notifies Contractor of the dispute prior to the due date for payment, specifying in such
notice:
(i) the amount in dispute; and
(ii) the reason for the dispute set out in sufficient detail to facilitate investigation by
Contractor and resolution by the parties;

(c) works with Contractor in good faith to resolve the dispute promptly; and
(d) promptly pays any amount determined to be payable by resolution of the dispute.
Contractor shall not withhold any Services or fail to perform any obligation hereunder by reason
of the State's good faith withholding of any payment or amount in accordance with this Section 17.4 or
any dispute arising therefrom.
17.5 Right of Setoff. Without prejudice to any other right or remedy it may have, the State reserves
the right to set off at any time any amount owing to it by Contractor against any amount payable by the
State to Contractor under this Contract.
18. Intellectual Property Rights
18.1 Ownership Rights in Software
(a) Subject to the rights and licenses granted by Contractor in this Contract, and the
provisions of Section 18.1(b):
(i) Contractor reserves and retains its entire right, title and interest in and to all
Intellectual Property Rights arising out of or relating to the Software; and
(ii) none of the State or Authorized Users acquire any ownership of Intellectual Property
Rights in or to the Software or Documentation as a result of this Contract.
(b) As between the State, on the one hand, and Contractor, on the other hand, the State has,
reserves and retains, sole and exclusive ownership of all right, title and interest in and to User Data,
including all Intellectual Property Rights arising therefrom or relating thereto.
18.2 Rights in Open-Source Components. Ownership of all Intellectual Property Rights in OpenSource Components shall remain with the respective owners thereof, subject to the State's rights under
the applicable Open-Source Licenses.
18.3 The State is and will be the sole and exclusive owner of all right, title, and interest in and to all
API and Work Product developed exclusively for the State under this Contract, including all Intellectual
Property Rights. In furtherance of the foregoing:
(a) Contractor will create all API and Work Product as work made for hire as defined in
Section 101 of the Copyright Act of 1976; and
(b) to the extent any API, Work Product, or Intellectual Property Rights do not qualify as, or
otherwise fails to be, work made for hire, Contractor hereby:
(i) assigns, transfers, and otherwise conveys to the State, irrevocably and in perpetuity,
throughout the universe, all right, title, and interest in and to such API or Work
Product, including all Intellectual Property Rights; and
(ii) irrevocably waives any and all claims Contractor may now or hereafter have in any
jurisdiction to so-called “moral rights” or rights of droit moral with respect to the API or
Work Product.

19. State Data.
19.1 Ownership. The State’s data (“State Data”), which will be treated by Contractor as Confidential
Information, includes: (a) User Data; and (b) any other data collected, used, processed, stored, or
generated by the State in connection with the Services, including but not limited to (i) personally
identifiable information (“PII”) collected, used, processed, stored, or generated as the result of the
Services, including, without limitation, any information that identifies an individual, such as an individual’s
social security number or other government-issued identification number, date of birth, address,
telephone number, biometric data, mother’s maiden name, email address, credit card information, or an
individual’s name in combination with any other of the elements here listed; and (ii) personal health
information (“PHI”) collected, used, processed, stored, or generated as the result of the Services, which is
defined under the Health Insurance Portability and Accountability Act (“HIPAA”) and its related rules and
regulations; and (iii) CJI Data. State Data is and will remain the sole and exclusive property of the State
and all right, title, and interest in the same is reserved by the State. This Section 19.1 survives
termination or expiration of this Contract.
19.2 Contractor Use of State Data. Contractor is provided a limited license to State Data for the sole
and exclusive purpose of providing the Services, including a license to collect, process, store, generate,
and display State Data only to the extent necessary in the provision of the Services. Contractor must: (a)
keep and maintain State Data in strict confidence, using such degree of care as is appropriate and
consistent with its obligations as further described in this Contract and applicable law to avoid
unauthorized access, use, disclosure, or loss; (b) use and disclose State Data solely and exclusively for
the purpose of providing the Services, such use and disclosure being in accordance with this Contract,
any applicable Statement of Work, and applicable law; and (c) not use, sell, rent, transfer, distribute, or
otherwise disclose or make available State Data for Contractor’s own purposes or for the benefit of
anyone other than the State without the State’s prior written consent. This Section 19.2 survives
termination or expiration of this Contract.
19.3 Loss or Compromise of Data. In the event of any act, error or omission, negligence,
misconduct, or breach on the part of Contractor that compromises or is suspected to compromise the
security, confidentiality, or integrity of State Data or the physical, technical, administrative, or
organizational safeguards put in place by Contractor that relate to the protection of the security,
confidentiality, or integrity of State Data, Contractor must, as applicable: (a) notify the State as soon as
practicable but no later than twenty-four (24) hours of becoming aware of such occurrence; (b) cooperate
with the State in investigating the occurrence, including making available all relevant records, logs, files,
data reporting, and other materials required to comply with applicable law or as otherwise required by the
State; (c) in the case of PII or PHI, at the State’s sole election, (i) with approval and assistance from the
State, notify the affected individuals who comprise the PII or PHI as soon as practicable but no later than
is required to comply with applicable law, or, in the absence of any legally required notification period,
within five (5) calendar days of the occurrence; or (ii) reimburse the State for any costs in notifying the
affected individuals; (d) in the case of PII, provide third-party credit and identity monitoring services to
each of the affected individuals who comprise the PII for the period required to comply with applicable
law, or, in the absence of any legally required monitoring services, for no less than twenty-four (24)
months following the date of notification to such individuals; (e) perform or take any other actions required
to comply with applicable law as a result of the occurrence; (f) pay for any costs associated with the
occurrence, including but not limited to any costs incurred by the State in investigating and resolving the
occurrence, including reasonable attorney’s fees associated with such investigation and resolution; (g)
without limiting Contractor’s obligations of indemnification as further described in this Contract, indemnify,

defend, and hold harmless the State for any and all claims, including reasonable attorneys’ fees, costs,
and incidental expenses, which may be suffered by, accrued against, charged to, or recoverable from the
State in connection with the occurrence; (h) be responsible for recreating lost State Data in the manner
and on the schedule set by the State without charge to the State; and (i) provide to the State a detailed
plan within ten (10) calendar days of the occurrence describing the measures Contractor will undertake to
prevent a future occurrence. Notification to affected individuals, as described above, must comply with
applicable law, be written in plain language, not be tangentially used for any solicitation purposes, and
contain, at a minimum: name and contact information of Contractor’s representative; a description of the
nature of the loss; a list of the types of data involved; the known or approximate date of the loss; how
such loss may affect the affected individual; what steps Contractor has taken to protect the affected
individual; what steps the affected individual can take to protect himself or herself; contact information for
major credit card reporting agencies; and, information regarding the credit and identity monitoring
services to be provided by Contractor. The State will have the option to review and approve any
notification sent to affected individuals prior to its delivery. Notification to any other party, including but
not limited to public media outlets, must be reviewed and approved by the State in writing prior to its
dissemination. This Section 19.3 survives termination or expiration of this Contract.
19.4 Discovery. Contractor shall immediately notify the State upon receipt of any requests which in
any way might reasonably require access to State Data or the State's use of the Hosted Services.
Contractor shall notify the State Project Manager by the fastest means available and also in writing. In no
event shall Contractor provide such notification more than twenty-four (24) hours after Contractor receives
the request. Contractor shall not respond to subpoenas, service of process, FOIA requests, and other
legal requests related to the State without first notifying the State and obtaining the State’s prior approval
of Contractor’s proposed responses. Contractor agrees to provide its completed responses to the State
with adequate time for State review, revision and approval.
20. Confidential Information. Each party acknowledges that it may be exposed to or acquire
communication or data of the other party that is confidential in nature and is not intended to be disclosed
to third parties. This Section 20 survives termination or expiration of this Contract.
20.1 Meaning of Confidential Information. The term “Confidential Information” means all
information and documentation of a party that: (a) has been marked “confidential” or with words of similar
meaning, at the time of disclosure by such party; (b) if disclosed orally or not marked “confidential” or with
words of similar meaning, was subsequently summarized in writing by the disclosing party and marked
“confidential” or with words of similar meaning; and, (c) should reasonably be recognized as confidential
information of the disclosing party. The term “Confidential Information” does not include any information
or documentation that was or is: (a) in the possession of the State and subject to disclosure under the
Michigan Freedom of Information Act (FOIA); (b) already in the possession of the receiving party without
an obligation of confidentiality; (c) developed independently by the receiving party, as demonstrated by
the receiving party, without violating the disclosing party’s proprietary rights; (d) obtained from a source
other than the disclosing party without an obligation of confidentiality; or, (e) publicly available when
received, or thereafter became publicly available (other than through any unauthorized disclosure by,
through, or on behalf of, the receiving party). Notwithstanding the above, in all cases and for all matters,
State Data is deemed to be Confidential Information.
20.2 Obligation of Confidentiality. The parties agree to hold all Confidential Information in strict
confidence and not to copy, reproduce, sell, transfer, or otherwise dispose of, give or disclose such
Confidential Information to third parties other than employees, agents, or subcontractors of a party who
have a need to know in connection with this Contract or to use such Confidential Information for any

purposes whatsoever other than the performance of this Contract. The parties agree to advise and
require their respective employees, agents, and subcontractors of their obligations to keep all Confidential
Information confidential. Disclosure to the Contractor’s subcontractor is permissible where: (a) the
subcontractor is a Permitted Subcontractor; (b) the disclosure is necessary or otherwise naturally occurs
in connection with work that is within the Permitted Subcontractor's responsibilities; and (c) Contractor
obligates the Permitted Subcontractor in a written contract to maintain the State’s Confidential Information
in confidence. At the State’s request, any of the Contractor’s Representatives may be required to
execute a separate agreement to be bound by the provisions of this Section 20.2.
20.3 Cooperation to Prevent Disclosure of Confidential Information. Each party must use its best
efforts to assist the other party in identifying and preventing any unauthorized use or disclosure of any
Confidential Information. Without limiting the foregoing, each party must advise the other party
immediately in the event either party learns or has reason to believe that any person who has had access
to Confidential Information has violated or intends to violate the terms of this Contract. Each party will
cooperate with the other party in seeking injunctive or other equitable relief against any such person.
20.4 Remedies for Breach of Obligation of Confidentiality. Each party acknowledges that breach of
its obligation of confidentiality may give rise to irreparable injury to the other party, which damage may be
inadequately compensable in the form of monetary damages. Accordingly, a party may seek and obtain
injunctive relief against the breach or threatened breach of the foregoing undertakings, in addition to any
other legal remedies which may be available, to include, in the case of the State, at the sole election of
the State, the immediate termination, without liability to the State, of this Contract or any Statement of
Work corresponding to the breach or threatened breach.
20.5 Surrender of Confidential Information upon Termination. Upon termination or expiration of this
Contract or a Statement of Work, in whole or in part, each party must, within five (5) Business Days from
the date of termination, return to the other party any and all Confidential Information received from the
other party, or created or received by a party on behalf of the other party, which are in such party’s
possession, custody, or control. If Contractor or the State determine that the return of any Confidential
Information is not feasible, such party must destroy the Confidential Information and certify the same in
writing within five (5) Business Days from the date of termination to the other party.
21. HIPAA Compliance. The State and Contractor must comply with all obligations under HIPAA and its
accompanying regulations, including but not limited to entering into a business associate agreement, if
reasonably necessary to keep the State and Contractor in compliance with HIPAA.
22. ADA Compliance. The State is required to comply with the Americans with Disabilities Act of 1990
(ADA), and has adopted a formal policy regarding accessibility requirements for websites and software
applications. Contractor’s Service Software must comply, where relevant, with level AA of the World
Wide Web Consortium (W3C) Web Content Accessibility Guidelines (WCAG) 2.0.
23. CJIS Compliance.
Contractor shall comply with all Criminal Justice Information Services (CJIS) Security Policy requirements
that are communicated to the Contractor in writing, including the FBI CJIS Security Addendum attached
as Schedule F. Changes required to Contractor’s performance due to a change in CJIS requirements
shall be subject to Section 2.2 Change Control Process.
Contractor personnel who will be subject to a Michigan State Police (MSP) performed background check
pursuant to Schedule F, as determined by the State, shall complete security awareness training within six

(6) months of initial assignment and biennially thereafter. MSP shall provide Contractor with the required
training materials. Documentation of completion of the training will be provided to MSP upon request.
The State reserves the right to perform additional background checks on Contractor personnel as may be
required to comply with the CJIS Security Policy.
During the term, Contractor will maintain complete and accurate records relating to its data protection
practices and the security of any of the State’s Confidential Information, including any backup, disaster
recovery or other policies, practices or procedures relating to the State’s Confidential Information and any
other information relevant to its compliance with this Section 23. Contractor shall make all such records,
appropriate personnel, and relevant materials available in the event of an audit initiated by the State or
the FBI.
Contractor shall comply with all CJIS requirements for the Infrastructure Services Provider’s data center
including, if necessary, entering into an FBI CJIS Security Addendum or other required agreements with
its Infrastructure Services Provider on behalf of the State. Contractor will assist the State with entering
into any other necessary agreements with the Infrastructure Services provider
24. Termination, Expiration, Transition. The State may terminate this Contract, the Support Services,
or any Statement of Work, in accordance with the following:
24.1 Termination for Cause. In addition to any right of termination set forth elsewhere in this
Contract:
(a) The State may terminate this Contract for cause, in whole or in part, if Contractor, as
determined by the State: (i) endangers the value, integrity, or security of State Systems, State Data, or
the State’s facilities or personnel; (ii) becomes insolvent, petitions for bankruptcy court proceedings, or
has an involuntary bankruptcy proceeding filed against it by any creditor; or (iii) breaches any of its
material duties or obligations under this Contract. Any reference to specific breaches being material
breaches within this Contract will not be construed to mean that other breaches are not material.
(b) If the State terminates this Contract under this Section 24.1, the State will issue a
termination notice specifying whether Contractor must: (a) cease performance immediately, or (b)
continue to perform for a specified period. If it is later determined that Contractor was not in breach of
this Contract, the termination will be deemed to have been a termination for convenience, effective as of
the same date, and the rights and obligations of the parties will be limited to those provided in Section
24.2.
(c) The State will only pay for amounts due to Contractor for Services accepted by the State
on or before the date of termination, subject to the State’s right to set off any amounts owed by the
Contractor for the State’s reasonable costs in terminating this Contract. Contractor must promptly
reimburse to the State any Fees prepaid by the State prorated to the date of such termination, including
any prepaid Support Services Fees. Further, Contractor must pay all reasonable costs incurred by the
State in terminating this Contract for cause, including administrative costs, attorneys’ fees, court costs,
transition costs, and any procurement costs the State incurs during procurement of the Services from
other sources.
24.2 Termination for Convenience. The State may immediately terminate this Contract in whole or in
part, without penalty and for any reason, including but not limited to, appropriation or budget shortfalls.
The termination notice will specify whether Contractor must: (a) cease performance immediately, or (b)

continue to perform in accordance with Section 24.3. If the State terminates this Contract for
convenience, the State will pay all reasonable costs, as determined by the State, for State approved
Transition Responsibilities to the extent the funds are available.
24.3 Transition Responsibilities. Upon termination or expiration of this Contract for any reason,
Contractor must, for a period of time specified by the State (not to exceed 90 calendar days; the
“Transition Period”), provide transition assistance requested by the State, to allow for the expired or
terminated portion of the Contract to continue without interruption or adverse effect, and to facilitate the
orderly transfer of the Services to the State or its designees. Such transition assistance may include but
is not limited to: (a) continuing to perform the Services at the established Contract rates; (b) taking all
reasonable and necessary measures to transition performance of the work, including all applicable
Services to the State or the State’s designee; (c) taking all necessary and appropriate steps, or such
other action as the State may direct, to preserve, maintain, protect, or return to the State all State Data;
and (d) preparing an accurate accounting from which the State and Contractor may reconcile all
outstanding accounts (collectively, the “Transition Responsibilities”). The Term of this Contract is
automatically extended through the end of the Transition Period.
24.4 Survival. This Section 24 survives termination or expiration of this Contract.
25. Stop Work Order. The State may, at any time, order the Services of Contractor fully or partially
stopped for its own convenience for up to ninety (90) calendar days at no additional cost to the State.
The State will provide Contractor a written notice detailing such suspension (a “Stop Work Order”).
Contractor must comply with the Stop Work Order upon receipt. Within 90 days, or any longer period
agreed to by Contractor, the State will either: (a) issue a notice authorizing Contractor to resume work, or
(b) terminate this Contract. The State will not pay for any Services, Contractor’s lost profits, or any
additional compensation during a stop work period.
26. Contractor Representations and Warranties.
26.1 Authority. Contractor represents and warrants to the State that:
(a) It is duly organized, validly existing, and in good standing as a corporation or other entity
as represented under this Contract under the laws and regulations of its jurisdiction of incorporation,
organization, or chartering;
(b) It has the full right, power, and authority to enter into this Contract, to grant the rights and
licenses granted under this Contract, and to perform its contractual obligations;
(c) The execution of this Contract by its Representative has been duly authorized by all
necessary organizational action; and
(d) When executed and delivered by Contractor, this Contract will constitute the legal, valid,
and binding obligation of Contractor, enforceable against Contractor in accordance with its terms.
(e) Contractor is neither currently engaged in nor will engage in the boycott of a person based
in or doing business with a strategic partner as described in 22 USC 8601 to 8606.
26.2 Bid Response. Contractor represents and warrants to the State that:
(a) The prices proposed by Contractor were arrived at independently, without consultation,
communication, or agreement with any other Bidder for the purpose of restricting competition; the prices

quoted were not knowingly disclosed by Contractor to any other Bidder to the RFP; and no attempt was
made by Contractor to induce any other Person to submit or not submit a proposal for the purpose of
restricting competition;
(b) All written information furnished to the State by or for Contractor in connection with this
Contract, including Contractor’s Bid Response, is true, accurate, and complete, and contains no untrue
statement of material fact or omits any material fact necessary to make the information not misleading;
(c) Contractor is not in material default or breach of any other contract or agreement that it
may have with the State or any of its departments, commissions, boards, or agencies. Contractor further
represents and warrants that it has not been a party to any contract with the State or any of its
departments that was terminated by the State within the previous five (5) years for the reason that
Contractor failed to perform or otherwise breached an obligation of the contract; and
(d) If any of the certifications, representations, or disclosures made in Contractor’s Bid
Response change after contract award, the Contractor is required to report those changes immediately to
the Contract Administrator.
26.3 Software Representations and Warranties. Contractor further represents and warrants to the
State that:
(a) it is the legal and beneficial owner of the entire right, title and interest in and to the
Software, including all Intellectual Property Rights relating thereto;
(b) it has, and throughout the license term, will retain the unconditional and irrevocable right,
power and authority to grant and perform the license hereunder;
(c) the Software, and the State's use thereof, is and throughout the license term will be free
and clear of all encumbrances, liens and security interests of any kind;
(d) neither its grant of the license, nor its performance under this Contract does or to its
knowledge will at any time:
(i) conflict with or violate any applicable Law;
(ii) require the consent, approval or authorization of any governmental or regulatory
authority or other third party; or
(iii) require the provision of any payment or other consideration to any third party;
(e) when used by the State or any Authorized User in accordance with this Contract and the
Documentation, the Software or Documentation as delivered or installed by Contractor does not or will
not:
(i) infringe, misappropriate or otherwise violate any Intellectual Property Right or other
right of any third party; or
(ii) fail to comply with any applicable Law;
(f) as provided by Contractor, the Software does not or will not at any time during the license
term contain any:

(i) Harmful Code; or
(ii) Open-Source Components or operate in such a way that it is developed or compiled
with or linked to any Open-Source Components, other than Approved Open-Source
Components maintained in the exhibit described in the statement of work.
(g) all Documentation is and will be complete and accurate in all material respects when
provided to the State such that at no time during the license term will the Software have any material
undocumented feature; and
(h) it will perform all Services in a timely, skillful, professional and workmanlike manner in
accordance with commercially reasonable industry standards and practices for similar services, using
personnel with the requisite skill, experience and qualifications, and will devote adequate resources to
meet its obligations under this Contract.
(i) when used in the Operating Environment (or any successor thereto) in accordance with
the Documentation, all Software as provided by Contractor, will be fully operable, meet all applicable
specifications, and function in all respects, in conformity with this Contract and the Documentation; and
(j) no Maintenance Release or New Version, when properly installed in accordance with this
Contract, will have a material adverse effect on the functionality or operability of the Software.
26.4 Disclaimer. EXCEPT FOR THE EXPRESS WARRANTIES SET FORTH IN THIS
AGREEMENT, CONTRACTOR HEREBY DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS,
IMPLIED, STATUTORY, OR OTHERWISE, WITH RESPECT TO THIS CONTRACT.
27. Indemnification
27.1 General Indemnification. Contractor must defend, indemnify and hold the State, its
departments, divisions, agencies, offices, commissions, officers, and employees harmless, without
limitation, from and against any and all actions, claims, losses, liabilities, damages, costs, attorney fees,
and expenses (including those required to establish the right to indemnification), arising out of or relating
to: (a) any breach by Contractor (or any of Contractor’s employees, agents, subcontractors, or by anyone
else for whose acts any of them may be liable) of any of the promises, agreements, representations,
warranties, or insurance requirements contained in this Contract; (b) any infringement, misappropriation,
or other violation of any Intellectual Property Right or other right of any Third Party; and (c) any bodily
injury, death, or damage to real or tangible personal property occurring wholly or in part due to action or
inaction by Contractor (or any of Contractor’s employees, agents, subcontractors, or by anyone else for
whose acts any of them may be liable).
27.2 Indemnification Procedure. The State will notify Contractor in writing if indemnification is
sought; however, failure to do so will not relieve Contractor, except to the extent that Contractor is
materially prejudiced. Contractor must, to the satisfaction of the State, demonstrate its financial ability to
carry out these obligations. The State is entitled to: (i) regular updates on proceeding status; (ii)
participate in the defense of the proceeding; (iii) employ its own counsel; and to (iv) retain control of the
defense, at its own cost and expense, if the State deems necessary. Contractor will not, without the
State’s prior written consent (not to be unreasonably withheld), settle, compromise, or consent to the
entry of any judgment in or otherwise seek to terminate any claim, action, or proceeding. Any litigation
activity on behalf of the State or any of its subdivisions, under this Section 27, must be coordinated with

the Department of Attorney General. An attorney designated to represent the State may not do so until
approved by the Michigan Attorney General and appointed as a Special Assistant Attorney General.
27.3 Infringement Remedies.
(a) The remedies set forth in this Section 27.3 are in addition to, and not in lieu of, all other
remedies that may be available to the State under this Contract or otherwise, including the State’s right to
be indemnified for such actions.
(b) If any Software or any component thereof, other than State Materials, is found to be
infringing or if any use of any Software or any component thereof is enjoined, threatened to be enjoined
or otherwise the subject of an infringement claim, Contractor must, at Contractor’s sole cost and expense:
(i) procure for the State the right to continue to use such Software or component thereof
to the full extent contemplated by this Contract; or
(ii) modify or replace the materials that infringe or are alleged to infringe (“Allegedly
Infringing Materials”) to make the Software and all of its components non-infringing
while providing fully equivalent features and functionality.
(c) If neither of the foregoing is possible notwithstanding Contractor’s best efforts, then
Contractor may direct the State to cease any use of any materials that have been enjoined or finally
adjudicated as infringing, provided that Contractor will:
(i) refund to the State all amounts paid by the State in respect of such Allegedly
Infringing Materials and any other aspects of the Software provided under the
Statement of Work for the Allegedly Infringing Materials that the State cannot
reasonably use as intended under this Contract; and
(ii) in any case, at its sole cost and expense, secure the right for the State to continue
using the Allegedly Infringing Materials for a transition period of up to six (6) months
to allow the State to replace the affected features of the Software without disruption.
(d) If Contractor directs the State to cease using any Software under subsection (c), the
State may terminate this Contract for cause under Section 24.1.
(e) Contractor will have no liability for any claim of infringement arising solely from:
(i) Contractor’s compliance with any designs, specifications, or instructions of the State;
or
(ii) modification of the Software by the State without the prior knowledge and approval of
Contractor;
unless the claim arose against the Software independently of any of the above specified
actions.
28. Liquidated Damages.
28.1 The parties agree that any delay or failure by Contractor to timely perform its obligations in
accordance with the Implementation Plan and Milestone Dates agreed to by the parties will interfere with

the proper and timely implementation of the Software, to the loss and damage of the State. Further, the
State will incur major costs to perform the obligations that would have otherwise been performed by
Contractor. The parties understand and agree that any liquidated damages Contractor must pay to the
State as a result of such nonperformance are described in the Statement of Work, and that these
amounts are reasonable estimates of the State’s damages in accordance with applicable Law.
28.2 The parties acknowledge and agree that Contractor could incur liquidated damages for more
than one event if Contractor fails to timely perform its obligations by each Milestone Date.
28.3 The assessment of liquidated damages will not constitute a waiver or release of any other
remedy the State may have under this Contract for Contractor’s breach of this Contract, including without
limitation, the State’s right to terminate this Contract for cause under Section 24.1, and the State will be
entitled in its discretion to recover actual damages caused by Contractor’s failure to perform its
obligations under this Contract. However, the State will reduce such actual damages by the amounts of
liquidated damages received for the same events causing the actual damages.
28.4 Amounts due the State as liquidated damages may be set off against any Fees payable to
Contractor under this Contract, or the State may bill Contractor as a separate item and Contractor will
promptly make payments on such bills.
29. Damages Disclaimers and Limitations.
29.1 The State’s Disclaimer of Damages. THE STATE WILL NOT BE LIABLE, REGARDLESS OF
THE FORM OF ACTION, WHETHER IN CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY OR BY
STATUTE OR OTHERWISE, FOR ANY CLAIM RELATED TO OR ARISING UNDER THIS CONTRACT
FOR CONSEQUENTIAL, INCIDENTAL, INDIRECT, OR SPECIAL DAMAGES, INCLUDING WITHOUT
LIMITATION LOST PROFITS AND LOST BUSINESS OPPORTUNITIES.
29.2 The State’s Limitation of Liability. IN NO EVENT WILL THE STATE’S AGGREGATE LIABILITY
TO CONTRACTOR UNDER THIS CONTRACT, REGARDLESS OF THE FORM OF ACTION,
WHETHER IN CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY OR BY STATUTE OR
OTHERWISE, FOR ANY CLAIM RELATED TO OR ARISING UNDER THIS CONTRACT, EXCEED THE
MAXIMUM AMOUNT OF FEES PAYABLE UNDER THIS CONTRACT.
30. Records Maintenance, Inspection, Examination, and Audit.
30.1 Right of Audit. The State or its designee may audit Contractor to verify compliance with this
Contract. Contractor must retain, and provide to the State or its designee and the auditor general upon
request, all financial and accounting records related to this Contract through the Term of this Contract and
for four (4) years after the latter of termination, expiration, or final payment under this Contract or any
extension (“Financial Audit Period”). If an audit, litigation, or other action involving the records is
initiated before the end of the Financial Audit Period, Contractor must retain the records until all issues
are resolved.
30.2 Right of Inspection. Within ten (10) calendar days of providing notice, the State and its
authorized representatives or designees have the right to enter and inspect Contractor’s premises or any
other places where Services are being performed, and examine, copy, and audit all records related to this
Contract. Contractor must cooperate and provide reasonable assistance. If financial errors are revealed,
the amount in error must be reflected as a credit or debit on subsequent invoices until the amount is paid

or refunded. Any remaining balance at the end of this Contract must be paid or refunded within forty-five
(45) calendar days.
30.3 Application. This Section 30 applies to Contractor, any Affiliate, and any Permitted
Subcontractor that performs Services in connection with this Contract.
31. Insurance
31.1 Required Coverage.
(a) Insurance Requirements. Contractor must maintain the insurances identified below and
is responsible for all deductibles. All required insurance must: (a) protect the State from claims that may
arise out of, are alleged to arise out of, or result from Contractor's or a subcontractor's performance; (b)
be primary and non-contributing to any comparable liability insurance (including self-insurance) carried by
the State; and (c) be provided by an company with an A.M. Best rating of “A” or better and a financial size
of VII or better.
Insurance Type Additional Requirements
Commercial General Liability Insurance
Minimal Limits:
$1,000,000 Each Occurrence Limit
$1,000,000 Personal & Advertising Injury
Limit $2,000,000 General Aggregate Limit
$2,000,000 Products/Completed
Operations
Deductible Maximum:
$50,000 Each Occurrence
Contractor must have their policy
endorsed to add “the State of Michigan,
its departments, divisions, agencies,
offices, commissions, officers,
employees, and agents” as additional
insureds using endorsement CG 20 10
11 85, or both CG 2010 07 04 and CG
2037 07 0.
Umbrella or Excess Liability Insurance
Minimal Limits:
$5,000,000 General Aggregate
Contractor must have their policy
endorsed to add “the State of Michigan,
its departments, divisions, agencies,
offices, commissions, officers,
employees, and agents” as additional
insureds.
Automobile Liability Insurance

Minimal Limits:
$1,000,000 Per Occurrence
Workers' Compensation Insurance
Minimal Limits:
Coverage according to applicable laws
governing work activities.
Waiver of subrogation, except where
waiver is prohibited by law.
Employers Liability Insurance
Minimal Limits:
$500,000 Each Accident
$500,000 Each Employee by Disease
$500,000 Aggregate Disease.
Privacy and Security Liability (Cyber Liability) Insurance
Minimal Limits:
$1,000,000 Each Occurrence
$1,000,000 Annual Aggregate
Contractor must have their policy: (1)
endorsed to add “the State of Michigan,
its departments, divisions, agencies,
offices, commissions, officers,
employees, and agents” as additional
insureds; and (2) cover information
security and privacy liability, privacy
notification costs, regulatory defense and
penalties, and website media content
liability.
(b) If Contractor's policy contains limits higher than the minimum limits, the State is entitled to
coverage to the extent of the higher limits. The minimum limits are not intended, and may not be
construed to limit any liability or indemnity of Contractor to any indemnified party or other persons.
(c) If any of the required policies provide claim-made coverage, the Contractor must: (a)
provide coverage with a retroactive date before the effective date of the contract or the beginning of
contract work; (b) maintain coverage and provide evidence of coverage for at least three (3) years after
completion of the contract of work; and (c) if coverage is canceled or not renewed, and not replaced with
another claims-made policy form with a retroactive date prior to the contract effective date, Contractor
must purchase extended reporting coverage for a minimum of three (3) years after completion of work.

(d) Contractor must: (a) provide insurance certificates to the Contract Administrator,
containing the agreement or purchase order number, at Contract formation and within 20 calendar days
of the expiration date of the applicable policies; (b) require that subcontractors maintain the required
insurances contained in this Section; (c) notify the Contract Administrator within 5 business days if any
insurance is cancelled; and (d) waive all rights against the State for damages covered by insurance.
Failure to maintain the required insurance does not limit this waiver.
31.2 Non-waiver. This Section 31 is not intended to and is not be construed in any manner as
waiving, restricting or limiting the liability of either party for any obligations under this Contract (including
any provisions hereof requiring Contractor to indemnify, defend and hold harmless the State).
32. Dispute Resolution.
32.1 Unless otherwise specified in the Statement of Work, the parties will endeavor to resolve any
Contract dispute in accordance with Section 32 (the “Dispute Resolution Procedure”). The initiating
party will reduce its description of the dispute to writing (including all supporting documentation) and
deliver it to the responding party’s Project Manager. The responding party’s Project Manager must
respond in writing within five (5) Business Days. The initiating party has five (5) Business Days to review
the response. If after such review resolution cannot be reached, both parties will have an additional five
(5) Business Days to negotiate in good faith to resolve the dispute. If the dispute cannot be resolved
within a total of fifteen (15) Business Days, the parties must submit the dispute to the parties’ Contract
Administrators. The parties will continue performing while a dispute is being resolved, unless the dispute
precludes performance. A dispute involving payment does not preclude performance.
32.2 Litigation to resolve the dispute will not be instituted until after the dispute has been elevated to
the parties’ Contract Administrators, and either Contract Administrator concludes that resolution is
unlikely, or fails to respond within fifteen (15) Business Days. The parties are not prohibited from
instituting formal proceedings: (a) to avoid the expiration of statute of limitations period; (b) to preserve a
superior position with respect to creditors; or (c) where a party makes a determination that a temporary
restraining order or other injunctive relief is the only adequate remedy. This Section 32 does not limit the
State’s right to terminate this Contract.
33. General Provisions
33.1 Force Majeure.
(a) Force Majeure Events. Subject to Subsection (b) below, neither party will be liable or
responsible to the other party, or be deemed to have defaulted under or breached this Contract, for any
failure or delay in fulfilling or performing any term hereof, when and to the extent such failure or delay is
caused by: acts of God, flood, fire or explosion, war, terrorism, invasion, riot or other civil unrest,
embargoes or blockades in effect on or after the date of this Contract, national or regional emergency, or
any passage of law or governmental order, rule, regulation or direction, or any action taken by a
governmental or public authority, including imposing an embargo, export or import restriction, quota or
other restriction or prohibition (each of the foregoing, a “Force Majeure”), in each case provided that: (a)
such event is outside the reasonable control of the affected party; (b) the affected party gives prompt
written notice to the other party, stating the period of time the occurrence is expected to continue; (c) the
affected party uses diligent efforts to end the failure or delay and minimize the effects of such Force
Majeure Event.

(b) State Performance : Termination. In the event of a Force Majeure Event affecting
Contractor's performance under this Contract, the State may suspe nd its performance hereunder until
such time as Contrac tor resumes performance. The State may terminate this Contract by written notice
to Contractor if a Force Majeure Event affecting Contracto r's performance hereunder continues
substan tially uninterrupted for a period of five (5) Business Days or more. Unless the State terminates
this Contract pursuant to the preced ing sentence, any date specifically designated for Contractor's
performance under this Contract will automat ically be extended for a period up to the duration of the
Force Majeure Event.
33.2 Further Assurances . Each party will, upon the reasonable request of the other party , execute
such documen ts and perform such acts as may be necessary to give full effect to the terms of this
Contract.
33.3 Relationship of the Parties. The relationship between the parties is that of independe nt
contracto rs. Nothing conta ined in this Contract is to be constr ued as creating any agency, partnership,
joint ventu re or other form of joint enterprise, employment or fiduciary relationship between the parties,
and neither party has authority to contract for or bind the other party in any manner whatsoever.
33.4 Media Releases. News releases (including promot ional literature and commercia l
advertisemen ts) pertaining to this Contract or project to which it relates must not be made without the
prior written approval of the State, and then only in accorda nce with the explicit written instructions of the
State.
33.5 Notices. All notices, requests, consents, claims, demands , waivers and other comm unications
under this Contract must be in writing and addressed to the parties as follows (or as otherwise spec ified
by a party in a notice given in accorda nce with this Section 33.5):
If to Contracto r: Kaseware, Inc.
If to State:
Notices sent in accordance with this Section 33.5 will be deemed effectively given: (a) when
received , if delivered by hand (with written confirmation of receipt); (b) when received, if sent by a
nationally recogn ized overn ight courier (receipt requested ); (c) on the date sent by e-mail (with
confirmation of transm ission), if sent during normal business hours of the recipient, and on the next
Business Day, if sent after normal business hours of the recipient; or (d) on the fifth (5 h) day after the date
mailed, by certified or registered mail, return receipt requested, postage prepaid.
33.6 Headings. The headings in this Contract are for reference only and do not affect the
interpretat ion of this Contract.
33.7 Assignment. Contracto r may not assign or otherwise transfer any of its rights, or delegate or
otherwise transfer any of its obligat ions or performance, under this Contract, in each case whether
voluntarily, invo luntarily, by operation of law or otherwise, without the State's prior written conse nt. The

State has the right to terminate this Contract in its entirety or any Services or Statements of Work
hereunder, pursuant to Section 24.1, if Contractor delegates or otherwise transfers any of its obligations
or performance hereunder, whether voluntarily, involuntarily, by operation of law or otherwise, and no
such delegation or other transfer will relieve Contractor of any of such obligations or performance. For
purposes of the preceding sentence, and without limiting its generality, any merger, consolidation or
reorganization involving Contractor (regardless of whether Contractor is a surviving or disappearing
entity) will be deemed to be a transfer of rights, obligations, or performance under this Contract for which
the State’s prior written consent is required. Any purported assignment, delegation, or transfer in violation
of this Section 33.7 is void.
33.8 No Third-party Beneficiaries. This Contract is for the sole benefit of the parties and their
respective successors and permitted assigns. Nothing herein, express or implied, is intended to or will
confer on any other person or entity any legal or equitable right, benefit or remedy of any nature
whatsoever under or by reason of this Contract.
33.9 Amendment and Modification; Waiver. No amendment to or modification of this Contract is
effective unless it is in writing, identified as an amendment to this Contract and signed by both parties
Contract Administrator. Further, certain amendments to this Contract may require State Administrative
Board Approval. No waiver by any party of any of the provisions of this Contract will be effective unless
explicitly set forth in writing and signed by the party so waiving. Except as otherwise set forth in this
Contract, no failure to exercise, or delay in exercising, any right, remedy, power, or privilege arising from
this Contract will operate or be construed as a waiver. Nor will any single or partial exercise of any right,
remedy, power or privilege under this Contract preclude the exercise of any other right, remedy, power or
privilege.
33.10 Severability. If any term or provision of this Contract is invalid, illegal or unenforceable in
any jurisdiction, such invalidity, illegality or unenforceability will not affect any other term or provision of
this Contract or invalidate or render unenforceable such term or provision in any other jurisdiction. Upon
such determination that any term or other provision is invalid, illegal or unenforceable, the parties hereto
will negotiate in good faith to modify this Contract so as to effect the original intent of the parties as
closely as possible in a mutually acceptable manner in order that the transactions contemplated hereby
be consummated as originally contemplated to the greatest extent possible.
33.11 Governing Law. This Contract is governed, construed, and enforced in accordance with
Michigan law, excluding choice-of-law principles, and all claims relating to or arising out of this Contract
are governed by Michigan law, excluding choice-of-law principles. Any dispute arising from this Contract
must be resolved in the Michigan Court of Claims. Complaints against the State must be initiated in
Ingham County, Michigan. Contractor waives any objections, such as lack of personal jurisdiction or
forum non conveniens. Contractor must appoint agents in Michigan to receive service of process.
33.12 Equitable Relief. Each party to this Contract acknowledges and agrees that (a) a breach
or threatened breach by such party of any of its obligations under this Contract may give rise to
irreparable harm to the other party for which monetary damages would not be an adequate remedy and
(b) in the event of a breach or a threatened breach by such party of any such obligations, the other party
hereto is, in addition to any and all other rights and remedies that may be available to such party at law,
at equity or otherwise in respect of such breach, entitled to equitable relief, including a temporary
restraining order, an injunction, specific performance and any other relief that may be available from a
court of competent jurisdiction, without any requirement to post a bond or other security, and without any
requirement to prove actual damages or that monetary damages will not afford an adequate remedy.

Each party to this Contract agrees that such party will not oppose or otherwise challenge the
appropriateness of equitable relief or the entry by a court of competent jurisdiction of an order granting
equitable relief, in either case, consistent with the terms of this Section 33.12.
33.13 Nondiscrimination. Under the Elliott-Larsen Civil Rights Act, 1976 PA 453, MCL 37.2101,
et seq., and the Persons with Disabilities Civil Rights Act, 1976 PA 220, MCL 37.1101, et seq., Contractor
and its Permitted Subcontractors agree not to discriminate against an employee or applicant for
employment with respect to hire, tenure, terms, conditions, or privileges of employment, or a matter
directly or indirectly related to employment, because of race, color, religion, national origin, age, sex,
height, weight, marital status, or mental or physical disability. Breach of this covenant is a material
breach of this Contract.
33.14 Unfair Labor Practice. Under MCL 423.324, the State may void any Contract with a
Contractor or Permitted Subcontractor who appears on the Unfair Labor Practice register compiled under
MCL 423.322.
33.15 Administrative Fee and Reporting. Contractor must pay an administrative fee of 1% on all
payments made to Contractor on any future uses of this Contract including transactions with the State
(including its departments, divisions, agencies, offices, and commissions), MiDEAL members, and other
states (including governmental subdivisions and authorized entities). Administrative fees are not due for
transactions covered by the initial Statement of Work. Administrative fee payments must be made online
by check or credit card:
State of MI Admin Fees: https://www.thepayplace.com/mi/dtmb/adminfee
State of Mi MiDEAL Fees: https://www.thepayplace.com/mi/dtmb/midealfee
Contractor must submit an itemized purchasing activity report, which includes at a minimum, the name of
the purchasing entity and the total dollar volume in sales. Reports should be mailed to
The administrative fee and purchasing activity report are due within 30 calendar days from the last day of
each calendar quarter.
33.16 Extended Purchasing Program. This contract is extended to MiDEAL members. MiDEAL
members include local units of government, school districts, universities, community colleges, and
nonprofit hospitals. A current list of MiDEAL members is available at www.michigan.gov/mideal.
Upon written agreement between the State and Contractor, this contract may also be extended to: (a)
other states (including governmental subdivisions and authorized entities) and (b) State of Michigan
employees.
If extended, Contractor must supply all Contract Activities at the established Contract prices and terms.
The State reserves the right to impose an administrative fee and negotiate additional discounts based on
any increased volume generated by such extensions.
Contractor must submit invoices to, and receive payment from, extended purchasing program members
on a direct and individual basis.

33.17 Schedules All Schedules that are referenced herein and attached hereto are hereby
incorporated by reference.
Schedule A Statement of Work
Schedule B Pricing
Schedule C Service Level Agreement
Schedule D Data Security Requirements
Schedule E Disaster Recovery Plan
Schedule F Federal Bureau of Investigation Criminal Justice Information Services Security
Addendum
Schedule G Kaseware SaaS Security Controls
Schedule H Data Retention Policy
Schedule I Federal Provisions Addendum
33.18 Counterparts. This Contract may be executed in counterparts, each of which will be
deemed an original, but all of which together are deemed to be one and the same agreement and will
become effective and binding upon the parties as of the Effective Date at such time as all the signatories
hereto have signed a counterpart of this Contract. A signed copy of this Contract delivered by facsimile,
e-mail or other means of electronic transmission (to which a signed copy is attached) is deemed to have
the same legal effect as delivery of an original signed copy of this Contract.
33.19 Effect of Contractor Bankruptcy. All rights and licenses granted by Contractor under this
Contract are and will be deemed to be rights and licenses to “intellectual property,” and all Software and
Deliverables are and will be deemed to be “embodiments” of “intellectual property,” for purposes of, and
as such terms are used in and interpreted under, Section 365(n) of the United States Bankruptcy Code
(the “Code”). If Contractor or its estate becomes subject to any bankruptcy or similar proceeding, the
State retains and has the right to fully exercise all rights, licenses, elections, and protections under this
Contract, the Code and all other applicable bankruptcy, insolvency, and similar Laws with respect to all
Software and other Deliverables. Without limiting the generality of the foregoing, Contractor
acknowledges and agrees that, if Contractor or its estate shall become subject to any bankruptcy or
similar proceeding:
(a) all rights and licenses granted to the State under this Contract will continue subject to the
terms and conditions of this Contract, and will not be affected, even by Contractor’s rejection of this
Contract; and
(b) the State will be entitled to a complete duplicate of (or complete access to, as appropriate)
all such intellectual property and embodiments of intellectual property comprising or relating to any
Software or other Deliverables, and the same, if not already in the State’s possession, will be promptly
delivered to the State, unless Contractor elects to and does in fact continue to perform all of its
obligations under this Contract.
33.20 Compliance with Laws. Contractor and its Representatives must comply with all Laws in
connection with this Contract.
33.21 Non-Exclusivity. Nothing contained in this Contract is intended nor is to be construed as
creating any requirements contract with Contractor. This Contract does not restrict the State or its
agencies from acquiring similar, equal, or like Services from other sources.

33.22 Entire Agreement. This Contract, together with all Schedules, Exhibits, and the
Statement of Work constitutes the sole and entire agreement of the parties to this Contract with respect to
the subject matter contained herein, and supersedes all prior and contemporaneous understandings and
agreements, representations and warranties, both written and oral, with respect to such subject matter.
In the event of any inconsistency between the statements made in the body of this Contract, the
Schedules, Exhibits, and the Statement of Work, the following order of precedence governs: (a) first, this
Contract, excluding its Exhibits and Schedules, and the Statement of Work; and (b) second, the
Statement of Work as of the Effective Date; and (c) third, the Exhibits and Schedules to this Contract as
of the Effective Date. NO TERMS ON CONTRACTORS INVOICES, WEBSITE, BROWSE-WRAP,
SHRINK-WRAP, CLICK-WRAP, CLICK-THROUGH OR OTHER NON-NEGOTIATED TERMS AND
CONDITIONS PROVIDED WITH ANY OF THE SERVICES, OR DOCUMENTATION HEREUNDER WILL
CONSTITUTE A PART OR AMENDMENT OF THIS CONTRACT OR IS BINDING ON THE STATE OR
ANY AUTHORIZED USER FOR ANY PURPOSE. ALL SUCH OTHER TERMS AND CONDITIONS
HAVE NO FORCE AND EFFECT AND ARE DEEMED REJECTED BY THE STATE AND THE
AUTHORIZED USER, EVEN IF ACCESS TO OR USE OF SUCH SERVICE OR DOCUMENTATION
REQUIRES AFFIRMATIVE ACCEPTANCE OF SUCH TERMS AND CONDITIONS.

SCHEDULE A
STATEMENT OF WORK
1. BACKGROUND
Michigan State Police employs Law Enforcement Professionals and Intelligence Analysts at various
locations around the state. It is imperative that a system be available to collaborate regarding potential
overlaps in investigations, suspects, and crime trends. Failure to do so could result in a catastrophic
intelligence failure resulting in the loss of life. The system that is currently in place meets some of those
needs, however, it falls short in many requirements as well. Additionally, the contract with the current
vendor is nearing expiration. A system of this nature is necessary for Michigan State Police (MSP)
Intelligence Analysts to successfully complete their work on a daily basis.
2. PURPOSE
Contractor shall provide an enterprise software system to the State that will be available to MSP law
enforcement professionals and intelligence analysts employed at various locations around the state to
collaborate regarding potential overlaps in investigations, suspects, and crime trends. The Solution shall
be hosted externally. Contractor shall provide implementation services, including configuration, data
migration, testing and training, needed to meet the Solution requirements.
The State reserves the right to purchase any additional services or products from the Contractor during
the duration of the Contract that are reasonably related to the criminal intelligence system and services
described herein.
3. SPECIFIC STANDARDS
IT Policies, Standards and Procedures (PSP)
All services and products provided as a result of this RFP must comply with all applicable Public and
Controlled State IT policies and standards. Public PSP’s are found at:
https://www.michigan.gov/dtmb/0,5552,7-358-82547 56579 56755---,00.html. The State will provide
applicable Controlled PSP's to Contractor after signing and returning to the State the required
Nondisclosure Agreement (NDA) agreement.
Secure Web Application Standard
Contractor’s solution must meet the State’s Secure Application Development Standards as mandated by
the State.
Secure Application Development Life Cycle (SADLC)
Contractor is required to meet the States Secure Application Development Life Cycle requirements that
include:
Security Accreditation
Contractor is required to complete the State Security Accreditation process for the solution.
Application Scanning – Externally Hosted Solution
Contractor is required to grant the right to the State to scan either the application code or a deployed
version of the solution; or in lieu of the State performing a scan, Contractor will provide the State a
vulnerabilities assessment after Contractor has used a State approved application scanning tool. These
scans must be completed and provided to the State on a regular basis or at least for each major release.
Contractor, at its sole expense, must provide resources to complete the scanning and to complete the
analysis, remediation and validation of vulnerabilities identified by the scan as required by the State
Secure Web Application Standards.
Types of scanning and remediation may include the following types of scans and activities:
• Dynamic Scanning for vulnerabilities, analysis, remediation and validation

• Static Scanning for vulnerabilities, analysis, remediation and validation
• Third Party and/or Open Source Scanning for vulnerabilities, analysis, remediation and validation
Infrastructure Scanning – Externally Hosted Solution
A Contractor providing Hosted Services must scan the infrastructure at least once every 30 days and
provide the scan’s assessment to the State in a format that can be uploaded by the State and used to
track the remediation.
Acceptable Use Policy
To the extent that Contractor has access to the State’s computer system, Contractor must comply with
the State’s Acceptable Use Policy, see
https://www.michigan.gov/documents/dtmb/1340.00.01 Acceptable Use of Information Technology St
andard 458958 7.pdf. All Contractor Personnel will be required, in writing, to agree to the State’s
Acceptable Use Policy before accessing the State’s system. The State reserves the right to terminate
Contractor’s access to the State’s system if a violation occurs.
Look and Feel Standard
All software items provided by the Contractor must adhere to the State of Michigan Application/Site
standards which can be found at www.michigan.gov/standards.
Mobile Responsiveness
The Bidder’s Solution must utilize responsive design practices to ensure the application is accessible via
a mobile device. Bidders must provide a list of all mobile devices that are compatible with the Solution.
Additionally, Bidder must provide list of features that can be performed via a mobile device.
ADA Compliance
The State is required to comply with the Americans with Disabilities Act of 1990 (ADA), and has adopted
a formal policy regarding accessibility requirements for websites and software applications. The State is
requiring that Bidder’s proposed Solution, where relevant, to level AA of the World Wide Web Consortium
(W3C) Web Content Accessibility Guidelines (WCAG) 2.0. Bidder may consider, where relevant, the
W3C’s Guidance on Applying WCAG 2.0 to Non-Web Information and Communications Technologies
(WCAG2ICT) for non-web software and content. The State may require that Bidder complete a Voluntary
Product Accessibility Template for WCAG 2.0 (WCAG 2.0 VPAT) or other comparable document for the
proposed Solution. http://www.michigan.gov/documents/dmb/1650.00 209567 7.pdf?20151026134621
4. USER TYPE AND CAPACITY
The Solution must be able to meet the expected number of concurrent Users shown below. The Solution
must be able to scale up or down without affecting performance.
Type of User Access Type Number of Users Number of
Concurrent Users
State Employees &
Other Approved
Users
Role Based
300 initial users.
Potentially up to 3000
over time.
300 initial concurrent
users. Potentially up to
1000 over time.
5. ACCESS CONTROL AND AUDIT
The Solution must support State standard federated single sign on for end user access. The Solution
must support multi-factor authentication for privileged/administrative access. The Solution must support
Identity Federation/Single Sign-on (SSO) capabilities using SAML or comparable mechanisms. The
Solution must already have this configured and running. The solution must provide web-based
management capability to manage users and data. Audit Log Data must be captured and accessed within
specified User Groups. The Audit logs must be in a human readable format. The Solution must meet the
above requirements as detailed in Schedule G Kaseware SaaS Security Controls.

6. DATA RETENTION
The Solution must meet the data retention requirements detailed in the attached Schedule H Data
Retention Policy.
7. SECURITY
Externally Hosted
The Solution will be storing sensitive data. Contractor must comply with the Data Security Requirements
attached as Schedule D to the Terms and Conditions.
Contractor must comply with the following:
• Must sign the FBI Criminal Justice Information Services (CJIS) Security Addendum and maintain
compliance with such document.
• Must provide a GovCloud Solution that is hosted in a FedRAMP certified facility.
• Must be encrypted in transit and at rest using AES 256 bit or higher encryption modules.
• Must be encrypted in transit and at rest using currently certified encryption modules in
accordance with FIPS PUB 140-2 (as amended), Security Requirements for Cryptographic
Modules.
• Must have multi-factor authentication, requiring a hard token.
• Must remain compliant with FISMA and the NIST Special Publication 800.53 (most recent
version) HIGH controls using minimum control values as established in the applicable PSP.
8. END USER OPERATING ENVIRONMENT
The SOM environment is X86 VMware, IBM Power VM and Oracle VM, with supporting enterprise storage
monitoring and management.
Development teams must accommodate the latest browser versions approved by the State of Michigan
(including mobile browsers).
Contractor must support the current and future State standard environment at no additional cost to the
State.
9. SOFTWARE
Contractor shall implement, support and maintain the Solution, consisting of the following software:
Software Comments
Kaseware Software as a Service Kaseware Platform with Enterprise Support Licenses (most
current version, at this time that is version 3.8) and all
following versions during the length of the contract.
Enterprise licenses include up to 48 hours of onsite support a
month during the length of the contract, as well as
administrative and security compliance reporting requirements
as defined by the contract. Each Kaseware license includes
10 GB of pooled storage for the cloud environment. Pooled
storage means that the storage can be utilized by any users in
the environment, but that the total storage will not exceed
10GB multiplied by the number of users.
SocialNet A product bought through Kaseware but it is developed and
owned by Shadowdragon.

Software Comments
OI Monitor A product bought through Kaseware but it is developed and
owned by Shadowdragon.
10. SOLUTION REQUIREMENTS
The Solution shall meet the specifications detailed in Exhibit A-1 – Business Specifications in the manner
described therein.
11. INTEGRATION
At the State’s option and at no additional cost beyond that detailed in the Pricing Schedule, Contractor must
interface the Solution with MSP’s Records Management System (RMS) so that data from the RMS is
accessible to users in Kaseware.
12. MIGRATION
Contractor must migrate all data from the State’s existing intelligence system and confidential informant
database into the Solution.
13. TESTING SERVICES AND ACCEPTANCE
Contractor shall perform testing services in compliance with Section 11. Pre-Delivery Testing and
Section 12. Acceptance Testing, of the Contract Terms.
14. TRAINING SERVICES
Contractor shall train MSP analysts how to use the system. Contractor must provide initial onsite training
to the core Solution users (approximately 300 people) and will provide continued onsite training from the
onsite resource as part of the Enterprise Tier of licenses. The amount of continued training is at the
discretion of MSP.
15. HOSTING
The Solution shall be hosted externally in a multi-tenant cloud environment hosted on the Azure
Government Cloud.
16. DOCUMENTATION
Contractor must provide all user manuals, operating manuals, technical manuals and any other
instructions, specifications, documents or materials, in any form or media, that describe the functionality,
installation, testing, operation, use, maintenance, support, technical or other components, features or
requirements of the Software.
Contractor must develop and submit for State approval complete, accurate, and timely Solution
documentation to support all users and must update any discrepancies or errors throughout the life of the
contract.
Contractor’s user documentation must provide detailed information about all software features and
functionality, enabling the State to resolve common questions and issues prior to initiating formal support
requests.
17. TRANSITION SERVICES

Upon termination or expiration of the agreement, Contracto r must, for a period of time specified by the
State (not to exceed 90 calendar days ), provide all reasona ble transition assistance requested by the
State, to allow for the expired or term inated portion of the agreement to continue without interrupt ion or
adverse effect, and to faci litate the orderly transfer of the services to the State or its designees . Such
transition assistance may include but is not limited to: (a) continuing to perform the services at the
established rates; (b) taking all reasonab le and necessary measures to trans ition performance of the
work, including all applicable services to the State or the State's designee; (c) taking all necessary and
appropriate steps , or such other action as the State may direc t, to preserve, maintain, protect, or return
(in a format specified by the State) to the State all data stored in the solution; and (d) preparing an
accurate accounting from which the State and Contractor may reconcile all outstanding accounts .
Contractor must provide a detailed transition-in and transition-out plan, including any roles or
responsibilities expected of the State. The plan must adequate ly demonstrate the steps to migrate
between Contractor's Solution and third-party Solutions.
18. CONTRACTOR KEY PERSONNEL
Contractor designates the following persons as Key Personnel:
Contractor Contract Adminis trator. Role defined in Contract Terms .
Contractor
Name: Mark Dodqe
Addres s:
Phone:
Email:
Contractor Project Manager. Role defined in Contract Terms.
Contractor
Name: Korinne Condie
Address:
Phone:
Email:
Contractor Service Manager. Primary contact with respect to the Services, who will have the authority to
act on behalf of Contractor in matters pertaining to the receipt and process ing of Support Requests and
the Support Serv ices.
Contractor
Name: Korinne Condie
Address: 4
Phone:
Email
Contractor Security Officer. Primary contact to respond to State inquiries regarding the security of the
Contractor's systems . This person must have sufficient knowledge of the security of the Contracto r
Systems and the authority to act on behalf of Contractor in matters pertaining thereto.
Contractor
Name: Nathan Burrows
Address:
Phone:
Email:

19. CONTRACTOR PERSONNEL REQUIREMENTS
Contractor must present certifications evidencing satisfactory Michigan State Police Background checks
ICHAT and drug tests for all staff identified for assignment to this project. Proposed Contractor personnel
will be required to complete and submit an RI-8 Fingerprint Card for the National Crime Information
Center (NCIC) Finger Prints, if required by project. Contractor will pay for all costs associated with
ensuring their staff meets all requirements.
20. STATE RESOURCES/RESPONSIBILITIES
The State will provide the following resources as part of the implementation and ongoing support of the
Solution.
State Contract Administrator. The State Contract Administrator is the individual appointed by the State
to (a) administer the terms of this Contract, and (b) approve and execute any Change Notices under this
Contract.
State Project Manager. The State Project Manager will serve as the primary contact with regard to
implementation Services who will have the authority to act on behalf of the State in approving
Deliverables, and day to day activities.
Agency Business Owner. The Agency Business Owner will serve as the primary contact for the
business area with regard to business advisement who will have the authority to act on behalf of the State
in matters pertaining to the business Specifications.
State Technical Lead. The State Technical Lead will serve as the primary contact with regard to
implementation technical advisement.
21. MEETINGS
Contractor must attend the following meetings at no additional cost to the State.
At start of the engagement, the Contractor Project Manager must facilitate a project kick off meeting with
the support from the State’s Project Manager and the identified State resources to review the approach to
accomplishing the project, schedule tasks and identify related timing, and identify any risks or issues
related to the planned approach. From project kick-off until final acceptance and go-live, Contractor
Project Manager must facilitate weekly meetings (or more if determined necessary by the parties) to
provide updates on implementation progress. Following go-live, Contractor must facilitate monthly
meetings (or more or less if determined necessary by the parties) to ensure ongoing support success.
22. PROJECT REPORTS
Once the Project Kick-Off meeting has occurred, the Contractor Project Manager will monitor project
implementation progress and report on a weekly basis to the State’s Project Manager the following:
• Progress to complete milestones, comparing forecasted completion dates to planned and
actual completion dates
• Accomplishments during the reporting period
• Tasks planned for the next reporting period
• Identify any existing issues which are impacting the project and the steps being taken to
address those issues
• Identify any new risks and describe progress in mitigating high impact/high probability risks
previously identified
23. MILESTONES AND DELIVERABLES

Contractor shall deliver implementation services as detailed below:
Milestone Event Associated Milestone
Deliverable(s) Schedule
Project Planning Project Kickoff Contract Execution
Requirements and Design
Validation
Validation sessions, Final
Requirement Validation Document,
Final Design Document, Final
Implementation Document,
Execution + 90 days
Test Plan Development Through coordination with MSP and
DTMB, begin developing a Testing
Plan for the new system to be
finalized after acceptance of final
solution by MSP.
Execution + 90 days
Provision Environments Validate Test and Production
environments (Kaseware will be
installed in a generic state on the
Azure government cloud)
Execution + 90 days
Installation and
Configuration of Software
System is configured per the Final
Design and Implementation
Document, Configuration has been
signed off and the Final Solution and
Testing Plan Document has been
provided.
Execution + 120 days
Data Migration Plan Final Data Migration Plan and Data
Mapping & Analysis Complete
Execution + 120 days
System Integration System Integration, per the Final
Design and Implementation
Document, has been completed
Execution + 240 days
Testing and Acceptance Final Test Results Report, Final
Acceptance
Execution + 270 days
Training Final Training Documentation,
training completed.
Execution + 120 –
260 days
ShadowDragon Training Two days of training provided by the
ShadowDragon team on SocialNet
and OI Monitor
Execution + 120 –
260 days
Go-Live Production
Data Migration Data Migration completed per the
Data Migration Plan
Production + 30 days
Post Production Warranty Maintenance and Support (free of
charge)
Production + 90 days
Production Support
Services
Ongoing after Final Acceptance. Ongoing
The Contractor Project Manager will be responsible for maintaining an MS Project schedule (or approved
alternative) identifying tasks, durations, forecasted dates and resources – both Contractor and State -
required to meet the timeframes as agreed to by both parties.
Changes to scope, schedule or cost must be addressed through a formal change request process with
the State and the Contractor to ensure understanding, agreement and approval of authorized parties to
the change and clearly identify the impact to the overall project.
SUITE Documentation

In managing its obligation to meet the above milestones and deliverables, Contractor must utilize the
applicable State Unified Information Technology Environment (SUITE) methodologies.

EXHIBIT A-1 – Business Specifications
The Business Specifications columns are defined as follows:
Column A: Business Specification number.
Column B: Business Specification description.
Column C: Indicates how contractor will comply with the Business Specification:
1) Current Capability – This capability is available in the system with no additional configuration or cost.
2) Requires Configuration – This capability will be met through Contractor-supported changes to existing settings and
application options as part of the initial implementation at no additional cost (e.g., setting naming conventions, creating
user-defined fields).
3) Modification to Software Required – The requirement will be met through Contractor modifying the underlying source
code, which can be completed as part of the initial implementation.
4) Future Enhancement – This capability is a planned enhancement to the base software and will be available within the
next 12 months at no additional cost.
5) Not Available – This capability is not currently available, and a future enhancement is not planned.
NOTE: Configuration is referred to as a modification to the system that must be completed by the Contractor prior to Go-Live
but allows an IT or non-IT end user to maintain or modify thereafter (i.e. no source code or structural data model changes
occurring). Further, any configuration changes must be forward-compatible with future releases and be fully supported by the
Contractor without additional costs.
Column D: Contractor’s disclosure of how it will meet the requirements.

A B C D
Business
Specification
Number
Business
Specification
Current
Capability
Requires
Configura
tion
Required
Customizatio
n
Future
Enhancemen
t
Not
Available
Bidder to explain how they will deliver the
business Specification. Explain the details
of any configuration and the impacted risk
that may be caused if configured to meet
the business specification.
MANDATORY
MINIMUM
1
The system must be in compliance with 28
CFR Part 23 X
Kaseware’s cloud environment can be
configured to meet agency access controls,
audit, and security requirements. Supporting
security report is attached as Schedule G
Kaseware SaaS Security Controls.
2
All actions in the system must be date and
time stamped, and every action tied to a
user for auditing purposes.
X
Audit logs are created for actions performed by
authenticated users and an audit log view
allows filtering to determine actions, including
timelines.
3
The system must be able to
compartmentalize/segregate information
and/or data based on laws and policies
governing each application.
X
Information housed in Kaseware databases
may be segregated to comply with necessary
laws and policies governing criminal
intelligence data
4
Solution must be web-based and be
browser agnostic X
Kaseware is a web-based, cloud software as a
service. Kaseware is compatible with modern
and currently vendor-supported web browsers.
5
System must function in concert with
Michigan State Police’s single sign-on
application portal
X
Kaseware supports SAML 2.0 and can be
integrated for federated single-sign on.
REQUIRED GENERAL REQUIREMENTS SPECS
1.0 The system must enable managers to
track work progress and analyze work. X
Managers/supervisors can track and manage
his/her organizational unit and the units below
in the organizational hierarchy. Managers can
view and visualize the work performed by team
members in customizable dashboards.
2.0 The system must have query and
reporting capabilities X
Advanced query/search and reporting are
available for criminal intelligence data via both
a quick keyword-ranked search and robust
advanced search. Reporting can be
accomplished via advanced graphing within
Kaseware and via export to csv.
Queries and reporting are also available for
user and workflow data via access to a wide
variety of configurable dashboard parts that
can display graphs, maps, data tables, and
other visualizations that descr be system data

associated with org units and their associated
user members.
3.0
The system must be able to connect to
MSP’s Record Management system with
little or no customization Section 10)
X
Kaseware has integration capabilities for
databases, APIs, and data migrations. Details
on required customization and connections will
be determined when details of the record
management system are revealed for
requirements gathering purposes.
4.0
The system must have export templates
that are user-configurable and should
allow easy export of data for sharing
outside of the agency.
X
Graphs, analyses, searches, reports,
attachments, cases, and investigations can be
exported in multiple formats as appropriate
(pdf, csv, or original attachment format). This
includes selection of specific data fields and
details.
5.0
Attachments must be maintained in their
original file format, with original file name,
and be extracted from the system as
originally attached.
X
Kaseware keeps all attachments in the original
format and makes it available to users as such.
Kaseware also converts attachments to pdf in
order to facilitate viewing within the browser
(without download) and to provide better
search options for some attachments.
6.0
Attachments must be fully searchable
across the system. Users should have the
option to make attachments searchable by
name only or also by content.
X
Attachments, including name, content and
metadata, are searchable throughout the
system. This applies to text-based
attachments, pdf attachments, and images.
Kaseware uses OCR (optical character
recognition) to convert pdf to text and make
even pdf files searchable.
7.0
The system must be capable of
generating immediate customizable
messages and system notifications to be
sent out via text, email and other
communication media.
X
Kaseware provides an alert capability for
situations in which groups of users need to be
alerted to urgent circumstances immediately.
Kaseware provides these alerts as well as
other immediate notifications to users via email,
in-app pop-up windows, and mobile application
notifications. Kaseware also includes a built-in
secure communication system that supports
both instant messaging and video calling.
8.0 The System must be mobile-device
compatible
X
Kaseware has a mobile application for both
Android and iOS. Kaseware is also browserbased and designed for use on mobile devices
via mobile browsers including Chrome and
Safari.
9.0 Approved users (by name or role) should
be able to customize system data fields
X
System values in Kaseware including lookup
values, labels, languages, and more are
managed by those with the organization
manager role and can be updated/modified in
the Organization Management view. Data field
values can be maintained and updated by
users with the appropriate assigned role.
10.0 The System must allow users to print
directly from the screen
X
Reports, graphs, tables, and attachments can
all be printed in a variety of ways, directly from

the Kaseware web browser. The ideal way to
print, however, is to use Kaseware’s built-in
ability to create and print a pdf that represents
the item as it will be formatting the best and for
printing. Additionally, the records management
screen offer a quick-link print button for
common reports. The browser print button also
provides the ability to print the screen directly
from the web browser.
11.0
The System must allow for operational
configuration changes to be made by
agency staff without affecting system
performance
X
Operational configuration changes can be
made via the organization management view
by users with appropriate roles/permissions
without affecting system performance. This
includes configuration changes like pick lists,
languages, options, workflow assignees, and
the like.
12.0
The System must allow for role-based
task management/assignments to be
made within the system.
X
Kaseware allows for role-based task
management and assignment of requests
based on roles.
13.0 The system must allow for automated
query, deconfliction, and case matching.
X
Kaseware automatically matches details upon
creation of new entities or other records in
order to identify potential matching existing
records. Existing records that would result in
duplicates are highlighted and prevented.
14.0 The System must allow for manual entry,
query, deconfliction and case matching.
X
Kaseware provides the means to manually
match and deduplicate records as new records
are entered and after the fact via a Potential
Duplicates report and mitigation workflow.
15.0
The System must allow real time queries
and reports and other concurrent
operational functionality without affecting
system performance.
X
Kaseware allows multiple queries and reports,
along with all other capabilities, to run
concurrently across multiple users without
adversely affecting system performance.
16.0
The System must be capable of
generating report data in a variety of
formats, including but not limited to table,
graph, database and spreadsheet
formats.
X
Report data can be generated and exported in
multiple formats including tables, graphs, and
pdfs. All formats capable of being utilized in
various external programs including databases,
spreadsheets, and documents.
17.0
The System must contain functionality to
download reports into a variety of formats
including but not limited to Microsoft Office
(i.e. Excel, Access, PDF, DBF, Text files,
xml, videos etc.)
X
Kaseware reports and graphs can be
downloaded in multiple formats, including csv
files that can be opened in Excel, imported into
Access, or opened as text. Kaseware reports
can also be downloaded as pdf files. Additional
file formats could be configured if necessary.
18.0 Users must be able to send and receive
emails within the system
X
Email notifications are sent to users for relevant
updates. Users can send emails directly from
the system with select information from the
system. Instant messaging is available (both to
send and receive) via the chat function and the
history of these chats is maintained within
Kaseware.

19.0
The System must be able to auto populate
previously entered data within the system
as defined by the user
X
Organization managers (user’s with the
appropriate role) can create and update
common locations, predefined lists, and default
values for data fields within Kaseware, enabling
auto-population of these fields. Further, when
existing entities are suggested and used, all
relevant details for those entities are autopopulated within the record.
20.0 The System must provide functionality to
handle duplicate records.
X
Records managers in Kaseware have the
ability to edit entities after they have been
finalized, and to merge entities that need to be
manually deduplicated.
21.0
The system must be able to interface with
multiple external source systems, to
include public-facing webforms, mobile
applications, etc.
X
Kaseware has a built-in public portal where
non-authenticated users can submit data.
Further, Kaseware supports API configuration
to accept data from other external sources,
including external web forms and mobile
applications.
22.0
The system must be able to receive
multimedia attachments from external
sources.
X
Kaseware provides the ability to upload a
document, picture, and media attachments via
the ‘upload a file’ functionality.
23.0
The System must be able to interface with
FBI eGuardian system at a minimum to
transfer of data
X
Kaseware can integrate with FBI eGuardian
system via file exchange. This would be
custom development that would be completed
during implementation activities.
24.0 MSP administrators must be able to set
system time out period
X
Time out periods may be configured within
Kaseware by an authentication manager
allowing administrators to set system time out
periods.
25.0
The system must provide for an electronic
workflow management process, that
includes but is not limited to task
management, assignments, and case
supervision.
X
Kaseware provides a highly customizable
workflow engine for processing items in the
system, including a variety of options for
collaborating, editing, approving, distributing,
reassigning, and canceling items via workflow
tasks. Most workflow processes are specific to
a particular type of item in the system, e.g.
documents, cases, or investigations.
26.0
The system must be able to accept
multiple attachments in one upload
without affecting the performance of the
system.
X
Multiple attachments can be added to a case,
report, or entity in a single upload and does not
negatively impact system performance.
27.0
The system must effectively interface with
SOM email servers to pull user
information (names, contact info, roles,
etc.) and manage email distribution lists.
X
Integration with email servers to import user
information will require a custom integration
that can be completed during implementation.
28.0
The system must have ability to color
code the inbound and outbound email
messages
X
Color coding email messages will require
requirements analysis and customization that
will be completed during implementation.

29.0
The system must be able to send Tip
information real time to other user(s) for
review and/or other action
X
Kaseware allows for creation of calls for
service, cases, tasks, or other documents that
may be assigned to users for completion or
follow up. Assignment of these items results in
both email notifications and in-app notifications
to the assignee and anyone that chooses to
monitor the item.
For situations in which groups of users need to
be alerted to urgent circumstances or tip,
Kaseware provides a special type of document
known as an "alert." Alerts will both send
notifications to specified recipients as well as
add visual indicators to the various views of the
associated entities for the period that the alert
is active.
30.0
The system must automatically notify rolebased user(s) when there are unassigned
tips or tips awaiting additional work.
X
Unassigned cases, tasks, etc. can be viewed
and picked up by assignees within the user’s
workbox/dashboard based on their viewing
permissions (role).
31.0
The system must have ability to receive
DD-79 webform data from external (nonsystem) users and be mapped into the
appropriate database
X
Given an appropriate communication means
(API, etc.) from the external source for DD-79
webform data and appropriate definition of
mapping requirements, Kaseware can ingest
the information and maintain the data on
appropriate records.
32.0
The system must provide for automated
similar-case matching based on defined
criteria and/or field type to identify
potential related crimes.
X
Kaseware matches cases by finding the
patterns in offenses, tags, or searching for
keywords. All like cases are related to each
other in the graph database, which can be
searched for patterns and similarities
33.0
The system must have a simple, user
friendly and customizable/configurable
dashboard. The dashboard must be
flex ble enough to accommodate use
cases for multiple user roles, to include :
task management, snapshot of
user/system activity, etc.
X
Kaseware’s home tab is a fully customizable
dashboard with configurable components that
give users a quick snapshot of relevant system
information. Each individual dashboard part
shows a different view into the system.
Supervisor, records manager, and dispatch
dashboards are also available and
customizable.
34.0
The system must be able to display
current stats on homepage by district,
post, or other user defined area.
X
Kaseware allows searching and reporting
based on geospatial searching. Geospatial
searches allow users to visual where the data
is on a map, as well as define areas on the
map from which to limit search results or
reporting
35.0
The system home screen must have alltool access. Users can submit & receive
responses to requests from home page,
along w/email alerting
X
All functionality within Kaseware is accessible
via the Kaseware landing page. The navigation
menu is the starting point for creating, viewing,
and analyzing content in the system. The menu
is always available on the left side of the

application, and provides drill-down access to
capabilities.
36.0
The system must allow for records pushed
between SAR, OKAY2SAY, and RFS or
other functional areas.
X
Kaseware can integrate with various systems
via API or database integrations. Customization
may be required but will depend on
requirements analysis and connector
capabilities with any data repository or external
source.
37.0
The System must generate a unique
number that is linked to that confidential
informant (CI) that will be used to track all
CI activity.
X
An informant may be treated like a case in
Kaseware. User creates a new case type of
Informant which would give them a unique
number and allow access controls and the l ke.
This would provide a unique ID as well.
38.0
The System must enable law enforcement
officers to input reports, receipts for
payments, and records of any other
related actions for that CI
X
Kaseware provides the capability to create
contact reports that would be attached to a CI
entity and include details for actions related to
the CI. Officers can also upload attachments to
this contact report including images and pdfs
for payments or other records.
39.0
CI data must securely deconflict and case
match across the system and the tips and
leads system.
X
Kaseware provides for deconfliction within the
system via specific configurations; however,
deconfliction with external systems will require
customization to be completed during
implementation.
40.0
The system must have e-signature
functionality on mobile devices (for
example: for a CI to sign receipts).
X
Providing esignature within Kaseware would
require customization that would be completed
during implementation.
41.0
The system must allow for the creation of
templates from existing CI related forms,
or to otherwise allow users to effectively
capture/update all required data from
these forms.
X
Custom forms can be created by end users
with appropriate permissions to allow for the
capture/update of required data. These custom
forms can serve the purpose of gathering CI
related details, and can be managed within the
system without requiring customization.
42.0
The system must be able to migrate and
integrate CI data from an existing access
database.
X
Kaseware implementations traditionally include
data migration from legacy systems and these
migrations are completed after evaluation of
the data and necessary format.
43.0 The system must be able to Encrypt
communication so it’s CJIS compliant
X Kaseware is CJIS compliant.
44.0
System must be able to create separate
modules for non-MSP agencies - access
specific
X
Kaseware controls authorization within the
system to various modules via user roles and
this can be used to segregate user access to
information. In addition, separate organizations
or tenants can also be created to provide for
even more segregation and controlled data
sharing.
45.0
The system must enable Special Ops to
update their availability themselves in the
system.
X
Kaseware provides features to enable
organizations to perform dispatch and assign
calls to in-service officers. This can be
leveraged to provide Special Ops the ability to

update their availability and to be assigned to
calls. This will also provide a map to show
availability of Special Ops and assignment of
available resources if desired.
46.0 The system must be able to open multiple
screens/windows at one time
X
The Kaseware application is organized with the
capability to open multiple tabs/items within the
same window in order to view and edit multiple
things at once. Further, Kaseware supports
opening multiple instances/windows of the
application on the same device or multiple
devices by the same authenticated user.
47.0 The system must enable user to identify
priority level of request
X
Tasks, cases, investigations, calls, and other
events within Kaseware have priorities
assigned and priority levels are customizable
by the organization administrator.
48.0
Connection from the RMS system to other
system must be able to do that with a click
of a button
X
Kaseware supports communication with other
systems via multiple integration methods,
including APIs. Configuration will be required to
enable this communication, dependent on the
RMS system, and potentially customization that
would be completed during implementation.
49.0
The system must be able to automate
actions for compliance with 28 CFR pt. 23,
to include review/purge notifications
X
Reviewing and purging records in Kaseware to
be compliant can be accomplished however
would require customization that would be
completed during implementation. It would
include the ability to configure review and
purge timelines per organization and in line
with compliance requirements.
50.0
The system must enable
manual/automatic classification and
marking of data within the system and
apply/enforce appropriate handling rules.
X
Data classification can be handled with current
capabilities via a tag; however, enforcement
will require some custom development.
Kaseware allows you to set organization-wide
default access controls to determine who can
see reports and entities contained in the
system. You can further restrict access to
information based on the type of case, or the
specific case to which the report is
filed. Access controls can include or exclude
different users, groups, or organizational units.
51.0
The system must be able to maintain and
track both complete and redacted
versions of reports.
X
Current capability would involve uploading
separate versions of a document, redacted and
non-redacted, in order to track both versions
and naming and tagging them appropriately.
Additional functionality to complete the
redaction or track them outside of an
attachment would involve additional custom
development.
52.0 The system must be able to link source
data in the criminal intelligence reports
X
Kaseware provides a means to link any existing
record, case, call, task, entity or other item with
any new or existing item, with the goal of only

with subsequent data reports to avoid
duplicate records in the system
entering data about an entity or other record
once. Kaseware also provides suggestions if
duplicate records are detected during creation
of a new record. Kaseware provides several
means to prevent creation of duplicate records;
however, if duplicates do end up in the system,
Kaseware also provides a means to rapidly
deduplicate via a report that suggests potential
duplicate records and provides a simple
workflow to merge them.
53.0
The system must enable users to assign
custom tags or metadata to reports
manually, in batch, or automatically.
X
Kaseware provides the ability to tag records,
entities, documents, cases, and other items in
order to support easily searchable and
reportable terms, topics or other indicators.
Kaseware also supports the ability to associate
custom metadata with lookup list values,
including tags. Batch assignment of tags may
require customization; however, further
requirements analysis will be necessary.
54.0
The system must enable users to sort,
search, filter and view reports based on
tags or metadata
X
Kaseware supports the use of custom tags
throughout the records, documents,
attachments, and other items and provides the
ability to search, filter, or create reports based
on these tags or other metadata affiliated with a
record, entity or report.
55.0 The system must be able to Automate
report dissemination to defined lists
X
Kaseware provides a records monitor capability
to records managers that allows the user to
email reports to other system users or external
addresses. Additionally, reports that require
approvals or additional detail can also be
automatically routed via pre-defined workflow
for those approvals.
56.0
The system must be able to track report
disseminations (auditing and case
management)
X
Audit logging and reporting is available within
Kaseware to track and outline report
disseminations.
57.0
The system must be able to maintain
different user levels to manage access to
reports based on classifications/markings,
defined tags/metadata, etc
X
Classifications will be a customization within
Kaseware that would be completed during
implementation. Current access controls, case
type controls, or individual case controls,
control whether a user will either be granted full
access, restricted access or no access.
58.0
The system must be able to generate
custom reports based on this information
for statistical purposes.
X
These custom reports would be dependent on
the customization outlined above, but could be
completed during implementation
59.0 The system must allow users to collect
and manage report evaluations.
X
With the assumption that evaluations are
documented through a set of forms, this is a
configurable function in Kaseware. Kaseware
also enables workflows to be defined that
require review and approval of submitted

reports and documents, requiring such actions
before a report is deemed final.
60.0 The system must allow users to rate and
evaluate sources.
X
Kaseware would be customized to provide an
additional type of person entity (source) that
would have the capability to include rating for
the reliability of a source. This would be a
customization that could be accomplished
during implementation.
61.0 The system must be able to update, recall,
delete, and purge reports.
X
The system provides the ability for users to
draft reports, update existing reports, finalize
reports for dissemination, and delete reports.
Purging reports via a specific timeline will
require configuration to set timelines and
handling of purged reports.
62.0
The system must be able to label
Information to indicate levels of sensitivity,
levels of confidence, and the identity of
submitting agencies and control officials.
X
Tags may be used to indicated sensitivity or
confidence. Also, potentially separate tenants
may be used, as then the identity of the
submitting agency would be automatically
tracked.
63.0
The system should allow for receipt of a
SAR from an external source system
directly.
X
Kaseware currently supports this through the
public portal, allowing for public or external
submission of a suspicious activity report.
Further, if another source is necessary,
integration via API with that system could also
be accomplished.
64.0
The system must be able to notify analyst
in case of any CI arrest or warrant in the
system
X
Alerts and monitored items within Kaseware
would provide the ability to notify users of
updates to CI entities as defined with the
Kaseware system.
65.0
The system must be able to perform link
analysis, geospatial analysis, and entity
generation or have the ability to link to an
external system with those capabilities
X
Kaseware includes integrated graphing and link
analysis tools (including geospatial analysis)
that allow quick and easy vis bility into the
connections between an organization’s data,
and any data shared with that organization by
other Kaseware users or integrated systems.
Kaseware automatically creates links among
documents, records and entities (people,
places, and things) referenced in those
documents. In addition, Kaseware
automatically de-duplicates entities where
possible. Relationships can also be created
manually between entities manually, allowing
for ultimate flexibility.

SCHEDULE B
PRICING
Cost Table 1. Contract Summary
Description Cost Comments, Assumptions, Additional Details
Implementation
Services
$1,203,000 This includes configuration, migration, integration, testing and initial
training, which covers all milestones and deliverables as set forth in
Exhibit A - Project Scope. This is a fixed-fee cost based on details
contained within this Contract.
See Cost Table 2 for invoice timing.
Licensing &
Support Services
$2,090,000 This includes:
• 300 Kaseware Annual Subscriptions,
• 60 SocialNet annual licenses,
• 1 OI Monitor annual license
• Kaseware Government Annual Enterprise Support Subscription
Add-On, which includes:
o Onsite resource available 48 hours a month to train new
users, train on new functionality, create custom
documentation, and assist in the further configuration of the
system to meet future MSP needs. The State may opt
annually whether to discontinue this resource support.
o Hosting in Azure Government Cloud
See Cost Table 3 for invoice timing.
TOTAL $3,293,000

Cost Table 2. Implementation Services, Milestones & Payments
Contractor may invoice for each Milestone Event after all of its required deliverables have been formally
accepted by the State.
Milestone Event Milestone Payment
Project Planning $300,000
Requirements and Design Validation $25,000
Test Plan Development $25,000
Provision Environments $50,000
Installation and Configuration of Software $50,000
Data Migration Plan $25,000
System Integration $50,000
Testing and Acceptance $200,000
Training $225,000
ShadowDragon Training $3,000
Go-Live $225,000
Data Migration $25,000
Post Production Warranty N/A
Production Support Services N/A
TOTAL $1,203,000
Cost Table 3. Licensing & Support Services
Contractor may invoice the Annual Fee after all required Go-Live deliverables have been formally
accepted by the State and annually thereafter for the term of the contract.
Product Comment Annual
Fee
Contract
Total
Kaseware
Software as a
Service*
• 300 Kaseware Annual Subscriptions (10GB of
pooled storage included per user, 3TB of
storage for 300 users)
• Kaseware Government Annual Enterprise
Support Subscription Add-On
$340,000* $1,700,000
SocialNet 60 SocialNet annual licenses $39,000 195,000
IOMonitor 1 OI Monitor annual license $39,000 195,000
TOTAL $418,000 $2,090,000
*Pricing for this product shall be firm for the contract’s five base years and five option years.

Cost Table 4. Hourly Rates for Optional Additional Services
The hourly rates below shall be firm for the contract’s five base years and five option years.
Service Remote Onsite
Development $200 $225
Project Management $175 $200
Training $150 $175
Cost Table 5. Tiered Pricing for Optional Additional Licensed Products
Pricing for the products below shall be firm for the contract’s five base years. Pricing for all users is at the same rate and is based on the total
user count.
Government/Non-Profit SKUs Product Annual Fee* Monthly Fee**
KW-NPG-COMPLETE Kaseware Annual Subscription $1,200 $100
KW-NPG-COMPLETE-50 Kaseware Annual Subscription - 50-99 users $1,080 $90
KW-NPG-COMPLETE-100 Kaseware Annual Subscription - 100-249 users $960 $80
KW-NPG-COMPLETE-250 Kaseware Annual Subscription - 250-1499 users $900 $75
KW-NPG-COMPLETE-1500 Kaseware Annual Subscription - 1500-2249 users $720 $60
KW-NPG-COMPLETE-2250 Kaseware Annual Subscription - 2250-2999 users $540 $45
KW-NPG-COMPLETE-3000 Kaseware Annual Subscription - 3000-4999 users $360 $30
KW-NPG-COMPLETE-5000 Kaseware Annual Subscription - More than or 5000 users $300 $25
KW-NPG-Enterprise-Support Kaseware Government Annual Enterprise Support Subscription Add-On $70,000 N/A
KW-NPG-Private Cloud Kaseware Government Private Cloud Services - Small (Non Enterprise) $12,000 $1,000
KW-NPG-Private Cloud Kaseware Government Private Cloud Services - Medium (Non Enterprise) $20,000 $1,66
KW-NPG-Private Cloud Kaseware Government Private Cloud Services - Large (Non Enterprise) $40,000 $3,333
KW-NPG-STORAGE Kaseware Additional Storage – 1GB per month $3.00 $0.25
N/A (Third-Party Item) SocialNet Annual Subscription – 125 Queries Per Day $650 N/A
N/A (Third-Party Item) SocialNet Annual Subscription – 250 Queries Per Day $1,400 N/A
N/A (Third-Party Item) SocialNet Annual Subscription – 500 Queries Per Day $2,800 N/A
N/A (Third-Party Item) SocialNet Annual Subscription – 1000 Queries Per Day $4,500 N/A
N/A (Third-Party Item) OIMonitor Annual Subscription – initial user $39,000 N/A
N/A (Third-Party Item) OIMonitor Annual Subscription – each additional user $4,000 N/A
*When adding optional additional products, Contractor will prorate the initial Annual Fee so that new licenses will co-terminate/renew at the
same time as the annual licenses initially purchased.
**Surge Licenses are also available. Upon the State’s request, the State may add short-term products for specific circumstances, which would
be invoiced at the Monthly Fee rates shown above.

SCHEDULE C
Service Level Agreement
1. Definitions. For purposes of this Schedule, the following terms have the meanings set forth below.
All initial capitalized terms in this Schedule that are not defined in this Section 1 shall have the respective
meanings given to them in the Contract.
“Actual Uptime” means the total minutes in the Service Period that the Hosted Services are
Available.
“Availability” has the meaning set forth in Section 4.1.
“Availability Requirement” has the meaning set forth in Section 4.1.
“Available” has the meaning set forth in Section 4.1.
“Contractor Service Manager” has the meaning set forth in Section 3.1.
“Corrective Action Plan” has the meaning set forth in Section 5.6.
“Critical Service Error” has the meaning set forth in Section 5.4(a).
“Exceptions” has the meaning set forth in Section 4.2.
“Force Majeure Event” has the meaning set forth in Section 6.1.
“High Service Error” has the meaning set forth in Section 5.4(a).
“Hosted Services” has the meaning set forth in Section 2.1(a).
“Low Service Error” has the meaning set forth in Section 5.4(a).
“Medium Service Error” has the meaning set forth in Section 5.4(a).
“Resolve” has the meaning set forth in Section 5.4(b).
“Scheduled Downtime” has the meaning set forth in Section 4.3.
“Scheduled Uptime” means the total minutes in the Service Period.
“Service Availability Credits” has the meaning set forth in Section 4.6(a).
“Service Error” means any failure of any Hosted Service to be Available or otherwise perform in
accordance with this Schedule.
“Service Level Credits” has the meaning set forth in Section 5.5.
“Service Level Failure” means a failure to perform the Software Support Services fully in compliance
with the Support Service Level Requirements.
“Service Period” has the meaning set forth in Section 4.1.

“Software” has the meaning set forth in the Contract.
“Software Support Services” has the meaning set forth in Section 5.
“State Service Manager” has the meaning set forth in Section 3.2.
“State Systems” means the information technology infrastructure, including the computers, software,
databases, electronic systems (including database management systems) and networks, of the State or
any of its designees.
“Support Request” has the meaning set forth in Section 5.4(a).
“Support Service Level Requirements” has the meaning set forth in Section 5.4.
“Term” has the meaning set forth in the Contract.
2. Services.
2.1. Services. Throughout the Term, Contractor will, in accordance with all terms and conditions set
forth in the Contract and this Schedule, provide to the State and its Authorized Users the following
services :
(a) the hosting, management and operation of the Software and other services for remote
electronic access and use by the State and its Authorized Users (“Hosted Services”);
(b) the Software Support Services set forth in Section 5 of this Schedule;
3. Personnel
3.1. Contractor Personnel for the Hosted Services. Contractor will appoint a Contractor employee to
serve as a primary contact with respect to the Services who will have the authority to act on behalf of
Contractor in matters pertaining to the receipt and processing of Support Requests and the Software
Support Services (the “Contractor Service Manager”). The Contractor Service Manager will be
considered Key Personnel under the Contract.
3.2. State Service Manager for the Hosted Services. The State will appoint and, in its reasonable
discretion, replace, a State employee to serve as the primary contact with respect to the Services
who will have the authority to act on behalf of the State in matters pertaining to the Software Support
Services, including the submission and processing of Support Requests (the “State Service
Manager”).
4. Service Availability and Service Availability Credits.
4.1. Availability Requirement. Contractor will make the Hosted Services Available, as measured over
the course of each calendar month during the Term and any additional periods during which
Contractor does or is required to perform any Hosted Services (each such calendar month, a
“Service Period”), at least 99.98% of the time, excluding only the time the Hosted Services are not
Available solely as a result of one or more Exceptions (the “Availability Requirement”). “Available”
means the Hosted Services are available and operable for access and use by the State and its
Authorized Users over the Internet in material conformity with the Contract. “Availability” has a
correlative meaning. The Hosted Services are not considered Available in the event of a material
performance degradation or inoperability of the Hosted Services, in whole or in part. The Availability

Requirement will be calculated for the Service Period as follows: (Actual Uptime – Total Minutes in
Service Period Hosted Services are not Available Due to an Exception) ÷ (Scheduled Uptime – Total
Minutes in Service Period Hosted Services are not Available Due to an Exception) x 100 =
Availability.
4.2. Exceptions. No period of Hosted Service degradation or inoperability will be included in
calculating Availability to the extent that such downtime or degradation is due to any of the following
(“Exceptions”):
(a) failures of the State’s or its Authorized Users’ internet connectivity;
(b) Scheduled Downtime as set forth in Section 4.3.
4.3. Scheduled Downtime. Contractor must notify the State at least twenty-four (24) hours in
advance of all scheduled outages of the Hosted Services in whole or in part (“Scheduled
Downtime”). All such scheduled outages will: (a) last no longer than five (5) hours; (b) be scheduled
between the hours of 12:00 a.m. and 5:00 a.m., Eastern Time; and (c) occur no more frequently than
once per week; provided that Contractor may request the State to approve extensions of Scheduled
Downtime above five (5) hours or during hours outside of the above defined timeline, and such
approval by the State may not be unreasonably withheld or delayed.
4.4. Software Response Time. Software response time, defined as the interval from the time the
end user sends a transaction to the time a visual confirmation of transaction completion is received,
must be less than two (2) seconds for 98% of all transactions. Unacceptable response times shall be
considered to make the Software unavailable and will count against the Availability Requirement.
4.5. Service Availability Reports. Within thirty (30) days after the end of each Service Period and
upon request of the State, Contractor will provide to the State a report describing the Availability and
other performance of the Hosted Services during that calendar month as compared to the Availability
Requirement. The report must be in electronic or such other form as the State may approve in writing
and shall include, at a minimum: (a) the actual performance of the Hosted Services relative to the
Availability Requirement; and (b) if Hosted Service performance has failed in any respect to meet or
exceed the Availability Requirement during the reporting period, a description in sufficient detail to
inform the State of the cause of such failure and the corrective actions the Contractor has taken and
will take to ensure that the Availability Requirement are fully met.
4.6. Remedies for Service Availability Failures.
(a) If the actual Availability of the Hosted Services is less than the Availability Requirement for
any Service Period, such failure will constitute a Service Error for which Contractor will
issue to the State the following credits on the fees payable for Hosted Services provided
during the Service Period (“Service Availability Credits”):
Availability Credit of Fees
≥99.98% None
<99.98% but ≥99.0% 15%

<99.0% but ≥95.0% 50%
<95.0% 100%
(b) Any Service Availability Credits due under this Section 4.6 will be applied in accordance
with payment terms of the Contract.
(c) If the actual Availability of the Hosted Services is less than the Availability Requirement in
any two (2) of four (4) consecutive Service Periods, then, in addition to all other remedies
available to the State, the State may terminate the Contract on written notice to Contractor
with no liability, obligation or penalty to the State by reason of such termination.
5. Support and Maintenance Services. Contractor will provide Hosted Service maintenance and
support services (collectively, “Software Support Services”) in accordance with the provisions of this
Section 5. The Software Support Services are included in the Services, and Contractor may not assess
any additional fees, costs or charges for such Software Support Services.
5.1. Support Service Responsibilities. Contractor will:
(a) correct all Service Errors in accordance with the Support Service Level Requirements,
including by providing defect repair, programming corrections and remedial programming;
(b) provide unlimited telephone support 8 a.m. to 5 p.m. Eastern, Monday thru Friday,
(c) provide unlimited online support 24 hours a day, seven days a week;
(d) provide online access to technical support bulletins and other user support information and
forums, to the full extent Contractor makes such resources available to its other
customers; and
(e) respond to and Resolve Support Requests as specified in this Section 5.
5.2. Service Monitoring and Management. Contractor will continuously monitor and manage the
Hosted Services to optimize Availability that meets or exceeds the Availability Requirement. Such
monitoring and management includes:
(a) proactively monitoring on a twenty-four (24) hour by seven (7) day basis all Hosted Service
functions, servers, firewall and other components of Hosted Service security;
(b) if such monitoring identifies, or Contractor otherwise becomes aware of, any circumstance
that is reasonably likely to threaten the Availability of the Hosted Service, taking all
necessary and reasonable remedial measures to promptly eliminate such threat and
ensure full Availability; and
(c) if Contractor receives knowledge that the Hosted Service or any Hosted Service function
or component is not Available (including by written notice from the State pursuant to the
procedures set forth herein):
(i) confirming (or disconfirming) the outage by a direct check of the associated facility or
facilities;

(ii) if Contractor’s facility check in accordance with clause (i) above confirms a Hosted
Service outage in whole or in part: (A) notifying the State in writing pursuant to the
procedures set forth herein that an outage has occurred, providing such details as
may be available, including a Contractor trouble ticket number, if appropriate, and
time of outage; and (B) working all problems causing and caused by the outage until
they are Resolved as Critical Service Errors in accordance with the Support Request
Classification set forth in Section 5.4, or, if determined to be an internet provider
problem, open a trouble ticket with the internet provider; and
(iii) notifying the State that Contractor has fully corrected the outage and any related
problems, along with any pertinent findings or action taken to close the trouble ticket.
5.3. Service Maintenance. Contractor will continuously maintain the Hosted Services to optimize
Availability that meets or exceeds the Availability Requirement. Such maintenance services include
providing to the State and its Authorized Users:
(a) all updates, bug fixes, enhancements, Maintenance Releases, New Versions and other
improvements to the Hosted Services, including the Software, that Contractor provides at
no additional charge to its other similarly situated customers; provided that Contractor shall
consult with the State and is required to receive State approval prior to modifying or
upgrading Hosted Services, including Maintenance Releases and New Versions of
Software; and
(b) all such services and repairs as are required to maintain the Hosted Services or are
ancillary, necessary or otherwise related to the State’s or its Authorized Users’ access to
or use of the Hosted Services, so that the Hosted Services operate properly in accordance
with the Contract and this Schedule.
5.4. Support Service Level Requirements. Contractor will correct all Service Errors and respond to
and Resolve all Support Requests in accordance with the required times and other terms and
conditions set forth in this Section 5.4 (“Support Service Level Requirements”), and the Contract.
(a) Support Requests. The State will classify its requests for Service Error corrections in
accordance with the descriptions set forth in the chart below (each a “Support Request”).
The State Service Manager will notify Contractor of Support Requests by email, telephone
or such other means as the parties may hereafter agree to in writing.
Support Request Classification Description:
Any Service Error Comprising or Causing
any of the Following Events or Effects
Critical Service Error
· Issue affecting entire system
or single critical production
function;

· System down or operating in
materially degraded state;
· Data integrity at risk;
· Declared a Critical Support
Request by the State; or
· Widespread access
interruptions.
High Service Error
· Primary component failure
that materially impairs its
performance; or
· Data entry or access is
materially impaired on a
limited basis.
Medium Service Error
· Hosted Service is operating
with minor issues that can be
addressed with an acceptable
(as determined by the State)
temporary work around.
Low Service Error
· Request for assistance,
information, or services that
are routine in nature.
(b) Response and Resolution Time Service Levels. Response and Resolution times will be
measured from the time Contractor receives a Support Request until the respective times
Contractor has (i) responded to, in the case of response time and (ii) Resolved such
Support Request, in the case of Resolution time. “Resolve” (including “Resolved”,
“Resolution” and correlative capitalized terms) means that, as to any Service Error,
Contractor has provided the State the corresponding Service Error correction and the
State has confirmed such correction and its acceptance thereof. Contractor will respond to
and Resolve all Service Errors within the following times based on the severity of the
Service Error:
Support
Request
Classification
Service Level
Metric
(Required
Response
Time)
Service Level
Metric
(Required
Resolution
Time)
Service Level
Credits
(For Failure to
Respond to any
Support
Request Within
Service Level
Credits
(For Failure to
Resolve any
Support
Request Within

the
Corresponding
Response
Time)
the
Corresponding
Required
Resolution
Time)
Critical Service
Error
One (1) hour Three (3) hours Five percent
(5%) of the Fees
for the month in
which the initial
Service Level
Failure begins
and five percent
(5%) of such
monthly Fees for
each additional
hour or portion
thereof that the
corresponding
Service Error is
not responded to
within the
required
response time.
Five percent
(5%) of the Fees
for the month in
which the initial
Service Level
Failure begins
and five percent
(5%) of such
monthly Fees for
the first
additional hour
or portion
thereof that the
corresponding
Service Error
remains unResolved, which
amount will
thereafter double
for each
additional onehour increment.
High Service
Error
One (1) hour Four (4) hours Three percent
(3%) of the Fees
for the month in
which the initial
Service Level
Failure begins
and three
percent (3%) of
such monthly
Fees for each
additional hour
or portion
thereof that the
Three percent
(3%) of the Fees
for the month in
which the initial
Service Level
Failure begins
and three
percent (3%) of
such monthly
Fees for the first
additional hour
or portion
thereof that the

corresponding
Service Error is
not responded to
within the
required
response time.
corresponding
Service Error
remains unResolved, which
amount will
thereafter double
for each
additional onehour increment.
Medium Service
Error
Three (3) hours Two (2)
Business Days
N/A N/A
Low Service
Error
Three (3) hours Five (5)
Business Days
N/A N/A
(c) Escalation. With respect to any Critical Service Error Support Request, until such Support
Request is Resolved, Contractor will escalate that Support Request within sixty (60)
minutes of the receipt of such Support Request by the appropriate Contractor support
personnel, including, as applicable, the Contractor Service Manager and Contractor’s
management or engineering personnel, as appropriate.
5.5. Support Service Level Credits. Failure to achieve any of the Support Service Level
Requirements for Critical and High Service Errors will constitute a Service Level Failure for which
Contractor will issue to the State the corresponding service credits set forth in Section 5.4(b)
(“Service Level Credits”) in accordance with payment terms set forth in the Contract.
5.6. Corrective Action Plan. If two or more Critical Service Errors occur in any thirty (30) day period
during (a) the Term or (b) any additional periods during which Contractor does or is required to
perform any Hosted Services, Contractor will promptly investigate the root causes of these Service
Errors and provide to the State within five (5) Business Days of its receipt of notice of the second
such Support Request an analysis of such root causes and a proposed written corrective action plan
for the State’s review, comment and approval, which, subject to and upon the State’s written
approval, shall be a part of, and by this reference is incorporated in, the Contract as the parties’
corrective action plan (the “Corrective Action Plan”). The Corrective Action Plan must include, at a
minimum: (a) Contractor’s commitment to the State to devote the appropriate time, skilled personnel,
systems support and equipment and other resources necessary to Resolve and prevent any further
occurrences of the Service Errors giving rise to such Support Requests; (b) a strategy for developing
any programming, software updates, fixes, patches, etc. necessary to remedy, and prevent any
further occurrences of, such Service Errors; and (c) time frames for implementing the Corrective
Action Plan. There will be no additional charge for Contractor’s preparation or implementation of the
Corrective Action Plan in the time frames and manner set forth therein.
6. Force Majeure.
6.1. Force Majeure Events. Subject to Section 6.3, neither party will be liable or responsible to the
other party, or be deemed to have defaulted under or breached the Contract, for any failure or delay

in fulfilling or performing any term hereof, when and to the extent such failure or delay is caused by:
acts of God, flood, fire or explosion, war, terrorism, invasion, riot or other civil unrest, embargoes or
blockades in effect on or after the date of the Contract, national or regional emergency, or any
passage of law or governmental order, rule, regulation or direction, or any action taken by a
governmental or public authority, including imposing an embargo, export or import restriction, quota
or other restriction or prohibition (each of the foregoing, a “Force Majeure Event”), in each case
provided that: (a) such event is outside the reasonable control of the affected party; (b) the affected
party gives prompt written notice to the other party, stating the period of time the occurrence is
expected to continue; (c) the affected party uses diligent efforts to end the failure or delay and
minimize the effects of such Force Majeure Event.
6.2. State Performance; Termination. In the event of a Force Majeure Event affecting Contractor’s
performance under the Contract, the State may suspend its performance hereunder until such time as
Contractor resumes performance. The State may terminate the Contract by written notice to
Contractor if a Force Majeure Event affecting Contractor’s performance hereunder continues
substantially uninterrupted for a period of five (5) Business Days or more. Unless the State
terminates the Contract pursuant to the preceding sentence, any date specifically designated for
Contractor’s performance under the Contract will automatically be extended for a period up to the
duration of the Force Majeure Event.
6.3. Exclusions; Non-suspended Obligations. Notwithstanding the foregoing or any other provisions
of the Contract or this Schedule:
(a) in no event will any of the following be considered a Force Majeure Event:
(i) shutdowns, disruptions or malfunctions of Contractor Systems or any of Contractor’s
telecommunication or internet services other than as a result of general and
widespread internet or telecommunications failures that are not limited to the
Contractor Systems; or
(ii) the delay or failure of any Contractor Personnel to perform any obligation of
Contractor hereunder unless such delay or failure to perform is itself by reason of a
Force Majeure Event.
(b) no Force Majeure Event modifies or excuses Contractor’s obligations under Sections 19
(State Data), 20 (Confidentiality), or 27 (Indemnification) of the Contract, Section 7
(Disaster Recovery and Backup) of this Schedule, the Availability Requirement defined in
this Schedule, or any security requirements under the Contract, the Statement of Work, or
applicable Schedule.
7. Disaster Recovery and Backup. Throughout the Term and at all times in connection with its actual
or required performance of the Services, Contractor will:
(a) maintain and operate a backup and disaster recovery plan to achieve a Recovery Point
Objective (RPO) of 4 hours, and a Recovery Time Objective (RTO) of 4 hours (the “DR
Plan”), and implement such DR Plan in the event of any unplanned interruption of the
Hosted Services. Contractor’s current DR Plan, revision history, and any reports or
summaries relating to past testing of or pursuant to the DR Plan are attached as Schedule
E. Contractor will actively test, review and update the DR Plan on at least an annual basis
using industry best practices as guidance. Contractor will provide the State with copies of

all such updates to the Plan within fifteen (15) days of its adoption by Contractor. All
updates to the DR Plan are subject to the requirements of this Section 7; and
(b) provide the State with copies of all reports resulting from any testing of or pursuant to the
DR Plan promptly after Contractor’s receipt or preparation. If Contractor fails to reinstate
all material Hosted Services within the periods of time set forth in the DR Plan, the State
may, in addition to any other remedies available under this Contract, in its sole discretion,
immediately terminate this Contract as a non-curable default.

SCHEDULE D
Data Security Requirements
1. Definitions. For purposes of this Schedule, the following terms have the meanings set forth below.
All initial capitalized terms in this Schedule that are not defined in this Section 1 shall have the respective
meanings given to them in the Contract.
“Contractor Security Officer” has the meaning set forth in Section 2 of this Schedule.
“Contractor Systems” has the meaning set forth in Section 5 of this Schedule.
“FedRAMP” means the Federal Risk and Authorization Management Program, which is a federally
approved risk management program that provides a standardized approach for assessing and monitoring
the security of cloud products and services.
“FISMA” means The Federal Information Security Management Act of 2002 (44 U.S.C. ch. 35, subch. III §
3541 et seq.).
“Hosted Services” means the hosting, management and operation of the computing hardware, ancillary
equipment, Software, firmware, data, other services (including support services), and related resources
for remote electronic access and use by the State and its Authorized Users, including any services and
facilities related to disaster recovery obligations.
“NIST” means the National Institute of Standards and Technology.
“PSP” means the State’s IT Policies, Standards and Procedures located at:
http://michigan.gov/dtmb/0,4568,7-150-56355 56579 56755---,00.html
2. Contractor will appoint a Contractor employee to respond to the State’s inquiries regarding the
security of the Contractor Systems who has sufficient knowledge of the security of the Contractor
Systems and the authority to act on behalf of Contractor in matters pertaining thereto (“Contractor
Security Officer”). The Contractor Security Officer will be considered Key Personnel under the Contract.
3. Protection of the State’s Confidential Information. Throughout the Term and at all times in
connection with its actual or required performance of the Services, Contractor will:
3.1. maintain infrastructure’s FedRAMP certification for the Hosted Services throughout the Term,
and in the event the contractor is unable to maintain infrastructure’s FedRAMP certification, the State
may move the Software to an alternative provider, at contractor’s sole cost and expense;
3.2. ensure that the Software is securely hosted, supported, administered, and accessed in a data
center that resides in the continental United States, and minimally meets Uptime Institute Tier 3
standards (www.uptimeinstitute.com), or its equivalent;
3.3. maintain and enforce an information security program including safety and physical and
technical security policies and procedures with respect to its Processing of the State’s Confidential
Information that comply with the requirements of the State’s data security policies as set forth in the
Contract, and must, at a minimum, remain compliant with FISMA and the NIST Special Publication

800.53 (most recent version) HIGH Controls using minimum control values as established in the
applicable PSP;
3.4. provide technical and organizational safeguards against accidental, unlawful or unauthorized
access to or use, destruction, loss, alteration, disclosure, transfer, commingling or processing of such
information that ensure a level of security appropriate to the risks presented by the processing of the
State’s Confidential Information and the nature of such Confidential Information, consistent with best
industry practice and standards;
3.5. take all reasonable measures to:
(a) secure and defend all locations, equipment, systems and other materials and facilities
employed in connection with the Services against “hackers” and others who may seek,
without authorization, to disrupt, damage, modify, access or otherwise use Contractor
Systems or the information found therein; and
(b) prevent (i) the State and its Authorized Users from having access to the data of other
customers or such other customer’s users of the Services; (ii) the State’s Confidential
Information from being commingled with or contaminated by the data of other customers or
their users of the Services; and (iii) unauthorized access to any of the State’s Confidential
Information;
3.6. ensure that State Data is encrypted in transit and at rest using AES 256bit or higher encryption;
3.7. ensure that State Data is encrypted in transit and at rest using currently certified encryption
modules in accordance with FIPS PUB 140-2 (as amended). Security Requirements for
Cryptographic Modules;
3.8. ensure the Hosted Services support Identity Federation/Single Sign-on (SSO) capabilities using
Security Assertion Markup Language (SAML) or comparable mechanisms;
3.9. ensure the Hosted Services have multi-factor authentication for privileged/administrative
access; and
3.10. Security Accreditation Process. Contractor must assist the State, at no additional cost, with
development, completion and on-going maintenance of a system security plan (SSP) using the
State’s automated governance, risk and compliance platform, which requires Contractor to submit
evidence, upon request from the State, in order to validate Contractor’s security controls. On an
annual basis, or as otherwise required by the State, re-assessment of the system’s controls will be
required to receive and maintain authority to operate (ATO). All identified risks from the SSP will be
remediated through a Plan of Action and Milestones (POAM) process with remediation time frames
based on the risk level of the identified risk. For all findings associated with the Contractor’s solution,
at no additional cost, Contractor will be required to create or assist with the creation of State
approved POAMs and perform related remediation activities. The State will make any decisions on
acceptable risk, Contractor may request risk acceptance, supported by compensating controls,
however only the State may formally accept risk.
4. Unauthorized Access. Contractor may not access, and shall not permit any access to, State
systems, in whole or in part, whether through Contractor’s Systems or otherwise, without the State’s
express prior written authorization. Such authorization may be revoked by the State in writing at any time

in its sole discretion. Any access to State systems must be solely in accordance with the Contract and
this Schedule, and in no case exceed the scope of the State’s authorization pursuant to this Section 4.
All State-authorized connectivity or attempted connectivity to State systems shall be only through the
State’s security gateways and firewalls and in compliance with the State’s security policies set forth in the
Contract as the same may be supplemented or amended by the State and provided to Contractor from
time to time.
5. Contractor Systems. Contractor will be solely responsible for the information technology
infrastructure, including all computers, software, databases, electronic systems (including database
management systems) and networks used by or for Contractor in connection with the Services
(“Contractor Systems”) and shall prevent unauthorized access to State systems through the Contractor
Systems.
6. Security Audits. During the Term, Contractor will:
6.1. maintain complete and accurate records relating to its data protection practices, IT security
controls, and the security logs of any of the State’s Confidential Information, including any backup,
disaster recovery or other policies, practices or procedures relating to the State’s Confidential
Information and any other information relevant to its compliance with this Schedule;
6.2. upon the State’s request, make all such records, appropriate personnel and relevant materials
available during normal business hours for inspection and audit by the State or an independent data
security expert that is reasonably acceptable to Contractor, provided that the State: (i) gives
Contractor at least five (5) Business Days prior notice of any such audit; (ii) undertakes such audit no
more than once per calendar year, except for good cause shown; and (iii) conducts or causes to be
conducted such audit in a manner designed to minimize disruption of Contractor’s normal business
operations and that complies with the terms and conditions of all data confidentiality, ownership,
privacy, security and restricted use provisions of the Contract. The State may, but is not obligated to,
perform such security audits, which shall, at the State’s option and request, include penetration and
security tests, of any and all Contractor Systems and their housing facilities and operating
environments; and
6.3. if requested by the State, provide a copy of Contractor’s FedRAMP System Security Plan. The
System Security Plan will be recognized as Contractor’s Confidential Information.
7. Nonexclusive Remedy for Security Breach. Any failure of the Services to meet the requirements
of this Schedule with respect to the security of any State Data or other Confidential Information of the
State, including any related backup, disaster recovery or other policies, practices or procedures, is a
material breach of the Contract for which the State, at its option, may terminate the Contract immediately
upon written notice to Contractor without any notice or cure period, and Contractor must promptly
reimburse to the State any Fees prepaid by the State prorated to the date of such termination.

SCHEDULE E
Disaster Recovery Plan
MSP Disaster Recovery
All organizations have unique situations when it comes to their use of information technology. As such,
disaster recovery (DR) plans must be tailored to the individual organization after thorough discovery and
analysis of the environment and outlined use of the system. There are important considerations and a
structure to guide the creation of a DR plan, including objectives, scope, RPO and RTO targets (based
on the organization’s needs), backup strategy, roles and responsibilities, incident response, DR
procedures for specific scenarios, alternate work locations, and notifications.
To provide a comprehensive DR plan and strategy for Kaseware at MSP, these topics would be included
in the requirements discovery and the documentation for designing MSP’s implementation. Discovery
would include the discussion of strategies in place for existing MSP systems as well as systems to be
integrated with Kaseware. MSP’s unique objectives regarding the system would also be considered. A
DR strategy for Kaseware would then be identified, planned, and agreed to as part of the
implementation.
Azure Disaster Recovery
Kaseware is proposing cloud hosting of MSP’s Kaseware tenant on the Azure GovCloud, which offers
business continuity and disaster recovery (BCDR) services for hosted solutions and data. Kaseware
recommends assessing these services for MSP DR and it will be considered as a strategy during design
and discovery efforts.
Azure DR services are outlined and maintained by Azure. Additional details regarding Azure BCDR can
be referenced at the following locations:
1. https://devblogs.microsoft.com/azuregov/azure-site-recovery-available-in-dod-and-new-azuregovernment-regions/
2. https://azure.microsoft.com/en-us/services/site-recovery/

SCHEDULE F
FEDERAL BUREAU OF INVESTIGATION
CRIMINAL JUSTICE INFORMATION SERVICES
SECURITY ADDENDUM
The goal of this document is to augment the CJIS Security Policy to ensure adequate
security is provided for criminal justice systems while (1) under the control or management of
a private entity or (2) connectivity to FBI CJIS Systems has been provided to a private entity
(contractor). Adequate security is defined in Office of Management and Budget Circular A130 as “security commensurate with the risk and magnitude of harm resulting from the loss,
misuse, or unauthorized access to or modification of information.”
The intent of this Security Addendum is to require that the Contractor maintain a
security program consistent with federal and state laws, regulations, and standards (including
the CJIS Security Policy in effect when the contract is executed), as well as with policies and
standards established by the Criminal Justice Information Services (CJIS) Advisory Policy
Board (APB).
This Security Addendum identifies the duties and responsibilities with respect to the
installation and maintenance of adequate internal controls within the contractual relationship so
that the security and integrity of the FBI's information resources are not compromised. The
security program shall include consideration of personnel security, site security, system
security, and data security, and technical security.
The provisions of this Security Addendum apply to all personnel, systems, networks and
support facilities supporting and/or acting on behalf of the government agency.
1.1 Definitions
1.2 Contracting Government Agency (CGA) - the government agency, whether a Criminal
Justice Agency or a Noncriminal Justice Agency, which enters into an agreement with a private
contractor subject to this Security Addendum.
1.3 Contractor - a private business, organization or individual which has entered into an
agreement for the administration of criminal justice with a Criminal Justice Agency or a
Noncriminal Justice Agency.
2.1 Responsibilities of the Contracting Government Agency.
2.2 The CGA will ensure that each Contractor employee receives a copy of the Security
Addendum and the CJIS Security Policy and executes an acknowledgment of such receipt and
the contents of the Security Addendum. The signed acknowledgments shall remain in the
possession of the CGA and available for audit purposes. The acknowledgement may be signed
by hand or via digital signature (see glossary for definition of digital signature).
3.1 Responsibilities of the Contractor.
3.2 The Contractor will maintain a security program consistent with federal and state laws,
regulations, and standards (including the CJIS Security Policy in effect when the contract is
executed and all subsequent versions), as well as with policies and standards established by the
Criminal Justice Information Services (CJIS) Advisory Policy Board (APB).

4.1 Security Violations.
4.2 The CGA must report security violations to the CJIS Systems Officer (CSO) and the
Director, FBI, along with indications of actions taken by the CGA and Contractor.
4.3 Security violations can justify termination of the appended agreement.
4.4 Upon notification, the FBI reserves the right to:
a. Investigate or decline to investigate any report of unauthorized use;
b. Suspend or terminate access and services, including telecommunications links. The
FBI will provide the CSO with timely written notice of the suspension. Access and
services will be reinstated only after satisfactory assurances have been provided to
the FBI by the CGA and Contractor. Upon termination, the Contractor's records
containing CHRI must be deleted or returned to the CGA.
5.1 Audit
5.2 The FBI is authorized to perform a final audit of the Contractor's systems after
termination of the Security Addendum.
6.1 Scope and Authority
6.2 This Security Addendum does not confer, grant, or authorize any rights, privileges, or
obligations on any persons other than the Contractor, CGA, CJA (where applicable), CSA, and
FBI.
6.3 The following documents are incorporated by reference and made part of this
agreement: (1) the Security Addendum; (2) the NCIC 2000 Operating Manual; (3) the CJIS
Security Policy; and (4) Title 28, Code of Federal Regulations, Part 20. The parties are also
subject to applicable federal and state laws and regulations.
6.4 The terms set forth in this document do not constitute the sole understanding by and
between the parties hereto; rather they augment the provisions of the CJIS Security Policy to
provide a minimum basis for the security of the system and contained information and it is
understood that there may be terms and conditions of the appended Agreement which impose
more stringent requirements upon the Contractor.
6.5 This Security Addendum may only be modified by the FBI and may not be modified
by the parties to the appended Agreement without the consent of the FBI.
6.6 All notices and correspondence shall be forwarded by First Class mail to:
Information Security Officer
Criminal Justice Information Services Division, FBI

FEDERAL BUREAU OF INVESTIGATION
CRIMINAL JUSTICE INFORMATION SERVICES
SECURITY ADDENDUM
CERTIFICATION
I hereby certify that I am familiar with the contents of (1) the Security Addendum,
including its legal authority and purpose; (2) the NCIC Operating Manual; (3) the CJIS Security
Policy; and (4) Title 28, Code of Federal Regulations, Part 20, and agree to be bound by their
provisions.
I recognize that criminal history record information and related data, by its very nature,
is sensitive and has potential for great harm if misused. I acknowledge that access to criminal
history record information and related data is therefore limited to the purpose(s) for which a
government agency has entered into the contract incorporating this Security Addendum. I
understand that misuse of the system by, among other things: accessing it without
authorization; accessing it by exceeding authorization; accessing it for an improper purpose;
using, disseminating or re-disseminating information received as a result of this contract for a
purpose other than that envisioned by the contract, may subject me to administrative and
criminal penalties. I understand that accessing the system for an appropriate purpose and then
using, disseminating or re-disseminating the information received for another purpose other
than execution of the contract also constitutes misuse. I further understand that the occurrence
of misuse does not depend upon whether or not I receive additional compensation for such
authorized activity. Such exposure for misuse includes, but is not limited to, suspension or loss
of employment and prosecution for state and federal crimes.
Printed Name/Signature of Contractor Employee Date
Printed Name/Signature of Contractor Representative Date
Organization and Title of Contractor Representative

SCHEDULE G
Kaseware SaaS Security Controls
In addition to other requirements in the contract, Contractor shall meet the Security Controls detailed in
the attached Kaseware Security Policy Manual dated April 2018 as updated on 3/22/2019.
[Kaseware Security Policy Manual intentionally redacted for security purposes]

SCHEDULE H
Data Retention Policy
The table below details the MSP Intelligence Operations Division specific retention policies. Additionally, criminal intelligence files are regulated by
28 CFR part 23.
Agency Code Agency
Name
Item # Series Title Series Description Retention
Period
Approval
Date
Versatile Security Level
55/IOD Intelligence
Operations
Division
00000 - Introduction The Intelligence Operations Division
includes the Michigan Intelligence
Operations Center, Operations Section
(including the Regional Communication
Centers), and the Cyber Section which
consists of the Michigan Cyber Command
Center (MC3) and the Computer Crimes
Unit.
M.C.L. 18.1284 - 18.1292 requires that all
state records, regardless of media or
location, be listed on an approved
Retention and Disposal
Schedule. Records, regardless of format,
cannot legally be destroyed without the
authorization of a schedule. This schedule
is supplemented by the State of Michigan's
general schedules that are available online
at www.michigan.gov/recordsmanagement.
55/IOD Intelligence
Operations
Division -
Cyber
Section
40190 - Computer
Forensic
Evidence and
Analysis
Records
These records document the investigation
of cyber crimes conducted by MSP for nonMSP law enforcement agencies. The
records for MSP investigations are created
by this office, but are maintained in the
case files held by other MSP offices. They
may include the data files that were
analyzed, images, reports, etc.
RETAIN
UNTIL: Case
is closed an
all litigation
appeals are
completed
THEN:
Destroy
3/15/2016 N C
55/IOD Intelligence
Operations
Division -
Operations
Desk
40191A - Informational
Notices -
Routine
Incidents
These records document notices that are
disseminated to relevant MSP personnel
about current routine incidents that are
taking place to ensure awareness across
the entire department. They may include
communications (including e-mail), raw
intelligence that is not vetted for accuracy,
supporting documentation, etc.
RETAIN
UNTIL:
Incident
concludes
PLUS: 30
days
THEN:
Destroy
3/15/2016 N C
55/IOD Intelligence
Operations
40191B - Informational
Notices -
These records document notices that are
disseminated to relevant MSP personnel
RETAIN
UNTIL: No
3/15/2016 N C

Agency Code Agency Item# Series Title Series Description Retention Approval Versatile Security Level
Name Period Date
Division - Major about current major incidents that are longer needed
Operations Incidents taking place to ensure awareness across to help
Desk the entire department. They may include address
communications (including e-mail}, raw similar
intelligence that is not vetted for accuracy, incidents in
supporting documentation, etc. the future
THEN:
Destrov
55/IOD Intelligence 40192 - Service These records document the handling of RETAIN 3/15/2016 N C
Operations Request requests for special MSP services (such as UNTIL:
Division - Management canine, aerial, dive team, etc.). They may Request is
Operations Records include requests, distribution of completed
Desk assignments, supporting documentation, PLUS 30
etc. days
THEN:
Destrov
55/IOD Intelligence 40193A - Operations These records document when resources RETAIN 3/15/2016 N C
Operations Log Data - are deployed or assigned, and when a UNTIL:
Division - Routine routine incident is resolved. They may Request is
Operations Incidents include date, status, resource assigned, completed
Desk etc. PLUS 30
days
THEN:
Destrov
55/IOD Intelligence 40193B - Operations These records document when resources RETAIN 3/15/2016 N C
Operations Log Data - are deployed or assigned, and when a UNTIL: No
Division - Major major incident is resolved. They may longer needed
Operations Incidents include date, status, resource assigned, to help
Desk etc. address
similar
incidents in
the future
THEN:
Destrov
55/IOD Intelligence 40194 - Call Tracking These records document statistics about RETAIN 3/15/2016 N I
Operations Sheet the types of incidents that are handled on a UNTIL:
Division - daily basis by the Operations Desk. One Calendar year
Operations sheet is created for each year and is ends
Desk updated daily. They may include date, PLUS 5
incident type, resources assigned, daily years
counts, etc. THEN: Destroy
55/IOD Intelligence 40195 - Call These records document all calls that are RETAIN 3/15/2016 N I
Operations Recordings recorded by the Operations Desk, the UNTIL: Call is
Division - Regional Communications Center and the received
Operations Watch Desk. They may be used for quality PLUS 90
Desk assurance, evidence and training days
ournoses. Thev mav include the audio of

Agency Code Agency Item# Series Title Series Description Retention Approval Versatile Security Level
Name Period Date
the call, supporting documentation, THEN:
etc. Note. recordings of major incidents Destroy
mav be ouf/ed and retained in the case file.
55/IOD Intelligence 40196 - Computer These records document data collected by RETAIN 3/15/2016 N I
Operations Aided dispatchers about incidents. They include UNTIL:
Division - Dispatch 9-1-1 dispatchers from Negaunee, Gaylord, Incident is
Operations (CAD) Data respons ble patrol areas, Regional resolved
Desk Communications Center, etc. Troopers PLUS 1 year
may add more data during and after THEN:
incidents. Data may include date, time, Destroy
location, incident type, response
information, etc. Note. data about major
incidents may be pulled and retained in the
case file.
55/IOD Intelligence 40197 - Case Files- These records document criminal cases RETAIN 3/15/2016 N I
Operations Criminal investigated by MSP. Note: these cases UNTIL: Case
Division - are maintained by the MIOC because they is solved and
Michigan are not solved, and they are so old that closed (see
Intelligence they pre-date current recordkeeping 55/CJIC, item
Operations systems. #30369)
Center PLUS 50
years
THEN:
Transfer to
the Archives
of Michiaan
55/IOD Intelligence 40198 - Case Support These records document cases RETAIN 3/15/2016 N C
Operations Materials investigated by MIOC for MSP and other UNTIL: Case
Division - law enforcement agencies. They may is closed
Michigan include phone records, charts, maps, PLUS 50
Intelligence photos, video, etc. years
Operations THEN:
Center Destrov
55/IOD Intelligence 40199 - Bulletins These records document notifications about Permanent 3/15/2016 N C
Operations intelligence and informational issues. They
Division - may be distributed to MSP posts, other law
Michigan enforcement agencies, select private sector
Intelligence entities, etc. They may address safety
Operations concerns, suspicious activity, etc. They
Center may include bulletins, supporting
documentation etc.
55/IOD Intelligence 40200A - Michigan These records document criminal RETAIN 3/15/2016 N C
Operations Criminal intelligence that is collected for analysis UNTIL:
Division - Intelligence purposes. However, it was determined that Investigation
Michigan System no criminal activity was involved. Data is determines
Intelligence (MCIS) Data - maintained in compliance with federal that no crime
Operations No Criminal regulations, 28 CFR 23. was involved
Center Activitv PLUS 30

Agency Code Agency Item# Series Title Series Description Retention Approval Versatile Security Level
Name Period Date
days
THEN:
Destrov
55/IOD Intelligence 40200B - Michigan These records document criminal RETAIN 3/15/2016 N C
Operations Criminal intelligence that is collected for analysis UNTIL: Data
Division - Intelligence purposes. Data is maintained in is reviewed
Michigan System compliance with federal regulations, 28 every 5 years
Intelligence (MCIS) Data - CFR23. to determine if
Operations Criminal it is still
Center Activity relevant to ongoing activity
THEN:
Destrov
55/IOD Intelligence 40201 - OK2SAY These records document tips submitted via RETAIN 3/15/2016 N C
Operations Program a hotline by students about suspicious UNTIL: Tip is
Division - Records activity related to public safety. They may submitted
Michigan include date, subject, information reported, PLUS 5
Intelligence etc. years
Operations THEN:
Center Destrov
55/IOD Intelligence 40202 - Phone These records document phone numbers RETAIN 3/15/2016 N C
Operations Number Data that are involved in criminal activity. They UNTIL: Data
Division - may include a case number and the phone is reviewed
Michigan number. every 5 years
Intelligence to determine if
Operations it is still
Center relevant to ongoing activity
THEN:
Destrov

SCHEDULE I
Federal Provisions Addendum
The provisions in this addendum may apply if the purchase will be paid for in whole or in part with funds obtained from
the federal government. If any provision below is not required by federal law for this Contract, then it does not apply
and must be disregarded. If any provision below is required to be included in this Contract by federal law, then the
applicable provision applies and the language is not negotiable. If any provision below conflicts with the State’s terms
and conditions, including any attachments, schedules, or exhibits to the State’s Contract, the provisions below take
priority to the extent a provision is required by federal law; otherwise, the order of precedence set forth in the Contract
applies. Hyperlinks are provided for convenience only; broken hyperlinks will not relieve Contractor from compliance
with the law.
1. Federally Assisted Construction Contracts. If this contract is a “federally assisted construction contract” as
defined in 41 CRF Part 60-1.3, and except as otherwise may be provided under 41 CRF Part 60, then during
performance of this Contract, the Contractor agrees as follows:
(1) The Contractor will not discriminate against any employee or applicant for employment because of race,
color, religion, sex, sexual orientation, gender identity, or national origin. The Contractor will take affirmative
action to ensure that applicants are employed, and that employees are treated during employment without
regard to their race, color, religion, sex, sexual orientation, gender identity, or national origin. Such action shall
include, but not be limited to the following:
Employment, upgrading, demotion, or transfer; recruitment or recruitment advertising; layoff or termination;
rates of pay or other forms of compensation; and selection for training, including apprenticeship. The
Contractor agrees to post in conspicuous places, available to employees and applicants for employment,
notices to be provided setting forth the provisions of this nondiscrimination clause.
(2) The Contractor will, in all solicitations or advertisements for employees placed by or on behalf of the
Contractor, state that all qualified applicants will receive consideration for employment without regard to race,
color, religion, sex, sexual orientation, gender identity, or national origin.
(3) The Contractor will not discharge or in any other manner discriminate against any employee or applicant
for employment because such employee or applicant has inquired about, discussed, or disclosed the
compensation of the employee or applicant or another employee or applicant. This provision shall not apply
to instances in which an employee who has access to the compensation information of other employees or
applicants as a part of such employee's essential job functions discloses the compensation of such other
employees or applicants to individuals who do not otherwise have access to such information, unless such
disclosure is in response to a formal complaint or charge, in furtherance of an investigation, proceeding,
hearing, or action, including an investigation conducted by the employer, or is consistent with the Contractor's
legal duty to furnish information.
(4) The Contractor will send to each labor union or representative of workers with which he has a collective
bargaining agreement or other contract or understanding, a notice to be provided advising the said labor union
or workers' representatives of the Contractor's commitments under this section, and shall post copies of the
notice in conspicuous places available to employees and applicants for employment.
(5) The Contractor will comply with all provisions of Executive Order 11246 of September 24, 1965, and of the
rules, regulations, and relevant orders of the Secretary of Labor.
(6) The Contractor will furnish all information and reports required by Executive Order 11246 of September
24, 1965, and by rules, regulations, and orders of the Secretary of Labor, or pursuant thereto, and will permit
access to his books, records, and accounts by the administering agency and the Secretary of Labor for
purposes of investigation to ascertain compliance with such rules, regulations, and orders.
(7) In the event of the Contractor's noncompliance with the nondiscrimination clauses of this contract or with
any of the said rules, regulations, or orders, this Contract may be canceled, terminated, or suspended in whole
or in part and the Contractor may be declared ineligible for further Government contracts or federally assisted
construction contracts in accordance with procedures authorized in Executive Order 11246 of September 24,
1965, and such other sanctions may be imposed and remedies invoked as provided in Executive Order 11246
of September 24, 1965, or by rule, regulation, or order of the Secretary of Labor, or as otherwise provided by
law.

(8) The Contractor will include the portion of the sentence immediately preceding paragraph (1) and the
provisions of paragraphs (1) through (8) in every subcontract or purchase order unless exempted by rules,
regulations, or orders of the Secretary of Labor issued pursuant to section 204 of Executive Order 11246 of
September 24, 1965, so that such provisions will be binding upon each subcontractor or vendor. The
Contractor will take such action with respect to any subcontract or purchase order as the administering agency
may direct as a means of enforcing such provisions, including sanctions for noncompliance:
Provided, however, that in the event a Contractor becomes involved in, or is threatened with, litigation with a
subcontractor or vendor as a result of such direction by the administering agency, the Contractor may request
the United States to enter into such litigation to protect the interests of the United States.
2. Davis-Bacon Act (Prevailing Wage)
a. If applicable, the Contractor (and its Subcontractors) for prime construction contracts in excess of
$2,000 must comply with the Davis-Bacon Act (40 USC 3141-3148) as supplemented by Department of
Labor regulations (29 CFR Part 5, “Labor Standards Provisions Applicable to Contracts Covering
Federally Financed and Assisted Construction”).
b. The Contractor (and its Subcontractors) shall pay all mechanics and laborers employed directly on the
site of the work, unconditionally and at least once a week, and without subsequent deduction or rebate
on any account, the full amounts accrued at time of payment, computed at wage rates not less than those
stated in the advertised specifications, regardless of any contractual relationship which may be alleged
to exist between the Contractor or subcontractor and the laborers and mechanics;
c. The Contractor will post the scale of wages to be paid in a prominent and easily accessible place at the
site of the work;
d. There may be withheld from the Contractor so much of accrued payments as the contracting officer
considers necessary to pay to laborers and mechanics employed by the Contractor or any Subcontractor
on the work the difference between the rates of wages required by the Contract to be paid laborers and
mechanics on the work and the rates of wages received by the laborers and mechanics and not refunded
to the Contractor or Subcontractors or their agents.
3. Copeland “Anti-Kickback” Act. If applicable, the Contractor must comply with the Copeland “Anti-Kickback”
Act (40 USC 3145), as supplemented by Department of Labor regulations (29 CFR Part 3, “Contractors and
Subcontractors on Public Building or Public Work Financed in Whole or in Part by Loans or Grants from the
United States”), which prohibits the Contractor and subrecipients from inducing, by any means, any person
employed in the construction, completion, or repair of public work, to give up any part of the compensation to
which he or she is otherwise entitled.
4. Contract Work Hours and Safety Standards Act. If the Contract is in excess of $100,000 and involves
the employment of mechanics or laborers, the Contractor must comply with 40 USC 3702 and 3704, as
supplemented by Department of Labor regulations (29 CFR Part 5), as applicable.
5. Rights to Inventions Made Under a Contract or Agreement. If the Contract is funded by a federal “funding
agreement” as defined under 37 CFR §401.2 (a) and the recipient or subrecipient wishes to enter into a
contract with a small business firm or nonprofit organization regarding the substitution of parties, assignment
or performance of experimental, developmental, or research work under that “funding agreement,” the
recipient or subrecipient must comply with 37 CFR Part 401, “Rights to Inventions Made by Nonprofit
Organizations and Small Business Firms Under Government Grants, Contracts and Cooperative
Agreements,” and any implementing regulations issued by the awarding agency.
6. Clean Air Act. If this Contract is in excess of $150,000, the Contractor must comply with all applicable
standards, orders, and regulations issued under the Clean Air Act (42 USC 7401-7671q) and the Federal
Water Pollution Control Act (33 USC 1251-1387). Violations must be reported to the federal awarding agency
and the regional office of the Environmental Protection Agency.
7. Debarment and Suspension. A “contract award” (see 2 CFR 180.220) must not be made to parties listed on the
government-wide exclusions in the System for Award Management (SAM), in accordance with the OMB guidelines
at 2 CFR 180 that implement Executive Orders 12549 (3 CFR part 1986 Comp., p. 189) and 12689 (3 CFR part
1989 Comp., p. 235), “Debarment and Suspension.” SAM Exclusions contains the names of parties debarred,

suspended, or otherwise excluded by agencies, as well as parties declared ineligible under statutory or regulatory
authority other than Executive Order 12549.
8. Byrd Anti-Lobbying Amendment. If this Contract exceeds $100,000, bidders and the Contractor must file the
certification required under 31 USC 1352 which certification is attached to this addendum.
9. Procurement of Recovered Materials. Under 2 CFR 200.322, a non-Federal entity that is a state agency or
agency of a political subdivision of a state and its contractors must comply with section 6002 of the Solid Waste
Disposal Act, as amended by the Resource Conservation and Recovery Act. The requirements of Section 6002
include procuring only items designated in guidelines of the Environmental Protection Agency (EPA) at 40 CFR
part 247 that contain the highest percentage of recovered materials practicable, consistent with maintaining a
satisfactory level of competition, where the purchase price of the item exceeds $10,000 or the value of the quantity
acquired during the preceding fiscal year exceeded $10,000; procuring solid waste management services in a
manner that maximizes energy and resource recovery; and establishing an affirmative procurement program for
procurement of recovered materials identified in the EPA guidelines.

Byrd Anti-Lobbying Certification
The following certification and disclosure regarding payments to influence certain federal transactions are made under
FAR 52.203‐11 and 52.203‐12 and 31 USC 1352, the “Byrd Anti‐Lobbying Amendment.” Hyperlinks are provided for
convenience only; broken hyperlinks will not relieve Contractor from compliance with the law.
1. FAR 52.203‐12, “Limitation on Payments to Influence Certain Federal Transactions” is hereby incorporated
by reference into this certification.
2. The bidder, by submitting its proposal, hereby certifies to the best of his or her knowledge and belief that:
a. No federal appropriated funds have been paid or will be paid to any person for influencing or attempting to
influence an officer or employee of any agency, a member of Congress, an officer or employee of Congress,
or an employee of a member of Congress on his or her behalf in connection with the awarding of any federal
contract, the making of any federal grant, the making of any federal loan, the entering into of any cooperative
agreement, and the extension, continuation, renewal, amendment or modification of any federal contract,
grant, loan, or cooperative agreement;
b. If any funds other than federal appropriated funds (including profit or fee received under a covered federal
transaction) have been paid, or will be paid, to any person for influencing or attempting to influence an officer
or employee of any agency, a member of Congress, an officer or employee of Congress, or an employee of a
member of Congress on his or her behalf in connection with this solicitation, the bidder must complete and
submit, with its proposal, OMB standard form LLL, Disclosure of Lobbying Activities, to the Solicitation
Manager; and
c. He or she will include the language of this certification in all subcontract awards at any tier and require that all
recipients of subcontract awards in excess of $150,000 must certify and disclose accordingly.
3. This certification is a material representation of fact upon which reliance is placed at the time of Contract
award. Submission of this certification and disclosure is a prerequisite for making or entering into this Contract
under 31 USC 1352. Any person making an expenditure prohibited under this provision or who fails to file or
amend the disclosure form to be filed or amended by this provision is subject to a civil penalty of not less than
$10,000, and not more than $100,000, for each such failure.
Signed by:
_____________________
[Type name and title]
[Type company name]
Date: ________________
