a2114499r1 agreement for information technology security and compliance services · 2017-06-20 ·...

IT Security and Compliance Services Agreement of 42 RFQ #A2114499R1

AGREEMENT BETWEEN BROWARD COUNTY AND _________________________ FOR CONSULTANT SERVICES FOR INFORMATION TECHNOLOGY

SECURITY AND COMPLIANCE SERVICES (RFQ #A2114499R1)

This is an Agreement ("Agreement"), made and entered into by and between Broward County, a political subdivision of the State of Florida ("County") and ________________________________, a _____ corporation ("Consultant") (collectively referred to as the "Parties").

A. The County issued a Request for Qualifications for Information Technology (IT)

Security and Compliance Services (RFQ No. A2114499R1) (the "RFQ") to establish a list of pre-qualified provides of security and compliance services on an as-needed basis certain categories.

B. Consultant has been deemed responsive and responsible and pre-qualified to provide services in one or more Categories. The terms of this Agreement shall govern the provision of all such services awarded pursuant to RFQ No. A2114499R1.

IN CONSIDERATION of the mutual terms, conditions, promises, covenants, and payments hereinafter set forth, the Parties agree as follows:

ARTICLE 1. DEFINITIONS AND EXHIBITS

The following definitions and identifications set forth below apply unless the context in which the word or phrase is used requires a different definition: 1.1 Board: The Board of County Commissioners of Broward County, Florida, which is the governing body of the Broward County government created by the Broward County Charter. 1.2 Contract Administrator: For Categories 1, 4 or 5, the Director of Enterprise Technology Services; for Category 3, the Broward County Auditor; for Category 2, the County HIPAA Privacy and Security Officer; for Category 6, the Director of Office of Regional Communications and Technology; or such other person for any Category as designated in writing by the County Administrator. 1.3 County Administrator: The administrative head of County pursuant to Sections 3.02 and 3.03 of the Broward County Charter. 1.4 County Attorney: The chief legal counsel for County who directs and supervises the Office of the County Attorney pursuant to Section 2.10 of the Broward County Charter. 1.5 Notice To Proceed: A written authorization to proceed with the Project, phase, or task thereof, issued by the Contract Administrator.


1.6 Purchase Document: The documents by which the County procures the services for any particular Project under this Agreement, which may include (a) a Work Authorization (including, if applicable, an attached Statement of Work), or (b) a request for quote, provider response, and resulting purchase order or direct order. 1.7 Project: The services identified in the applicable Purchase Document issued by the County pursuant to this Agreement. 1.8 Subconsultant: A firm, partnership, corporation, independent contractor (including 1099 individuals), or combination thereof providing services to County through Consultant for all or any portion of the services under this Agreement. The following Exhibits are included as part of this Agreement: Exhibit A Work Authorization Exhibit B Minimum Insurance Requirements Exhibit C Business Associate Agreement Exhibit D Airport and Port Security Requirements Exhibit E Federally Funded Contracts Requirements

ARTICLE 2. PREAMBLE

In order to establish the background, context, and frame of reference for this Agreement and to generally express the objectives and intentions of the respective Parties hereto, the following statements, representations, and explanations shall be accepted as predicates for the undertakings and commitments included within the provisions which follow and may be relied upon by the Parties as essential elements of the mutual considerations upon which this Agreement is based. 2.1 Pursuant to the RFQ, County pre-qualified providers in the following Categories: (1) Payment Card Industry compliance services, (2) Health Insurance Portability and Accountability Act services, (3) Information technology audit services, (4) security penetration testing service, (5) security incident response services, and (6) public safety network and systems audit services. 2.2 Consultant has been pre-qualified pursuant to the RFQ to provide services in the Categories checked below:

☐ Category 1: Payment Card Industry ("PCI") compliance services

☐ Category 2: Health Insurance Portability and Accountability Act ("HIPAA") services

☐ Category 3: Information technology audit services

☐ Category 4: Security penetration testing service,

☐ Category 5: Security incident response services

☐ Category 6: Public safety network and systems audit services


2.3 In the event County requires services within a particular Category, County may solicit quotations from one or more of the pre-qualified providers in that Category and procure the services from the overall lowest bidder able to provide the services during the requested timeframe. In addition, when deemed appropriate by County, County may solicit proposals or quotations directly from one or more providers in any Category, and procure the services from any provider. In any such instance, the term of this Agreement and the applicable Purchase Document shall govern the procurement of those services. 2.4 Each provider designated in any Category is pre-qualified to provide services within that Category. However, pre-qualification does not guarantee that any services shall actually be procured or awarded to the pre-qualified provider, and execution of this Agreement is not a commitment to any minimum level of services to be provided hereunder. County may elect to award some, all, or none of the needed services in any particular Category to one or more of the pre-qualified providers, or may elect to obtain needed services through a different procurement method or from other providers.

ARTICLE 3. SCOPE OF SERVICES

3.1 Consultant's services shall be as set forth in the applicable Purchase Document for the Project. Consultant shall provide all services as set forth therein, including all necessary, incidental, and related activities and services required by the Project as set forth in the Purchase Document and contemplated in Consultant's level of effort. 3.2 The Purchase Document may not delineate every detail and minor work task required to be performed by Consultant to complete the Project. If, during the course of the performance of the services included in this Agreement, Consultant determines that work should be performed to complete the Project which is in Consultant's opinion outside the level of effort originally anticipated, whether or not the Purchase Document identifies the work items, Consultant shall notify Contract Administrator in writing in a timely manner before proceeding with the work. If Consultant proceeds with said work without notifying the Contract Administrator, said work shall be deemed to be within the original level of effort, whether or not specifically addressed in the Purchase Document. Notice to Contract Administrator does not constitute authorization or approval by County to Consultant to perform the work. Performance of work by Consultant outside the originally anticipated level of effort without prior written County approval is at Consultant's sole risk. 3.3 Each Project is as set forth in the applicable Purchase Document. County and Consultant may negotiate additional scopes of services, compensation, time of performance, and other related matters for future Projects with Consultant or any other provider. If County and Consultant cannot agree upon the scope or cost of services for any proposed Project for which County requests a quote, County shall have the right to immediately terminate negotiations at no cost to County and procure services for that Project from another source.


3.4 Notwithstanding anything to the contrary in this Agreement, Work Authorizations shall be executed on behalf of County as follows: (a) the Contract Administrator may execute Work Authorizations for which the total cost to County in the aggregate is less than $30,000.00; (b) the County's Purchasing Director may execute Work Authorizations for which the total cost to County in the aggregate is within the Purchasing Director's delegated authority; and (c) any Work Authorizations above the County's Purchasing Director's delegated authority shall require Board approval.

3.5 Contract Administrator Authority. Unless otherwise expressly stated herein or in the applicable Procurement Code, Code of County Ordinances, or County Code of Administrative Procedure, the Contract Administrator may act on behalf of County to exercise the authority and powers of County under this Agreement.

ARTICLE 4. TERM AND TIME FOR PERFORMANCE

4.1 The term of this Agreement shall begin on the date it is fully executed by the Parties (the "Effective Date") and shall end three (3) years after the Effective Date (the "Initial Term"). 4.2 County shall have the option to renew this Agreement for up to two (2) additional one (1) year terms by sending notice of renewal to Consultant at least thirty (30) days prior to the expiration of the then-current term. The Purchasing Director is authorized to exercise this renewal option. In the event that unusual or exceptional circumstances, as determined in the sole discretion of the Purchasing Director, render the exercise of an extension not practicable or if no extension is available and expiration of this Agreement would result in a gap in the provision of services necessary for the ongoing operations of the County, then this Agreement may be extended on the same terms and conditions by the Purchasing Director for period(s) not to exceed six (6) months in the aggregate. 4.3 The continuation of this Agreement beyond the end of any County fiscal year is subject to both the appropriation and the availability of funds in accordance with Chapter 129, Florida Statutes. 4.4 Consultant shall perform the services for each Project within the time periods specified in the Project Schedule (if any) for that Project or as otherwise stated in the applicable Purchase Document; said time periods shall commence from the date of the Notice to Proceed for such services. 4.5 Prior to beginning the performance of any services for any Project or under any Purchase Document, Consultant must receive a Notice to Proceed. For phased Projects, Consultant must receive a Notice to Proceed from the Contract Administrator prior to beginning the performance of services in any subsequent phases of the Project. Prior to granting approval for Consultant to proceed to a subsequent phase, the Contract Administrator may, at his or her sole option, require Consultant to submit the itemized deliverables and documents identified the Purchase Document for the Contract Administrator's review.


4.6 In the event services are scheduled to end due to the expiration of this Agreement, Consultant agrees that it shall continue service for any ongoing Project upon the request of the Contract Administrator. The extension period shall not extend for greater than three months beyond the term of this Agreement. Consultant shall be compensated for the service at the rate in effect when the extension is invoked by County upon the same terms and conditions as contained in this Agreement as amended. The Purchasing Director shall notify Consultant of an extension authorized herein by written notice delivered prior to the end of the term of this Agreement.

ARTICLE 5. COMPENSATION AND METHOD OF PAYMENT

5.1 County will pay Consultant in accordance with the Purchase Document for the particular Project. Payment shall be made only for work actually performed and completed pursuant to this Agreement, and the amount stated in the Purchase Document shall be accepted by Consultant as full compensation for all such work. Unless otherwise expressly stated in this Agreement, Consultant shall not be reimbursed for any expenses it incurs under this Agreement. 5.2 METHOD OF BILLING AND PAYMENT

5.2.1 Consultant may submit invoices for compensation no more often than on a monthly basis, but only after the Services for which the invoices are submitted have been completed. An original invoice plus one copy are due within fifteen (15) days of the end of the month except the final invoice which must be received no later than sixty (60) days after expiration or earlier termination of this Agreement. Invoices shall designate the nature of the Services performed and, as applicable, the personnel, hours, tasks, or other detail as requested by the Contract Administrator. 5.2.2 Any invoice submitted by Consultant shall be in the amount set forth in the applicable Purchase Document, minus any agreed upon retainage as stated in the applicable Purchase Document. Retainage amounts shall only be invoiced to County upon completion of all Services for the Project, unless otherwise stated in the Purchase Document. 5.2.3 County shall pay Consultant within thirty (30) calendar days of receipt of Consultant's proper invoice, as required under the "Broward County Prompt Payment Ordinance," Section 1-51.6, Broward County Code of Ordinances. To be deemed proper, all invoices must comply with the requirements set forth in this Agreement and must be submitted on the form and pursuant to instructions prescribed by the Contract Administrator. Payment may be withheld for failure of Consultant to comply with a term, condition, or requirement of this Agreement. 5.2.4 Consultant shall pay its Subconsultants and suppliers within fifteen (15) days following receipt of payment from County for such subcontracted work or supplies.


Consultant agrees that if it withholds an amount as retainage from Subconsultants or suppliers, it will release such retainage and pay same within fifteen (15) days following receipt of payment of retained amounts from County. Failure to pay a Subconsultant or supplier in accordance with this subsection shall be a material breach of this Agreement, unless Consultant demonstrates that such failure to pay results from a bona fide dispute with the Subconsultant or supplier.

5.3 Reimbursables. For reimbursement of any travel costs or travel-related expenses permitted under this Agreement, Consultant agrees to comply with Section 112.061, Florida Statutes, except to the extent, if any, that the applicable Purchase Document expressly provides to the contrary. County shall not be liable for any such expenses that have not been approved in advance, in writing, by the Contract Administrator. 5.4 Subconsultants. Consultant shall invoice all Subconsultant fees, whether paid on a "lump sum" or other basis, to County with no markup. All Subconsultant fees shall be billed in the actual amount paid by Consultant. Consultant shall pay its Subconsultants and suppliers providing services under this Agreement within fifteen (15) days following receipt of payment from County for such subcontracted work or supplies. Consultant agrees that if it withholds an amount as retainage from a Subconsultant or supplier, it will release such retainage and pay same within fifteen (15) days following receipt of payment of retained amounts from County. The Contract Administrator may, at its option, increase allowable retainage or withhold progress payments unless and until Consultant demonstrates timely payments of sums due to all its Subconsultants and suppliers.

5.5 Notwithstanding any provision of this Agreement to the contrary, County may withhold, in whole or in part, payment to the extent necessary to protect itself from loss on account of inadequate or defective work which has not been remedied or resolved in a manner satisfactory to the Contract Administrator or failure to comply with any provision of this Agreement. The amount withheld shall not be subject to payment of interest by County. 5.6 Payment shall be made to Consultant at the address designated in the Notices section.

ARTICLE 6. INSURANCE

6.1 For purposes of this article, the term "County" shall include Broward County and its members, officials, officers, and employees. 6.2 Consultant shall maintain, at its sole expense and at all times during the term of this Agreement (unless a different time period is otherwise stated herein), at least the minimum limits of insurance coverage designated in Exhibit B (inclusive of any amount provided by an umbrella or excess policy) in accordance with the terms and conditions stated in this article. All required insurance shall apply on a primary basis, and shall not require contribution from, any other insurance or self-insurance maintained by County. Any insurance, or self-insurance,


maintained by County shall be in excess of, and shall not contribute with, the insurance provided by Consultant.

6.3 Insurers providing the insurance required by this Agreement must either be: (1) authorized by a current certificate of authority issued by the State of Florida to transact insurance in the State of Florida, or (2) except with respect to coverage for the liability imposed by the Florida Workers' Compensation Act, an eligible surplus lines insurer under Florida law. In addition, each such insurer shall have and maintain throughout the period for which coverage is required, a minimum A. M. Best Company Rating of "A-" and a minimum Financial Size Category of "VII." To the extent insurance requirements are designated in Exhibit B, the applicable policies shall comply with the following:

6.3.1 Commercial General Liability Insurance. Policy shall be no more restrictive than that provided by the latest edition of the standard Commercial General Liability Form (Form CG 00 01) as filed for use in the State of Florida by the Insurance Services Office (ISO), with the exception of endorsements specifically required by ISO or the State of Florida, and liability arising out of:

Mold, fungus, or bacteria Terrorism Silica, asbestos or lead Sexual molestation Architects and engineers professional liability, unless coverage for professional liability is specifically required by this Agreement.

County shall be included on the policy (and any excess or umbrella policy) as an "Additional Insured" on a form no more restrictive than ISO form CG 20 10 (Additional Insured – Owners, Lessees, or Contractor). The policy (and any excess or umbrella policy) must be endorsed to waive the insurer's right to subrogate against County. 6.3.2 Business Automobile Liability Insurance. Policy shall be no more restrictive than that provided by Section II (Liability Coverage) of the most recent version of the standard Business Auto Policy (ISO Form CA 00 01) without any restrictive endorsements, including coverage for liability contractually assumed, and shall cover all owned, non-owned, and hired autos used in connection with the performance of work under this Agreement. County shall be included on the policy (and any excess or umbrella policy) as an "Additional Insured." The policy (and any excess or umbrella policy) must be endorsed to waive the insurer's right to subrogate against County. 6.3.3 Workers' Compensation/Employer's Liability Insurance. Such insurance shall be no more restrictive than that provided by the latest edition of the standard Workers' Compensation Policy, as filed for use in Florida by the National Council on Compensation Insurance (NCCI), with the exception of endorsements required by NCCI or the State of Florida. The policy must be endorsed to waive the insurer's right to subrogate against


County in the manner which would result from the attachment of the NCCI form "Waiver of our Right to Recover from Others Endorsement" (Advisory Form WC 00 03 13) with County scheduled thereon. Where appropriate, coverage shall be included for any applicable Federal or State employer's liability laws including, but not limited to, the Federal Employer's Liability Act, the Jones Act, and the Longshoreman and Harbor Workers' Compensation Act. 6.3.4 Professional Liability Insurance. Such insurance shall cover Consultant for those sources of liability arising out of the rendering or failure to render professional services in the performance of the services required in this Agreement. If policy provides coverage on a claims-made basis, such coverage must respond to all claims reported within at least three (3) years following the period for which coverage is required, unless a longer period is indicated in Exhibit B. 6.3.5 Cyber Liability, or Technology Errors and Omissions Insurance. Coverage is required for any system connected to, and, or accessible from the internet. Coverage may be included as part of the required Professional Liability Insurance. If policy provides coverage on a claims-made basis, such coverage must respond to all claims reported within at least three (3) years following the period for which coverage is required, unless a longer period is indicated in Exhibit B. Such policy shall cover, at a minimum, the following:

Data Loss and System Damage Liability Security Liability Privacy Liability Privacy/Security Breach Response coverage, including Notification Expenses

County shall be included on the policy as an "Additional Insured" unless such endorsement is not available by the insurer.

6.4 Within fifteen (15) days after the full execution of this Agreement or notification of award, whichever is earlier, Consultant shall provide to County satisfactory evidence of the insurance required in this Agreement. With respect to the Workers' Compensation/Employer's Liability Insurance, Professional Liability, and Business Automobile Liability Insurance, an appropriate Certificate of Insurance identifying the project and signed by an authorized representative of the insurer shall be satisfactory evidence of insurance. With respect to the Commercial General Liability, an appropriate Certificate of Insurance identifying the project, signed by an authorized representative of the insurer, and copies of the actual additional insured endorsements as issued on the policy(ies) shall be satisfactory evidence of such insurance. 6.5 Coverage is not to cease and is to remain in force until County determines all performance required of Consultant is completed. If any of the insurance coverage will expire prior to the completion of the Services, proof of insurance renewal shall be provided to County prior to the policy's expiration.


6.6 Consultant shall provide County thirty (30) days' advance notice of any cancellation of the policy except in cases of cancellation for non-payment for which County shall be given ten (10) days' advance notice.

6.7 Consultant shall provide, within thirty (30) days after receipt of a written request from County, a copy of the policies providing the coverage required by this Agreement. Consultant may redact portions of the policies that are not relevant to the insurance required by this Agreement.

6.8 County and Consultant, each for itself and on behalf of its insurers, to the fullest extent permitted by law without voiding the insurance required hereunder, waive all rights against the other party and any of the other party's contractors, subcontractors, agents, and employees for damages or loss to the extent covered and paid for by any insurance maintained by the other party.

6.9 If Consultant uses a Subconsultant, Consultant shall require each Subconsultant to endorse County as an "Additional Insured" on the Subconsultant's Commercial General Liability policy.

ARTICLE 7. PROTECTION OF PROPRIETARY RIGHTS

7.1 County Proprietary Rights. Consultant acknowledges and agrees that County retains all rights, title and interest in and to all materials, data, documentation and copies thereof furnished by County to Consultant under this Agreement, including all copyright and other proprietary rights therein, which Consultant as well as its employees, agents, subconsultants, and suppliers may use only in connection with the performance of Services under this Agreement. All rights, title and interest in and to certain ideas, designs and methods, specifications, and other documentation related thereto developed by Consultant and its subconsultants specifically for County (collectively, "Developed Works") shall be and remain the property of County. Accordingly, neither Consultant nor its employees, agents, subconsultants, or suppliers shall have any proprietary interest in such Developed Works. The Developed Works may not be utilized, reproduced, or distributed by or on behalf of Consultant, or any employee, agent, subconsultants, or supplier thereof, without the prior written consent of County, except as required for Consultant's performance hereunder. 7.2 Consultant Confidential Information. Any material submitted to County that Consultant contends constitutes or contains trade secrets or is otherwise exempt from production under Florida public records laws (including Florida Statutes Chapter 119) ("Trade Secret Materials") must be separately submitted and conspicuously labeled "EXEMPT FROM PUBLIC RECORD PRODUCT – TRADE SECRET." In addition, Consultant must, simultaneous with the submission of any Trade Secret Materials, provide a sworn affidavit from a person with personal knowledge attesting that the Trade Secret Materials constitute trade secrets under Florida Statutes Section 812.081 and stating the factual basis for same. In the event that a third party submits a request


to County for records designated by Consultant as Trade Secret Materials, County shall refrain from disclosing the Trade Secret Materials, unless otherwise ordered by a court of competent jurisdiction or authorized in writing by Consultant. Consultant shall indemnify and defend County and its employees and agents from any and all claims, causes of action, losses, fines, penalties, damages, judgments, and liabilities of any kind, including attorneys' fees, litigation expenses, and court costs, relating to the non-disclosure of any Trade Secret Materials in response to a records request by a third party. 7.3 County Confidential Information.

7.3.1 All Developed Works and other materials, data, transactions of all forms, financial

information, documentation, inventions, designs and methods that Consultant obtains from County in connection with the Services performed under this Agreement, that are made or developed by Consultant in the course of the performance of the Agreement, or in which County holds proprietary rights, constitute County Confidential Information.

7.3.2 All County-provided employee information, financial information, and personally

identifiable information for individuals or entities interacting with County (including, without limitation, social security numbers, birth dates, banking and financial information, and other information deemed exempt or confidential under state or federal law) also constitute County Confidential Information.

7.3.3 County Confidential Information may not, without the prior written consent of

County, or as otherwise required by law, be used by Consultant or its employees, agents, subconsultants or suppliers for any purpose other than for the benefit of County pursuant to this Agreement. Neither Consultant nor its employees, agents, subconsultants or suppliers may sell, transfer, publish, disclose, display, license or otherwise make available to any other person or entity any County Confidential Information without the prior written consent of County.

7.3.4 Consultant expressly agrees to be bound by and to defend, indemnify and hold

harmless County and its officers and employees from the breach of any federal, state or local law by Consultant or its employees, agents, subconsultants or suppliers regarding the unlawful use or disclosure of County Confidential Information.

7.3.5 Upon expiration or termination of this Agreement, or as otherwise demanded by

County, Consultant shall immediately turn over to County all County Confidential Information, in any form, tangible or intangible, possessed by Consultant or its employees, agents, subconsultants or suppliers. 7.4 Maintenance of Confidential Information. Each party shall advise its employees, agents, subconsultants, and suppliers who receive or otherwise have access to the other party's Confidential Information of their obligation to keep such information confidential, and shall promptly advise the other party in writing if it learns of any unauthorized use or disclosure of the other party's Confidential Information. In addition, the Parties agree to cooperate fully and


provide all reasonable assistance to ensure the confidentiality of the other party's Confidential Information. 7.5 Security and Access. Any access by Consultant to any aspect of the County's computer network must comply at all times with all applicable County access and security standards, as well as any other or additional restrictions or standards for which County provides written notice to Consultant. Consultant will provide any and all information that County may reasonably request in order to determine appropriate security and network access restrictions and verify Consultant's compliance with County security standards. If at any point in time County, in the sole discretion of its Chief Information Officer, determines that Consultant's access to any aspect of the County's network presents an unacceptable security risk, County may immediately suspend or terminate Consultant's access and, if the risk is not promptly resolved to the reasonable satisfaction of the County's Chief Information Officer, may terminate this Agreement or any applicable Purchase Document upon ten (10) business days' notice (including, without limitation, without restoring any access to the County network to Consultant). Provider shall immediately notify the County of any terminations/separations of employees performing services under this Agreement or who had access to the County's network in order to disable such employees' access to County systems. Provider shall ensure all Provider employees have signed County's Information Security Policy Acknowledgement form prior to accessing County network environment. Provider shall perform privacy and information security training to its employees with access to the sensitive County environment upon hire and at least annually. 7.6 Data and Privacy. Consultant shall comply with all applicable data and privacy laws and regulations, including without limitation the Florida Information Protection Act of 2014, Florida Statutes Section 501.171, and shall ensure that County data transmitted or stored in the System is not transmitted or stored outside the continental United States. Consultant may not sell, market, publicize, distribute, or otherwise make available to any third party any personal identification information (as defined by Florida Statutes Section 817.568 or Section 817.5685) that Consultant may receive or otherwise have access to in connection with this Agreement, unless expressly authorized in advance by County. If and to the extent requested by County, Consultant shall ensure that all hard drives or other storage devices and media that contained County data have been wiped in accordance with the then-current best industry practices, including without limitation DOD 5220.22-M, and that an appropriate data wipe certification is provided to the satisfaction of the Contract Administrator.

7.7 Injunctive Relief. The Parties represent and agree that neither damages nor any other legal remedy is adequate to remedy any breach of this article, and that the injured party shall therefore be entitled to injunctive relief to restrain or remedy any breach or threatened breach.

7.8 Survival. The obligations under this Article shall survive the termination of this Agreement or of any license granted under this Agreement.


ARTICLE 8. INDEMNIFICATION

Consultant shall be fully liable for the actions of its current and former officers, employees, subcontractors and other agents under this Agreement. Consultant shall at all times hereafter indemnify, hold harmless and defend County and all of County's current and former officers, employees and other agents (collectively, "Indemnified Party") from and against any and all lawsuits, causes of action, demands, claims, losses, fines, penalties, damages, judgments, liabilities and expenditures of any kind, including attorneys' fees, litigation expenses, and court costs (collectively, "Claim"), raised or asserted by any person or entity that is not a party to this Agreement, which Claim is caused or alleged to be caused, in whole or in part, by any intentional, reckless, or negligent act or omission of Consultant or any current or former officer, employee, subcontractor, or other agent of Consultant, arising from, relating to, or in connection with any obligation or performance under this Agreement. In the event any Claim is brought against an Indemnified Party, Consultant shall, upon written notice from County, defend each Indemnified Party against each such Claim through counsel satisfactory to County or, at County's option, pay for an attorney selected by the County Attorney to defend the Indemnified Party. The provisions and obligations of this section shall survive the expiration or earlier termination of this Agreement. To the extent considered necessary by the County Attorney, in his or her reasonable discretion, any sums due Consultant under this Agreement may be retained by County until all Claims subject to this indemnification obligation have been resolved. Any sums so withheld shall not be subject to the payment of interest by County.

ARTICLE 9. EQUAL EMPLOYMENT OPPORTUNITY AND CBE COMPLIANCE

9.1 No party to this Agreement may discriminate on the basis of race, color, sex, religion, national origin, disability, age, marital status, political affiliation, sexual orientation, pregnancy, or gender identity and expression in the performance of this Agreement. Consultant shall comply with all applicable requirements of County's CBE Program as established by Broward County Business Opportunity Act of 2012, Section 1-81, Broward County Code of Ordinances (the "Act"), in the award and administration of this Agreement. Consultant shall include the foregoing or similar language in its contracts with any Subconsultants, except that any project assisted by the U.S. Department of Transportation funds shall comply with the non-discrimination requirements in 49 C.F.R. Parts 23 and 26. Failure by Consultant to carry out any of the requirements of this section shall constitute a material breach of this Agreement, which shall permit County to terminate this Agreement or to exercise any other remedy provided under this Agreement, Broward County Code of Ordinances, Broward County Administrative Code, or under other applicable law, all such remedies being cumulative. 9.2 By execution of this Agreement, Consultant represents that it has not been placed on the discriminatory vendor list as provided in Section 287.134, Florida Statutes. County hereby materially relies on such representation in entering into this Agreement. An untrue representation of the foregoing shall entitle County to terminate this Agreement and recover from Consultant all monies paid by County pursuant to this Agreement, and may result in debarment from County's competitive procurement activities.


ARTICLE 10. MISCELLANEOUS

10.1 Ownership of Documents. All finished or unfinished documents, data, studies, surveys, drawings, maps, models, photographs, specifications and reports prepared or provided by Consultant in connection with this Agreement shall become the property of County, whether the Project for which they are made is completed or not, and shall be delivered by Consultant to Contract Administrator within fifteen (15) days of the receipt of the written notice of termination. If applicable, County may withhold any payments then due to Consultant until Consultant complies with the provisions of this section. 10.2 Termination.

10.2.1 This Agreement or any Purchase Document issued under this Agreement may be terminated for cause by the aggrieved party if the party in breach has not corrected the breach within ten (10) days after written notice from the aggrieved party identifying the breach. This Agreement may also be terminated for convenience by the Board. Termination for convenience by the Board shall be effective on the termination date stated in written notice provided by County, which termination date shall be not less than thirty (30) days after the date of such written notice. If this Agreement or any Purchase Document was entered into on behalf of County by someone other than the Board, termination by County may be by action of the County Administrator or County representative (including his or her successor) who entered in this Agreement on behalf of County. This Agreement may also be terminated by the County Administrator upon such notice as the County Administrator deems appropriate under the circumstances in the event the County Administrator determines that termination is necessary to protect the public health or safety. If County erroneously, improperly or unjustifiably terminates for cause, such termination shall be deemed a termination for convenience, which shall be effective thirty (30) days after such notice of termination for cause is provided. 10.2.2 This Agreement may be terminated for cause for reasons including, but not limited to, Consultant's repeated (whether negligent or intentional) submission for payment of false or incorrect bills or invoices, failure to suitably perform the work; or failure to continuously perform the work in a manner calculated to meet or accomplish the objectives as set forth in this Agreement or Purchase Document. This Agreement may also be terminated for cause if Consultant is placed on the Scrutinized Companies with Activities in Sudan List or the Scrutinized Companies with Activities in the Iran Petroleum Energy Sector List created pursuant to Section 215.473, Florida Statutes, as amended or if Consultant provides a false certification submitted pursuant to Section 287.135, Florida Statutes, as amended.

10.2.3 Notice of termination shall be provided in accordance with the "NOTICES" section of this Agreement except that notice of termination by the County Administrator which the County Administrator deems necessary to protect the public health or safety may be


verbal notice that shall be promptly confirmed in writing in accordance with the "NOTICES" section of this Agreement.

10.2.4 In the event this Agreement or a Purchase Document issued under this Agreement

is terminated for convenience, Consultant shall be paid for any services properly performed under this Agreement or Purchase Document through the termination date specified in the written notice of termination. Consultant acknowledges and agrees that it has received good, valuable and sufficient consideration from County, the receipt and adequacy of which are hereby acknowledged by Consultant, for County's right to terminate this Agreement for convenience.

10.3 Public Records. To the extent Consultant is acting on behalf of County as stated in Section 119.0701, Florida Statutes, Consultant shall:

a. Keep and maintain public records required by County to perform the services under this Agreement; b. Upon request from County, provide County with a copy of the requested records or allow the records to be inspected or copied within a reasonable time and at a cost that does not exceed that provided in Chapter 119, Florida Statutes, or as otherwise provided by law; c. Ensure that public records that are exempt or confidential and exempt from public record requirements are not disclosed except as authorized by law for the duration of this Agreement and following completion or termination of this Agreement if the records are not transferred to County; and d. Upon expiration or termination of this Agreement, transfer to County, at no cost, all public records in possession of Consultant or keep and maintain public records required by County to perform the services. If Consultant transfers the records to County, Consultant shall destroy any duplicate public records that are exempt or confidential and exempt. If Consultant keeps and maintains the public records, Consultant shall meet all applicable requirements for retaining public records. All records stored electronically must be provided to County upon request in a format that is compatible with the information technology systems of County.

The failure of Consultant to comply with the provisions of this section shall constitute a material breach of this Agreement entitling County to exercise any remedy provided in this Agreement or under applicable law. A request for public records regarding this Agreement must be made directly to County, who will be responsible for responding to any such public records requests. Consultant will provide any requested records to County to enable County to respond to the public records request.


IF CONSULTANT HAS QUESTIONS REGARDING THE APPLICATION OF FLORIDA STATUTES CHAPTER 119 TO CONSULTANT'S DUTY TO PROVIDE PUBLIC RECORDS RELATING TO THIS AGREEMENT, CONTACT THE CUSTODIAN OF PUBLIC RECORDS AT (954) 357-7262, [email protected], 1 NORTH UNIVERSITY DRIVE, SUITE 4003A, PLANTATION, FL 33324-2019. 10.4 Audit Rights and Retention of Records. Consultant shall preserve all Contract Records (as defined below) for a minimum period of three (3) years after expiration or termination of this Agreement or until resolution of any audit findings, whichever is longer. Contract Records shall, upon reasonable notice, be open to County inspection and subject to audit and reproduction during normal business hours. County audits and inspections pursuant to this section may be performed by any County representative (including any outside representative engaged by County). County may conduct audits or inspections at any time during the term of this Agreement and for a period of three years after the expiration or termination of this Agreement (or longer if required by law). County may, without limitation, verify information, payroll distribution, and amounts through interviews, written affirmations, and on-site inspection with Consultant's employees, Subconsultants, vendors, or other labor. Contract Records include any and all information, materials and data of every kind and character, including without limitation, records, books, papers, documents, subscriptions, recordings, agreements, purchase orders, leases, contracts, commitments, arrangements, notes, daily diaries, drawings, receipts, vouchers and memoranda, and any and all other documents that pertain to rights, duties, obligations or performance under this Agreement. Contract Records include hard copy and electronic records, written policies and procedures, time sheets, payroll records and registers, cancelled payroll checks, estimating work sheets, correspondence, invoices and related payment documentation, general ledgers, insurance rebates and dividends, and any other records pertaining to rights, duties, obligations or performance under this Agreement, whether by Consultant or Subconsultants. County shall have the right to audit, review, examine, inspect, analyze, and make copies of all Contract Records at a location within Broward County. County reserves the right to conduct such audit or review at Consultant's place of business, if deemed appropriate by County, with seventy-two (72) hours' advance notice. Consultant agrees to provide adequate and appropriate work space. Consultant shall provide County with reasonable access to Consultant's facilities, and County shall be allowed to interview all current or former employees to discuss matters pertinent to the performance of this Agreement. Consultant shall, by written contract, require its Subconsultants to agree to the requirements and obligations of this section. Any incomplete or incorrect entry in such books, records, and accounts shall be a basis for County's disallowance and recovery of any payment reliant upon such entry. If an audit or inspection in accordance with this section discloses overpricing or overcharges to County of any


nature by Consultant or its Subconsultants in excess of five percent (5%) of the total contract billings reviewed by County, the reasonable actual cost of County's audit shall be reimbursed to County by Consultant in addition to making adjustments for the overcharges. Any adjustments or payments due as a result of such audit or inspection shall be made within thirty (30) days from presentation of County's findings to Consultant.

10.5 Public Entity Crime Act. Consultant represents that it is familiar with the requirements and prohibitions under the Public Entity Crime Act, Section 287.133, Florida Statutes, and represents that its entry into this Agreement will not violate that Act. In addition to the foregoing, Consultant further represents that there has been no determination that it committed a "public entity crime" as defined by Section 287.133, Florida Statutes, and that it has not been formally charged with committing an act defined as a "public entity crime" regardless of the amount of money involved or whether Consultant has been placed on the convicted vendor list. Notwithstanding any provision in this Agreement to the contrary, if any representation stated in this section is false, County shall have the right to immediately terminate this Agreement and recover all sums paid to Consultant under this Agreement 10.6 HIPAA Compliance. It is understood by the Parties that County personnel or their agents have access to protected health information (hereinafter known as "PHI") that is subject to the requirements of 45 C.F.R. § 160, 162, and 164 and related statutory and regulatory provisions. In the event Consultant is considered by County to be a covered entity or business associate or otherwise required to comply with the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") or the Health Information Technology for Economic and Clinical Health Act ("HITECH"), Consultant shall fully protect individually identifiable health information as required by HIPAA and HITECH. Provider agrees to be bound by the terms of the Business Associate Agreement attached hereto as Exhibit C, which is fully incorporated herein. Where required, Consultant shall handle and secure such PHI in compliance with HIPAA, HITECH and its related regulations and, if required by HIPAA, HITECH, or other laws, shall include in its "Notice of Privacy Practices" notice of Consultant's and County's uses of a client's PHI. The requirement to comply with this provision, HIPAA and HITECH shall survive the expiration or termination of this Agreement. County hereby authorizes the County Administrator to sign Business Associate Agreements if required under this Agreement. 10.7 Subconsultants. Consultant shall utilize the Subconsultants identified in the Purchase Document to provide the services for this Project. Consultant shall obtain written approval of Contract Administrator prior to changing or modifying the list of Subconsultants submitted by Consultant. Consultant shall bind in writing each and every approved Subconsultant to the terms stated in this Agreement, provided that this provision shall not, in and of itself, impose the insurance requirements set forth in Article 6 on Consultant's Subconsultants. 10.8 Assignment and Performance. Neither this Agreement nor any interest herein shall be assigned, transferred, or encumbered without the written consent of the other party and Consultant shall not subcontract any portion of the work required by this Agreement except as authorized in writing in advance by County Contract Administrator. County shall have the right


to terminate this Agreement, effective immediately, if there is an assignment, or attempted assignment, transfer, or encumbrance, of this Agreement or any right or interest herein by Consultant without County's written consent. Consultant represents that all persons delivering the services required by this Agreement have the knowledge and skills, either by training, experience, education, or a combination thereof, to adequately and competently perform the duties, obligations, and services for the Project as set forth in the Purchase Document and to provide and perform such services to County's satisfaction for the agreed compensation. Consultant shall perform its duties, obligations, and services under this Agreement in a skillful and respectable manner. The quality of Consultant's performance and all interim and final product(s) provided to or on behalf of County shall be comparable to local and national standards. 10.9 All Prior Agreements Superseded. This document incorporates and includes all prior negotiations, correspondence, conversations, agreements or understandings applicable to the matters contained herein; and the Parties agree that there are no commitments, agreements or understandings concerning the subject matter of this Agreement that are not contained in this document. Accordingly, the Parties agree that no deviation from the terms hereof shall be predicated upon any prior representations or agreements whether oral or written. 10.10 Amendments. No modification, amendment or alteration in the terms or conditions contained herein shall be effective unless contained in a written document executed with the same formality and of equal dignity herewith.

10.11 Notices. Whenever either party desires to give notice to the other, such notice must be in writing, sent by certified United States Mail, postage prepaid, return receipt requested, or sent by commercial express carrier with acknowledgement of delivery, or by hand delivery with a request for a written receipt of acknowledgment of delivery, addressed to the party for whom it is intended at the place last specified. The place for giving notice shall remain the same as set forth herein until changed in writing in the manner provided in this section. For the present, the Parties designate the following as the respective places for giving of notice:

FOR COUNTY: ________________________________________ ________________________________________ ________________________________________

FOR CONSULTANT: ________________________________________ ________________________________________ ________________________________________


10.12 Truth-In-Negotiation. Consultant's compensation under this Agreement is based upon representations supplied to County by Consultant, and Consultant certifies that the wage rates, factual unit costs, and other information supplied to substantiate Consultant's compensation, including without limitation in the negotiation of this Agreement, are accurate, complete, and current at the time of contracting. County shall be entitled to recover any damages it incurs to the extent any such representation is untrue. 10.13 Interpretation. The language of this Agreement has been agreed to by both Parties to express their mutual intent and no rule of strict construction shall be applied against either party hereto. The headings contained in this Agreement are for reference purposes only and shall not affect in any way the meaning or interpretation of this Agreement. All personal pronouns used in this Agreement shall include the other gender, and the singular shall include the plural, and vice versa, unless the context otherwise requires. Terms such as "herein," "hereof," "hereunder," and "hereinafter" refer to this Agreement as a whole and not to any particular sentence, paragraph, or section where they appear, unless the context otherwise requires. Whenever reference is made to a section or article of this Agreement, such reference is to the section or article as a whole, including all of the subsections of such section, unless the reference is made to a particular subsection or subparagraph of such section or article. 10.14 Consultant's Staff. Consultant will provide the key staff identified in the Purchase Document for the Project as long as said key staff are in Consultant's employment. To the extent Consultant seeks or is required to make any change to the composition of the key staff, Consultant will provide County with thirty (30) days' advance notice (or as much advance notice as is possible if thirty (30) days' notice is not possible) regarding such changes and the management plan associated with such changes. County shall not be responsible for any additional costs associated with a change in key staff. If County desires to request removal of any of Consultant's staff, Contract Administrator shall first meet with Consultant and provide reasonable justification for said removal, and Consultant shall take reasonable action to remedy the issues to County's satisfaction, including removal of the staff at issue from the Project. 10.15 Drug-Free Workplace. It is a requirement of County that it enter into contracts only with firms that certify the establishment of a drug-free work place in accordance with Section 21.31(a) of the Broward County Administrative Code. Execution of this Agreement by Consultant shall also serve as Consultant's required certification that it either has or that it will establish a drug-free work place in accordance with Section 21.31(a) of the Broward County Administrative Code. 10.16 Independent Contractor. Consultant is an independent contractor under this Agreement. Services provided by Consultant shall be subject to the supervision of Consultant. In providing the services, Consultant or its agents shall not be acting and shall not be deemed as acting as officers, employees, or agents of County, except as authorized by the Contract Administrator for permitting, licensing, or other regulatory requirements. 10.17 Third Party Beneficiaries. Neither Consultant nor County intends to directly or substantially benefit a third party by this Agreement. Therefore, the Parties acknowledge that


there are no third party beneficiaries to this Agreement and that no third party shall be entitled to assert a right or claim against either of them based upon this Agreement. 10.18 Conflicts. Neither Consultant nor its employees shall have or hold any continuing or frequently recurring employment or contractual relationship that is substantially antagonistic or incompatible with Consultant's loyal and conscientious exercise of judgment and care related to its performance under this Agreement. None of Consultant's officers or employees shall, during the term of this Agreement, serve as an expert witness against County in any legal or administrative proceeding in which he, she, or Consultant is not a party, unless compelled by court process. Further, such persons shall not give sworn testimony or issue a report or writing, as an expression of his or her expert opinion, which is adverse or prejudicial to the interests of County in connection with any such pending or threatened legal or administrative proceeding unless compelled by court process. The limitations of this section shall not preclude Consultant or any persons in any way from representing themselves, including giving expert testimony in support thereof, in any action or in any administrative or legal proceeding. In the event Consultant is permitted pursuant to this Agreement to utilize Subconsultants to perform any services required by this Agreement, Consultant shall require such Subconsultants, by written contract, to comply with the provisions of this section to the same extent as Consultant. 10.19 Contingency Fee. Consultant warrants that it has not employed or retained any company or person, other than a bona fide employee working solely for Consultant, to solicit or secure this Agreement and that it has not paid or agreed to pay any person, company, corporation, individual or firm, other than a bona fide employee working solely for Consultant, any fee, commission, percentage, gift, or other consideration contingent upon or resulting from the award or making of this Agreement. For a breach or violation of this provision, Board shall have the right to terminate this Agreement without liability at its discretion, or to deduct from this Agreement price or otherwise recover the full amount of such fee, commission, percentage, gift or consideration. 10.20 Materiality and Waiver of Breach. County and Consultant agree that each requirement, duty, and obligation set forth herein was bargained for at arms-length and is agreed to by the Parties in exchange for quid pro quo, that each is substantial and important to the formation of this Agreement and that each is, therefore, a material term hereof. County's failure to enforce any provision of this Agreement shall not be deemed a waiver of such provision or modification of this Agreement. A waiver of any breach of a provision of this Agreement shall not be deemed a waiver of any subsequent breach and shall not be construed to be a modification of the terms of this Agreement. 10.21 Compliance with Laws. Consultant shall comply with all federal, state, and local laws, codes, ordinances, rules, and regulations in performing its duties, responsibilities, and obligations related to this Agreement.


10.22 Severability. In the event any part of this Agreement is found to be unenforceable by any court of competent jurisdiction, that part shall be deemed severed from this Agreement and the balance of this Agreement shall remain in full force and effect. 10.23 Joint Preparation. This Agreement has been jointly prepared by the Parties hereto, and shall not be construed more strictly against either Party. 10.24 Priority of Provisions. If there is a conflict or inconsistency between any term, statement, requirement, or provision of any exhibit attached hereto, any document or events referred to herein, or any document incorporated into this Agreement by reference and a term, statement, requirement, or provision of this Agreement, the term, statement, requirement, or provision contained in Articles 1 through 10 of this Agreement shall prevail and be given effect. 10.25 Law, Jurisdiction, Venue, Waiver of Jury Trial. This Agreement shall be interpreted and construed in accordance with and governed by the laws of the state of Florida. All Parties acknowledge and accept that jurisdiction of any controversies or legal problems arising out of this Agreement, and any action involving the enforcement or interpretation of any rights hereunder, shall be exclusively in the state courts of the Seventeenth Judicial Circuit in Broward County, Florida, and venue for litigation arising out of this Agreement shall be exclusively in such state courts, forsaking any other jurisdiction which either party may claim by virtue of its residency or other jurisdictional device. BY ENTERING INTO THIS AGREEMENT, CONSULTANT AND COUNTY HEREBY EXPRESSLY WAIVE ANY RIGHTS EITHER PARTY MAY HAVE TO A TRIAL BY JURY OF ANY CIVIL LITIGATION RELATED TO THIS AGREEMENT. 10.26 Incorporation by Reference. Any and all Recital clauses stated above are true and correct and are incorporated herein by reference. The attached Exhibits are incorporated into and made a part of this Agreement. 10.27 Re-Use of Project. County may, at its option, re-use (in whole or in part) the resulting end-product or deliverables resulting from Consultant's professional services (including, but not limited to, drawings, specifications, other documents, and services as described herein and in the Purchase Document) at no additional cost to County; and Consultant agrees to such re-use in accordance with this provision.

10.28 Representation of Authority. Each individual executing this Agreement on behalf of a party hereto hereby represents and warrants that he or she is, on the date he or she signs this Agreement, duly authorized by all necessary and appropriate action to execute this Agreement on behalf of such party and does so with full and legal authority. 10.29 Payable Interest

10.29.1. Payment of Interest. County shall not be liable to pay any interest to Consultant for any reason, whether as prejudgment interest or for any other purpose, and in furtherance thereof Consultant waives, rejects, disclaims and surrenders any and


all entitlement it has or may have to receive interest in connection with a dispute or claim arising from, related to, or in connection with this Agreement. This subsection shall not apply to any claim for interest, including for post-judgment interest, if such application would be contrary to applicable law. 10.29.2. Rate of Interest. If the preceding subsection is inapplicable or is determined to be invalid or unenforceable by a court of competent jurisdiction, the annual rate of interest payable by County under this Agreement, whether as prejudgment interest or for any other purpose, shall be, to the full extent permissible under applicable law, 0.25% (one quarter of one percent) simple interest (uncompounded).

10.30 Counterparts and Multiple Originals. This Agreement may be executed in multiple originals, and may be executed in counterparts, each of which shall be deemed to be an original, but all of which, taken together, shall constitute one and the same agreement. 10.31 Domestic Partnership Requirement. Consultant certifies and represents that it will comply with County's Domestic Partnership Act (Section 16½-157 of the Broward County Code of Ordinances, as amended) during the entire term of this Agreement. The failure of Consultant to comply shall be a material breach of this Agreement, entitling County to pursue any and all remedies provided under applicable law including, but not limited to (1) retaining all monies due or to become due Consultant until Consultant complies; (2) termination of this Agreement; and (3) suspension or debarment of Consultant from doing business with County. 10.32 Additional Security Requirements. To the extent required by a Purchase Document, Consultant certifies and represents that it will comply with the Port Everglades Security Requirements or the Airport Security Requirements attached hereto and incorporated herein as Exhibit D. 10.33 Federally Funded Contracts. To the extent applicable, Consultant certifies and represents that it will comply with the Federally Funded Contracts Requirements attached hereto and incorporated herein as Exhibit E.

(The remainder of this page is intentionally left blank.)


IN WITNESS WHEREOF, the Parties hereto have made and executed this Agreement: BROWARD COUNTY through its BOARD OF COUNTY COMMISSIONERS, signing by and through its Mayor or Vice-Mayor, authorized to execute same by Board action on the _____ day of _________________, 201__, and CONSULTANT, signing by and through its _________________________, duly authorized to execute same.

COUNTY

ATTEST: Broward County Administrator, as Ex-officio Clerk of the Broward County Board of County Commissioners Insurance requirements approved by Broward County Risk Management Division: By: Name: Title:

BROWARD COUNTY, by and through its Board of County Commissioners By: day of , 20 Approved as to form by Joni Armstrong Coffey Broward County Attorney Governmental Center, Suite 423 115 South Andrews Avenue Fort Lauderdale, Florida 33301 Telephone: (954) 357-7600 Telecopier: (954) 357-7641 By: René D. Harrod (Date) Assistant County Attorney

RDH 2017-05-31 RFQ IT Security Audit Agreement #17-099.01 05/31/2017


CONSULTANT WITNESSES: [CONSULTANT NAME]

_______________________________ Signature

By: ____________________________ Authorized Signor

_______________________________ Print Name of Witness above

_____________________________ Print Name and Title

_______________________________ _____ day of __________, 20___

Signature

_______________________________ ATTEST:

Print Name of Witness above _______________________________ Corporate Secretary or other person authorized to attest

(CORPORATE SEAL OR NOTARY)


EXHIBIT A WORK AUTHORIZATION FORM

Contract Number: Work Authorization No. This Work Authorization is between Broward County and ________________ ("Consultant") pursuant to the Agreement, executed on ____________________. In the event of any inconsistency between this Work Authorization and the Agreement, the provisions of the Agreement shall govern and control. Services to be provided: [DESCRIBE IN DETAIL]

Agreement at issue is __ Lump Sum/ __Not-to-Exceed for amount: $___________________ The time period for this Work Authorization will be from the date of complete execution until ____ (___) days after County's Notice to Proceed for the Services to be provided under this Work Authorization, unless otherwise extended or terminated by the Contract Administrator. Fee Determination: Payment for services under this Work Authorization is as follows:

Professional Services $___________________ General Services $___________________ Goods/Equipment $___________________

Total Cost of this Work Authorization $___________________ The foregoing amounts shall be invoiced by Consultant upon written acceptance by County of all goods and services provided under this Work Authorization. County

Contract Administrator Date

Project Manager Date

Board and/or Designee Date Consultant

Signed Date

Attest

Typed Name

Title


EXHIBIT B MINIMUM INSURANCE REQUIREMENTS


EXHIBIT C BUSINESS ASSOCIATE AGREEMENT BETWEEN

BROWARD COUNTY, FLORIDA AND _________________

This BUSINESS ASSOCIATE AGREEMENT ("BAA") is entered into by and between Broward County, Florida ("County"), and ____________, a ____________ corporation authorized to do business in the State of Florida with its principal office located at ______________________ ("Business Associate") in connection with the _______________________________ (the "Agreement").

RECITALS

1. Business Associate provides services related to the operation of certain activities/programs that involve the use or disclosure of Protected Health Information ("PHI");

2. The operation of such activities/programs is subject to the federal Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and the Health Information Technology for Economic and Clinical Health Act ("HITECH");

3. HIPAA and HITECH mandate that certain responsibilities of contractors with access to

PHI be documented through a written agreement; and 4. The County and Business Associate desire to comply with the requirements of HIPAA

and HITECH and acknowledge their respective responsibilities. NOW, THEREFORE, for good and valuable consideration, the receipt and sufficiency of

which are hereby acknowledged, the parties agree as follows: Section 1: Definitions 1.1 All terms used in this BAA not otherwise defined herein shall have the meanings stated in the Privacy and Security Rules, 45 CFR Parts 160, 162, 164, and 42 U.S.C. § 17921. 1.2 "HIPAA Laws" mean collectively HIPAA, HITECH, 42 CFR Part 2 (if applicable), and the related regulations and amendments. 1.3 When the term "PHI" is used in this BAA, it includes the term "Electronic Protected Health Information" or "EPHI." 1.4 Penalties as used in Section 3.18 below are defined as civil penalties that may be applied to the Business Associate and its workforce members by the Secretary of Health and Human Services (HHS). The amount of the penalties range depending on the type of violation. In determining penalties, the Secretary may take into account:


a. the nature and extent of the violation;

b. the nature and extent of harm resulting from such violation;

c. the degree of culpability of the covered entity or business associate;

d. the history of prior compliance with the administrative simplification provision including violations by the covered entity or business associate;

e. the financial condition of the covered entity or business associate, and

f. such other matters as justice may require.

Section 2: Confidentiality 2.1 County and Business Associate shall comply with all federal and state laws governing the privacy and security of PHI.

2.2 If this box is checked, the County and Business Associate are required to comply with 42 CFR Part 2 with respect to patient identifying information concerning alcohol and substance abuse treatment. Section 3: Obligations and Activities of the Business Associate Use and Disclosure of PHI 3.1 The Business Associate shall not use or disclose PHI other than as permitted or required by this BAA or as required by law. Business Associate may:

a. Use and disclose PHI only as necessary to perform its obligations under the Agreement, provided that such use or disclosure would not violate HIPAA Laws if done by the County; b. Use the PHI received in its capacity as a Business Associate of the County for its proper management and administration and to fulfill any legal responsibilities of Business Associate; c. Disclose PHI in its possession to a third party for the proper management and administration of Business Associate, or to fulfill any legal responsibilities of Business Associate, provided that the disclosure would not violate HIPAA Laws if made by the County, or is required by law, and Business Associate has received from the third party written assurances that (i) the information will be kept confidential and used or further disclosed only for the purposes for which it was disclosed to the third party or as required by law; (ii) the third party will notify Business Associate of any instances of which it


becomes aware in which the confidentiality of the information may have been breached; and (iii) the third party has agreed to implement reasonable and appropriate steps to safeguard the information; d. Use PHI to provide data aggregation activities relating to the operations of the County; and e. De-identify any and all PHI created or received by Business Associate under the Agreement, provided that the de-identification conforms to the requirements of the HIPAA Laws.

3.2 Business Associate shall limit its use and disclosure of, and request for PHI when practical or as required by law, to the information making up a Limited Data Set, as defined by HIPAA, and in all other cases subject to the requirements of 45 CFR 164.502(b), to the minimum amount of PHI necessary to accomplish the intended purpose of the use, disclosure, or request. 3.3 Business Associate is prohibited from selling PHI, using PHI for marketing purposes, or attempting to re-identify any PHI information in violation of HIPAA Laws. Administrative, Physical, and Technical Safeguards 3.4 Business Associate shall implement administrative, physical, and technical safeguards that protect the confidentiality, integrity and availability of PHI that it creates, receives, maintains, or transmits on behalf of the County. The safeguards shall include written policies, procedures, a security risk assessment, training of Business Associate employees, and sanctions that are in compliance with HIPAA Laws. 3.5 Business Associate shall require all of its subcontractors, agents, and other third parties that receive, use, transmit, maintain, store, or have access to PHI to agree, in writing, to the same restrictions and conditions that apply to Business Associate pursuant to this BAA, including implementation of administrative, physical, and technical safeguards. Access of Information; Amendment of Information; Accounting of Disclosures 3.6 Business Associate shall make available to the County all PHI in Designated Record Sets within ten (10) days of the County's request for the County to meet the requirements under 45 CFR § 164.524. 3.7 Business Associate shall make any amendments to PHI in a Designated Record Set as directed or agreed to by the County pursuant to 45 CFR § 164.526 in the time and manner reasonably designated by the County. 3.8 Business Associate shall timely document such disclosures of PHI and information related to such disclosures as would be required for the County to respond to an individual for an


accounting of disclosures of PHI in accordance with 45 CFR § 164.528. Further, Business Associate shall provide to the County an accounting of all disclosure of PHI during the term of this BAA within ten (10) days of termination of this BAA, or sooner if reasonably requested by the County for purposes of any monitoring/auditing of the County for compliance with HIPAA Laws. 3.9 Business Associate shall provide the County, or an individual under procedures approved by the County, information and documentation collected in accordance with the preceding paragraph to respond to an individual requesting an accounting for disclosures as provided under 45 CFR § 164.528 and HIPAA Laws. Mitigation

3.10 Business Associate shall mitigate, to the extent possible and at its own expense, any harmful effect that is known to Business Associate of a use or disclosure of PHI by the Business Associate in violation of the requirements of this BAA or applicable law. 3.11 Business Associate shall take appropriate disciplinary action against any members of its workforce who use or disclose PHI in any manner not authorized by this BAA or applicable law. Reporting of Breaches and Mitigation of Breach 3.12 Business Associate shall notify the County's HIPAA Privacy Official at (954) 357-6500 of any impermissible access, acquisition, use or disclosure of any unsecured PHI within twenty-four (24) hours of Business Associate becoming aware of such access, acquisition, use or disclosure. Unsecured PHI shall refer to such PHI that is not secured through use of a technology or methodology specified by the Secretary of HHS that renders such PHI unusable, unreadable, or indecipherable to unauthorized individuals. A breach of unsecured PHI shall be treated as discovered by Business Associate as of the first day on which such breach is known to the Business Associate or, by exercising reasonable diligence, would have been known to Business Associate, including any employee, officer, contractor, subcontractor, or other agent of Business Associate. 3.13 Business Associate shall submit a written report of a breach to the County within ten (10) business days after initial notification, and shall document the following:

a. The identification of each individual whose PHI has been, or is reasonably believed by Business Associate, to have been accessed, acquired, used, or disclosed during the breach; b. A brief description of what occurred, including the date of the breach and the date of the discovery of the breach, if known; c. A description of the types of PHI that are involved in the breach (such as full name, social security number, date of birth, home address, account number, diagnosis, etc.)


d. A description of what is being done to investigate the breach, to mitigate harm to individuals, and the reasonable and appropriate safeguards being taken to protect against future breaches; e. Any steps the County or the individual impacted by the breach should take to protect himself or herself from potential harm resulting from the breach; f. Contact procedures for the Business Associate to enable individuals to ask questions or learn additional information, which may include, in the discretion of the County, a toll-free telephone number, e-mail address, website, or postal address, depending upon the available contact information that the Business Associate has for the affected individuals; and g. Any other reasonable information requested by the County.

3.14 In the event of a breach, Business Associate shall, in consultation with and at the direction of the County, assist the County in conducting a risk assessment of the breach and mitigate, to the extent practicable, any harmful effect of such breach known to Business Associate. 3.15 The County, in its sole discretion, will determine whether the County or Business Associate shall be responsible to provide notification to individuals whose unsecured PHI has been disclosed, as well as to the Secretary of HHS and the media.

a. Notification will be by first-class mail, or by electronic mail, if the individual has specified notice in the manner as a preference. b. Information may be posted on the County and Business Associate's website where the Business Associate experienced, or is reasonably believed to have experienced, an impermissible use or disclosure of unsecured PHI that compromised the security or privacy of more than ten (10) individuals when no other current information is available to inform such individuals. c. Notice shall be provided to prominent media outlets with information on an incident where the Business Associate experienced an impermissible use and disclosure of unsecured PHI that compromised the security or privacy of more than five hundred (500) individuals within the same state or jurisdiction during the incident. d. The County may report, at least annually, any impermissible use and disclosure of unsecured PHI by the Business Associate to the Secretary of HHS as required by HIPAA Laws.

3.16 Business Associate agrees to pay the costs for notification to the County, individuals, and their representatives of any security or privacy breach that should be reported by Business Associate to the County. Business Associate also agrees to pay the costs for mitigating damages,


including, but not limited to, the expenses for credit monitoring, if the County determines that the breach warrants such measures. 3.17 Business Associate agrees to have established procedures to investigate a breach, mitigate losses, and protect against any future breaches, and to provide such procedures and any specific findings of the investigation to the County in the time and manner reasonably requested by the County. 3.18 Business Associate is liable to the County for any civil penalties imposed on the County under the HIPAA laws in the event of a violation of the HIPAA Laws as a result of any practice, behavior, or conduct of Business Associate. Available Books and Records 3.19 Business Associate shall make its internal practices and books, related to the Agreement and the BAA, including all policies and procedures required by HIPAA Laws, available to the County Contract Grants Administrator within five (5) business days of the Agreement. 3.20 Business Associate shall make its internal practices, books, and records, including all policies and procedures required by HIPAA Laws and PHI, relating to the use and disclosure of PHI received from the County or created or received on behalf of the County available to the County or to the Secretary of HHS or its designee within five (5) business days of request for the purposes of determining the Business Associate's compliance with HIPAA Laws. Section 4: Obligations of the County 4.1 The County shall notify Business Associate of any limitations in its notice of privacy practices in accordance with 45 CFR § 164.520, to the extent that such limitation may affect the Business Associate's use of PHI. 4.2 The County shall notify Business Associate of any changes in, or revocation of, permission by an individual to use or disclose PHI, to the extent that such changes may affect Business Associate's use of PHI. 4.3 The County shall notify Business Associate of any restriction to the use or disclosure of PHI to which the County has agreed in accordance with 45 CFR § 164.522, to the extent that such changes may affect Business Associate's use of PHI. 4.4 The County shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under the HIPAA Laws if done by the County. Section 5: Term and Termination 5.1 The term of this BAA shall be effective upon execution by all Parties, and shall terminate


upon the latter of termination or expiration of the Agreement, or the return or destruction of all PHI within the possession or control of the Business Associate as a result of the Agreement. 5.2 Upon the County's knowledge of a material breach of this BAA by Business Associate, the County shall either:

a. Provide an opportunity for Business Associate to cure the breach or terminate this BAA and the Agreement if the Business Associate does not cure the breach within the time specified by the County; b. Immediately terminate this BAA and the Agreement if Business Associate has breached a material term of this BAA and a cure is not possible; or c. If neither termination nor cure is feasible, the County's HIPAA Privacy Official shall report the violation to the Secretary of HHS.

5.3 Upon completion or termination of the Agreement, Business Associate agrees, at County's option, to return to the County or destroy all PHI gathered, created, received or processed pursuant to the Agreement. No PHI related to the Agreement will be retained by Business Associate, or a contractor, subcontractor, or other agent of Business Associate, unless retention is required by law and specifically permitted in writing by the County. 5.4 In the event that returning or destroying PHI is infeasible, Business Associate shall provide to the County a written statement that it is infeasible to return or destroy the PHI and describe the conditions that make return or destruction of the PHI infeasible. Under that circumstance, Business Associate shall extend the protections of this BAA to the PHI retained and limit further uses and disclosures of such PHI to those purposes that make return or destruction infeasible, for so long as Business Associate maintains the PHI, in which case Business Associate's obligations under this Section shall survive termination of this BAA. Section 6: Miscellaneous 6.1 Amendment. The County and Business Associate shall take such action as is necessary to amend this BAA for the County to comply with the requirements of HIPAA Laws or other applicable law. 6.2 Interpretation. Any ambiguity in this BAA shall be resolved to permit the County to comply with HIPAA Laws.

[Remainder of this page is intentionally blank.]


EXHIBIT D Airport and Port Security Requirements

Security Requirements - Airport NONDISCRIMINATION REQUIREMENTS

I. Nondiscrimination - 49 CFR Part 21 Requirements. During the performance of this contract, Provider for itself, its personal representatives, assigns and successors in interest (hereinafter referred to collectively as the "Provider") agrees as follows:

(a) Compliance With Regulations. Provider shall comply with the Regulations relative to nondiscrimination in Federally Assisted Programs of the Department of Transportation (hereinafter, "DOT") Title 49, Code of Federal Regulations, Part 21, as they may be amended from time to time (hereinafter referred to as the Regulations), which are herein incorporated by reference and made a part of this contract. (b) Nondiscrimination. Provider shall not discriminate on the grounds of race, color, religion, gender, national origin, age, marital status, political affiliation, familial status, physical or mental disability, or sexual orientation in the selection and retention of subcontractors, including procurement of materials and leases of equipment. Provider shall not participate either directly or indirectly in the discrimination prohibited by Section 21.5 of the Regulations, including employment practices when the contract covers a program set forth in Appendix B of the Regulations. (c) Solicitation for Subcontractors, Including Procurement of Materials and Equipment. In all solicitation either by competitive bidding or negotiation made by Provider for work to be performed under a subcontract, including procurement of materials or leases of equipment, each potential subcontractor or supplier shall be notified by Provider of Provider's obligation under this contract and the Regulations relative to nondiscrimination on the grounds of race, color, religion, gender, national origin, age, marital status, political affiliation, familial status, physical or mental disability, or sexual orientation.

(d) Information and Reports. Provider shall provide all information and reports required by the Regulations or directives issued pursuant thereto and shall permit access to its books, records, accounts, other sources of information and its facilities as may be determined by the County or the Federal Aviation Administration (FAA) to be pertinent to ascertain compliance with such Regulations, orders, and instructions. Where any information required of Provider is in the exclusive possession of another who fails or refuses to furnish this information, Provider shall so certify to the County or the FAA, as appropriate, and shall set forth what efforts it has made to obtain the information.


(e) Sanctions for Noncompliance. In the event of Provider noncompliance with the nondiscrimination provisions of this contract, the County shall impose such contract sanctions as it or the FAA may determine to be appropriate, including, but not limited to: (1) withholding of payments under the contract until there is compliance, and/or (2) cancellation, termination, or suspension of the contract, in whole or in part. In the event of cancellation or termination of the contract (if such contract is a lease), the County shall have the right to re-enter the Premises as if said lease had never been made or issued. These provisions shall not be effective until the procedures of Title 49 CFR Part 21 are followed and completed, including exercise or expiration of appeal rights. (f) Incorporation of Provisions. Provider shall include the provisions of paragraphs (a) through (e), above, in every subcontract, including procurement of materials and leases of equipment, unless exempt by the Regulations or directives issued pursuant thereto. Provider shall take such action with respect to any subcontract or procurement as the County or the FAA may direct as a means of enforcing such provisions including sanctions for noncompliance. Provided, however, that in the event Provider becomes involved in, or is threatened with, litigation with a subcontractor or supplier as a result of such direction, Provider may request the County to enter into such litigation to protect the interests of the County and, in addition, Provider may request the United States to enter into such litigation to protect the interests of the United States. (g) Provider, as a part of the consideration hereof, does hereby covenant and agree that in the event facilities are constructed, maintained, or otherwise operated on the said property described in this contract, for a purpose for which a DOT program or activity is extended or for another purpose involving the provision of similar services or benefits, Provider shall maintain and operate such facilities and services in compliance with all other requirements imposed pursuant to 49 CFR Part 21, Nondiscrimination in Federally Assisted Programs of the Department of Transportation, and as said Regulation may be amended.

(h) Provider, as a part of the consideration hereof, does hereby covenant and agree that: (1) no person on the grounds of race, color, religion, gender, national origin, age, marital status, political affiliation, familial status, physical or mental disability, or sexual orientation shall be excluded from participation in, denied the benefits of, or be otherwise subjected to discrimination in the use of said facilities, (2) that in the construction of any improvements on, over, or under the premises and the furnishing of services thereon, no person on the grounds of race, color, religion, gender, national origin, age, marital status, political affiliation, familial status, physical or mental disability, or sexual orientation shall be excluded from participation in, denied the benefits of, or otherwise be subjected to discrimination, and (3) that Provider shall use the premises in compliance with all other requirements imposed by or pursuant to 49 CFR Part 21, Nondiscrimination in Federally Assisted Programs of the Department of Transportation, and as said Regulations may be amended.

II. Nondiscrimination - 14 CFR Part 152 Requirements. During the performance of this contract, Provider, for itself, its assignees and successors in interest agrees as follows:


(a) Provider agrees to undertake an affirmative action program as required by 14 CFR Part 152, Subpart E, to insure that no person shall on the grounds of race, color, religion, gender, national origin, age, marital status, political affiliation, familial status, physical or mental disability, or sexual orientation be excluded from participation in any employment, contracting, or leasing activities covered in 14 CFR Part 152, Subpart E. Provider agrees that no person shall be excluded on these grounds from participating in or receiving the services or benefits of any program or activity covered by this Subpart. Provider agrees that it will require its covered sub organizations to provide assurances to Provider that they similarly will undertake affirmative action programs and that they will require assurances from their sub organizations as required by 14 CFR Part 152, Subpart E, to the same effect. (b) Provider agrees to comply with any affirmative action plan or steps for equal employment opportunity required by 14 CFR Part 152, Subpart E, as part of the affirmative action program, and by any federal, state, County or local agency or court, including those resulting from a conciliation agreement, a consent decree, court order or similar mechanism. Provider agrees that state or County affirmative action plans will be used in lieu of any affirmative action plan or steps required by 14 CFR Part 152, Subpart E, only when they fully meet the standards set forth in 14 CFR 152.409. Provider agrees to obtain a similar assurance from its covered organizations, and to cause them to require a similar assurance of their covered sub organizations, as required by 14 CFR Part 152, Subpart E. (c) If required by 14 CFR Part 152, Provider shall prepare and keep on file for review by the FAA Office of Civil Rights an affirmative action plan developed in accordance with the standards in Part 152. Provider shall similarly require each of its covered sub organizations (if required under Part 152) to prepare and to keep on file for review by the FAA Office of Civil Rights, an affirmative action plan developed in accordance with the standards in Part 152.

(d) If Provider is not subject to an affirmative action plan, regulatory goals and timetables, or other mechanism providing for short and long-range goals for equal employment opportunity under Part 152, then Provider shall nevertheless make good faith efforts to recruit and hire minorities and women for its aviation workforce as vacancies occur, by taking any affirmative action steps required by Part 152. Provider shall similarly require such affirmative action steps of any of its covered sub organizations, as required under Part 152.

(e) Provider shall keep on file, for the period set forth in Part 152, reports (other than those submitted to the FAA), records, and affirmative action plans, if applicable, that will enable the FAA Office of Civil Rights to ascertain if there has been and is compliance with this subpart, and Provider shall require its covered sub organizations to keep similar records as applicable.


(f) Provider shall, if required by Part 152, annually submit to the County the reports required by Section 152.415 and Provider shall cause each of its covered sub organizations that are covered by Part 152 to annually submit the reports required by Section 152.415 to Provider who shall, in turn, submit same to the County for transmittal to the FAA.

III. Nondiscrimination - General Civil Rights Provisions. Provider, for itself, its assignees and successors in interest agrees that it will comply with pertinent statutes, Executive Orders and such rules as are promulgated to assure that no person shall, on the grounds of race, color, religion, gender, national origin, age, marital status, political affiliation, familial status, physical or mental disability, or sexual orientation be excluded from participating in any activity conducted with or benefiting from Federal assistance. This Provision obligates Provider or its transferee, for the period during which Federal assistance is extended to the airport program, except where Federal assistance is to provide, or is in the form of personal property or real property or interest therein or structures or improvements thereon. In these cases, the Provision obligates the party or any transferee for the longer of the following periods: (a) the period during which the property is used by the sponsor or any transferee for a purpose for which Federal assistance is extended, or for another purpose involving the provision of similar services or benefits; or (b) the period during which the airport sponsor or any transferee retains ownership or possession of the property. In the case of Provider, this Provision binds Provider from the bid solicitation period through the completion of the contract.

IV. Nondiscrimination - 49 CFR Part 26. Provider shall not discriminate on the basis of race, color, religion, gender, national origin, age, marital status, political affiliation, familial status, physical or mental disability, or sexual orientation in the performance of this contract. Failure by Provider to carry out these requirements is a material breach of this contract, which may result in the termination of this contract or such other remedy as the County deems appropriate.

PROVISIONS PERTAINING TO AIRPORT PROJECTS

Provider agrees to observe all security requirements and other requirements of the Federal Aviation Regulations applicable to Provider, including without limitation, all regulations of the United States Department of Transportation, the Federal Aviation Administration and the Transportation Security Administration, and Provider agrees to comply with the County's Airport Security Program and the Air Operations Area (AOA) Vehicle Access Program, and any amendments thereto, and to comply with such other rules and regulations as may be reasonably prescribed by the County, and to take such steps as may be necessary or directed by the County to insure that sublessees, employees, invitees and guests observe these requirements. If required by the Aviation Department, Provider shall conduct background checks of its employees in accordance with applicable Federal Regulations. If as a result of the acts or omissions of Provider, its subcontractors, employees, invitees or guests, the County incurs any fines and/or penalties imposed by any governmental agency, including without limitation, the United States Department of Transportation, the Federal


Aviation Administration or the Transportation Security Administration, or any expense in enforcing any federal regulations, including without limitation, airport security regulations, or the rules or regulations of the County, and/or any expense in enforcing the County's Airport Security Program, then Provider agrees to pay and/or reimburse to County all such costs and expenses, including all costs of administrative proceedings, court costs, and attorney's fees and all costs incurred by County in enforcing this provision. Provider further agrees to rectify any security deficiency or other deficiency as may be determined as such by the County or the United States Department of Transportation, Federal Aviation Administration, the Transportation Security Administration, or any other federal agency with jurisdiction. In the event Provider fails to remedy any such deficiency, the County may do so at the sole cost and expense of Provider. The County reserves the right to take whatever action is necessary to rectify any security deficiency or other deficiency. (a) Access to Security Identification Display Areas and Identification Media. Provider shall be responsible for requesting the Aviation Department to issue Airport Issued Identification Media to all Provider's and its subcontractors employees who are authorized access to Security Identification Display Areas ("SIDA") on the Airport, as designated in the Airport Security Program. In addition, Provider shall be responsible for the immediate reporting of all lost or stolen Airport Issued Identification Media and the immediate return of the media of Provider's and its subcontractor's personnel transferred from the Airport, or terminated from the employ of Provider or any if its subcontractors, or upon termination of this Agreement. Before an Airport Issued Identification Media is issued to an employee of Provider or any of its subcontractors, Provider shall comply with the requirements of applicable federal regulations with regard to fingerprinting for criminal history record checks and security threat assessments, and shall require that each employee complete security training programs conducted by the Aviation Department. Provider shall pay or cause to be paid to the Aviation Department such charges as may be established from time to time for lost or stolen Airport Issued Identification Media and those not returned to the Aviation Department in accordance with these provisions. The Aviation Department shall have the right to require Provider to conduct background investigations and to furnish certain data on such employees before the issuance of Airport Issued Identification Media, which data may include the fingerprinting of employee applicants for such media. (b) Operation of Vehicles on the AOA: Before Provider shall permit any employee of Provider or of any subcontractor to operate a motor vehicle of any kind or type on the AOA (and unless escorted by an Aviation Department approved escort), Provider shall ensure that all such vehicle operators possess current, valid, and appropriate Florida driver's licenses. In addition, any motor vehicles and equipment of Provider or of any subcontractor operating on the AOA must have an appropriate vehicle identification permit issued by the Aviation Department, which identification must be displayed as required by the Aviation Department. (c) Consent to Search/Inspection: Provider agrees that its, and its subcontractors, vehicles, cargo, goods and other personal property are subject to being inspected and searched when attempting to enter or leave and while on the AOA. Provider further agrees on behalf of


itself and its subcontractors, that it shall not authorize any employee or other person to enter the AOA unless and until such employee or other person has executed a written consent-to-search/inspection form acceptable to the Aviation Department. Provider acknowledges and understands that the foregoing requirements are for the protection of users of the Airport and are intended to reduce incidents of cargo tampering, aircraft sabotage, thefts and other unlawful activities at the Airport. For this reason, Provider agrees that persons not executing such consent-to-search/inspection form shall not be employed by Provider or by any subcontractor at the Airport in any position requiring access to the AOA or allowed entry to the AOA by Provider or by any of its subcontractors. (d) Provider understands and agrees that if any of its employees, or the employees of any of its subcontractors, are required in the course of the work to be performed under this Agreement to access or otherwise be in contact with Sensitive Security Information ("SSI") as defined and construed under federal law, that individual will be required to execute a Sensitive Security Information Non-Disclosure Agreement promulgated by the Aviation Department. (e) The provisions hereof shall survive the expiration or any other termination of the Agreement to which this exhibit is attached.

Security Requirements - Port Everglades

A. The Port Everglades Department requires persons to present, at port entry, a valid driver's license, and valid reason for wishing to be granted port access in order to obtain a temporary/visitor ID badge. For persons who will visit the Port more than 15 times in a 90 day period, a permanent identification badge must be obtained and paid for by the contractor for all employees, subcontractors, agents and servants visiting or working on the port project. A restricted access badge application process will include fingerprints and a comprehensive background check. Badges must be renewed annually and the fees paid pursuant to Broward County Administrative Code, Section 42.6. For further information, please call 954-765-4225. B. All vehicles that are used regularly on the dock apron must have a Dockside Parking Permit. Only a limited number of permits will be issued per business entity. The fee is $100.00 per permit/vehicle. Individuals requesting a permit must possess a valid Port-issued Restricted Access Area badge with a "Dock" destination. Requests for Dockside Parking Permits must be submitted in writing, on company letterhead, to the ID Badge Office. Applicants must demonstrate a need for access to the dock apron. Requests shall be investigated, and approved, if appropriate justification is provided. Supporting documentation must be supplied, if requested. Dock permits are not transferable and must be affixed to the lower left corner of the permitted vehicle's windshield. Should the permit holder wish to transfer the permit to another vehicle during the term of issuance, the permit will be removed and exchanged at no charge for a new permit. Only one business entity representative will be permitted on the dock at a time at the vessel location. C. The Federal Government has instituted requirements for a Transportation Worker Identification Credential (TWIC) for all personnel requiring unescorted access to designated secure areas within Port Everglades. The contractor will be responsible for complying with the applicable TWIC requirements. For further information, please call 1- 855-347-8371, or go on line to https://www.tsa.gov/for-industry/twic.

http://www.tsa.gov/for-industry/twic

http://www.tsa.gov/for-industry/twic


EXHIBIT E Federally Funded Contracts Requirements

Provider shall comply with the following additional obligations to the extent applicable: 1. For all federally assisted construction contracts (as defined in 41 C.F.R. Part 60-1.3):

a. Provider will not discriminate against any employee or applicant for employment

because of race, color, religion, sex, or national origin. Provider will take affirmative action to ensure that applicants are employed, and that employees are treated during employment without regard to their race, color, religion, sex, or national origin. Such action shall include, but not be limited to the following: Employment, upgrading, demotion, or transfer; recruitment or recruitment advertising; layoff or termination; rates of pay or other forms of compensation; and selection for training, including apprenticeship. Provider agrees to post in conspicuous places, available to employees and applicants for employment, notices to be provided setting forth the provisions of this nondiscrimination clause.

b. Provider will, in all solicitations or advertisements for employees placed by or on

behalf of Provider, state that all qualified applicants will receive considerations for employment without regard to race, color, religion, sex, or national origin.

c. Provider will send to each labor union or representative of workers with which he

has a collective bargaining agreement or other contract or understanding, a notice to be provided advising the said labor union or workers' representatives of Provider's commitments under this section, and shall post copies of the notice in conspicuous places available to employees and applicants for employment.

d. Provider will comply with all provisions of Executive Order 11246 of September

24, 1965, and of the rules, regulations, and relevant orders of the Secretary of Labor. e. Provider will furnish all information and reports required by Executive Order

11246 of September 24, 1965, and by rules, regulations, and orders of the Secretary of Labor for purpose of investigation to ascertain compliance with such rules, regulations, and orders.

f. In the event of Provider's noncompliance with the nondiscrimination clauses of

this Agreement or with any of the said rules, regulations or orders, this Agreement may be canceled, terminated, or suspended in whole or in part and the contractor may be declared ineligible for further Government contracts or federally assisted construction contracts in accordance with procedures authorized in Executive Order 11246 of September 24, 1965, and such other sanctions may be imposed and remedies invoked as provided in Executive Order 11246 of September 24, 1965, or by rule, regulation, or order of the Secretary of Labor, or as otherwise provided by law.


g. Provider will include the provisions of Sections (1)(a) through (1)(f) in every subcontract or purchase order unless exempted by rules, regulations, or orders of the Secretary of Labor issued pursuant to section 204 of Executive Order 11246 of September 24, 1965, so that such provisions will be binding upon each subcontractor or vendor. Provider will take such action with respect to any subcontract or purchase order as the administering agency may direct as a means of enforcing such provisions, including sanctions for noncompliance: Provided, however, that in the event Provider becomes involved in, or is threatened with, litigation with a subcontractor or vendor as a result of such direction by the administering agency, Provider may request the United States to enter into such litigation to protect the interest of the United States. 2. For all construction contracts in excess of $2,000:

a. Provider shall to comply with 40 U.S.C. 3141-3144, 3146-3148 as supplemented

by Department of Labor regulations (29 CFR Part 5, "Labor Standards Provisions Applicable to Contracts Covering Federal Financed and Assisted Construction"), and the requirements of 29 C.F.R. Part 3 as may be applicable, which are incorporated by reference into this contract.

b. Provider is required to pay wages to laborers and mechanics at a rate not less than

the prevailing wages specified in a wage determination made by the Secretary of Labor. Provider shall pay wages not less than once a week.

c. Provider shall comply with the Copeland "Anti-Kickback" Act, 18 U.S.C. § 874, 40

U.S.C. § 3145, and 29 C.F.R. Part 3, "Contractors and Subcontractors on Public Building or Public Work Financed in Whole or in Part by Loans or Grants from the United States," as may be applicable, which are incorporated by reference into this contract. Provider shall not induce by any means any person employed in construction, completion or repair of work, to give up any part of the compensation to which he or she is otherwise entitled.

d. Provider shall insert in any subcontracts the clause above and such other clauses

as the federal funding agency may by appropriate instructions require, and also a clause requiring the subcontractors to include these clauses in any lower tier subcontracts. Provider shall be responsible for the compliance by any subcontractor or lower tier subcontractor with all of these contract clauses.

e. A breach of the contract clause above may be grounds for termination of the

Agreement, and for debarment as a contractor and subcontractor as provided in 29 C.F.R. § 5.12. 3. All contracts in excess of $100,000 that involve the employment of mechanics or laborers:

a. Provider shall comply with 40 U.S.C. §§ 3702 and 3704, as supplemented by the Department of Labor regulations (29 CFR Part 5).

b. Provider shall, among other things, compute the wages of every mechanic and laborer on the basis of a standard work week of 40 hours. Provider shall compensate work in


excess of the standard work week at a rate of not less than one and half times the basic rate of pay for all hours worked in excess of 40 hours in the work week. Provider shall not require laborers or mechanics to work in surroundings or under working conditions which are unsanitary, hazardous or dangerous. 4. All federally funded contracts:

a. Provider shall comply with the requirements of 37 CFR Part 401, "Rights to Inventions Made by Nonprofit Organizations and Small Business Firms Under Government Grants, Contracts and Cooperative Agreements" and any implementing regulations issued by the federal funding agency.

b. Provider agrees to comply with all applicable standards, orders or regulations

issued pursuant to the Clean Air Act (42 U.S.C. §§ 7401-7671q) and the Federal Water Pollution Control Act as amended (33 U.S.C. §§ 1251-1387), and will report violations to FEMA and the Regional Office of the Environmental Protection Agency (EPA).

c. Provider shall comply with all mandatory standards and policies relating to energy

efficiency which are contained in the state energy conservation plan issued in compliance with the Energy Policy and Conservation Act (42 U.S.C. § 6201).

d. This Agreement is a covered transaction for purposes of 2 C.F.R. Part 180 and 2

C.F.R. Part 3000. Provider affirms and verifies that neither the Provider, nor any of its principals (defined at 2 C.F.R. § 180.995) or affiliates (defined at 2 C.F.R. § 180.905) are excluded (defined at 2 C.F.R. § 180.940) or disqualified (defined at 2 C.F.R. § 180.935).

e. Provider shall comply with 2 C.F.R. Part 180, subpart C and 2 C.F.R. Part 3000,

subpart C, and shall include there requirements to comply in any lower tier covered transaction it enters into relating to this Agreement.

f. The foregoing subsections are material representations of fact relied upon by

Broward County. If it is later determined that Provider did not comply with 2 C.F.R. Part 180, subpart C or 2 C.F.R. Part 3000, subpart C, in addition to remedies available to Broward County, the Federal Government may pursue available remedies, including but not limited to suspension and/or debarment.

g. Provider agrees to comply with the requirements of 2 C.F.R. Part 180, subpart C

and 2 C.F.R. Part 3000, subpart C until the termination or expiration of this Agreement. Provider further agrees to include a provision requiring such compliance in its lower tier covered transactions relating to this Agreement.

h. Provider shall comply with section 6002 of the Solid Waste Disposal Act, as

amended by the Resource Conservation and Recovery Act. Among other things, Provider shall procure only items designated in guidelines of the Environmental Protection Agency (EPA) at 40


CFR Part 247 that contain the highest percentage of recover materials practicable, consistent with maintaining a satisfactory level of competition, where the purchase price of the item exceeds $10,000.00; procuring solid waste management services in a manner that maximizes energy and resource recovery; and establishing an affirmative procurement program for procurement of recovered materials identified in the EPA guidelines. 5. By execution of this Agreement, Provider certifies that:

a. No Federal appropriated funds have been paid or will be paid, by or on behalf of

the undersigned, to any person for influencing or attempting to influence an officer or employee of any agency, a Member of Congress, an officer or employee of Congress, or an employee of a Member of Congress in connection with the awarding of any Federal contract, the making of any Federal grant, the making of any Federal loan, the entering into of any cooperative agreement, and the extension, continuation, renewal, amendment, or modification of any Federal contract, grant, loan, or cooperative agreement.

b. If any funds other than Federal appropriated funds have been paid or will be paid to any person for influencing or attempting to influence an officer or employee of any agency, a Member of Congress, an officer or employee of Congress, or an employee of a Member of Congress in connection with this Federal contract, grant, loan, or cooperative agreement, the undersigned shall complete and submit standard Form-LLL, "Disclosure Form to Report Lobbying," in accordance with its instructions.

c. Provider shall require that the language of this certification be included in the

award documents for all sub awards at all tiers (including subcontracts, sub grants, and contracts under grants, loans, and cooperative agreements) and that all subrecipients shall certify and disclose accordingly.

d. This certification is a material representation of fact upon which reliance is placed

when this transaction was made or entered into. Provider certifies or affirms the truthfulness and accuracy of each statement of the foregoing certification and disclosure, if any. In addition, the Provider understands and agrees that the provisions of 31 U.S.C. § 3801 et seq., apply to this certification and disclosure, if any.