The URL can be used to link to this page

CM-2018-1993 - 12/20/2018V /VIGILANT -1-1111N. VIGILANT SOLUTIONS - SOFTWARE SERVICE PROGRAM STATE AND LOCAL LAW ENFORCEMENT AGENCY AGREEMENT This Agreement is made and entered Into effective _' ""' Z.d 20 b (the "Effectiv Date") between Vigilant Solutions, LLC, a Delaware company {"Vigilant"} and ��. s , an Originating Agency identifier (ORI) credentialed law enforcement agency ("A ency"). A. Vigilant stores and disseminates to law enforcement agencies publicly and commercially gathered license plate recognition (LPR) data as a valued added component of the Vigilant law enforcement package of LPR equipment and/or software; and B. Agency desires to obtain access to Vigilant's Software Service with available publicly and commercially collected LPR data via the Law Enforcement Archival Reporting Network (LEARN) server; NOW, THEREFORE, in consideration of the mutual agreements contained herein and other good and valuable consideration, the receipt and sufficiency of which Is acknowledged by the parties, the parties agree as follows: 1. Definitions. (a) Commercial LPR Data. Refers to LPR data collected by private commercial sources and available on the LEARN Software Service with a paid subscription. (b) Confidential Information. Refers to any and all (i) rights of Vigilant associated with works of authorship, including exclusive exploitation rights, copyrights, moral rights and mask works, trademark and trade name rights and similar rights, trade secrets rights, patents, designs, algorithms and other industrial property rights, other intellectual and industrial property and proprietary rights of every kind and nature, whether arising by operation of law, by contract or license, or otherwise; and all registrations, applications, renewals, extensions, combinations, divisions or reissues of the foregoing; (fi) product specifications, data, know-how, formulae, compositions, processes, designs, sketches, photographs, graphs, drawings, samples, inventions and ideas, and past, current and planned research and development; (i. -i) current and planned manufacturing and distribution methods and processes, customer lists, current and anticipated customer requirements, price lists, market studies, and business plans; (iv) computer -software and programs (including object code and source code), database technologies, systems, structures, architectures, processes, improvements, devices, discoveries, concepts, methods, and information of Vigilant; (v) any other information, however documented, of Vigilant that is a trade secret within the meaning of applicable state trade secret law or under other applicable law, including but not limited to the LEARN Software Service and the Commercial LPR Data; (vi) information concerning the business and affairs of Vigilant (which includes historical financial statements, financial projections and budgets, historical and projected sales, capital spending budgets and plans, the names and backgrounds of key personnel, contractors, agents, suppliers and potential suppliers, personnel training techniques and materials, and purchasing methods and techniques, however documented; and (vii) notes, analysis, compilations, studies, summaries and other material prepared by or for Vigilant containing or based, In whole or in part, upon any information included in the foregoing. (c) LEA. Refers to a law enforcement agency. (d) LEA LPR Data. Refers to LPR data collected by LEAs and available on the LEARN Software Service for use by other LEAs. LEA LPR Data is freely available to LEAs at no cost and is governed by the contributing LEA's retention policy. Vigilant solutions Softw.ire Seivlce Program Agreement ver 17 CM- .2 dl & -- I � �ViGILANT ss M u rIDNn (e) LEARN Software Service. Refers to a web based (hosted) suite of software applications consisting of analytical and investigative software located on a physical database server that also hosts LPR Data. (f) License Plate Recognition ("LPR"). Refers to the process of utilizing cameras, either stationary or mounted on moving vehicles, to capture and interpret Images of vehicle license plates. (g) LPR Data. Refers to both LEA LPR Data and Commercial LPR Data. (h) Service Fee. Amount paid by Agency per Service Period. (i) User. Refers to an Individual who is an agent and sworn officer of Agency and who is authorized by Agency to access the LEARN Software Service on behalf of Agency through login credentials provided by Agency, 2. Licensed Access to the LEARN Software Service. (a) Grant of License. During the term of this Agreement, Vigilant grants Agency a non exclusive, non, transferable right and license to access the LEARN Software Service for use in accordance with the terms of this Agreement. (b) Authorized Use. Agency is prohibited from accessing the LEARN Software Service other than for law enforcement purposes. (c) Ownership of Commercial LPR Data and LEARN Software. Except for the rights expressly granted by Vigilant to Agency under this Agreement, Vigilant retains all title and rights to the Commercial LPR Data and the LEARN Software. Nothing contained In this Agreement shall be deemed to convey to Agency or to any other party any ownership Interest In or to any LPR Data or the LEARN Software. (d) Restrictions on Use of LEARN Software Service. Except as expressly permitted under this Agreement, Agency agrees that it shall not, nor will it permit a Userorany other party to, without the prior written consent of Vigilant, (f) copy, duplicate or grant permission to the LEARN Software Service or any part thereof, (Ii) create, attempt to create, or grant permission to the source program and/or object program associated with the LEARN Software Service; (iii) decompile, disassemble or reverse engineer any software component of the LEARN Software Service for any reason, including, without limitation, to develop functionally similar computer software or services; or (iv) modify, alter or delete any of the copyright notices embedded in or affixed to the copies of any components of the LEARN Software Service. Agency shall Instruct each User to comply with the preceding restrictions. (e) Third Party Software and Data. If and to the extent that Vigilant Incorporates the software and/or data of any third party into the LEARN Software Service, including but not limited to the LEA LPR Data, and use of -such third party software and/or data is not subject to the terms of a license agreement directly between Agency and the third party licensor, the license of Agency to such third party software and/or data shall be defined and limited by the license granted to Vigilant by such third party and the license to the LEARN Software Service granted by Vigilant under this Agreement. Agency specifically acknowledges that the licensors of such third party software and/or data shall retain all ownership rights thereto, and Agency agrees that it shall not (f) decompile, disassemble or reverse engineer such third party software or otherwise use such third party software for any reason except as expressly permitted herein; (ii) reproduce the data therein for purposes other than those specifically permitted under this Agreement; or (iii) modify, after or delete any of the copyright notices embedded in or affixed to such third party software. Agency shall Instruct each User to comply with the preceding restrictions. (f) Non -Exclusive Licensed Access. Agency acknowledges that the right or ability of Vigilant to license other third parties to use the LEARN Software Service is not restricted in any manner by this Agreement, and that It is Vigilant's intention to license a number of other LEAs to use the LEARN Software Service. Vigilant shall have no liability to Agency for any such action. Vigilant Solutions 5oftware Service Program Agreement ver 2 ! VIGILANT V V LU T IONS 3. Other Matters Relating to Access to LEARN Software Service. (a) Accessibility. The LEARN Software Service, LPR Data and associated analytical tools are accessible to LEAs ONLY and are accessible pursuant to one of the following two methods: (1) LEARN Commercial Data Subscription. Access to the LEARN Software Service through a commercial data subscription allows forcommercial data to be used at a much deeper level to include partial plate queries, geo-fence queries, and analytic reports such as common plate and possible associate analysis. (2) Application Programming Interface (API). The API access method allows for integration of the LPR Data into external third -party analytic tools. The API does NOT provide ownership rights to the LPR Data, only access during the subscription period. The APi is available only In conjunction with a LEARN Commercial Data Subscription. (b) Access to LEA LPR Data. LEA LPR Data is provided as a service to LEAs at no additional charge. (c) Eligibility. Agency shall only authorize individuals who satisfy the eligibility requirements of "Users" to access the LEARN Software Service. Vigilant in its sole discretion may deny LEARN Software Service access to any individual based on such person's failure to satisfy such eligibility requirements. (d) Account Security (Agency Responsibility). (1) Agency shall be responsible for assigning an account administrator who In turn will be responsible for assigning to each of Agency's Users a username and password (one per user account). An unlimited number of User accounts is provided. Agency will cause the Users to maintain username and password credentials confidential and will prevent use of such username and password credentials by any unauthorized person(s). Agency shall notify Vigilant immediately if Agency believes the password of any of its Users has, or may have, been obtained or used by any unauthorized person(s). In addition, Agency must notify Vigilant immediately if Agency becomes aware of any other breach or attempted breach of the security of any of its Users' accounts. (2) User logins are restricted to agents and sworn officers of the Agency. No User logins may be provided to agents or officers of other local, state, or Federal LEAs. LFR Data must reside within the LEARN Software Service and cannot be copied to another system, unless Agency purchases Vigilant's API. (e) Data Sharing. If Agency Is a generator as well as a consumer of LPR Data, Agency at its option may share its LEA LPR Data with similarly situated LEAs who contract with Vigilant to access the LEARN Software Service (for example, LEAs who share LEA LPR Data with other LEAs). (f) Subscriptions. LEARN Software Service software applications and LPR Data is available to Agency and Its Users on an annual subscription basis. (g) Available API. Vigilant offers an API whereby Agency may load LPR Data and provide for ongoing updating of LPR Data into a third -party system of Agency's choosing (the "API"). This service is offered as an optional service and in addition to the LEARN Commercial Data Subscription. 4. Restrictions on Access to LEARN Software Service. (a) Non -Disclosure of Confidential Information. Agency and each User will become privy to Confidential Information during the term of this Agreement. Agency acknowledges that a large part of Vigilant's competitive advantage comes from the collection and analysis of this Confidential Information and Agency's use, except as expressly permitted under this Agreement, and disclosure of any such Confidential Information would cause irreparable damage to Vigilant. (b) Restrictions. As a result of the sensitive nature of the Confidential Information, Agency agrees, except to the extent expressly permitted under this Agreement, (i) not to use or disclose, directly or indirectly, and not to permit Users to use or disclose, directly or indirectly, any LPR location information obtained through Agency's access to Vigilant Solutions 5oftware Service Progi-am Agreement ver 1.7 1 , E -, ; i (VIGILANT -.117TIO H13 the LEARN Software Service or any other Confidential Information; (if) not to download, copy or reproduce any portion of the LPR Data and other Confidential information; and (iii) not to sell, transfer, license for use or otherwise exploit the LPR Data and other Confidential Information in any way. Additionally, Agency agrees to take all necessary precautions to protect the Confidential Information against its unauthorized use or disclosure and exercise at least the same degree of care in safeguarding the Confidential information as Agency would with Agency's own confidential Information and to promptly advise Vigilant in writing upon learning of any unauthorized use or disclosure of the Confidential Information. (c) Third Party Information. Agency recognizes that Vigilant has received, and in the future will continue to receive, from LEAs associated with Vigilant their confidential or proprietary information ("Associated Third Party Confidential Information"). By way of example, Associated Third Party Confidential Information includes LEA LPR Data. Agency agrees, except to the extent expressly permitted by this Agreement, (1) not to use or to disclose to any person, firm, or corporation any Associated Third Party Confidential Information, (H) not to download, copy, or reproduce any Associated Third Party Confidential Information, and (iii) not to sell, transfer, license for use or otherwise exploit any Associated Third Party Confidential Information. Additionally, Agency agrees to take all necessary precautions to protect the Associated Third Party Confidential Information against its unauthorized use or disclosure and exercise at least the same degree of care in safeguarding the Associated Third Party Confidential Information as Agency would with Agency's own confidential Information and to promptly advise Vigilant in writing upon learning of any unauthorized use or disclosure of the Associated Third Party Confidential Information. (d) Non -Publication. Agency shall not create, publish, distribute, or permit any written, electronically transmitted or other form of publicity material that makes reference to the LEARN Software Service or this Agreement without first submitting the material to Vigilant and receiving written consent from Vigilant thereto. This restriction Is specifically intended to ensure consistency with other media messaging, (e) Non -Disparagement. Agency agrees not to use proprietary materials or Information in any manner that Is disparaging. This prohibition is specifically Intended to preclude Agency from cooperating or otherwise agreeing to allow photographs or screenshots to be taken by any member of the media without the express consent of Vigilant. Agency also agrees not to voluntarily provide ANY information, including interviews, related to Vigilant, its products or its services to any member of the media without the express written consent of Vigilant. (f) Manner of Use. (1) Agency must use its account in a manner that demonstrates integrity, honesty, and common sense. (2) Users shall only utilize the LEARN Software Service for law enforcement purposes for its own Agency. User shall not access the LEARN Software Service on the behalf of other local, state, or Federal LEAs. (g) Survival of Restrictions and other Related Matters. (1) Agency shall cause each User to comply with the provisions of this Section 4. (2) Agency agrees to notify Vigilant immediately upon discovery of any unauthorized use or disclosure of Confidential Information or any other breach of this Section 4 by Agency or any User, and Agency shall reasonably cooperate with Vigilant to regain possession of the Confidential Information, prevent Its further unauthorized use, and otherwise prevent any further breaches of this Section 4. (3) Agency agrees that a breach or threatened breach by Agency or a User of any covenant contained in this Section 4 will cause irreparable damage to Vigilant and that Vigilant could not be made whole by monetary damages. Therefore, Vigilant shall have, in addition to any remedies available at law, the right to seek equitable relief to enforce this Agreement. (4) No failure or delay by Vigilant in exercising any right, power or privilege hereunder will operate as a waiver thereof, nor will any single or partial exercise of any such right, power or privilege preclude any other or further exercise thereof. Vigilant Solulions—Software Service Program Agreement ver 1.J,;,Ga.�- �, VIGILANT s n LU r r ON K (5) The restrictions set forth in this Section 4 shall survive the termination of this Agreement for an indefinite period of time. S. Term and Termination. (a) Term. The Initial Term of this Agreement shall be for a term of one (1) year from the Effective Date of this Agreement. Sixty (60) days prior to the expiration of the Initial Term and each subsequent Service Period, Vigilant will provide Agency with an invoice for the Service Fee due for the subsequent twelve (12) month period (each such period, a "Service Period"). This Agreement will be extended for a Service Period upon Agency's payment of that Service Period's Service Fee, which Is due 30 days prior to the expiration of the Initial Term or the existing Service Period, as the case may be. Agency may also pay in advance for more than one Service Period. (b) Termination. (1) Agency may terminate this Agreement upon thirty (30) days prior written notice to Vigilant for any reason. Agency shall not be entitled to a refund of the annual subscription fee, or any portion thereof, if Agency terminates the agreement prior to the end of a Service Period. (2) Vigilant may terminate this Agreement by providing thirty (30) days written notice to Agency for any reason. IF Vigilant's termination notice is based on an alleged breach by Agency, then Agency shall have thirty (30) days from the date of its receipt of Vigilant's notice of termination, which shall set forth in detail Agency's purported breach of this Agreement, to cure the alleged breach. If within thirty (30) days of written notice of violation from Vigilant Agency has not reasonably cured the described breach of this Agreement, Agency shall immediately discontinue all use of the LEARN Software Service. If Vigilant terminates this Agreement prior to the end of a Service Period for breach, no refund for any unused Service Fees will be provided. If Vigilant terminates this Agreement prior to the end of a Service Period for no reason, and not based on Agency's failure to cure the breach of a material term or condition of this Agreement, Vigilant shall refund to Agency an amount calculated by multiplying the total amount of Service Fees paid by Agency for the then -current Service Period by the percentage resulting from dividing the number of days remaining in the then -current Service Period, by 365. (c) Effect of Termination. Upon termination or expiration of this Agreement for any reason, all licensed rights granted in this Agreement will Immediately cease to exist and Agency must promptly discontinue all use of the LEARN Software Service, erase all LPR Data accessed through the LEARN Software Service from its computers, Including LPR Data transferred to an API, and return all copies of any related documentation and other materials. 6. Miscellaneous. (a) Notices. Any notice under this Agreement must be written. Notices must be addressed to the recipient and either (i) hand delivered; (ii) placed in the United States mail, certified, return receipt requested; (ill) deposited with an overnight delivery service; or (iv) sent via e-mail and followed with a copy sent by overnight delivery or regular mall, to the address or e-mail address specified below. Any mailed notice is effective three (3) business days after the date of deposit with the United States Postal Service or the overnight delivery service, as applicable; all other notices are effective upon receipt. A failure of the United States Postal Service to return the certified mail receipt to the dispatcher of such notice will not affect the otherwise valid posting of notice hereunder. Addresses for all purposes under this Agreement are: Vigilant 5olutions - Software Service Program Agreemen' ver. 1.7 \X VIGILANT 90Lu T o 14 Vigilant Solutions, LLC Agency:, Attn: Steve Cintron Attn: 1152 Stealth Street Livermore, California 94551 Address: Telephone: 925-398-2079 Telephone: E-mail: steve.cintron@vigllantsoiutions.com E-mail: with a copy to: Holland, Johns & Penny, L.L.P. Attn: Margaret E. Holland 306 West Seventh Street, Suite 500 Fort Worth, Texas 76102 Telephone: 817-335-1050 E-mail: meh@hjpllp.com Either party may designate another address for this Agreement by giving the other party at least five (5) business days' advance notice of its address change. A party's attorney may send notices on behalf of that party, but a notice Is not effective against a party If sent only to that party's attorney. (b) Disclaimer. Vigilant makes no express or implied representations or warranties regarding Vigilant's equipment, website, online utilities or their performance, availability, functionality, other than a warranty of merchantability and fitness for the particular purpose of searching for license plate locations in the database and performing other related analytical functions. Any other implied warranties of merchantability or fitness for a particular purpose are expressly disclaimed and excluded. (c) Limitations of Liability. VIGILANT WILL NOT BE LIABLE FOR AGENCY'S USE OF THE LPR DATA OR LEARN SOFTWARE SERVICE APPLICATIONS AND WILL NOT BE LIABLE TO AGENCY UNDER ANY CIRCUMSTANCES WITH RESPECT TO ANY SUBJECT MATTER OF THIS AGREEMENT UNDER ANY CONTRACT, NEGLIGENCE, TORT, STRICT LIABILITY OR OTHER LEGAL OR EQUITABLE THEORY FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL OR EXEMPLARY DAMAGES (INCLUDING, WITHOUT LIMITATION, LOSS OF REVENUE OR GOODWILL OR ANTICIPATED PROFITS OR LOST OF BUSINESS). TO THE EXTENT THE FOREGOING LIMITATION OF LIABILITY IS PROHIBITED OR OTHERWISE UNENFORCEABLE VILIGANT'S CUMULATIVE LIABILITY TO AGENCY ARISING OUT OF OR RELATED TO THIS AGREEMENT SHALL NOT EXCEED $10,000.00. (d) indemnification. Agency agrees to indemnify, defend and hold harmless Vigilant and its employees, representatives, agents, officers, directors, and corporate employees (each, an "Indemnified Party"), against any and all claims, suits, actions, or other proceedings brought against the Indemnified Party based on or arising from any claim (1) resulting from Agency's or a User's breach of this Agreement, (ii) that involves any vehicle owned or operated by Agency, (iii) or any employee or independent contractor hired by Agency or (iv) any and all claims based on Agency's or a User's actions or omissions. (e) Independent Contractor Status. Each party will at all times be deemed to be an independent contractor with respect to the subject matter of this Agreement and nothing contained In this Agreement will be deemed or construed in any manner as creating any partnership, joint venture, joint enterprise, single business enterprise, employment, agency, fiduciary or other similar relationship. Vigigant Solutions SoFiware Service Program Agreement ver. 1.1 VIGILANT ,1". i dress (f) Assignment of this Agreement. Agency may not assign its rights or obligations under this Agreement to any party, without the express written consent of Vigilant. (g) No Exclusivity. Vigilant may at any time, directly or indirectly, engage in similar arrangements with other parties, including parties which may conduct operations In geographic areas in which Agency operates. Additionally, Vigilant reserves the right to provide LPR Data to third -party entitles for purposes of promotions, marketing, business development or any other commercially reasonable reason that Vigilant deems necessary and appropriate. (h) No Reliance. Agency represents that It has Independently evaluated this Agreement and is not relying on any representation, guarantee, or statement from Vigilant or any other party, other than as expressly set forth In this Agreement. (1) Governing Law; Venue. THiS AGREEMENT IS GOVERNED BY AND INTERPRETED iN ACCORDANCE WITH THE LAWS OF THE STATE OF TEXAS WITHOUT REGARD TO CON FLICTS-OF•LAWS PRINCIPLES. THE PARTIES HERETO CONSENT THAT VENUE OF ANY ACTION BROUGHT UNDER THiS AGREEMENT WILL BE IN TARRANT COUNTY, TEXAS, 1j) Amendments. Except as otherwise permitted by this Agreement, no amendment to this Agreement orwaiver of any right or obligation created by this Agreement will be effective unless it is in writing and signed by both parties. Vigilant's waiver of any breach or default will not constitute a waiver of any other or subsequent breach or default. (k) Entirety. This Agreement and the Agency's purchase order, setting forth Vigilant's LEARN Software Service being purchased by Agency pursuant to this Agreement and the related product code and subscription price, represent the entire agreement between the parties and supersede all prior agreements and communications, oral or written between the parties. Except to the limited extent expressly provided in this Section 6(k), no contrary or additional terms contained in any purchase order or other communication from Agency will be a part of this Agreement. (1) Force Majeure. Neither party will be liable for failure to perform or delay in performing any obligation under this Agreement if nonperformance is caused by an occurrence beyond the reasonable control of such party and without its fault or negligence such as acts of God or the public enemy, acts of the Government In either Its sovereign or contractual capacity, fires, floods, epidemics, quarantine restrictions, strikes, unusually severe weather, delays of common carriers, or any other cause beyond the reasonable control of such party. (m) Severability. if any provision of this Agreement is held to be invalid, illegal or unenforceable for any reason, such invalidity, illegality or unenforceability will not affect any other provisions of this Agreement, and this Agreement will be construed as if such invalid, illegal or unenforceable provision had never been contained herein. (n) Price Adjustments. Vigilant has the right to increase or decrease the annual Service Fee from one Service Period to another; provided, however, that in no event will a Service Fee be increased by more than the greater of (1) 4% of the prior Service Period's Service Fees, or (ii) prices identified In the original proposal. If Vigilant intends to adjust the Service Fee for a subsequent Service Period, it must give Agency notice of the proposed increase on or before the date that Vigilant invoices Agency for the upcoming Service Period. (o) CJIS Requirements. Agency certifies that its LEARN users shall comply with the UIS requirements outlined in Exhibit A. Vigilant S011160115 Saftware Service Pi oerarn Agreement ver. 1.7 A$"V1131LANT h t, L v 'N 'n IN WITNESS WHEREOF, the parties hereto have executed this Agreement by persons duly authorized as of the date and year first above written. Company: Vigilant Solutions, LLC Authorized Agent: Bili Quinlan Title: Vice President Sales Operations Date: IZ ' " 7i0 1 Signature: Agency; 6-r 4a,01d eCk Authorized Agent: Title: G'Y Date: I Z' Zo—t/ Signature: [signature page — LEARN Software Service State and Local Law Enforcement Agency Agreement] Vigilant Solutions Software 5ervice Program Agreement ver. 1.1 Page 8 of 11 VIGILANT SO LU T ION S Exhibit A, CJIS Requirements Vigilant and Agency agree on the importance of data security, integrity and system availability and that these security objectives will only be achieved through shared responsibility. Vigilant and Agency agree they will more likely be successful with information security by use of the Vigilant supplied technical controls and client Agency use of those controls; In conjunction with agency and personnel policies to protect the systems, data and privacy. Vigilant and Agency agree that Agency owned and FBI-CJIS supplied data in Vigilant systems does not meet the definition of FBI-CJ15 provided Criminal Justice Information (CJI). Regardless, Vigilant agrees to treat the Agency -supplied information in Vigilant systems as CJI. Vigilant will strive to meet those technical and administrative controls; ensuring the tools are in place for the proper protection of systems, Information and privacy of individuals to the greatest degree possible. Vigilant and Agency agree that information obtained or incorporated into Vigilant systems may be associated with records that are sensitive in nature having, tactical, investigative and Personally Identifiable information. As such, that information will be treated in accordance with applicable laws, policies and regulations governing protection and privacy of this type of data. Vigilant and Agency agree that products and services offered by Vigilant are merely an investigative tool to aid the client in the course of their duties and that Vigilant make no claims that direct actions be initiated based solely upon the information responses or analytical results. Further, Vigilant and Agency agree that Agency is ultimately responsible for taking the appropriate actions from results, hits, etc. generated by Vigilant products and require ongoing training, human evaluation, verifying the accuracy and currency of the information, and appropriate analysis prior to taking any action. As such, the parties agree to do the following; Vigilant: 1. Vigilant has established the use of FBI-CJIS Security Policy as guidance for implementing technical security controls in an effort to meet or exceed those Policy requirements. 2. Vigilant agrees to appoint a CJiS Information Security Officer to act as a conduit to the client Contracting Government Agency, Agency Coordinator, to receive any security policy information and disseminate to the appropriate staff. 3. Vigilant agrees to adhere to FBI-CJIS Security Policy Awareness Training and Personnel Screening standards as required by the Agency. 4. Vigilant agrees, by default, to classify all client supplied data and information related to client owned infrastructure, information systems or communications systems as "Criminal Justice Data". All client information will be treated at the highest level of confidentiality by all Vigilant staff and authorized partners. Vigilant has supporting guidance/policies for staff handling the full life cycle of information in physical or electronic form and has accompanying disciplinary procedures for unauthorized access, misuse or mishandling of that information. 5. Vigilant will not engage in data mining, commercial sale, unauthorized access and/or use of any of Agency owned data. 6. Vigilant and partners agree to use their formal cyber Incident Response Plan If such event occurs. 7. Vigilant agrees to immediately inform Agency of any cyber incident or data breach, to Include DDoS, Malware, Virus, etc. that may impact or harm client data, systems or operations so proper analysis can be performed and Vigilant So utions Software Service Program Agreement ver 1.7 V�VIGIL- NT client Incident Response Procedures can be initiated. 8. Vigilant will only allow authorized support staff to access Agency's account or Agency data In support of Agency as permitted by the terms of contracts. 9. Vigilant agrees to use training, policy and procedures to ensure support staff use proper handling, processing, storing, and communication protocols for Agency data. 10. Vigilant agrees to protect client systems and data by monitoring and auditing staff user activity to ensure that it is only within the purview of system application development, system maintenance or the support roles assigned. 11. Vigilant agrees to inform Agency of any unauthorized, Inappropriate use of data or systems. 12. Vigilant will design software applications to facilitate FBI -0I5 compliant information handling, processing, storing, and communication of Agency. 13. Vigilant will advise Agency when any software application or equipment technical controls are not consistent with meeting FBI-CJIS Policy criteria for analysis and due consideration. 14. Vigilant agrees to use the existing Change Management process to sufficiently plan forsystem or software changes and updates with Rollback Plans. 15. Vigilant agrees to provide technical security controls that only permit authorized user access to Agency owned data and Vigilant systems as Intended by Agency and data owners. 16. Vigilant agrees to meet or exceed the FBI-UiS Security Policy complex password construction and change rules. 17. Vigilant will only provide access to Vigilant systems and Agency owned information through Agency managed role - based access and applied sharing rules configured by Agency. 18. Vigilant agrees to provide technical controls with additional levels of user Advanced Authentication in Physically Non -Secure Locations. 19. Vigilant agrees to provide compliant FIPS 140-2 Certified 128 -bit encryption to Agency owned data during transport and storage ("data at rest") while in the custody and control of Vigilant. 20. Vigilant agrees to provide firewalls and virus protection to protect networks, storage devices and data. 21. Vigilant agrees to execute archival, purges and/or deletion of data as configured by the data owner. 22. Vigilant agrees to provide auditing and alerting tools within the software applications so Agency can monitoraccess and activity of Vigilant support staff and Agency users for unauthorized access, disclosure, alteration or misuse of Agency owned data. (Vigilant support staff will only have access when granted by Agency.) 23. Vigilant will only perform direct support remote access to Agency systems/infrastructure when requested, authorized and physically granted access to the applications/systems by Agency. This activity will be documented by both parties. 24. Vigilant creates and retains activity transaction logs to enable auditing by Agency data owners and Vigilant staff. 25. Vigilant agrees to provide physical protection for the equipment -storing Agency data along with additional technical controls to protect physical and logical access to systems and data. 26. Vigilant agrees to participate in any Information or Technical Security Compliance Audit performed by Agency, state 015 System Agency or FBI-CJIS Division. 27. Vigilant agrees to perform independent employment background screening for Its' staff and participate in additional fingerprint background screening as required by Agency. 28. Vigilant agrees that Agency owns all Agency contributed data to include "hot -lists", scans, user information etc., is only shared as designated by the client and remains the responsibility and property of Agency. Agency: 1. Agency agrees to appoint an Agency Coordinator as a central Point of Contact for all FBI -UIS Security Policy related matters and to assign staff that are familiar with the contents of the FBI-CJIS Security Policy. Vigilant Solutions - Software Service Pi ogr,am Agreement ver. 1..7 ;,:-age 10 Of .t 1 VIGILANT s u L u r I o N r 2. Agency agrees to have the Agency Coordinator provide timely updates with specific information regarding any new FBI-CJIS, state or local information security policy requirements that may impact Vigilant compliance or system/application development and, to facilitate obtaining certifications, training, and fingerprint -based background checks as required. 3. Agency agrees to inform Vigilant when any FBI-CJIS Security Awareness Training, personnel background screening or execution of FBI -GIS Security Addendum Certifications are required. 4. Agency agrees to immediately inform Vigilant of any relevant data breach or cyber Incident, to include DDoS, Malware, Virus, etc. that may impact or harm Vigilant systems, operations, business partners and/or other Agencies, so proper analysis can be performed, and Incident Response Procedures can be initiated. 5. Agency agrees that they are responsible for the legality and compliance of information recorded, submitted or placed In Vigilant systems and use of that data. 6. Agency agrees that they are responsible for proper equipment operation and placement of equipment. 7. Agency agrees that they are responsible for vetting authorized user access to Vigilant systems with due consideration of providing potential access to non -Agency information. 8. Agency agrees that responsibility and control of persons granted access to purchased Vigilant systems, along with data stored and transmitted via Vigilant systems, Is that of the Agency. 9. Agency agrees that they have responsibility for all data security, handling and data protection strategies from point of acquisition, during transport and until submission ("Hotlist upload") into Vigilant systems. 10. Agency agrees to reinforce client staff policies and procedures for secure storage and protection of Vigilant system passwords. 11. Agency agrees to reinforce client staff policies for creating user accounts with only government domain email addresses. Exceptions will be granted in writing. 12. Agency agrees to reinforce client staff policies for not sharing user accounts, 13. Agency agrees to use Vigilant role -based access as designed to foster system security and Integrity. 14. Agency agrees that they control, and are responsible for, appropriate use and data storage policies as well as procedures for the data maintained outside the Vigilant systems. This includes when any Information is disseminated, extracted or exported out of Vigilant systems. 15. Agency agrees that they control and are responsible for developing policies, procedures and enforcement for applying deletion/purging and dissemination rules to Information within and outside the Vigilant systems. 16. Agency agrees that It Is their responsibility to ensure data and system protection strategies are accomplished through the tools provided by Vigilant for account and user management features along with audit and alert threshold features. 17. Agency agrees to use the "virtual escorting" security tools provided for managing client system remote access and monitor Vigilant support staff when authorized to assist the client. 18. Agency agrees that the Vigilant designed technical controls and tools will only be effective In conjunction with Agency created policies and procedures that guide user access and appropriate use of the system. 19. Agency agrees that information and services provided through Vigilant products do not provide any actionable Information, Agency users are responsible for the validity and accuracy of their data and developing procedures to verify Information with the record owner and other systems (NCIC) based upon the potential lead generated. Vigilant Solutions - Software Service Program Agreement ver. 1.1 Page 1 t of 11 IV City of Round Rock ROUTEXAS Raac Agenda Item Summary Agenda Number: Title: Consider executing a Software Service Agreement with Vigilant Solutions, LLC for the purchase of data access software. Type: City Manager Item Governing Body: City Manager Approval Agenda Date: 12/21/2018 Dept Director: Chief Allen J. Banks Cost: $8,370.00 Indexes: General Fund Attachments: LAF - Vigilant Software Services Agreement, Software_Service_Agmt - PD Vigilant Software 12.07.18 (00414463xA08F8), Vigilant Invoice Department: Police Department Text of Legislative File CM -2018-1993 The Department has for a few years subscribed to services from Vigilant Solutions Inc., which both stores data from the Police Department's automated license plate readers and allows the Department easy access to data collected in the city and throughout Texas and the nation. This agreement allows the Police Department's sworn personnel to use the LPR data to assist in preventing, solving crimes and reducing criminal activity. The data subscription shall be for a term of one (1) year from the effective date of this agreement. This agreement also provides (a) access to Vigilant Solutions security software product Law Enforcement Archival Reporting Network Server (LEARN) through web interface; (b) nationwide coverage to all Vigilant private LPR data; (c) unlimited use of Mobile Companion for Android and !Phone smartphones with direct link to Vigilant's national LEARN LPR database; and (d) includes unlimited technical support, software maintenance, bug fixes, patches, minor software upgrades, major software upgrades and all utilities released within the product evolution. Cost: $8370.00 Source of Funds: General Fund City of Round Rock page T Printed on 12/19/2019