Laserfiche WebLink
Agreement for TruePoint Services City of Redwood City <br />6.5 Breach Responsibilities. This section only applies when a Data Breach occurs with respect to <br />Customer Data within the possession or control of Consultant. <br />6.5.1 Consultant, unless stipulated otherwise, shall immediately notify the Contract Officer <br />by telephone in accordance with the agreed upon security plan or security procedures <br />if it reasonably believes there has been a Security Incident. <br />6.5.2 Consultant, unless stipulated otherwise, shall promptly notify the Contract Officer <br />within 24 hours or sooner by telephone, unless shorter time is required by applicable <br />law, if it confirms that there is, or reasonably believes that there has been a Data <br />Breach. Consultant shall (1) cooperate with the City as reasonably requested by the <br />City to investigate and resolve the Data Breach, (2) promptly implement necessary <br />remedial measures, if necessary, and (3) document responsive actions taken related to <br />the Data Breach, including any post -incident review of events and actions taken to <br />make changes in business practices in providing the Services, if necessary. <br />6.5.3 Unless otherwise stipulated, if a Data Breach is a direct result of Consultant's breach of <br />its contractual obligation to encrypt Customer Data or otherwise prevent its release, <br />Consultant shall bear the costs associated with (1) the investigation and resolution of <br />the Data Breach; (2) notifications to individuals, regulators or others required by state <br />(or federal) law; (3) a credit monitoring service required by state (or federal) law; (4) a <br />website or a toll-free number and call center for affected individuals required by state <br />law —all not to exceed the average per record per person cost calculated for data <br />breaches in the United States (currently $225 per record/person) in the most recent <br />Cost of Data Breach Study: Global Analysis published by the Ponemon Institute at the <br />time of the Data Breach; and (5) complete all corrective actions as reasonably <br />determined by Consultant based on root cause. <br />7.0 INSURANCE. Consultant shall obtain and maintain for the duration of the Agreement and any and all <br />amendments, insurance against claims for injuries to persons or damage to property which may arise <br />out of or in connection with performance of the Services by Consultant or Consultant's agents, <br />representatives, employees or subcontractors. The insurance carrier is required to maintain an A.M. <br />Best rating of not less than "A -:VII". <br />7.1 Coverages and Limits. Consultant, at its sole expense, shall maintain the types of coverages <br />and minimum limits indicated below, unless otherwise approved by City in writing. These <br />minimum amounts of coverage will not constitute any limitations or cap on Consultant's <br />indemnification obligations under this Agreement. <br />7.1.1 Commercial General Liability Insurance. Consultant shall maintain occurrence based <br />coverage with limits not less than $2,000,000 per occurrence. if the submitted policies <br />contain aggregate limits, such limits will apply separately to the Services, project, or <br />location that is the subject of this Agreement or the aggregate will be twice the <br />required per occurrence limit. The Commercial General Liability insurance policy shall <br />be endorsed to name the City, its officers, agents, employees and volunteers as <br />additional insureds, and to state that the insurance will be primary and not contribute <br />with any insurance or self-insurance maintained by the City. <br />REV; 04-23-19 PR <br />Page 6 of 64 <br />ATTY/AGR.2019.106/TruePoint TrueBill Utility Billing System <br />