The URL can be used to link to this page

Home My WebLink AboutCO 2025-039 - Public Technology InstituteDocusign Envelope ID: C79AC05A-62D8-4996-86BE-D9913E3DEFFA rr=5 u r AGREEMENT FOR PROFESSIONAL SERVICES THIS AGREEMENT is made and entered into this 26th day of February 2025, by and between the City of Rancho Cucamonga, a municipal corporation ("City") and Public Technology Institute a division of Fusion Learning Partners ("Consultant"). RECITALS A. City has heretofore issued its request for proposals to perform the following professional services: cybersecurity and related services ("the Project"). B. Consultant has submitted a proposal to perform the professional services described in Recital "A", above, necessary to complete the Project. C. City desires to engage Consultant to complete the Project in the manner set forth and more fully described herein. D. Consultant represents that it is fully qualified and licensed under the laws of the State of California to perform the services contemplated by this Agreement in a good and professional manner. AGREEMENT NOW, THEREFORE, in consideration of performance by the parties of the mutual promises, covenants, and conditions herein contained, the parties hereto agree as follows: 1. Consultant's Services. 1.1 Scope and Level of Services. Subject to the terms and conditions set forth in this Agreement, City hereby engages Consultant to perform all technical and professional services described in Recitals "A" and "B" above, including, but not limited to assist the Cyber Security Team in achieving its cybersecurity goals, all as more fully set forth in the Consultant's proposal, dated February 14, 2025 and entitled "A Proposal for Cybersecurity and Related Services For The City of Rancho Cucamonga, California By The Public Technology Institute", attached hereto as Exhibit "A", and incorporated by reference herein. The nature, scope, and level of the services required to be performed by consultant are set forth in the Scope of Work and are referred to herein as "Project Scope." In the event of any inconsistencies between the Scope of Work and this Agreement, the terms and provisions of this Agreement shall control. 1.2 Revisions to Scope of Work. Upon request of the City, the Consultant will promptly meet with City staff to discuss any revisions to the Project desired by the City. Consultant agrees that the Scope of Work may be amended based PSA with Professional Liabilay Insurance (von -Design) Page 1 Last Revised: 11,1212020 Docusign Envelope ID: C79AC05A-62D8-4996-86BE-D9913E3DEFFA upon said meetings, and, by amendment to this Agreement, the parties may agree on a revision or revisions to Consultant's compensation based thereon. A revision pursuant to this Section that does not increase the total cost payable to consultant by more than ten percent (10%) of the total compensation specified in Section 3, may be approved in writing by City's City Manager without amendment. 1.3 Time for Performance. Consultant shall perform all services under this Agreement in a timely, regular basis consistent with industry standards for professional skill and care, and in accordance with any schedule of performance set forth in the Scope of Work, or as set forth in a "Appendix A - Statement of Work', if such Schedule is attached hereto. 1.4 Standard of Care. As a material inducement to City to enter into this Agreement, Consultant hereby represents that it has the experience necessary to undertake the services to be provided. In light of such status and experience, Consultant hereby covenants that it shall follow the customary professional standards in performing the Services. 1.5 Familiarity with Services. By executing this Agreement, Consultant represents that, to the extent required by the standard of practice, Consultant (a) has investigated and considered the scope of services to be performed, (b) has carefully considered how the services should be performed, and (c) understands the facilities, difficulties and restrictions attending performance of the services under this Agreement. Consultant represents that Consultant, to the extent required by the standard of practice, has investigated any areas of work, as applicable, and is reasonably acquainted with the conditions therein. Should Consultant discover any latent or unknown conditions, which will materially affect the performance of services, Consultant shall immediately inform City of such fact and shall not proceed except at Consultant's risk until written instructions are received from the City Representative. 2. Term of Agreement. The term of this Agreement shall be two (2) years and shall become effective as of the date of the mutual execution by way of both parties signature (the "Effective Date"). No work shall be conducted; service or goods will not be provided until this Agreement has been executed and above requirements have been fulfilled. 3. Compensation. 3.1 Compensation. City shall compensate Consultant as set forth in Exhibit A, provided, however, that full, total and complete amount payable to Consultant shall not exceed $116,908 which includes a 10% contingency (one hundred sixteen thousand nine hundred eight), including all out-of-pocket expenses, unless additional compensation is approved by the City Council. City shall not withhold any federal, state or other taxes, or other deductions. However, City shall withhold not more than ten percent (10%) of any invoice amount pending receipt of any deliverables reflected in such invoice. Under no circumstance shall Consultant be entitled to compensation for services not yet satisfactorily performed. PSA frith Professional Liability Insurance (,'Von -Design) Page 2 Last Revised• 11/1212020 Docusign Envelope ID: C79AC05A-62D8-4996-86BE-D9913E3DEFFA The parties further agree that compensation may be adjusted in accordance with Section 1.2 to reflect subsequent changes to the Scope of Services. City shall compensate Consultant for any authorized extra services as set forth in Exhibit A. 4. Method of Payment. 4.1 Invoices. Consultant shall submit to City monthly invoices for the Services performed pursuant to this Agreement. The invoices shall describe in detail the Services rendered during the period and shall separately describe any authorized extra services. Any invoice claiming compensation for extra services shall include appropriate documentation of prior authorization of such services. All invoices shall be remitted to the City of Rancho Cucamonga, California. 4.2 City shall review such invoices and notify Consultant in writing within ten (10) business days of any disputed amounts. 4.3 City shall pay all undisputed portions of the invoice within thirty (30) calendar days after receipt of the invoice up to the not -to -exceed amounts set forth in Section 3. 4.4 All records, invoices, timecards, cost control sheets and other records maintained by Consultant relating to services hereunder shall be available for review and audit by the City. 5. Representatives. 5.1 City Representative. For the purposes of this Agreement, the contract administrator and City's representative shall be Isaiah Aguilera, or such other person as designated in writing by the City ("City Representative"). It shall be Consultant's responsibility to assure that the City Representative is kept informed of the progress of the performance of the services, and Consultant shall refer any decisions that must be made by City to the City Representative. Unless otherwise specified herein, any approval of City required hereunder shall mean the approval of the City Representative. 5.2 Consultant Representative. For the purposes of this Agreement, Barry Condrey is hereby designated as the principal and representative of Consultant authorized to act in its behalf with respect to the services specified herein and make all decisions in connection therewith ("Consultant's Representative"). It is expressly understood that the experience, knowledge, capability and reputation of the Consultant's Representative were a substantial inducement for City to enter into this Agreement. Therefore, the Consultant's Representative shall be responsible during the term of this Agreement for directing all activities of Consultant and devoting sufficient time to personally supervise the services hereunder. Consultant may not change the Responsible Principal without the prior written approval of City. PSA with Professional Liability Insurance (Non -Design) Page 3 Last Revised: 11/12/2020 Docusign Envelope ID: C79AC05A-62D8-4996-86BE-D9913E3DEFFA 6. Consultant's Personnel. 6.1 All Services shall be performed by Consultant or under Consultant's direct supervision, and all personnel shall possess the qualifications, permits, and licenses required by State and local law to perform such Services, including, without limitation, a City business license as required by the City's Municipal Code. 6.2 Consultant shall be solely responsible for the satisfactory work performance of all personnel engaged in performing the Services and compliance with the standard of care set forth in Section 1.4. 6.3 Consultant shall be responsible for payment of all employees' and subcontractors' wages and benefits and shall comply with all requirements pertaining to employer's liability, workers' compensation, unemployment insurance, and Social Security. By its execution of this Agreement, Consultant certifies that it is aware of the provisions of Section 3700 of the California Labor Code that require every employer to be insured against liability for Worker's Compensation or to undertake self-insurance in accordance with the provisions of that Code and agrees to comply with such provisions before commencing the performance of the Services. 6.4 Consultant shall indemnify, defend and hold harmless City and its elected officials, officers and employees, servants, designated volunteers, and agents serving as independent contractors in the role of city or agency officials, from any and all liability, damages, claims, costs and expenses of any nature to the extent arising from Consultant's violations of personnel practices and/or any violation of the California Labor Code. City shall have the right to offset against the amount of any fees due to Consultant under this Agreement any amount due to City from Consultant as a result of Consultant's failure to promptly pay to City any reimbursement or indemnification arising under this Section 6. 7. Ownership of Work Product. 7.1 Ownership. All documents, ideas, concepts, electronic files, drawings, photographs and any and all other writings, including drafts thereof, prepared, created or provided by Consultant in the course of performing the Services, including any and all intellectual and proprietary rights arising from the creation of the same (collectively, "Work Product"), are considered to be "works made for hire" for the benefit of the City. Upon payment being made, and provided Consultant is not in breach of this Agreement, all Work Product shall be and remain the property of City without restriction or limitation upon its use or dissemination by City. Basic survey notes, sketches, charts, computations and similar data prepared or obtained by Consultant under this Agreement shall, upon request, be made available to City. None of the Work Product shall be the subject of any common law or statutory copyright or copyright application by Consultant. In the event of the return of any of the Work Product to Consultant or its representative, Consultant shall be responsible for its safe return to City. Under no circumstances shall Consultant fail to deliver any draft or final designs, plans, drawings, reports or specifications to City upon written demand by City for their delivery, PSA frith Professional Liability Insurance (Non -Design) Page 4 Last Revised: 11112,2020 Docusign Envelope ID: C79AC05A-62D8-4996-86BE-D9913E3DEFFA notwithstanding any disputes between Consultant and City concerning payment, performance of the contract, or otherwise. This covenant shall survive the termination of this Agreement. City's reuse of the Work Product for any purpose other than the Project, shall be at City's sole risk. 7.2. Assignment of Intellectual Property Interests: Upon execution of this Agreement and to the extent not otherwise conveyed to City by Section 7.1, above, the Consultant shall be deemed to grant and assign to City, and shall require all of its subcontractors to assign to City, all ownership rights, and all common law and statutory copyrights, trademarks, and other intellectual and proprietary property rights relating to the Work Product and the Project itself, and Consultant shall disclaim and retain no rights whatsoever as to any of the Work Product, to the maximum extent permitted by law. City shall be entitled to utilize the Work Product for any and all purposes, including but not limited to constructing, using, maintaining, altering, adding to, restoring, rebuilding and publicizing the Project or any aspect of the Project. 7.3 Title to Intellectual Property. Consultant warrants and represents that it has secured all necessary licenses, consents or approvals to use any instrumentality, thing or component as to which any intellectual property right exists, including computer software, used in the rendering of the Services and the production of the Work Product and/or materials produced under this Agreement, and that City has full legal title to and the right to reproduce any of the Work Product. Consultant shall defend, indemnify and hold City, and its elected officials, officers, employees, servants, attorneys, designated volunteers, and agents serving as independent contractors in the role of city officials, harmless from any loss, claim or liability in any way related to a claim that City's use is violating federal, state or local laws, or any contractual provisions, relating to trade names, licenses, franchises, patents or other means of protecting intellectual property rights and/or interests in products or inventions. Consultant shall bear all costs arising from the use of patented, copyrighted, trade secret or trademarked documents, materials, software, equipment, devices or processes used or incorporated in the Services and materials produced under this Agreement. In the event City's use of any of the Work Product is held to constitute an infringement and any use thereof is enjoined, Consultant, at its expense, shall: (a) secure for City the right to continue using the Work Product by suspension of any injunction or by procuring a license or licenses for City; or (b) modify the Work Product so that it becomes non - infringing. This covenant shall survive the termination of this Agreement. 8. Status as Independent Contractor. Consultant is, and shall at all times remain as to City, a wholly independent contractor. Consultant shall have no power to incur any debt, obligation, or liability on behalf of City or otherwise act as an agent of City. Neither City nor any of its agents shall have control over the conduct of Consultant or any of Consultant's employees, except as set forth in this Agreement. Consultant shall not, at any time, or in any manner, represent that it or any of its officers, agents or employees are in any manner employees of City. Consultant shall pay all required taxes on amounts paid to Consultant under this Agreement, and to defend, indemnify and hold City harmless from any and all taxes, assessments, penalties, and interest asserted against PSA with Professional Liability Insurance (Aron -Design) Page 5 Last Remised: 1111212020 Docusign Envelope ID: C79AC05A-62D8-4996-86BE-D9913E3DEFFA City by reason of the independent contractor relationship created by this Agreement. Consultant shall fully comply with the workers' compensation law regarding Consultant and Consultant's employees. 9. Confidentiality. Consultant may have access to financial, accounting, statistical, and personnel data of individuals and City employees. Consultant covenants that all data, documents, discussion, or other in formation developed or received by Consultant or provided for performance of this Agreement are confidential and shall not be disclosed by Consultant without prior written authorization by City. City shall grant such authorization if applicable law requires disclosure. All City data shall be returned to City upon the termination of this Agreement. Consultant's covenant under this section shall survive the termination of this Agreement. This provision shall not apply to information in whatever form that is in the public domain, nor shall it restrict the Consultant from giving notices required by law or complying with an order to provide information or data when such an order is issued by a court, administrative agency or other legitimate authority, or if disclosure is otherwise permitted by law and reasonably necessary for the Consultant to defend itself from any legal action or claim. 10. Conflict of Interest. 10.1 Consultant covenants that it presently has no interest and shall not acquire any interest, direct or indirect, which may be affected by the Services, or which would conflict in any manner with the performance of the Services. Consultant further covenants that, in performance of this Agreement, no person having any such interest shall be employed by it. Furthermore, Consultant shall avoid the appearance of having any interest, which would conflict in any manner with the performance of the Services. Consultant shall not accept any employment or representation during the term of this Agreement which is or may likely make Consultant "financially interested" (as provided in California Government Code §§1090 and 87100) in any decision made by City on any matter in connection with which Consultant has been retained. 10.2 Consultant further represents that it has not employed or retained any person or entity, other than a bona fide employee working exclusively for Consultant, to solicit or obtain this Agreement. Consultant has not paid or agreed to pay any person or entity, other than a bona fide employee working exclusively for Consultant, any fee, commission, gift, percentage, or any other consideration contingent upon the execution of this Agreement. Upon any breach or violation of this warranty, City shall have the right, at its sole and absolute discretion, to terminate this Agreement without further liability, or to deduct from any sums payable to Consultant hereunder the full amount or value of any such fee, commission, percentage or gift. 10.3 Consultant has no knowledge that any officer or employee of City has any interest, whether contractual, noncontractual, financial, proprietary, or otherwise, in this transaction or in the business of Consultant, and that if any such interest comes to the knowledge of Consultant at any time during the term of this Agreement, Consultant shall immediately make a complete, written disclosure of such interest to City, even if PSA with Professional Liability Insurance (Non -Design) Page 6 Last Rerised: 11112f2020 Docusign Envelope ID: C79AC05A-62D8-4996-86BE-D9913E3DEFFA such interest would not be deemed a prohibited "conflict of interest" under applicable laws as described in subsection 10.1. 11. Indemnification. 11.1 Professional Services. In connection with its professional services, the Consultant shall defend, hold harmless and indemnify City, and its elected officials, officers, employees, servants.. volunteers, and agents serving as independent contractors in the role of city or agency officials, (collectively, "Indemnitees"), with respect to any and all damages, liabilities, losses, reasonable defense costs or expenses (collectively, "Claims"), including but not limited to liability for death or injury to any person and injury to any property, to the extent the same out of, pertain to, or relate to the negligence, recklessness, or willful misconduct of the Consultant or any of its officers, employees, subcontractors, consultants, or agents in the performance of its professional services under this Agreement. Consultant shall reimburse all reasonable defense costs and expenses, including actual attorney's fees and experts' costs incurred in connection with such defense. 11.2 Other Indemnities. In connection with all Claims not covered by Section 11.1. the Consultant shall defend, hold harmless and indemnify the Indemnitees with respect to any and all Claims including but not limited to Claims relating to death or injury to any person and injury to any property, which arise out of, pertain to, or relate to the non-professional acts, omissions, activities or operations of Consultant or any of its officers, employees, subcontractors, consultants, or agents in the performance of this Agreement. Consultant shall defend Indemnitees in any action or actions filed in connection with any such Claims with counsel of City's choice, and shall pay all costs and expenses, including actual attorney's fees and experts' costs incurred in connection with such defense. 11.3 Nonwaiver of Rights. Indemnitees do not, and shall not, waive any rights that they may possess against Consultant because of the acceptance by City, or the deposit with City, of any insurance policy or certificate required pursuant to this Agreement. 11.4 Waiver of Right of Subrogation. Except as otherwise expressly provided in this Agreement, Consultant, on behalf of itself and all parties claiming under or through it, hereby waives all rights of subrogation against the Indemnitees, while acting within the scope of their duties, from all claims, losses and liabilities arising out of or incident to activities or operations performed by or on behalf of the Consultant. 11.5 Survival. The provisions of this Section 11 shall survive the termination of the Agreement and are in addition to any other rights or remedies which Indemnitees may have under the law. Payment is not required as a condition precedent to an Indemnitee's right to recover under this indemnity provision, and an entry of judgment against Consultant shall be conclusive in favor of the Indemnitee's right to recover under this indemnity provision. PSA with Professional Liahility Insurance Oran -Design) Page 7 Last Revised: 1111212020 Docusign Envelope ID: C79AC05A-62D8-4996-86BE-D9913E3DEFFA 12. Insurance. 12.1 Liability Insurance. Consultant shall procure and maintain in full force and effect for the duration of this Agreement, insurance against claims for injuries to persons or damages to property which may arise from or in connection with the performance of the services hereunder by Consultant, and/or its agents, representatives, employees and subcontractors. 12.2 Minimum Scope of Insurance. Unless otherwise approved by City, coverage shall be at least as broad as: less than: (1) Insurance Services Office Commercial General Liability coverage (occurrence form CG 0001). (2) If needed, Insurance Services Office form number CA 0001 (Ed. 1 /87) covering Automobile Liability, code 1 (any auto). (3) Worker's Compensation insurance as required by the State of California, and Employer's Liability Insurance. (4) Technology Professional Liability Errors & Omissions policy to include Cyber coverage unless Cyber coverage is in the Crime policy. (5) Professional Liability insurance in a form approved by the City, having an extended reporting period of not less than three (3) years; or Professional Liability insurance shall be maintained for a period of three (3) years after completion of the Services which shall, during the entire three (3) year period, provide protection against claims of professional negligence arising out of Consultant's performance of the Services and otherwise complying with all applicable provisions of this Section 13. Either policy shall be endorsed to include contractual liability to the extent insurable. 12.3 Minimum Limits of Insurance. Consultant shall maintain limits no (1) Commercial General Liability: $2,000,000 per occurrence for bodily injury, personal injury and property damage. Commercial General Liability Insurance with a general aggregate limit shall apply separately to this Agreement or the general limit shall be twice the required occurrence limit. PSA with Professional Liability Insurance (Rion -Design) Page 8 Last Revised: 1111212020 Docusign Envelope ID: C79AC05A-62D8-4996-86BE-D9913E3DEFFA (2) If needed Automobile Liability: $2,000,000 per accident for bodily injury and property damage. (3) Employer's Liability: $1,000,000 per accident and in the aggregate for bodily injury or disease and Workers' Compensation Insurance in the amount required by law. (4) Technology Professional Liability Errors & Omissions policy to include Cyber coverage unless Cyber coverage is in the Crime policy with a limit of no less than $1,000,000 per occurrence. (5) Professional Liability: $1,000,000 per claim/aggregate. 12.4 Deductibles and Self -Insured Retentions. Any deductibles or self - insured retentions must be declared to and approved by the City. 12.5 Other Insurance Provisions. (1) The commercial general liability and automobile liability policies are to contain the following provisions on a separate additionally insured endorsement naming the City, its officers, officials, employees, designated volunteers and agents serving as independent contractors in the role of city or agency officials, are to be covered as additional insureds as respects: liability arising out of activities performed by or on behalf of Consultant; products and completed operations of Consultant; premises owned, occupied or used by Consultant; and/or automobiles owned, leased, hired or borrowed by Consultant. The coverage shall contain no limitations on the scope of protection afforded to City, its officers, officials, employees, designated volunteers or agents serving as independent contractors in the role of City or agency officials which are not also limitations applicable to the named insured. (2) For any claims related to this Agreement, Consultant's insurance coverage shall be primary insurance as respects City, its officers, officials, employees, designated volunteers and agents serving as independent contractors in the role of city or agency officials. Any insurance or self- insurance maintained by City, their officers, officials, employees, designated volunteers or agents serving as independent contractors in the role of city or agency officials shall be excess of Consultant's insurance and shall not contribute with it. PSA with Professional Liability Insurance (Non -Design) Page 9 Last Remised: 1111212020 Docusign Envelope ID: C79AC05A-62D8-4996-86BE-D9913E3DEFFA (3) Consultant's insurance shall apply separately to each insured against whom claim is made or suit is brought, except with respect to the limits of the insurer's liability. (4) Each insurance policy required by this clause shall be endorsed to state that coverage shall not be canceled except after 30 days prior written notice by first class mail has been given to City (ten (10) days prior written notice for non-payment of premium). Consultant shall provide thirty (30) days written notice to City prior to implementation of a reduction of limits or material change of insurance coverage as specified herein. (5) Each insurance policy, required by this clause shall expressly waive the insurer's right of subrogation against City and its elected officials, officers, employees, servants, attorneys, designated volunteers, and agents serving as independent contractors in the role of city or agency officials. (6) Be issued by an insurance company approved in writing by City, which is admitted and licensed to do business in the State of California and which is rated A:VII or better according to the most recent A.M. Best Co. Rating Guide. (7) Specify that any failure to comply with reporting or other provisions of the required policy, including breaches of warranty, shall not affect the coverage required to be provided. (8) Specify that any and all costs of adjusting and/or defending any claim against any insured, including court costs and attorneys' fees, shall be paid in addition to and shall not deplete any policy limits. (9) Other required insurance, endorsements, or exclusions as required by the City in any request for proposals applicable to this Agreement. 12.6 Evidence of coverage. Prior to commencing performance under this Agreement, the Consultant shall furnish the City with certificates and original endorsements, or copies of each required policy, effecting and evidencing the insurance coverage required by this Agreement. The endorsements shall be signed by a person authorized by the insurer(s) to bind coverage on its behalf. All endorsements or policies shall be received and approved by the City before Consultant commences performance. If performance of this Agreement shall extend beyond one year, Consultant shall provide PSA with Professional Liability Insurance (Non -Design) Page 10 Last Reilsed: 11/12f2020 Docusign Envelope ID: C79AC05A-62D8-4996-86BE-D9913E3DEFFA City with the required policies or endorsements evidencing renewal of the required policies of insurance prior to the expiration of any required policies of insurance. 13. Cooperation. In the event any claim or action is brought against City relating to Consultant's performance or services rendered under this Agreement, Consultant shall render any reasonable assistance and cooperation that City might require. City shall compensate Consultant for any litigation support services in an amount to be agreed upon by the parties. 14. Termination. City shall have the right to terminate this Agreement at any time for any or no reason on not less than ten (10) days prior written notice to Consultant. In the event City exercises its right to terminate this Agreement, City shall pay Consultant for any services satisfactorily rendered prior to the effective date of the termination, provided Consultant is not then in breach of this Agreement. Consultant shall have no other claim against City by reason of such termination, including any claim for compensation. City may terminate for cause following a default remaining uncured more than five (5) business days after service of a notice to cure on the breaching party. Consultant may terminate this Agreement for cause upon giving the City ten (10) business days prior written notice for any of the following: (1) uncured breach by the City of any material term of this Agreement, including but not limited to Payment Terms; (2) material changes in the conditions under which this Agreement was entered into, coupled with the failure of the parties to reach accord on the fees and charges for any Additional Services required because of such changes. 15. Notices. Any notices, bills, invoices, or reports authorized or required by this Agreement shall be in writing and shall be deemed received on (a) the day of delivery if delivered by hand or overnight courier service during Consultant's and City's regular business hours; or (b) on the third business day following deposit in the United States mail, postage prepaid, to the addresses set forth in this section, or to such other addresses as the parties may, from time to time, designate in writing pursuant to the provisions of this section. All notices shall be addressed as follows: If to City: City of Rancho Cucamonga Attn: Isaiah Aguilera 10500 Civic Center Dr. Rancho Cucamonga, CA 91730 If to Consultant: Public Technology Institute a division of Fusion Learning Partners Attn: Mary Wynne 1400 Van Buren Street NE, Suite 200 Minneapolis, MN 55109 Page 11 PSA with Professional Liability Insurance (Non -Design) Last Remised: 11112,2020 Docusign Envelope ID: C79AC05A-62D8-4996-86BE-D9913E3DEFFA 16. Non -Discrimination and Equal Employment Opportunity. In the performance of this Agreement, Consultant shall not discriminate against any employee, subcontractor, or applicant for employment because of race, color, creed, religion, sex, marital status, national origin, ancestry, age, physical or mental handicap, medical condition, or sexual orientation. Consultant will take affirmative action to ensure that subcontractors and applicants are employed, and that employees are treated during employment, without regard to their race, color, creed, religion, sex, marital status, national origin, ancestry, age, physical or mental handicap, medical condition, or sexual orientation. 17. Assignment and Subcontracting. Consultant shall not assign or transfer any interest in this Agreement or subcontract the performance of any of Consultant's obligations hereunder without City's prior written consent. Except as provided herein, any attempt by Consultant to so assign, transfer, or subcontract any rights, duties, or obligations arising hereunder shall be null, void and of no effect. 18 Compliance with Laws. Consultant shall comply with all applicable federal, state and local laws, ordinances, codes and regulations in force at the time Consultant performs the Services. 19. Non -Waiver of Terms, Rights and Remedies. Waiver by either party of any one or more of the conditions of performance under this Agreement shall not be a waiver of any other condition of performance under this Agreement. In no event shall the making by City of any payment to Consultant constitute or be construed as a waiver by City of any breach of covenant, or any default which may then exist on the part of Consultant, and the making of any such payment by City shall in no way impair or prejudice any right or remedy available to City with regard to such breach or default. 20. Attorney's Fees. In the event that either party to this Agreement shall commence any legal action or proceeding to enforce or interpret the provisions of this Agreement, the prevailing party in such action or proceeding shall be entitled to recover its costs of suit, including reasonable attorney's fees and costs of experts. 21. Exhibits; Precedence. All documents referenced as exhibits in this Agreement are hereby incorporated in this Agreement. In the event of any material discrepancy between the express provisions of this Agreement and the provisions of any document incorporated herein by reference, the provisions of this Agreement shall prevail. 22. Applicable Law and Venue. The validity, interpretation, and performance of this Agreement shall be controlled by and construed under the laws of the State of California. Venue for any action relating to this Agreement shall be in the San Bernardino County Superior Court. 23. Construction. In the event of any asserted ambiguity in, or dispute regarding the interpretation of any matter herein, the interpretation of this Agreement shall not be resolved by any rules of interpretation providing for interpretation against the PS.A frith Professional Liability Insurance (Non -Design) Page 12 Last Revised: 1111212020 Docusign Envelope ID: C79AC05A-62D8-4996-86BE-D9913E3DEFFA party who causes the uncertainty to exist or against the party who drafted the Agreement or who drafted that portion of the Agreement. 24. Entire Agreement. This Agreement consists of this document, and any other documents, attachments and/or exhibits referenced herein and attached hereto, each of which is incorporated herein by such reference, and the same represents the entire and integrated agreement between Consultant and City. This Agreement supersedes all prior oral or written negotiations, representations or agreements. This Agreement may not be arnended, nor any provision or breach hereof waived, except in a writing signed by the patties which expressly refers to this Agreement. IN WITNESS WHEREOF, the parties, through their respective authorized representatives, have executed this Agreement as of the date first written above. Public Technology Institute a division of Fusion City of Rancho Cucamonga LearninZ Parytnersgnea gned by: Ujyvkv' 4/1/2025 1 11:25 AM PDTC' tWs6v' 4/2/2025 1 7:04 PM PDT By: B0HG!BGG0493- y' Name Date Name Date Chief Executive officer Title L y: E`hW 4/2/2025 5:04 PM PDT ByED23743&.,. Narne Date Director Technology Services City Manager Title City of Rancho Cucamonga By: Name Title Title (two signatures required if corporation) Approval Date Buyer II, Purchasing Alternate, Risk Management Coordinator PSA frith Professional Liability Insurance (Non -Design) Page 13 Last Revise& 11112 2020 Docusign Envelope ID: C79AC05A-62D8-4996-86BE-D9913E3DEFFA SCOPE OF SERVICES PSA with Professional Liability Insurance (.Non -Design) Page 14 Last Remised: 1111212020 nocusigoEnvelope ID: C7exc05A-6208-4996-86eE-D9e13e3osppA By The Public Technology Institute Barry Condrey~Director Technology Services February 14 ,2025 Contents Respondent Information and Introduction .... .............................. ......................... --.......... ................ 2 ProjectScope ........ ---........ .................................................... .............. .............................................. S Project Leadership Team and Expehence.......................... —......... ............ —.......................... --....... 4 InvestmentSummary ........ -------....... --.............. —................................. .................. —............ 6 AppendixStatement ofWork ................................................................ ...................... ......................... 7 Service 1—Backup Governance Plan ............. .............................................. ........ ................................ 7 Service 2—Disaster Recovery Plan .................... ................................... ........................................... ..... 7 Service 3—Disaster Recovery Plan Training .... ....................................................................................... 9 Service 4—Disaster Recovery Plan Tabletop Exercses............... .......... .......... —...................... .......... 9 Service 5—External Penetration Testing .................................................................................. —.......... 9 Service 6—Professional 8envices................... —... ..... ......................................................................... IO Appendix B—External Network Penetration Test Statement of Work ...................................... .............. 1I ouousignEnvelope ID: crexoosx-6zon-4eeo-8sae-DVa1asaoEFrA PUBLIC A MVISION OF FUSION LEARNING PARTNERS TECHNOLOGY INSTUTUTE Respondent Information and Introduction The Public Technology Institute /PT|ianational, non-profit technology solutions, research and professional development organization is now a subsidiary of the nonprofit Fusion Learning Partners. We are pleased to have the opportunity to present to the City of Rancho Cucamonga, California a proposal for cybersecurity and related services. Created by and for city and county government, PTI is in its 54 th year of working with a core network of leading local government officials to identify opportunities for technology services, education, research and consulting engagements. government jurisdictions in the area of technology assessment, IT governance,cvbersecuhty and artificial intelligence. PTI has become the leading authority throughout the nation regarding City and County technology solutions. Through research via surveys, interviews with practitioners, and the review ofleading practices, coupled with partnerships with industry, federal agencies, and other governmental organizations, PTI shares the results of its activities and the expertise of its members with the broader audience of the more than 80,000 U.S. cities and counties and governmental entities. PTI also focuses on the needs of the local government technology executive and staff and has been selected to serve as the national coordinator for a series of new CIO and Technology Leadership certification programs offered by 4 nationally recognized institutions of higher learning, Our unparalleled programs set industry standards, foster skills development, and generate knowledge and insight every day. More information about PTI and our parent company, Fusion Learning Partners, may be found at t|��' 21Pa�e ouousignEnvelope ID: C7eAC05x-62oe-4ee6-86ae-D9e13s3oEppA �&�� m ��°� �� mu�n�omm��~��v 8�� e�~m�u��mu~A MVISION OF FUSION LEARNING PARTNERS Project Scope PTI proposes to deliver six services to assist the City in achieving its cybersecurity goals. delivered together, Our recommendation is to complete Service 1 - Backup Governance Plan before the completion of Service 2 - Disaster Recovery Plan. An effective and comprehensive approach to safeguarding the software and data assets for the City will be crucial in recovering from disasters and testing the plans. Services include: Backup Governance Plan This will provide policies and procedures for the City backups, based onthe criticality tiers ofthe applications and data. Existing polices as well as backup configurations, application inventory and backup practices will be 2. Disaster Recovery Plan - This comprises three milestones. First, a project plan will be developed to guide the effort, questions will be developed for the interviews and a list of due diligence materials will be delivered, Second, interviews with business users and IT staff will be conducted and due diligence material reviewed. Third, the disaster recovery plan and handbook will be created to support the recovery objectives. 1 Disaster Recovery Plan Training — Having a plan is not enough. Staff need to train on how to use the plan, when to use it, what the different section of the plan mean and how to react in a crisis. PTI staff will develop and hold a virtual training class on the plan 4. Disaster Recovery Plan Tabletop Exercises —To beeffective, the plan will need tobe tested. PT1 staff will design and deliver the first tabletop exercise on site, working closely with City staff to equip them to design and deliver the second tabletop exercise and future exercises. 5. External Network Penetration Testing — This service is provided by a PTI subcontracto Syrinx Technologies. Syrinx Technologies is a small business founded in 2007 in Henric Virginia, focused exclusively on penetration testing. With 18 years in business and ove 1,000 penetration tests, Syrinx has established a track record of quality and attention detail. The penetration testing is highlighted in appendix A and detailed in appendix B. 6. Professional Services -These are included as away of providing flexibility to the City t account for the inevitable needs that will emerge, often in an unexpected fashion. PTI prepared to assist the City with a full spectrum of information technology services and For each service, the approximate City staff time required has been estimated. This includes time to gather and provide due diligence materials, review deliverables and attend meetings. 3 1Pa�c 000umonEnvelope ID: orsxcnnx-6aoe-4eee-800E-oee1aEnoeFpx kU�0�� *� TECHNOLOGY ��0�� n^�~�muo*�,u�A DIVISION OF FUSION LEARNING PARTNERS Please refer to appendix A for the detailed scope of work, pricing, delivery timeframes, description of deliverables and other details. Effective project management is important to ensure the City receives the best value in the shortest period of time for these services. All prices include professional and creclentialed project management services. Project Leadership Team and Experience Barry will serve as engagement lead for this partnership. Before joining PTI, Barry was the CIO for Chesterfield County, Virginia for 17 years. Under his leadership Chesterfield County was four times recognized as the #1 digital county in the USA. He has worked in the IT field for over 41 years holding a wide range of technology leadership positions in the public and private sectors. Barry holds a master's degree in public leadership with a minor in economics from Virginia State University and a bachelor's degree in computer science from DeVryUniversity. Hehas been adjunct faculty for Virginia Commonwealth University and is currently adjunct faculty for the Public Technology Institute in the certified government CIO program. Barry has been an active NACo contributor, a gubernatorial appointee to the Virginia elections security standards workgroup and a two-time president of the Virginia Local Government IT Executives /VAUG|TE\ organization. He is certified government CIO (CGCIO), a certified information security manager (CISM) and a national top 25 Doer, Dreamer & Driver, He likes to teach, research technology, write code and biog about technology leadership from his home in Moseley, Virginia. Richard Blair will serve as cybersecurity lead on this partnership. Richard graduated from Virginia Commonwealth University in 1983 with a degree in Computer Science and in 2010 with a master's in information systems. He has over 30 years of experience in the Information Technology and Information Security fields. He has designed and delivered many disaster and continuity solutions for local government clients. He has served numerous roles in Information Technology, including deputy CIO for Chesterfield County, Virginia, CIO at McGuireWoods, LLP, CISO for United Network for Organ Sharing and CapCenter, as well as Director, Manager, Engineer, and Architect. Richard also 41Pa�,e onouaignEnvelope ID: croAcnsA-62oo-4pee-8sBE-ono1nEaosppA �Q��D�� PUBLIC 'TECHNOLOGY (4)L INSTITUTE mUxE AoVISIOwOF FUSION LEARNING PARTNERS served as an adjunct professor with the VCU Information Systems Department, teaching systems management, computer networking, and cybersecurity. Hecurrently provides security consulting through his Cornerstone Information Security LLC, and is the co-founder of The Pembroke Foundation, a 501(c)(3) corporation providing scholarship assistance tofinancially disadvantaged high school seniors. K4e[srole will serve the City with project nnanagernentandfed|Ketion. Prior toPT|,Me[ was the CIO for 8years atthe League ofMinnesota Cities, |nher role she supported cities across Minnesota with their technology initiatives with contract review, risk and loss control, educational workshops, training and one-on-one consulting. K4e| holds K45 in Management Information Systems, and a8SinSpeech Communications. She has acertificate inCvberseourbvand Data Privacy Law, isacertified Project K8anaQer/PMP\ and Certified Scrum Master. Prior to the League, Mel worked in technology leadership roles in both municipal and county government for over 10 years. Her experience also includes 18 years inthe private sector managing ERPsystems and technology projects. Kqe|hasbeenappointed twice by the Governor of Minnesota to serve on the state's Technology Advisory Council, a unique and diverse group of experts who guide state technology initiatives. She also served for two years on the MN Cybersecurity Task Force which was tasked to establish and implement a statewide cybersecurity plan to advance protections across all MN governments. Mel resides in Minnesota. kale Bowen, Managing Director, Public Technology Institute experience working with local governments. Dale manages PTI member engagement, educational program development, and research activities. This includes conducting national surveys that identify emerging trends and priorities, identifying leading practices that focus on technology management and service delivery strategies, and engaging with technology leaders and subject matter experts to create resources that highlight lessons learned for the community of local governments. More specially, he is responsible for all PTI research, surveys, certification support SWOT analysis, and tech assessment reporting. 51Pa-e ovovvignEnvelope ID: C7eAo05x-62n8-4996-86oE-D9e13s3o�FFA �8�� o ��w� �� w u�,~umu��°��m �� m��r vu�~�mvm��a*~A DIVISION OF FUSION LEARNING PARTNERS Investment SU[0DOa[V The all-inclusive costs for the services are listed in appendix A, they are summarized here. • Service I — Backup Governance Plan —$8,8U0 • Service 2—Disaster Recovery Plan, 3Milestones $67,600 • Service 3—Disaster Recovery Plan Training $7,800 m Service 4—Disaster Recovery Plan Tabletop Exercises $13,800 • Service 5—External Network Penetration Testing -$O,ZQ0 • Service 6—Professional Services (rates hourly, byconsultant level) PT|requests splitting the payment for the services asfollows; 5O%upon contract signing and remainder upon completion of the service. Cost includes any required art, scripting, simulation aids, as well as time planning, executing, stipends to cyber experts, and providing written deliverables. All invoices will be payable net 30. The City is a Public Technology Institute member and is eligible for a 10% discount on the first $50,000 of pricing. This is an annual discount and can be applied to any combination of these services. All meetings and interviews will beconducted virtually, using MicrosoftTeams. The only travel included in the estimate is for two PTI staff to conduct the first tabletop exercise onsite in Service4. PTI stands ready to accept the City "Agreement for Professional Services" contract terms with only minor negotiated changes. 6�Pa�e ouru ignEnvemFe|o:orsAcnoA-6zoo-4oeV-8meE-oVy1asaoeFpA �U�� u ��u~� TECHNOLOGY K0��'�� nu�~wmnw��wm� A DIVISION OF FUSION LEAwwmPARTmeRS Appendix /\- Statement nfWork Service I—Back/p Governance Plan • Review any existing policies and procedures related to system backup, application restoration and testing. • Review existing backup configurations, including backup types, frequency and schedule. • Review application inventory. m Review test plan materials for validating application restoration. m Determine roles responsible for backup and recovery operations. • Create new backup & recovery governance policy that includes: o Purpose o Scope o Responsibilities o Backup Schedule o Backup Retention o Backup Storage o Backup Testing and Verification o Incident Response o Policy review o Compliance with California CvbersecurityPlan • Deliverable: Backup and Recovery Governance Plan w Duration: 14Qays • City |TStaff Time Commitment: 6hours • Price: $8,800 Service 2 — Disaster Recovery Plan Milestone 1 - Disaster Recovery Engagement Plannil • Kick-off Meeting with Sponsor. o Conduct activities review. o Conduct milestone timeline review. o Establish a definite list of interviewees. (department directors 8^ leadership). • Deliverable: Deliver list of due diligence/background materials that the City will need to provide. • Email from City IT Leadership to City participants announcing engagement. • Deliverable: Deliver draft (written) survey questions for city review. w Deliverable: Project plan for all 4 milestones • Duration: I4Days • City IT Staff Time Commitment: 6 hours 71Pae oocusignEnvelope ID: C79AC05A-6208-4996-86aso9913s3DEFFA �0�� u �� TECHNOLOGY �� »°~~'nxn��n'� AumISIOworFUSION LEARNING PARTNERS • Receive the due diligence nnateha|:sysiern/softvare/processinventoheo. • Finalize the design ofquestions tobeused ininterviews. • Work with City logistics lead toschedule virtual interviews. • Conduct virtual interviews with department directors and leadership to establish recovery targets and prioritization. Anticipate 12 to 15 interviews. • Conduct extensive interviews with |Tstaff to ascertain network design, application and compute landscape and backup processes. • Revievv .govdornain implementation plan. • It is understood that most of the business recovery objectives will have to be obtained through the interview process and are not currently recorded. • Consolidate and document notes from interviews. • Deliverable: Publish recommendations for recovery objectives, tiered application recovery groups and infrastructure considerations. w Deliverable: Publish catalog of critical technology systems, priority order for recovery, based onrecovery objectives. • Deliverable: Publish recommended architecture improvements. • Duration: 4ODays • City |TStaff Time Commitment: 16 hours • Price: $21,200 • Design of disaster response teams. • Define roles and responsibilities within teams. w Document escalation and decision -making protocols. • Document team maintenance activities. • Deliverable: Publish Response Team Handbook. • Create draft recovery plan (including but not limited to): o Disaster declaration procedure o Incident response roles and responsibilities o Communication procedures o Emergency contact lists o Emergency contact methods &alternatives o System recovery procedunes—c|oud and on premises o Data recovery procedures o System operations procedures o System restoration procedures 81PaE,e ovouoignEnvelope ID: ornxcosx-6uoa-4nyo-8nes-Dwo1aEaoerFA v�� au-�.xmo��.��o Hi�� two*u�~mmnm��ma~ AmvISION OF FUSION LEARNING PARTNERS w Review draft recovery plan internally and with sponsor. • Deliverable: Publish recovery plan asodisaster p|aybook. w Duration: 6ODays • City Staff Time Commitment: l6hours • Price:536,4UQ Service 3--Disaster Recovery Plan Training m Conduct trainings up to 6 hours onthe disaster recovery plan including: o Content ofthe critical systems catalog. o Content of, and definition of, the recovery objectives. o Team assignments. o Team governance structure. o RecoveryO^ restoration plans. o Use of, location of, p|aybook. • Deliverable: Recorded training and couoevvorkfor future trainings. • Duration: 20Doys w City Staff Time Commitment: 10 hours • Price: $7,800 Service 4~-Disaster Recovery Plan Tabletop Exercises • Determine scope offirst tabletop disaster recovery plan exercise. • Prepare materials for exercise. • Conduct one tabletop exercise upto6hours induration on -site including the desired combination of|TStaff, leadership and elected officials. • Work with |Tstaff on tabletop exercise development. m Deliverable: Report on lessons learned from each exercise and revisions to p|@ybook. • Attend and coach second tabletop exercise facilitated by City IT staff, remotely. • Duration: lODays • City Staff Time Commitment: lO hours • Price: $13,800 (includes travel) Service 5—External Penetration Testing • Conduct external network penetration test in accordance with scope of work in appendix8. • Testing to be performed by Bryan Miller, President of Syrinx Technologies LLC, a fully licensed and insured sub -contractor tothe Public Technology Institute. • This will be a remote engagement, with no travel and no time spent on -site. 9�PaAe ovcv ignenvnopem:c7nAoomA-6zoe-4nom-8noE-Do91aEnosppA �� n ��m�� mu~~�mmw��m H��'N~�0[�� xu�=*m x m �� w m� AmnmOwoFFusmwLEARNING PARTNERS • IP addresses, phone numbers and URLs have been provided by Rancho Cucamonga CA personnel. • Before testing can commence, the signature page in appendix B must be completed and returned toSyrinx Technologies. • All reports, communications and results of the testing will be communicated only between Syrinx Technologies and Rancho Cucamonga CA. • Upon request of customer, PTI Senior Consultant(s) will attend the virtual meeting to • Duration: 10 Days • City Staff Time Commitment: 3 hours Service 6 — Professional Services * PTI is happy to offer the following consulting positions and flat fee hourly pricing. * Engagements will be structured with separate statements of work and not-to- * A range of consultant levels is offered to provide the best fit and best value for the • Customer and PTI will review needs and determine the consultant level and/or team most appropriate for the work. • Consultants can perform a wide spectrum of work including cybersecurity services, |Tgovernance, procurement support and workforce analysis. • Any on -site work will benegotiated separately for travel expense. um - Associate Consultant $ 159.95 WOM aff �� Senior Consultant $ 196.85 Estimated project days are dependent on receiving all the necessary approvals and requeste cli materials in a timely manner. Any delays in the above could result in a slightly longer timeframp An\/ riibrtantivoechan.ges re uests to the service and milestone scooe could lead 1O1PaQe Docusign Envelope ID: C79AC05A-62D8-4996-86BE-D9913E3DEFFA P`UBLIC TECHNOLOGY A DIVISION OF FUSION LZARWNG PARTNRS Appendix B — External Network Penetration Test Statement of Work Docusign Envelope ID: C79AC05A-62D8-4996-86BE-D9913E3DEFFA wamamiffLiltilm LuN=4 �19M MOB � LE,AG ILE, FOCUSED Docusign Envelope ID: C79AC05A-62D8-4996-86BE-D9913E3DEFFA Table of Contents ProjectSummary...................................................................................................3 Statementof Work................................................................................................ I Deliverables..........................................................................................................4 Assumptions/Out-of-S cope...................................................................................4 Investment Summary............................................................................................6 SignaturePage.......................................................................................................6 Page 2 of 6 Docusign Envelope ID: C79AC05A-62D8-4996-86BE-D9913E3DEFFA Project Summary This project involves performing external penetration testing for the City of Rancho Cucamonga, CA. (CRC). Syrinx Technologies will perform an external penetration test on selected servers and any applications from the Internet. Syrinx Technologies will also perform dial -in testing on one phone number provided by CRC. No testing for unsecured wireless access points or modems will be performed as part of this assessment. No forms of social engineering testing will be performed. Statement of Work Syrinx Technologies will analyze the external IP addresses provided by CRC. Syrinx Technologies will perform a 3-step process designed to identify and exploit any vulnerabilities found in either the operating system or application software of any discovered devices. The CRC web site is hosted by a 3`a party (Acquia) and will be included in the testing. CRC is responsible for any notifications necessary to Acquia before testing begins. Syrinx Technologies can provide the beginning and ending test dates/times, and the IP address of the testing device if requested. No cloud -based services will be included in this test. The following IP domain names will be tested: cityofrc.com cityofrc.us CRC provided the following external IP addresses for testing: • 162.218.235.8/29 o 162.218.235.9 — 162.218.235.14 • 199.190.140.0/24 • 199.201.174.0/24 • 209.150.82.0/24 • 205.155.236.144/29 o 205.155.236.145 — 205.155.236.150 CRC indicated that there are approximately ten (10) externally facing devices that will be available for testing. CRC also provided the following URLs for testing: • http://linkpaymentui.cityofrc.com • http://rcmu.cityofrc.us • http://vod.cityofrc.us • https://advpaydirectorprod.cityofrc.us • https://businesslicense.cityofrc.us • https://eoc.cityofrc.com • https:Hgis.cityofrc.us/arcgis/rest/services Page 3 of 6 Docusign Envelope ID: C79AC05A-62D8-4996-86BE-D9913E3DEFFA • littps://gis.cityofrc.us/portal • https://psvn.cityofrc.us/genetec/Overview • https://rcdocs.cityofrc.us/Forms • https://rcmu.cityofrc.us • https)/vod.cityofrc.us CRC has provided the following phone number which will be tested during this analysis: • (909) 477-2700 Syrinx Technologies will dial this phone number off hours to determine if it connects to a computer system. If so, Syrinx Technologies will attempt to determine the type of computer system and whether or not it has any weaknesses or vulnerabilities which might allow an attacker to access the internal CRC networks. The following items will be tested on each web server and application, where appropriate: • SQL Injection • Cross Site Scripting (XSS) • URL manipulation • Session Maintenance • Authentication Credentials • Backend database connectivity All testing will be performed from a "black box" perspective meaning that no authentication credentials or other information will be provided to Syrinx Technologies before testing begins. Deliverables The deliverable from this assessment will be a Technical Findings Report detailing the results of the various tests along with the necessary steps to correct any discovered vulnerabilities. Along with the findings and recommendations will be a listing of the tools used during the assessment. An Executive Summary will be provided for management. A conference call will be scheduled at the end of the assessment to review the findings with the client. Assumptions/Out-of-Scope Assumptions • CRC will assign one individual to act as a single point of contact (POC) for Syrinx Technologies. Page 4 of 6 Docusign Envelope ID: C79AC05A-62D8-4996-86BE-D9913E3DEFFA • Syrinx Technologies will not share any details of this engagement with anyone except the official client POC. • Syrinx Technologies will not perform any remediation for this project. • No tools or actions designed to test for Denial of Service (DoS) conditions will be performed during this analysis. • Professional services are conducted during normal business hours (8 a.m. - 4 p.m., EDT Mon -Fri) unless otherwise specified. Out -of -Scope • Any tasks not outlined in this Statement of Work are assumed out of scope. • Any retesting of findings or any form of remediation or additional consulting. Pleasecomplete, sign and return all pages of this document: Syrinx Technologies LLC 7330 Staples Mill Road, #281 Richmond, VA 23228 bryan@syrinxtech.com EIN: 41-2251350 Page 5 of 6 Docusign Envelope ID: C79AC05A-62D8-4996-86BE-D9913E3DEFFA Investment Summary Professional Services invoices will be due Net 30 from the receive date of invoice. The invoice will be delivered when the draft reports are presented to CRC. This scope of work and pricing are effective for 90 days from the original issue date on the front cover. After that period. Syrinx Technologies reserves the right to adjust the project components and/or pricing as necessary. The fixed price cost for this assessment is $8,280.00. This price includes the external testing, report generation and the final review. Signature Page The signature below provides legal authorization for Syrinx Technologies to perform the work described in this document. City of Rancho Cucamonga, CA Authorized Signature Printed Name Title Date Syrinx Technologies. LLC Authorized Signature Bryan Miller Printed Name President Title 02/10/25 Date Page 6 of 6