Contract
Task Order No. AV90851001 Page 1 of 125 TASK ORDER NO. AV90851001 Between Resource Innovations, Inc. (“Resource Innovations” or “RI”) and Nuvve Holding Corp. (“Contractor” or “Nuvve”) TASK ORDER IDENTIFICATION INFORMATION Project Name and Project Number: ComEd BE School Bus V2G Operator ▇▇▇▇▇▇.FY25.001 Client Name: Commonwealth Edison Company (“ComEd”), acting by and through its agent, Exelon Business Services Company, LLC This Task Order will be administered under the terms of the Master Services Agreement between Resource Innovations and the Contractor which is incorporated herein by reference. 1. Resource Innovations Contact Information 1.1 The Resource Innovations Principal Contact for this Task Order is: Name: ▇▇▇▇▇ ▇▇▇▇▇▇▇▇ Company: Resource Innovations Address: ▇▇▇ ▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇▇ ▇▇▇▇ ▇▇▇, ▇▇ ▇▇▇▇▇ Email: ▇▇▇▇▇▇▇▇▇@▇▇▇▇▇▇▇▇-▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ Phone: (▇▇▇) ▇▇▇-▇▇▇▇ 1.2 The Resource Innovations Contracts Manager Contact for this Task Order is: Name: ▇▇▇▇▇▇ ▇▇▇▇ Company: Resource Innovations Address: ▇▇▇ ▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇▇ ▇▇▇▇ ▇▇▇, ▇▇ ▇▇▇▇▇ Email: ▇▇▇▇▇@▇▇▇▇▇▇▇▇-▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ Phone: (▇▇▇) ▇▇▇-▇▇▇▇ 2. Contractor Contact Information 2.1 The Contractor Principal Contact for performance of this Task Order is: Name: ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ Company: Nuvve Holding Corp. Address: ▇▇▇▇ ▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇, ▇▇▇▇▇ ▇▇▇ ▇▇▇ ▇▇▇▇▇, ▇▇ ▇▇▇▇▇ Email: ▇▇▇▇▇▇▇@▇▇▇▇▇.▇▇▇ Phone: (▇▇▇) ▇▇▇-▇▇▇▇ 2.2 Contractor will use the following Key Personnel for performance of this Task Order. “Key Personnel” are the individuals who are essential to the Services being performed under the applicable Task Order. Name: ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ Title: Director of Operations and Project Management Email: ▇▇▇▇▇▇▇@▇▇▇▇▇.▇▇▇ Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 2 of 125 Name: ▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ Title: VP, Technology and Astrea AI Email: ▇▇▇▇▇@▇▇▇▇▇.▇▇▇ 3. Services and Deliverables Contractor will perform the Services and provide the Deliverables as set forth in the attached Annex titled Services and Deliverables. 4. Period and Place of Performance 4.1 Task Order Start Date: January 1, 2025 4.2 Task Order End Date: December 31, 2025 4.3 Place of Performance: Illinois 5. Compensation Information 5.1 In consideration for performance of the Services, Resource Innovations will pay Contractor a firm fixed price of $ 537,000.00 (USD) for labor only as follows: Fixed Price Deliverables Table Performance Milestone Deliverables Payment Amount (USD) Project Launch Contract Execution Customer incentive $100,000 Customer Enrollment Contract negotiated Informational Sessions Program Collateral Pilot Agreement Pilot T&Cs and Participation Agreements Enroll Customers Incentive Plan Design Ensure all agreements are in place to begin testing in Q2 2025 Interested School District Participant List $ 56,000.00 Site Preparation Interconnection Agreement V2G EVSE Configuration Initial Testing Design review Outreach, education, and marketing activities $ 20,000.00 Test Plan & Use Case Development Manual signal testing Cybersecurity Assessment Use Case and Service Development Develop Test Plan and Field Validation Commissioning and Launch Customer Trainings Charging site development for new sites $ 152,800.00 Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 3 of 125 Performance Milestone Deliverables Payment Amount (USD) V2G Testing Pilot Initiation Data Validation Continued Event Dispatch Data Visualization, Reporting and Transfer Monthly updates Quarterly reports Continued outreach, education, and marketing activities $ 152,350.00 Final Report & Project Close Out Project Close Out Activities Final Report Participant Surveys Supporting continued outreach, education, and marketing activities $ 55,850.00 TOTAL FIXED PRICE $ 537,000.00 5.2 Contractor will be reimbursed for reasonable expenses, also referred to as Other Direct Costs ("ODC"), in an amount not to exceed $ 54,500.00 (USD). Contractor should obtain from the Resource Innovations Principal Contact which costs will be classified as ODC and as acceptable for reimbursement under this Task Order. Other Direct Costs (ODC) Table Description of ODC Amount (USD) Travel as Needed for Site Visits and Meetings $4,500.00 Customer Participation Incentive $50,000.00 TOTAL ODC $54,500.00 6. Invoicing and Payments 6.1 Contractor must submit all invoices in accordance with the terms and timeframes specified in this Task Order. Resource Innovations reserves the right to reject payment of Contractor invoices received more than six (6) months after completion of Services. Contractor will submit invoices to the location specified in any special instructions provided separately to the Contractor by the Resource Innovations Principal Contact or the Resource Innovations Contracts Manager. If no special instructions are provided, then all invoices are to be submitted to ▇▇▇▇▇▇▇▇▇@▇▇▇▇▇▇▇▇-▇▇▇▇▇▇▇▇▇▇▇.▇▇▇. 6.2 Each Contractor invoice will include a detailed description of the Services performed and all supporting documentation for any payments made by Contractor to third party suppliers. Each invoice must have a unique invoice number created by the Contractor and include the following information: Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 4 of 125 • Invoice Date • Task Order Number • Resource Innovations Project Number and Resource Innovations Principal Contact • Period covered by invoice • Reference to performance milestone from above schedule (if applicable) • Labor hours/rate from your payment schedule (if applicable) 6.3 In the event that the Contractor is performing Services for Resource Innovations under more than one Task Order, the Contractor must invoice separately for each Task Order. Resource Innovations will be entitled at all times to off-set any amounts owed by Contractor to Resource Innovations in connection with the Master Services Agreement, a Task Order or any other agreement between Contractor and Resource Innovations. 6.4 By the 25th of each month, Contractor must provide the Resource Innovations Principal Contact (email is sufficient) any cost incurred on the project through the 25th of that month plus an estimate for the remaining days of the period. Such estimates will be used by Resource Innovations for accounting accrual purposes only and payments will be made in accordance with the invoicing terms stated. 6.5 Contractor will be issued payment sixty (60) days after receipt of an acceptable invoice to the location described above with all appropriate documentation. The Resource Innovations Principal Contact or his designee must approve the invoice. 6.6 Contractor will be paid by ACH/Direct deposit to the account authorized by Contractor. 6.7 Unless stated otherwise in this Task Order, receipts are required for all lodging and other expenses over $25.00 (USD). Contractor must provide the following information along with receipts for reimbursement of allowable business meals and entertainment: • Cost (including tips/tax) • Date of expenditure • Name/location of restaurant • Names/titles/company of persons attending • Business reason for the meal 6.8 The Contractor will submit invoices as soon as possible after the completion of each performance milestone and no later than the 15th of the month following the date of performance milestone completion. 7. Insurance 7.1 During the period of performance of this Task Order, Contractor will maintain the following insurance coverage(s), or equivalent coverage, for the limits stated below or the maximum limits available and commercially obtainable in the country(s) where the Contractor is domiciled and/or performing Services, whichever is less. Contractor agrees to be in compliance with all regulations where the Services are being performed. Contractors performing Services outside of the U.S. must comply with all regulations from their home country and the third party country in which Services are being performed. Contractor will cause its insurers to provide valid proof of insurance, in English, to Resource Innovations of the applicable coverage and endorsements or copies of the applicable policy language affecting coverage as required by this Task Order before performance of any Services. Resource Innovations is to be named as the Certificate Holder. Such insurance will remain in full effect for the Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 5 of 125 term of the applicable Task Order. Failure of Resource Innovations to enforce the minimum insurance requirements will not relieve the Contractor of responsibility for maintaining the coverage(s). Contractor is solely responsible for all premiums and deductibles for insurance required by this Task Order. All coverage limits are based on U.S. dollars. (a) Automobile Liability Insurance for coverage of owned, non-owned, hired or rented, autos used in the performance of Services under this Task Order with minimum combined single limits of $1,000,000 per accident for bodily injury, including death, and property damage or per statutory requirements locally. (b) Workers’ Compensation Insurance for Contractor’s employees to the extent required by applicable state statutory limits where the Services are performed or, as required by law, anywhere else a Contractor’s employee performing Services is normally employed. Employers’ liability with limits no less than $1,000,000 Bodily Injury for Each Accident; $1,000,000 Bodily Injury by Disease for Each Employee; $1,000,000 Bodily Injury Disease Aggregate. (c) Commercial General Liability Insurance on an occurrence basis including bodily injury and property damage, personal and advertising injury, contractual liability, and products and completed operations coverage with limits no less than $1,000,000 each occurrence; $2,000,000 general aggregate; $2,000,000 products/completed operations aggregate. (d) Professional Liability covering any damages caused by an error, omission or any negligent acts with limits of not less than $1,000,000 per claim or occurrence for one (1) year following the end of the Task Order or that an extended reporting period be purchased. (e) The Insurance provisions as outlined in the Annex titled Client Mandatory Contract Clauses. If Resource Innovations and Client require the same type of coverage, Contractor will maintain the broadest coverage and higher limit of the two provisions. 7.2 Additional Insurance Provisions Any insurance required to be carried by Contractor will be primary and is not contributing with any other insurance carried by Resource Innovations. Resource Innovations and its subsidiaries, directors, officers, and employees are to be covered as additional insureds on Commercial General Liability and Automobile Liability policies by a policy provision or endorsement. Contractor's insurer will provide Resource Innovations with thirty (30) days prior written notice of cancellation, non-renewal or any material change of its insurance coverage. Contractor hereby grants to Resource Innovations a waiver of any right to subrogation which any Contractor insurer may acquire by virtue of the payment of any loss under such insurance against (i) the beneficiary, (ii) all additional insureds, (iii) Resource Innovations and its subsidiaries, and (iv) the Client, as applicable, if required in the Annex titled Client Mandatory Contract Clauses. Contractor agrees to obtain any endorsement that may be necessary to effect and permit waiver of subrogation, but this provision applies regardless of whether or not Resource Innovations has received a waiver of subrogation endorsement from the insurer. Contractor will require its Subcontractors at all tiers, if any, providing Services under this Task Order, to comply with these insurance requirements. Contractor will provide proof of insurance for such Subcontractors, as requested by Resource Innovations. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 6 of 125 Resource Innovations reserves the right to modify these requirements, including limits, based on the nature of the risk, prior experience, insurer, coverage, or other special circumstances. 8. Client Mandatory Contract Clauses 8.1 The Contractor understands that the Client has provided funding to Resource Innovations for this Task Order. Accordingly, the Contractor hereby agrees to comply with Client's mandatory contract clauses attached hereto in the Annex titled Client Mandatory Contract Clauses and incorporated by reference. In the event of a conflict between the terms of the Client Mandatory Contract Clauses and any other terms of the Task Order or the Master Services Agreement, the terms of the Client Mandatory Contract Clauses will govern. 8.2 Client Security Standards Contractor agrees to follow the confidentiality and security standards as stated in the Annex titled Client Mandatory Contract Clauses and any Resource Innovations security policies provided to Contractor with this Task Order or in the future by Resource Innovations. Upon Resource Innovations’ request, Contractor will provide Resource Innovations with documentation and/or the results of any audit by or on behalf of Contractor performed that assesses the effectiveness of Contractor's information security program as relevant to the security and confidentiality of Client. 8.3 Client Safety Requirements Contractor agrees to comply with the safety provisions provided by the Client in the Annex titled Client Mandatory Contract Clauses. 9. Information Security 9.1 Confidential Information Contractor acknowledges and agrees that, in the course of its engagement by Resource Innovations, Contractor may receive or have access to Confidential Information. In addition to the Confidentiality provisions of Section 3 in the Master Services Agreement, Contractor will comply with the terms set forth in the Annex titled Information Privacy and Security for Contractors, which is incorporated herein by reference and made a part of this Task Order. 10. Certifications By signing below, the Contractor hereby certifies that it has complied with all the provisions of the Master Services Agreement between Resource Innovations and the Contractor from the date of signature of the Master Services Agreement through the date of signature hereto and that any certifications, representations, warranties, or covenants made therein are still valid. Contractor hereby represents, warrants, and covenants that (i) Contractor has no outstanding agreements or obligations that are in conflict with any of the provisions of this Task Order or that would preclude Contractor from performing any of the Services or developing and delivering the Deliverables required pursuant to Contractor’s Master Services Agreement or this Task Order; (ii) neither Contractor’s performance of the Services nor Resource Innovations’ use of the Deliverables in the manner intended by Contractor will breach any contractual obligation, breach or violate any applicable duty of care (including tort duties), infringe, misappropriate or violate any proprietary interest (including tangible and intangible interests), or violate or otherwise fail to comply with any applicable law, order or regulation; and (iii) Contractor has obtained all licenses or completed such registrations as may be necessary or required by law to provide Services encompassed in this Task Order. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 7 of 125 Contractor certifies that the information provided is true and correct in every respect. Contractor will notify Resource Innovations if any of the information changes in the Master Services Agreement or Task Order, including all annexes and attachments thereto. The Contractor further certifies that it has the insurance required by the Section titled Insurance above and/or the Annex titled Client Mandatory Contract Clauses set forth below and has attached a current certificate of insurance evidencing such coverage. Contractor agrees to maintain such required insurance until the completion of the Task Order period of performance. This Task Order, including all annexes, along with Master Service Agreement is the entire agreement between Resource Innovations and Contractor and sets forth the parties’ final agreement with respect to the subject matter hereof and supersedes all prior and contemporaneous agreements, proposals, or representations related to the Services described in this Task Order, whether written or oral, between them. IN WITNESS WHEREOF, the parties hereto have caused their duly authorized representatives to execute and deliver this Task Order as of the date listed below. The parties consent to the use of a third party service for purposes of electronically signing this Task Order and agree to be bound by electronic signature. CONTRACTOR RESOURCE INNOVATIONS Signature: Signature: Name: ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇ Name: Title: Chief Executive Officer Title: Date: Date: Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537 1/31/2025 ▇▇▇▇▇ ▇▇▇▇▇▇▇ 2/4/2025 Chief Revenue Officer
Task Order No. AV90851001 Page 8 of 125 ANNEX I INFORMATION PRIVACY AND SECURITY FOR CONTRACTORS To Task Order No. AV90851001 This Annex provides the confidentiality, privacy, and security requirements that Contractor shall implement prior to performing Services and maintain for so long as Contractor has access to Resource Innovations’ Systems or Confidential Information. These requirements are in addition to any security and confidentiality requirements of the applicable agreements between Resource Innovations and Contractor (collectively, the “Agreement”). Contractor shall at all times cause Authorized Personnel (defined below) to strictly abide by Contractor’s obligations under this Annex and shall be responsible for, and remain liable to, Resource Innovations for the actions and omissions of all Authorized Personnel. In the event of a conflict or inconsistency between this Annex and the Agreement, the terms and conditions set forth in this Annex shall govern and control. In the event of a conflict or inconsistency between this Annex and terms and conditions set forth in the Annex titled Client Mandatory Contract Clauses, if applicable to Contractor’s Agreement, the Annex titled Client Mandatory Contract Clauses shall govern and control with respect to any confidential information or systems of the client. 1. Definitions 1.1. Capitalized terms used herein shall have the meanings set forth below or as defined in the Agreement and Task Order. 1.2. “Authorized Employees” means Contractor’s employees who have a need to know or otherwise access Confidential Information or Resource Innovations’ Systems to enable Contractor to perform its obligations under this Task Order. Any reference to “Contractor” hereunder shall mean Contractor and all of its Authorized Employees. 1.3. “Authorized Personnel” means (i) Authorized Employees; and (ii) Contractor’s Subcontractors who have a need to know or otherwise access Confidential Information or Resource Innovations’ Systems to enable Contractor to perform its obligations under this Task Order, and who are bound in writing by confidentiality obligations sufficient to protect Confidential Information and Resource Innovations’ Systems in accordance with the terms and conditions of this Task Order and this Annex. 1.4. “Security Incident” means (i) any act or omission that compromises the security, confidentiality or integrity of Resource Innovations’ Confidential Information or a Resource Innovations’ System (which includes any unauthorized use, access or disclosure); (ii) any act or omission that compromises the physical, technical, administrative or organizational safeguards put in place by Contractor that relate to the security, confidentiality or integrity of Confidential Information or Resource Innovations Systems; (iii) receipt of a complaint involving the privacy practices of Contractor or any Authorized Personnel relating to Resource Innovations’ Confidential Information or Resource Innovations’ Systems; or (iv) a breach of this Annex by Contractor or Authorized Personnel. 2. Confidential Information and Resource Innovations’ Systems 2.1. Contractor shall comply with the terms set forth in this Annex when accessing Resource Innovations’ Systems and in its collection, receipt, transmission, storage, disposal, use and disclosure of Resource Innovations’ Confidential Information and be responsible for the unauthorized collection, receipt, transmission, access, storage, disposal, use and disclosure of Resource Innovations’ Confidential Information under its control or in its possession by all Authorized Personnel. 2.2. Contractor shall implement administrative, physical, organizational and technical safeguards to protect Resource Innovations’ Confidential Information and Resource Innovations’ Systems that are no less rigorous than accepted industry practices and shall ensure that all such safeguards comply with applicable data protection and privacy laws, as well as the terms and conditions of this Annex and the Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 9 of 125 Agreement. Contractor shall maintain the safeguards set forth in this Section as long as the Contractor is in possession of or has access to Resource Innovations’ Confidential Information or Resource Innovations’ Systems. 2.3. At a minimum, Contractor’s safeguards set forth in Section 2.2 shall include: (i) limiting access to Authorized Personnel who require access to perform the Services; (ii) securing business facilities, data centers, paper files, servers, back-up systems and computing equipment, including, but not limited to, all mobile devices and other equipment with information storage capability; (iii) implementing network, device application, database and platform security; (iv) securing and tracking Confidential Information transmission, storage and disposal practices and systems; (v) implementing authentication and access controls within media, applications, operating systems and equipment; (vi) not comingling Resource Innovations’ Confidential Information with any other types of information of Contractor or its customers; (vii) encrypting Personal Information as defined in the Agreement stored on any laptops or other portable device or when transmitted over public networks or wirelessly; (viii) conducting regular risk assessments, penetration testing, and vulnerability scans of Contractor’s Systems storing Confidential Information and promptly implementing, at Contractor’s sole cost and expense, a corrective action plan to correct any issues that are reported as a result of the testing; (ix) implementing appropriate personnel security and integrity procedures and practices, including, but not limited to, conducting background investigations consistent with applicable law and as required in the Background Investigation Section; (x) providing appropriate information privacy and security training to Contractor’s employees and Subcontractor personnel on an annual basis; and (xi) maintaining, testing and regularly updating and enhancing business continuity and disaster recovery plans and programs including Contractor’s Systems storing, processing or accessing Confidential Information and Personal Information. 2.4. Return or Destruction of Confidential Information. Unless Contractor is required by data protection laws or as otherwise provided by Resource Innovations in writing to retain Resource Innovations’ Confidential Information for a given period of time, at any time during the term of this Task Order at Resource Innovations’ request or upon the termination or expiration of this Task Order for any reason, Contractor shall, and shall instruct all Authorized Personnel to, promptly return to Resource Innovations all copies, whether in written, electronic or other form or media, of Resource Innovations’ Confidential Information in its possession or the possession of such Authorized Personnel, or securely dispose of all such copies (if approved and specified in writing by Resource Innovations), and certify in writing to Resource Innovations that such Confidential Information has been returned to Resource Innovations or disposed of securely. Contractor shall comply with all directions provided by Resource Innovations with respect to the return or disposal of Resource Innovations’ Confidential Information, including disposing of Confidential Information and Personal Information in accordance with NIST Special Publication 800-88 standards (or its successors). 2.5. To the extent that the California Consumer Privacy Act of 2018, as amended, and any related regulations or guidance issued by the California Attorney General (collectively the “CCPA”) applies to Contractor’s activities under the Agreement and this Task Order, Contractor shall comply with the terms of this Section 2.5 and all applicable provisions of CCPA. For purposes of this Section 2.5, “personal information” shall have the same meaning as defined in the CCPA. Personal Information, as defined in the Agreement, shall also include personal information as defined under the CCPA. Contractor is prohibited from using, disclosing or retaining any personal information as defined in the CCPA received from Resource Innovations or obtained from Resource Innovations’ Systems for any purpose other than for the specific purpose(s) of performing the Services specified in this Task Order. Contractor is expressly prohibited from selling any personal information under this Section 2.5, or receiving any monetary or other valuable consideration in exchange for such personal information. Contractor shall not use, disclose or retain, personal information for a commercial purpose other than providing the Services specified in this Task Order. If the Services under this Task Order require the Contractor to directly collect personal information from consumers who are California residents on Resource Innovations’ behalf, Contractor shall in all instances comply with the notice at or before the point of collection requirement under CCPA which includes addressing use and collection methods that are in compliance Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 10 of 125 with the CCPA and including a URL link to Resource Innovations’ privacy policy. Contractor shall comply with all applicable requirements of the CCPA when collecting, using, retaining, or disclosing personal information including maintaining the ability to inform consumers of the personal data being processed on Contractor’s Systems (and/or verify for Resource Innovations such that Resource Innovations can inform a requesting consumer), delete personal data upon appropriate consumer identity verification, and provide legally sufficient “opt-out” abilities (and the ability to timely comply with Resource Innovations’ request to delete, opt-out and remove applicable consumer personal data) as well as observe the non-discrimination requirement for those consumers who exercise legal rights under CCPA. Contractor certifies that it understands this Agreement’s and the CCPA’s restrictions and prohibitions on selling personal information and retaining, using, or disclosing personal information outside of the parties’ direct business relationship, and it will comply with them. 3. Resource Innovations’ Systems and Equipment 3.1. Contractor acknowledges and agrees that it is Contractor’s responsibility to comply with Resource Innovations security policies and practices governing use of Resource Innovations’ Systems to which Contractor may access or be provided in connection with the performance of the Task Order. Additional security policies and processes applicable to specific Resource Innovations’ Systems may apply and will be provided by Resource Innovations in writing to Contractor. Contractor and Authorized Personnel with access to Resource Innovations’ Systems shall secure such assets and safeguard them against unauthorized access or use. Contractor shall provide the Resource Innovations Principal Contact a list of all individuals requiring access to Resource Innovations’ Systems and notify the Resource Innovations Principal Contact immediately, not to exceed three (3) business days, of any individuals whose employment has terminated or who no longer require access to Resource Innovations’ Systems. Contractor shall provide access to Resource Innovations’ Systems to those individuals who (i) require access in order to perform the Services; (ii) have been included on an Authorized Personnel List provided to the Resource Innovations Principal Contact; and (iii) have completed the requirements applicable to Authorized Personnel in accordance with the terms of the Agreement. 3.2. Contractor shall only access the Resource Innovations’ Systems necessary for the work specified in the Task Order and shall not circumvent the security or configuration to access portions of Resource Innovations’ Systems that Contractor is not authorized to access. Contractor is responsible for maintaining the confidentiality of its user ID and password for the Resource Innovations’ Systems and shall be fully responsible for all activities that occur under its password with or without its knowledge. Contractor shall immediately notify Resource Innovations if it becomes aware of any unauthorized use of its password or account. Contractor shall not knowingly introduce into any Resource Innovations System any virus, trap door, worm, or any other device that is intended to be injurious or damaging to software or hardware used in conjunction with the Services. Resource Innovations may, with or without cause, immediately terminate Contractor’s access to Resource Innovations’ Systems without prior notice. 3.3. Contractor acknowledges that Contractor Personnel have no reasonable expectation of privacy in any Systems that are owned by and used to conduct the business of Resource Innovations. All information, data, and messages created, received, sent, or stored in these Systems are, at all times, the property of Resource Innovations. As such, Resource Innovations has the right to audit and search all such items and Systems, without further notice to Contractor, to ensure that Resource Innovations is licensed to use the software on Resource Innovations’ devices in compliance with Resource Innovations’ software licensing policies, to ensure compliance with Resource Innovations’ policies, and for any other business- related purposes in Resource Innovations’ sole discretion. Contractor understands that Contractor is not permitted to add any unlicensed, unauthorized, or non-compliant applications to Resource Innovations’ Systems, including, without limitation, open source or free software not authorized by Resource Innovations, and that Contractor shall refrain from copying unlicensed software onto Resource Innovations’ Systems or using non-licensed software or websites. Contractor understands that it is Contractor’s responsibility to comply with Resource Innovations’ policies governing use of Resource Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 11 of 125 Innovations’ documents and the Systems to which Contractor may have access in connection with this Agreement. 3.4. Contractor is aware that Resource Innovations has or may acquire software and systems that are capable of monitoring and recording all network traffic to and from any computer Contractor may use to connect to a Resource Innovations System. Resource Innovations reserves the right to access, review, copy, and delete any of the information, data, or messages accessed through these Resource Innovations Systems with or without notice to Contractor and/or in Contractor’s absence. This includes, but is not limited to, all e-mail messages sent or received, all website visits, all chat sessions, all news group activity (including groups visited, messages read, and postings), and all file transfers into and out of Resource Innovations’ internal networks. Resource Innovations further reserves the right to retrieve previously deleted messages from e-mail or voicemail and monitor usage of the Internet, including websites visited and any information Contractor has downloaded. In addition, Resource Innovations may review Internet and technology systems activity and analyze usage patterns, and may choose to publicize this data to assure that technology systems are devoted to legitimate business purposes. 3.5. All information contained on Resource Innovations’ Systems shall be treated as Confidential Information in accordance with the Confidentiality provisions of the Agreement and this Annex. Contractor shall not share, copy, move or delete any documents, files or folders on any such equipment without the permission of the Resource Innovations Principal Contact. 3.6. If Contractor is provided access to Resource Innovations’ Systems managed by Resource Innovations IT, reasonable support from Resource Innovations’ IT department will be provided. Contractor will be solely responsible for care and custody of Resource Innovations’ Systems while in Contractor’s possession. If the Contractor is granted a Resource Innovations email address, Contractor must include the words “consultant”, “independent contractor”, or a similar designation within these email transmissions to properly identify Contractor as an Independent Contractor.
3.7. All use of Resource Innovations’ Systems will terminate upon completion, expiration or termination of the Task Order. Within 10 days of termination or completion of this Task Order and prior to the issuance of any final payment by Resource Innovations, Contractor shall return all loaned Resource Innovations’ Systems to Resource Innovations. The final payment under this Task Order will not be released until such Resource Innovations’ Systems have been returned to Resource Innovations and found to be in good working condition. In the event that such Resource Innovations’ Systems are damaged or lost while in Contractor’s possession, the Contractor shall be responsible for the replacement or repair of the Resource Innovations’ Systems to a similar condition as was received from Resource Innovations. Resource Innovations will provide an allowance for reasonable wear and tear. 4. Contractor-Owned Equipment 4.1. In order to ensure that Resource Innovations’ corporate network environment is protected from malicious software and virus infections, it is critical that all Contractor-owned systems or equipment connected or connecting to the Resource Innovations corporate network be protected by antivirus software and regularly updated with operating system security patches. 4.2. The device used to connect to Resource Innovations’ corporate network must: 4.2.1. Have valid antivirus software installed, with virus definitions kept current. Examples of valid antivirus software include products from McAfee, Trend Micro and Symantec. If you are unsure about the antivirus software you have installed, please check with your Principal Resource Innovations Contact who will coordinate with the Resource Innovations IT department. 4.2.2. Be running a Resource Innovations IT-supported operating system. Resource Innovations IT supports VPN client use on supported operating systems only. Resource Innovations IT supported Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 12 of 125 operating systems (“O/S’s”) are MS-Windows 10 or 11, Mac OS 10 or newer, and certain mainstream versions of Linux. Use of any other O/S for special projects requires written permission from your Resource Innovations Principal Contact who will coordinate with the Resource Innovations IT department. 4.2.3. Be kept current with operating system security patches. This means that updates must be downloaded and installed per manufacturer’s latest security patch releases. 5. Vendor Security Questionnaire 5.1. Contractors accessing Resource Innovations’ Systems and/or accessing or receiving Confidential Information shall comply with the following requirements to ensure that Contractor’s business practices and information technology environment and network infrastructure and equipment used in fulfilling its obligations comply with this Annex as well as any applicable laws, regulations, and industry standards: 5.1.1. Upon Resource Innovations’ request, Contractor shall promptly and accurately complete a written information security questionnaire provided by Resource Innovations or a third party acting on behalf of Resource Innovations (“Vendor Security Questionnaire”). The Vendor Security Questionnaire and Contractor’s responses are incorporated herein by reference. Contractor shall fully cooperate with inquiries related to the Vendor Security Questionnaire and promptly respond to requests for additional information. Contractor understands that as a result of Resource Innovations’ review of Contractor’s responses to the Vendor Security Questionnaire and to ensure the security of Resource Innovations’ Systems and Confidential Information, Contractor may be required to comply with additional security requirements prior to Resource Innovations permitting Contractor access to Resource Innovations’ Systems and/or Confidential Information. Contractor shall comply with all reasonable recommendations that result from such review. 5.1.2. Contractor acknowledges that Resource Innovations will rely on the information provided by Contractor and Contractor represents, warrants, and covenants that all of the responses to the questions in the Vendor Security Questionnaire, and any other information that Contractor provided in the Vendor Security Questionnaire, are to its knowledge, true, accurate, and correct, and shall remain true, accurate, and correct during the term of the Task Order. If any Contractor response to the questions in the Vendor Security Questionnaire, or any other information that Contractor provided in the Vendor Security Questionnaire, is no longer true, accurate, and correct, Contractor shall, within thirty (30) calendar days after learning of such change in circumstance, notify Resource Innovations in writing of the specific response at issue, the details relating to the change in circumstance. 6. Information Privacy and Security Training 6.1. Contractor shall require, and cause its Subcontractors to require, Authorized Personnel to complete a security awareness training before such Authorized Personnel is permitted access to Resource Innovations’ Systems or Confidential Information and at least annually thereafter. Contractor shall maintain documentation of completion of such training and provide copies of reports or certificates of completion upon Resource Innovations’ request. Contractor’s existing information privacy and security training program is sufficient to comply with this Section 6. 6.2. If Contractor does not have its own information privacy and security training program, Contractor shall require all Authorized Personnel performing services for Resource Innovations to complete a Resource Innovations information privacy and security training module. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 13 of 125 7. Background Investigations 7.1. A background investigation must be completed before any Authorized Personnel is permitted access to Resource Innovations’ Systems or Confidential Information. Contractor, at its expense, shall perform, and cause its Subcontractors to perform, a background investigation on all Authorized Personnel prior to Authorized Personnel performing any Services under this Task Order. The background investigation shall include, but not be limited to, the following checks: Social Security Number (SSN) Trace; A 7 Year Criminal History Search (County and State Criminal Felony and Misdemeanor, National Criminal Database, Federal Criminal); and National Sex Offender Registry 7.2. Contractor shall immediately notify Resource Innovations, prior to the Authorized Personnel performing any Services and at any time during the performance of Services, if it is discovered that an Authorized Personnel’s background investigation has positive results that may impact performance of the assigned services or may be deemed to pose an unacceptable safety or security risk to Resource Innovations, its employees, systems, or to a Resource Innovations client. Resource Innovations will determine in its sole discretion if the individual will be allowed to perform any services. Failure of the Contractor to comply with the terms of this paragraph may result in the termination of this Task Order with Resource Innovations. Contractor shall maintain documentation to substantiate the results of such background checks and will provide copies to Resource Innovations upon request, if legally permitted to do so. 7.3. Prior to providing access to Confidential Information or Resource Innovations’ Systems, Contractor shall complete and return to Resource Innovations a Contractor Background Certification Form (“Certification”), attached as Exhibit 1, which is incorporated herein by reference. If at any time after the Certification has been provided to Resource Innovations, the Contractor becomes aware of positive findings for Authorized Personnel who were the subject of the Certification, the Contractor shall discontinue use of the individual and shall notify Resource Innovations immediately. 7.4. Resource Innovations may conduct the background investigation for Contractors organized as a sole proprietorship or single-member limited liability company. The Contractor is responsible for the completion of background investigations for all of it employees and Subcontractor personnel. 7.5. The Contractor shall conduct all background investigations in accordance with applicable federal, state, and local laws. Additional background investigation requirements may be required by a client. The Contractor agrees to comply with any such additional requirements as specified in Contractor’s Task Order or provided to Contractor in writing by Resource Innovations. 8. Requests for Information from Individuals 8.1. Contractor shall promptly notify Resource Innovations if it receives from an individual: 8.1.1. a request to have access to that person’s Confidential Information; and/or 8.1.2. a complaint, notice, communication, or request relating to Resource Innovations’ obligations under any relevant data protection legislation and shall assist Resource Innovations by undertaking an appropriate search of its records in response to that request. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 14 of 125 9. Subcontractors 9.1. Where Contractor engages a Subcontractor, with prior written consent from Resource Innovations, and the appointment involves the processing of Confidential Information, including Personal Information, Contractor shall remain responsible for compliance with the obligations which apply to Contractor in respect of the protection of Confidential Information and Resource Innovations’ Systems. 9.2. Contractor shall ensure that the contract with Subcontractor contains obligations on Subcontractor which are no less onerous than those that apply to Contractor in relation to the protection of Confidential Information. 10. International Transfers 10.1. Where the Services involve the processing of Personal Information by Contractor in the European Economic Area (“EEA”) Contractor shall only be entitled to transfer Confidential Information outside of the EEA if it complies with applicable data protection laws in relation to the safeguarding of Personal Information. 10.2. If Contractor intends to transfer Personal Information outside of the EEA it shall first disclose to Resource Innovations the legal basis on which it relies to legitimize such a transfer in accordance with applicable data protection laws and shall not transfer any such Personal Information to a country outside the EEA without Resource Innovations’ prior written consent. 11. Security Incident Procedures 11.1. Contractor shall: 11.1.1. Notify Resource Innovations of a discovered, observed, potential or suspected Security Incident as soon as practicable, but no later than twenty-four (24) hours after Contractor becomes aware of it; and 11.1.2. Notify Resource Innovations of any Security Incidents by Incident Report Hotline at ▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇@▇▇▇▇▇▇▇▇-▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ with a read receipt at and with a copy by e-mail to the Resource Innovations Principal Contact. 11.2. Immediately following Contractor’s notification to Resource Innovations of a Security Incident, the parties shall coordinate with each other to investigate the Security Incident. Contractor agrees to fully cooperate with Resource Innovations in Resource Innovations’ handling of the matter, including, without limitation: 11.2.1. Assisting with any investigation; 11.2.2. Providing Resource Innovations with physical access to the facilities and operations affected; 11.2.3. Facilitating interviews with Contractor’s employees and others involved in the matter; and 11.2.4. Making available all relevant records, logs, files, data reporting and other materials required to comply with applicable law, regulation, industry standards or as otherwise required by Resource Innovations. 11.3. Contractor shall take reasonable steps to prevent any further Security Incident at Contractor’s expense in accordance with applicable privacy rights, laws, regulations and standards. Contractor shall reimburse Resource Innovations for actual reasonable costs incurred by Resource Innovations in Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 15 of 125 responding to, and mitigating damages caused by, any Security Incident, including all costs of notice and/or remediation pursuant to Section 11.4. 11.4. Contractor agrees that it shall not inform any third party of any Security Incident without first obtaining Resource Innovations’ prior written consent, other than to inform a complainant that the matter has been forwarded to Resource Innovations’ legal counsel. Further, Contractor agrees that Resource Innovations shall have the sole right to determine: (i) whether notice of the Security Incident is to be provided to any individuals, regulators, law enforcement agencies, consumer reporting agencies or others as required by law or regulation, or otherwise in Resource Innovations’ discretion; and (ii) the contents of such notice, whether any type of remediation may be offered to affected persons, and the nature and extent of any such remediation. 11.5. Contractor agrees to fully cooperate with Resource Innovations in any litigation or other formal action deemed reasonably necessary by Resource Innovations to protect its rights relating to the use, disclosure, protection and maintenance of Confidential Information. Contractor will assist Resource Innovations in the investigation and resolution of any complaints by an individual that data relating to them was not processed in accordance with applicable law and the U.S. Department of Commerce Safe Harbor Principles. 12. Material Breach 12.1. Contractor’s failure to comply with any of the provisions of this Annex is a material breach of this Task Order. In such event, Resource Innovations may terminate the Task Order effective immediately upon written notice to the Contractor without further liability or obligation to Resource Innovations. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 16 of 125 EXHIBIT 1 BACKGROUND INVESTIGATION CERTIFICATION Capitalized terms have the meanings given in Contractor’s applicable Agreement with Resource Innovations. Certification Contractor certifies and agrees as follows: 1) (a) Contractor has completed, and has caused it Subcontractors to complete, background investigation(s) in accordance with the provisions of the Fair Credit Reporting Act, applicable federal and state laws, and the Background Investigation Section of Contractor’s Task Order; (b) Contractor has identified all Authorized Personnel who will have access to Confidential Information and/or who will be accessing Resource Innovations’ Systems on the attached Authorized Personnel List; (c) Contractor has reviewed the results of the background investigations for all listed Authorized Personnel; and (d) Contractor did not discover any Adverse Findings in an Authorized Personnel’s background investigation; 2) Contractor agrees that if at any time after this Certification is provided, Contractor begins utilizing any Authorized Personnel to perform Services who were not included as part of the original Certification, Contractor will conduct a background investigation on such Authorized Personnel and provide Resource Innovations with an updated Certification, or complete updated background investigations on Authorized Personnel, as reasonably requested by Resource Innovations; and 3) If at any time after this Certification has been provided to Resource Innovations, Contractor becomes aware of Adverse Findings for Authorized Personnel who were listed in the Authorized Personnel List as part of this Certification, Contractor will discontinue use of such Authorized Personnel in performance of the Task Order and Contractor will notify Resource Innovations in accordance with the Background Investigation Section. I am a duly authorized representative of Contractor and have read, understand and agree to the accuracy of this Certification. Task Order Number: AV90851001 Contractor Name: Nuvve Holding Corp. Contractor Representative Signature: Printed Name: Title: Date: Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537 ceo ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇ 1/31/2025
Task Order No. AV90851001 Page 17 of 125 Authorized Personnel List List the names of the Authorized Personnel who are the subject of the Certification. Name Company Title Date Completed ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ Nuvve Holding Corp. Contractor Principal Contact ▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ Nuvve Holding Corp. VP, Technology and Astrea AI Once completed, return the signed form to the Resource Innovations Contracts Manager. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537 1/31/2025 1/31/2025
Task Order No. AV90851001 Page 18 of 125 ANNEX II – SERVICES AND DELIVERABLES To Task Order No. AV90851001 Project Description Contractor. (“Nuvve” or “NUVVE”) will act as a contractor to Resource Innovations (RI) for the Pilot Program Operator Vendor role that will deliver a comprehensive School Bus Vehicle to Grid (V2G) pilot for school districts in ComEd territory. In conjunction with this role, Nuvve understands that the following additional roles will be part of this School Bus V2G pilot: ComEd (the utility requesting the services) The pilot evaluation support vendor (the awarded vendor of the V2G Evaluator RFP – Resource Innovations, along with their contractor, Nuvve) Customers and test sites (the selected school districts that own school buses and V2G chargers) o Test sites are defined as the selected school district charging sites Nuvve is committed to implementing and delivering a thoughtful design and turnkey solution that will result in an effective and efficient pilot launch and ongoing operation. NUVVE will develop and deliver the pilot program and work with ComEd to finalize the pilot design, develop execution and test plan, and perform pilot operations including customer enrollment, engagement with participants, engagement with original equipment manufacturers (OEM), data monitoring, collection and reporting, and marketing and outreach activities. NUVVE will work closely with the selected customer(s) as part of the aforementioned Test Site Outreach. NUVVE will enroll these customers and set up the necessary contractual relationships and data transfer processes to collaborate on this pilot. NUVVE will support all aspects of program customer engagement, communication notifications, customer and utility dashboard, customer issue resolution, customer care, marketing and analysis and reporting. Infrastructure Development: NUVVE will be responsible for reviewing the V2G Test Site(s) and their existing infrastructure, and design and develop the infrastructure required to deliver the pilot program, including all information support systems required, email customer support, telecommunication functions, training materials for customers and ComEd. The Scope of Work (SOW) includes: Reviewing, identifying, and developing 3 existing Test Site(s) Designing test plan and use cases for V2G implementation Collecting EV charger and vehicle telematics data for V2G, if available Collecting, monitoring, and reporting data (raw data and reports) Consolidating daily customer data into daily on-peak and off-peak totals Provide ongoing, daily charging optimization for school district/fleet operator customer(s) participating in the pilot program. Provide customer notifications and ongoing customer support. Developing risk assessment plan and safety protocols to ensure safety and reliability of the school buses participating in the pilot program. Providing training, if required, to electric school bus (ESB) drivers or operators during V2G operations. To deliver this SOW, the NUVVE team will lead the following activities: Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 19 of 125 Operations: NUVVE and RI will design and implement all operations required to deliver the pilot program, including hiring and managing all required staff, development and delivery of all required methods and procedures and associated training, and any other support processes required to ensure routine delivery of all aspects of the pilot. Program Management: NUVVE will work with RI and ComEd, the aforementioned pilot evaluation vendor, customers, and other stakeholders for the duration of the pilot. NUVVE will work with RI and ComEd, and other stakeholders for operation of the pilot program, including scheduling, budgeting, task planning and coordination, status reporting, issue resolution, and other functions as required to ensure smooth operation of pilot program delivery and administrative interaction with ComEd. NUVVE will interface with OEMs and EVSEs. User Experience and Engagement: NUVVE and RI will provide a user-friendly experience for customers interacting with the School Bus V2G pilot program. NUVVE and RI will provide a plan for customer and community engagement with equity as a priority outcome in this initiative. Customer Support: NUVVE will deliver all support required by customers of the pilot program, across a variety of channels, including email, and web-based support systems. Data Collection and Reporting: NUVVE will monitor and share the collected data in the form of raw data and reports. NUVVE will provide data from both the pilot program delivery operation, and reporting on pilot results and other factors, such as insights into charging patterns and grid interactions. Goals & Objectives The preliminary success metrics and KPIs are identified in this section. NUVVE will work closely with RI, ComEd, and evaluator vendor to propose and identify additional KPIs based on previous experience and industry best practices. Additionally, NUVVE will work closely with RI, ComEd, and evaluator vendor to ensure that the final objectives establish a strong shared understanding of these goals and metrics and what they entail. Assess the potential of V2G technology to improve grid reliability and stability by using ESBs as distributed energy resources (DERs). KPIs: Response times for utility signals Uptime for the technology Equipment downtime Communication and operational efficiency Evaluate the economic advantages for both utility and customers through the integration of V2G systems, including cost savings and revenue opportunities. KPIs: Energy revenue for customer Cost savings for customer and utility/Benefit cost analysis ROI for V2G investment for customer and utility Demonstrate the technical viability of V2G systems, including the ability to effectively manage bi-directional power flows and integrate with existing grid infrastructure. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 20 of 125 KPIs: Time to develop, set up, and integrate V2G # of needed interventions # of successful V2G events Increase customer participation and engagement in V2G programs by showcasing the benefits and providing incentives for EV owners to participate. KPIs: # of pre-enrollments for an expanded pilot # of electric buses on order by the end of 2025 An interest score improved for school districts from beginning of the engagement to the end of 2025 Participation rate of the enrolled customers Collect and analyze data on V2G operations to gain insights into usage patterns, system performance, and the overall impact on the grid and market dynamics. KPIs: Customer usage curves System performance (e.g. # of days buses are fully charged) Charging efficiency Stakeholder satisfaction Utility satisfaction Additional proposed KPIs – Community awareness, workshops, and updates Accessibility analysis, participants perceptions EBS performance, seasonal impact on its performance Fuel economy analysis Impact of ESB on environment with focus on air quality – cabin and ambient outside Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 21 of 125 Pilot Design & Delivery Existing Site Enrollment Nuvve’s design for ComEd’s V2G Pilot involves a team using three sites that already have electric buses and V2G chargers as described in Table 1. Upon review by ComEd if these sites meet the eligibility criteria and are approved by ComEd, the team will enroll these sites by Q1 of 2025 to begin piloting Q2, 2025, provided these sites meet the eligibility criteria. NUVVE will work with RI to draft and implement T&C’s with the sites, contingent on ComEd’s review and approval. All items described in the SOW will be completed by the end of 2025. Given the lead time to incorporate additional school districts, piloting additional sites will not be a part of this SOW. However, NUVVE will support RI to prepare additional sites as part of the outreach and engagement scope, delivering a list of school districts that would be prepared to participate in a larger pilot program as early as 2026. Table 1. Pilot Sites Existing Test Sites Charging Infrastructure Electric Buses ▇▇▇▇ School District (2 chargers) with 2 buses 2 Nuvve V2G chargers 2 buses (1 V2G and 1 non-V2G) Wauconda School District (1 charger) with 2 buses 1 Nuvve V2G charger 2 buses River Trails School District (1 charger) with 1 bus 1 Nuvve V2G charger 1 bus Initial Testing for Existing Sites Our partners at Nuvve will leverage their existing relationships with the ▇▇▇▇, River Trails, and Wauconda school districts to quickly ramp up to piloting. Nuvve has already done most of the preliminary work, including site preparation, technology testing, and installation of V2G charging infrastructure. Testing for these sites will primarily be interoperability tests between Nuvve infrastructure and the electric buses that the school districts use. We will also build in time for signal testing and data sharing. The ▇▇▇▇ School District will require interoperability testing. The school district currently has 1 Lion bus (confirmed to work with Nuvve’s technology) and 1 Micro Bird on order that was expected by September 2024 (delivery confirmed). Nuvve will assess the feasibility of V2G interoperability between Micro Bird and its V2G chargers. Once the agreement is signed, Nuvve will engage with Microbird and update RI on its feasibility analysis. Cybersecurity Review The project team will create a cybersecurity plan for sharing sensitive information. We consider this a crucial step to protect ComEd and customer’s data integrity, confidentiality, and availability. Here are the steps we’ll follow during this phase of the pilot. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 22 of 125 Risk Assessment: We’ll start by identifying sensitive information, determining what data needs protection (e.g. personal identifiers), and evaluating the potential threats and vulnerabilities associated with sharing this data. Data Classification: Similarly, we’ll classify data based on sensitivity (Public, Internal, Confidential, Restricted) with feedback from ComEd. We’ll establish handling protocols for each classification level to determine what needs to be censored before sharing with the pilot evaluator. Access Control: We’ll implement the principle of least privilege (PoLP), limiting access to sensitive information only to those who need it. We will also utilize role-based access controls (RBAC) to enforce data access policies. Data Encryption: Use strong encryption methods for data in transit and at rest as needed and ensure that encryption keys are managed securely. Secure Sharing Tools: We’ll use trusted platforms and tools that offer secure sharing capabilities. Monitoring and Auditing: We will implement logging and monitoring to track access and sharing of sensitive information. We’ll also conduct regular audits of data sharing activities and compliance with policies. Incident Response Plan: We will develop and maintain an incident response plan for data breaches or security incidents. Ensure the plan includes steps for containment, investigation, notification, and remediation. Compliance with ComEd Guidelines and Legal Considerations: We will stay informed about data protection regulations (e.g., GDPR, HIPAA, CCPA) and ensure compliance. Implement data handling agreements and confidentiality clauses with each customer. This will be included in the PPA. Piloting Once all preliminary start up activities are completed, we’ll move into the piloting phase. Pilot activities are made possible thanks to Nuvve’s GIVE and Fleetbox platforms. More information on these technologies is included separately. The main activities during the pilot phase include: Collecting EV charger or telematics data (at least 15-minute interval data) to be used for evaluation purposes and for V2G compensation: Nuvve chargers send extensive datasets (including but not limited to details on the power, current, and voltage, state-of-charge of the bus battery, status of the charging station) to the Nuvve platform every second (“Telematic Data”). For this program, Nuvve will leverage its platform to generate reports and data required for V2G compensation. The platform ingests the customer tariffs and optimizes their charging schedule to meet the EV operational needs while minimizing energy costs. Providing ongoing, daily charging optimization for school district/fleet operator customers participating in the pilot program, using Nuvve’s platform to ingest the customer tariffs and optimize customer charging schedule to meet the ESB operational needs while minimizing energy costs. Providing customer notifications and ongoing customer support. Upon loss of data from chargers the system notifies Nuvve’s internal teams who then take actions to remotely troubleshoot issues. If applicable, Nuvve’s customer experience team coordinates with the customer to dispatch Field Service Representatives (FSR) as required. Developing a risk assessment plan and safety protocols to ensure safety and reliability of the school buses participating in the pilot program. Nuvve partners with OEMs to conduct interoperability prior to production launch, all ESB and chargers participating in the program are certified to meet all safety and regulatory requirements. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 23 of 125 Providing training, if required, to ESB drivers or operators during V2G operations. Nuvve’s customer experience and support team is always actively engaged with its customers. During onboarding, customers are introduced to their designated customer representative, who they can call for any questions or issues, and they can rely on Nuvve to quickly triage and address any concern. The team maintains open communication channels and provides training on electrification, charging, energy management, and V2G operations. Data Sharing & Analysis The project team understands that we’ll need to regularly share data during the piloting phase. We are committed to: Collecting, monitoring, and reporting data (both raw data and reports): To perform insightful data collection and support the Evaluator in analysis, the project team (Nuvve, RI, and ComEd) will: o Compile and assess the data across a variety of categories and build a data repository, including details about installed charging stations, usage statistics, energy delivery, projected reductions in air pollution, and other relevant data. Our data collection efforts will include the following categories: Emissions Reduction Data: GHG emission reductions, comparison of reductions in electric vs. traditional gas-powered school bus Environmental Data: air quality and pollution levels within school bus route Accessibility Data: demographics, income levels, and transportation needs of the community and individuals School Bus Performance Data: bus usage profiles, miles traveled, battery end-of-life considering V2G use, and performance across environmental and seasonal variations V2G Implementation Data: tracking success of testing, output power/energy, impacts on feeder/grid, overall V2G equipment health and performance, reliability of events Communication Data: tracking of successful communication between all equipment and software platforms, log, and triage communication failures Participation Data: tracking of participation rate of enrolled customers and V2G equipment, log, and triage equipment downtime Customer Support and Recruitment: tracking of customer inquiries, reasons for not joining pilot, log and triage customer issues and questions Survey and Qualitative Data: We will gather feedback from school district fleets and community members such as driver perceptions and observations and share quantitative and qualitative feedback with ComEd. o Analyze the data to discern project performance, economic impact, and impacts on R3/EJ/LI communities, and associated environmental effects. o Regularly submit and/or make data available to the project team, selected pilot evaluation vendor, and ComEd. o RI and Nuvve will develop progress reports for ComEd on a biweekly basis, or more frequently if desired. o Complete a V2G Cost Benefit Analysis methodology and conclusion from two different perspectives - school districts and ComEd. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 24 of 125 These are preliminary metrics identified during the RFP process. NUVVE will work closely with ComEd and evaluator vendor to propose and identify additional data to monitor based on previous experience and industry best practices. Consolidating daily customer data into daily on-peak and off-peak totals. Nuvve chargers are connected to its cloud and controlled by Nuvve’s platform. Nuvve chargers send extensive datasets to the platform, which is used for operational functions and is also stored in the Nuvve data warehouse for reporting and data science purposes. Nuvve also has experience in designing and implementing API based integration with EV telematics systems. Nuvve currently has telematics integrations with major ESB OEMs. Data Sharing Addendum o Within thirty (30) days of the Task Order Effective Date, the Parties also agree to negotiate, conclude and enter into a separate, Data Sharing Addendum governed by the Agreement that incorporates the following principles: Data generated from each EV charger and electric bus shall be uploaded from each EV Charger unit to a secure, cloud based environment managed by the evaluator; The Data will be synced and updated once a week; “Participation Agreements” will be created and provided to each using entity of the EV Chargers (e.g., school districts and their transportation divisions) that grant each of the parties (including RI and it’s partners) those data use rights further described in the data sharing addendum. The parties shall also specify in the data sharing addendum the precise dataset details and fields to be collected at the EV Charger site by the parties (based on customer demands and requirements). Proposed Test Cases In coordination with ComEd and evaluator vendor, NUVVE will propose and participate in the development of V2G test cases that will support pilot’s objectives and ensure that the final test plan establishes a strong shared understanding of the use cases to ensure project success. RI and Nuvve will also work with ComEd to finalize V2G dispatch mechanism and V2G dispatch schedule. Customer Support Nuvve will provide customer support for the 3 existing sites identified for this pilot. This includes ongoing communication with local staff, availability to take calls during business hours, and informing customers when systems identify an issue that requires troubleshooting. Interconnection NUVVE will work with its 3 site host customers and ComEd to apply for interconnection agreements. Timeline Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 25 of 125 Milestone Timeline Deliverable(s) 1 Contract Negotiations October 2024 – January 2025 Detailed SOW and signed contract Architecture diagram Participate in ComEd IT Governance and Architecture process 2 Customer Acquisition February 2025 Pilot T&Cs and Participation Agreements Incentive Plan Design Ensure all agreements are in place to begin testing in Q1 2025 Interested School District Participant List 3 Customer Enrollment & Outreach & Marketing February 2025 – March 2025 Informational Webpage Educational Webinars & Presentations Enroll Customers Press Release 4 Initial testing design review March 2025 – April 2025 V2G Test Plan Finalized list of data that will be collected, monitored, and shared Finalized Data Sharing Agreement Interconnection Agreement process started 5 Cybersecurity review begins May 2025 Cybersecurity Testing Results Participant Protection Plan 6 Site development February 2025 – May 2025 Interconnection Agreement (for existing sites) Conceptual Design (for new sites) Cost Estimates (for new sites) 7 Pilot testing initiation, for existing sites April 2025 (existing sites, assuming approved interconnection agreements) Event Dispatch Data transfers to Evaluator and ComEd Monthly Updates Quarterly Reports 8 Pilot testing conclusion Q4 2025 Pilot Participant Feedback Survey Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 26 of 125 Milestone Timeline Deliverable(s) 9 Pilot completion December 2025 Final Report Expanded Pilot Recommendation Case Studies Success Stories Press Release Reporting & Meetings A communication plan will be finalized during the kickoff meeting. The plan incorporates daily data sharing, regular weekly meetings, and monthly/quarterly reports. Weekly Data Sharing Purpose: To share data with the pilot evaluator quickly and safely. Relevant Stakeholder(s): ComEd (informed), Pilot Evaluator Weekly Meetings Purpose: To discuss project progress, identify potential issues, and make decisions on a timely basis. Attendees: Project team members (RI & Nuvve), ComEd Agenda: o Review project objectives and goals o Discuss completed tasks and upcoming milestones o Address any challenges or roadblocks o Assign action items and deadlines o Provide updates on budget and timeline o Discuss communication strategies Monthly & Quarterly Reports o Purpose: To provide a comprehensive overview of project status and achievements. o Distribution: Sent to ComEd by email and reviewed during meetings o Content: Executive summary Project objectives and goals Key accomplishments and milestones achieved Challenges faced and mitigation strategies Budget status Timeline updates Upcoming tasks and deliverables Recommendations for future actions o Format: Can be a written report, presentation, or a combination of both. Additional Communication Channels Email: For sharing updates, documents, and announcements. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 27 of 125 For internal communication and collaboration. Project Management Software: For tracking tasks, assigning responsibilities, and managing timelines. Post Launch Communications. As the electric school bus V2G pilot program concludes, effective post-pilot communication is crucial to maintaining momentum, sharing success stories, and fostering ongoing engagement with the local community. Resource Innovations will deliver a comprehensive post-pilot communication strategy to ComEd’s marketing and communications team that highlights the program’s achievements and paves the way for future initiatives. The goal of the post-pilot communications is to recognize and celebrate the achievements and milestones reached during the program, communicate the outcomes and lessons learned through the pilot, and to expand awareness of electric school busses, V2G technology and its benefits to a wider audience, setting the stage for broader adoption, and ideally, additional funding. For the V2G pilot, our team can provide a suite of post pilot communications that include: Final Report and Executive Summary: We will provide comprehensive final report detailing the pilot’s objectives, processes, results, and key findings, paired with an executive summary for broader distribution if necessary. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 28 of 125 ANNEX III – CLIENT MANDATORY CONTRACT CLAUSES To Task Order No. AV90851001 The obligations of Resource Innovations to Client will be deemed to be the obligations of the Contractor to Resource Innovations and Client. Whenever necessary to make the context of the clauses set forth below applicable to this Task Order, the term “Buyer” will mean Resource Innovations and Client, Terms and Conditions will mean these Client Mandatory Contract Clauses, the term “Subcontractor” will mean lower-tier contractor, and the term “Agreement” or “Purchase Order” will mean this Task Order. ARTICLE 1. DEFINITIONS As used in these Terms and Conditions, the following terms will have the following meanings: “Affiliate” means, with respect to Exelon, those entities identified in Exhibit A as amended from time to time by Exelon, and with respect to both Parties, also includes those Persons that, directly or indirectly, now or hereafter, own or control, are owned or controlled by, or are under common ownership or control with a Party, where “control” means at least a fifty percent (50%) ownership interest. “Background Investigation” means a Contractor-performed background investigation of Contractor Personnel who will perform Work for Buyer that meets the Background Investigation requirements set forth in Section 19.5 of these Terms and Conditions. “BES Cyber System Information” is a category of Restricted Confidential Information and means information about the BES Cyber System that could be used to gain unauthorized access or pose a security threat to the BES Cyber System. BES Cyber System Information does not include individual pieces of information that by themselves do not pose a threat or could not be used to allow unauthorized access to BES Cyber Systems, such as, but not limited to, device names, individual IP addresses without context, Electronic Security Perimeter names, or policy statements. Examples of BES Cyber Asset Information include security procedures or security information about BES Cyber Systems, physical access control systems, and electronic access control or monitoring systems that are not publicly available and could be used to allow unauthorized access or unauthorized distribution; collections of network addresses; and network topology of the BES Cyber System. “BES Cyber System” has the definition given to it by NERC (CIP-011-2), and includes any installed software and electronic data, and communication networks that support, operate, or otherwise interact with the bulk electric system operations that are identified by Buyer or its Affiliate as a BES Cyber System. “Blanket Purchase Order” (or “Blanket Contract”) means a written agreement between the Parties setting forth general commercial and technical terms for repetitive orders of the same Materials or Services against which multiple Purchase Order Releases may be issued. A Blanket Purchase Order or Blanket Contract is not a “Purchase Order” as defined in these Terms and Conditions and does not authorize the commencement of Work or submission of invoices by the Contractor. “Business Day(s)” means any calendar day that is not a Saturday, Sunday or legal holiday in the state where the Work is performed. “Buyer” means Exelon or the Affiliate that issues a particular Purchase Order. “Buyer Data” means any data, documents or information in whatever media: (a) provided to Contractor by ▇▇▇▇▇; (b) provided to Contractor by a third-party contractor of Buyer, customer of Buyer or other Person designated by ▇▇▇▇▇ ; or (c) sent by Contractor to a third-party contractor of Buyer, customer of Buyer or other Person designated by ▇▇▇▇▇, including images of bills and invoices, telephone call recordings, records of solicitations, and other correspondence. “Buyer-Furnished Property” means Electronic Information Assets, designs, dies, drawings, equipment, ID cards and passes, keys, molds, patterns, tools, tooling, and other materials supplied or paid for by Buyer for Contractor’s use in completing the Work. “Buyer’s Designated Representative” means the individual or individuals designated by ▇▇▇▇▇ who will provide the general administration of these Terms and Conditions in connection with, and will be Buyer’s field representative in all matters related to, the Purchase Order. Buyer may, in its sole discretion, change its representatives at any time or from time to time, and will promptly notify Contractor, in writing, of any such change. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 29 of 125 “Buyer Parties” means Buyer, its Affiliates, their members, officers, directors, employees, agents, representatives, successors, and assigns. “Buyer Parties Property” means any personal, real, tangible or intangible property of the Buyer Parties, including, Buyer Data, Buyer-Furnished Material, Buyer-Furnished Property, Critical Cyber Assets, Electronic Information Assets, buildings, equipment, Intellectual Property, structures, and vehicles. “Buyer Personnel” means Buyer’s directors, officers, employees, consultants, independent contractors, agents and representatives. “CEII” is a category of Restricted Confidential Information and means “Critical Energy Infrastructure Information” as defined by FERC (18 CFR 388.113(c)(1)), and includes specific engineering, vulnerability, or design details about proposed or existing critical infrastructure (physical or virtual) that: (a) relates details about the production, generation, transmission, or distribution of energy; (b) could be useful to a person planning an attack on critical infrastructure; (c) is exempt from mandatory disclosure under the Freedom of Information Act (FOIA); and (d) gives strategic information beyond the location of the critical infrastructure; and “Critical Electric Infrastructure Information” as defined in Fixing America’s Surface Transportation Act, Pub. L. No. 114-94 § 61,003 (to be codified at 16 U.S.C. § 824 et seq.), 18 C.F.R. §§ 388.112-113. “Change Order” means a written order issued by Buyer that permits and directs an addition to, deletion from, or adjustment or revision to a Purchase Order. “Compensable Delay” means only the following events and only if they impact the critical path of the Work: (1) material delays caused solely by Buyer; and (2) Material Change ordered in the Work not due to Contractor’s fault. “Confidential Information” means: all information disclosed by or on behalf of a Party, regardless of the form or medium contained or stored in (including hard copy, electronic, or digital form), that is: (1) marked or identified as “confidential,” “proprietary,” or with words of similar import; (2) is required by Law or by agreement to be maintained as confidential, including Customer Information, Energy Usage Data when combined with Customer Information, State Regulated Information, and Third Party Confidential Information; (3) not generally available to the trade or public and that may be of competitive or economic value to the owner, including Background Investigation reports, business methods, business plans, credit report information, financial information, Intellectual Property, labor negotiations, legal documents, market research, marketing strategies and techniques, outage schedules, operations and operational requirements, payroll information, personnel information, plant status, policies and procedures, pricing data and price lists, proposals for Materials and Services; prospect lists, and contact information, research software, technical information and technology; and (4) Restricted Confidential Information. Confidential Information will include any such information not generally known by the trade or public, even though such information has been previously disclosed to one or more third parties pursuant to confidentiality agreements, disclosure agreements or other agreements or collaborations entered into by disclosing Party. “Conflict of Interest” means any circumstance in which Contractor’s interests or the interests of another Person with whom Contractor has a relationship are materially adverse to the interests of Buyer or its Affiliates. “Consulting Services” means Services such as the review, assessment, study, advisement, evaluation or provision of information on a project, process or strategy provided by a Contractor with experience and expertise in the relevant field. Staff Augmentation or other Services that are similar to or in the same nature as those performed by Buyer’s employees within the normal course of Buyer’s business are not Consulting Services. “Contract Documents” means the Purchase Order, any Change Orders thereto, these Terms and Conditions, and any other documents identified as Contract Documents herein, or in such Purchase Order or Change Orders. “Contract Price” means the price set forth in the Purchase Order (as may be adjusted pursuant to any subsequent Change Orders) to be paid by Buyer to Contractor for the Work, including any incentives or bonuses. “Contractor” means the Party identified as such in these Terms and Conditions or its Affiliate, which is named in the Purchase Order as Contractor and which is contractually responsible to perform the Work pursuant to the Purchase Order incorporating these Terms and Conditions. “Contractor’s Designated Representative” means the individual or individuals designated by the Contractor who will provide the general administration of these Terms and Conditions in connection with, and will be Contractor’s field representative in all matters relating to, the Purchase Order. “Contractor Parties” means Contractor, its Subcontractor, and their respective officers, directors, employees, agents, representative, subsidiaries, successors, or assigns. “Contractor Personnel” means any and all individuals assigned by, through or on behalf of Contractor or its Subcontractors to perform the Work, including their partners, employees, officers, and agents. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 30 of 125 “Critical Cyber Assets” has the definition given it by NERC (CIP-002), and includes computers, including installed software and electronic data, and communication networks that support, operate, or otherwise interact with the bulk electric system operations. “Customer Information” is a category of Confidential Information and means information supplied to Buyer by its residential, commercial, industrial, retail and wholesale customers. “Cyber Security Incident” means any malicious act or suspicious event, or group of suspicious events occurring during the performance of, or in connection with the Work, that compromises or had the potential to compromise Electronic Information Assets and Buyer’s Electronic Information stored or transmitted on them; disrupts, or had the potential to disrupt the operation of Buyer’s business through or using Electronic Information Assets; or violates a cyber security or information security requirement in the Contract Documents, Cyber Security Laws or Policies and Procedures. “Cyber Security Laws” means any Laws pertaining to the prevention and reporting of Cyber Security Incidents, including Cybersecurity Act of 2015 (P.L. 114-113), Cybersecurity Enhancement Act of 2014 (P.L. 113-2), Economic Espionage Act of 1996 (18 U.S.C. § 1030, §§ 1831-39). “Day(s)” means any calendar day. “Disaster Recovery Plan” means a disaster recovery plan set forth in Section 3.7 (Disaster Recovery and Business Continuity). “Disputes” means disputes between the Buyer and Contractor arising under or out of the applicable Contract Documents. “Diverse Supplier” means a business entity that is at least 51% owned and controlled by one or more individuals who are socially and economically disadvantaged. Socially disadvantaged includes citizens or lawfully admitted permanent residents of the United States who fall into the following minority groups: African American, American Indian/Native American, Asian, Hispanic, Service Disabled Veteran, Veteran, Lesbian Gay Bi-sexual & Transgendered (LGBT) and Woman. Economically disadvantaged includes businesses in historically underutilized business zones that are located within a qualified census tracts; qualified non-metropolitan counties, or lands within the external boundaries of an Indian reservation. “Diversity-Certified Supplier” means a Diverse Supplier that has been certified by a third-party certifying agent. The Exelon Diverse Business Empowerment (EDBE) office maintains a list of third-party certifying agents. “Dollars” and “$” means United States Dollars. “Drawings” means the final drawings to be provided by Contractor in accordance with the Scope of Work. “Drug” or “Drugs” includes any (1) chemical substance whose manufacture, use, possession, purchase, or sale is prohibited by Law, and (2) legal chemical substances (whether a narcotic, controlled substance, prescribed drug, or over- the-counter medication) obtained illegally, taken for purposes of abuse, or the use of which would impair the user’s physical or cognitive abilities. “Effective Date” means, notwithstanding anything herein to the contrary, the date set forth on the cover page hereto, or, if there is no such date, then the date Contractor first accepts a Purchase Order incorporating these Terms and Conditions. “EDI” means Electronic Data Interchange. “Electronic Information” means any information processed or stored in an electronic format (e.g., emails, text messages, raw data, sound files, image files, video files, documents, spreadsheets, databases, programs and algorithms) “Electronic Information Assets” means any electronic device or system for creating, processing, storing, transmitting or receiving Electronic Information which is owned, leased or operated by or on behalf of Buyer including but not limited to computers (e.g., laptops, desktops), computer applications, and computer systems (e.g., servers and routers), voicemail, facsimile (fax), printers, copiers, telephone, recording devices; portable devices (e.g., smart phones, tablets), wireless routers, electronic mail, web pages, modems, internal computer network and external computer access (e.g. systems accessing the internet, intranet, value add networks and bulletin boards). “Electronic Security Perimeter” means the logical border surrounding a network to which BES Cyber Systems are connected using a routable protocol. “Emergency Work” means Work requested by ▇▇▇▇▇ in writing to be performed by Contractor prior to execution of a Purchase Order or Change Order due to exigent circumstances. “Energy Usage Data,” commonly known as interval data, means a series of measurements of the energy consumption for a specific customer, taken at regularly spaced intervals. The size of the interval refers to the amount of time that occurs between each measurement (i.e. monthly, daily, hourly, etc.). Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 31 of 125 “Environmental Laws” means any Laws pertaining to the protection of the environment, including the Comprehensive Environmental Response, Compensation and Liability Act, 42 U.S.C. 9601, et seq. (“CERCLA”); the Resource Conservation and Recovery Act, 42 U.S.C. 6901, et seq. (“RCRA”); the Toxic Substances Control Act, 15 U.S.C. 2601, et seq. (“TSCA”); the Clean Air Act, 42 U.S.C. 7401, et seq. (“CAA”); the Federal Water Pollution Control Act, 33 U.S.C. 1251 et seq. (“FWPCA”); and the Emergency Planning & Community Right-to-Know Act , 42 U.S.C. 11001 et seq. (“EPCRA”) and any other Law that governs: (a) the existence, removal, or remediation of Hazardous Substances on real property; (b) the emission, discharge, release, or control of Hazardous Substances into or in the environment; or (c) the use, generation, handling, transport, treatment, storage, disposal, or recovery of Hazardous Substances. “ESOC” means the Exelon Security Operations Center (Tel. ▇-▇▇▇-▇▇▇-▇▇▇▇). “Equitable Adjustment” means a negotiated change to the Contract Price and/or other affected provisions of the Contract Documents agreed to between Contractor and Buyer where a Change Order results in a Material Change. Equitable Adjustments may result in an increase or decrease in the Contract Price, time for performing the Work, or change to other material obligations of the Parties under the Contract Documents, as appropriate, based on the nature of the Material Change. “FERC” means the U.S. Federal Energy Regulatory Commission or its successor. “Final Completion” means the date for completion of the Work listed in the Purchase Order or Project Schedule. In the event of a conflict between the date of Final Completion listed in the Purchase Order and the Project Schedule, the date listed in the Project Schedule will govern. “Final Payment” means payment of all monies due but not previously paid to Contractor under a Purchase Order after receipt by ▇▇▇▇▇ of Contractor’s final invoice. “Force Majeure” means the occurrence of a Cyber Security Incident fire, flood, earthquake, elements of nature or act of God, Labor Disputes, riot, civil disorder, terrorist act, rebellion or revolution, government embargo, quarantine, sanction, order, or other mandate; government inaction or delay in granting a required permit or approval; change in Law; Nuclear Incident, Precautionary Evacuation or other catastrophic event beyond the reasonable control of a Party that delays or prevents the party, directly or indirectly, from performing its obligations under a Purchase Order, provided that (i) the non- performing Party is without fault in causing or failing to prevent such occurrence, and (ii) such occurrence could not have been avoided by reasonable precautions and cannot be circumvented through the use of commercially reasonably alternative sources, workaround plans, or other means. A Labor Dispute by Contractor Personnel is not Force Majeure for Contractor. Mechanical failure of Contractor’s equipment is not Force Majeure unless caused by Force Majeure.. “Governmental Authority” means any and all federal, state, county, municipal, local, foreign or other government, or any agency or subdivision of any or all of the foregoing, or any quasi-governmental agency, self-regulating organization, electric reliability organization or regional reliability organization, board, bureau, commission, department, instrumentality, or public body, or any court, administrative agency, arbitrator, mediator, regulator, or other tribunal or adjudicative authority. “GPPMA” means the Exelon Generation Company, LLC Generating Facility Amendment to the General Presidents Project Maintenance Agreement, dated April 14, 2005, as amended. “Hazardous Substances” means and includes chemicals, flammable substances, explosives, radioactive materials, asbestos, hazardous wastes or substances, crude oil or any fraction thereof, refined or partially refined petroleum products, and any other contaminants, wastes, pollutants, or materials in any physical form that may pose a present or potential threat to human health and safety or the environment, including material falling within the definitions of “hazardous substance,” “hazardous constituent,” “toxic substance,” “hazardous material,” “hazardous waste,” “extremely hazardous waste,” “restricted hazardous waste,” “pollutant,” “special waste,” or words of similar import under any Environmental Law. “Health and Safety Laws” means any Laws pertaining to safety and health in the workplace, including the Occupational Safety and Health Act, 29 U.S.C. 651 et seq. (“OSHA”), and the Toxic Substances Control Act, 15 U.S.C. 2601, et seq. (“TSCA”). “Intellectual Property” means the separate and distinct types of intangible property that are referred to collectively as “intellectual property,” including algorithms, compositions, compilations, data developments, designs, devices discoveries, flow charts, formulas, ideas, inventions, know-how, methods, object codes, processes, source codes, system plans, trade names, and trade secrets. “IP Rights” means all rights, title and interest in and to Intellectual Property, including patents, copyrights, shop rights, moral rights, licenses, and other intangible proprietary or property rights, whether or not patentable (or otherwise subject to legally enforceable restrictions or protections against unauthorized third party usage), and any and all applications for, and Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 32 of 125 extensions, divisions and reissuances of, any of the foregoing, and rights therein, and whether arising by statute or common law. “Key Personnel” means Contractor Personnel who possess critical knowledge or skills for performance of the Work and whose loss might delay or disrupt performance of the Work. “Labor Dispute” means any controversy concerning terms or conditions of employment, or concerning the association or representation of persons in negotiating, fixing, maintaining, changing, or seeking to arrange terms or conditions of employment, regardless of whether or not the disputants stand in the proximate relation of employer and employee, including lock-outs, picketing, strikes, or other labor actions or disturbances. “Law” or “Laws” means all laws, statutes, codes, ordinances, rules, regulations, lawful orders, applicable guidance documents from regulatory agencies, judicial decrees and interpretations, standards, requirements, permits and licenses; including Cyber Security Laws, Environmental Laws, Health and Safety Laws, tax laws and applicable tax treaties, building, labor and employment laws; as amended from time to time, of all Governmental Authorities that are applicable to the Work and any of Contractor’s obligations under the Contract Documents. “Lien” means any judgment, charge, mortgage, deed of trust, encumbrance, pledge, lease, easement, servitude, exercise of rights, powers or privileges, rights of others, security interest, or claims of any kind, including, among other things, any oral or written agreement to give any of the foregoing or arising under any conditional sale or title retention agreement or under any federal, state, county, municipal, local, or other governmental lien imposed as a result of an actual or alleged violation of any applicable Law. “Material” means all raw material, equipment, components, products, supplies, goods, and documentation to be furnished by Contractor and necessary to complete the Work set forth in the Purchase Order. “Material Change” means a Change Order that has the effect of changing the cost to Buyer or Contractor (whether because of a change in the prices for the Material or the Services, the amount or type of Material or the scope of the Services, or otherwise), or materially affecting the time for performance, warranties, or other obligations of the Parties. “Material Business Information” is a category of Restricted Confidential Information and means non-public information of the Buyer or its Affiliates that would be considered important by a reasonable investor in deciding whether to buy, sell or hold securities of the Buyer or its Affiliates, and includes information could reasonably be expected to affect the price of the Company's securities if it were disclosed to the public; information concerning earnings estimates or targets, dividends, proposals or agreements for significant mergers, acquisitions or divestitures, liquidity or litigation problems, important management changes, pending regulatory actions and other similar events. “Material IP Information” means information pertaining to Contractor Intellectual Property incorporated into the Work, before and after Final Completion, required by Buyer in order to permit Buyer to secure or maintain in effect any license or permit for the Site or facility for which the Work is intended, or otherwise to use or obtain the full benefits of the Work. “Milestone(s)” means a significant task(s) to be performed or achieved by Contractor in performing Work as specified in Purchase Orders. “Milestone Dates” means the Delivery Dates, the date of Substantial Completion, the date of Final Completion, and any other dates identified as such in the Purchase Order or Project Schedule for Contractor’s completion of specific components of the Work. “MSP” or “Managed Service Provider” means a third party engaged by Buyer to manage and contract with Persons to supply Buyer with Staff Augmentation Work “NERC” means the electric reliability organization known as the North American Electric Reliability Corporation or its successor, or a regional reliability organization with authority delegated by NERC, including the ReliabilityFirst Corporation, Northeast Power Coordinating Council, Florida Reliability Coordinating Council, Midwest Reliability Organization, SERC Reliability Corporation, Southwest Power Pool, RE, Texas Regional Entity, and the Western Electricity Coordinating Council. “NERC CIP Information” is a category of Restricted Confidential Information and means NERC Critical Infrastructure Protection operational procedures, lists as required in NERC Standard CIP-003-3, network topology or similar diagrams, floor plans of computing centers that contain Critical Cyber Assets, equipment layouts of Critical Cyber Assets, disaster recovery plans, incident response plans, and security configuration. “No-Lien Contracts” mean Purchase Orders for Work involving the construction of improvements to Buyer’s property in jurisdictions that do not permit contracts containing a provision providing that the Contractor and its Subcontractors may not file a Lien on the Work. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 33 of 125 “NRC” means the U.S. Nuclear Regulatory Commission, its predecessor the Atomic Energy Commission, and its successors. “Nuclear Special Terms and Conditions” means the terms and conditions attached hereto and incorporated herein as Exhibit E. “Party” or “Parties” means Contractor or Buyer, individually or Contractor and Buyer, collectively. “Person” means any natural person, partnership (limited, general, or other), joint venture (limited or otherwise), company (limited liability or otherwise), corporation, association, Governmental Authority, or any other legal entity of whatever kind or nature, together with any combination of one or more of the foregoing. “Personally Identifiable Information” or “PII” is a category of Restricted Confidential Information and means any name, number, or other information that may be used, alone or in conjunction with any other information, to identify, distinguish, trace or assume the identity of a specific person, including any: (1) names, initials, mother’s maiden name, address, email address, password, account number, social security number, date of birth, official state or government issued driver’s license or identification number, alien registration number, government passport number, employer or taxpayer identification number, or any similar identification; (2) personal, financial, or healthcare information; (3) credit and debit card information, bank account number, credit card number or debit card number; (4) unique biometric data, such as fingerprint, voice print, retina or iris image, or other unique physical representation, (5) unique electronic identification number, address, or routing code; (6) telecommunication identifying information or access device as defined in 18 U.S.C. §1029(e); (7) personal preferences, demographic data, marketing data; (8)“Nonpublic Personal Information,” as defined under the ▇▇▇▇▇-▇▇▇▇▇- ▇▇▇▇▇▇ Act (15 U.S.C. §6801 et seq.); (9) “Protected Health Information” as defined under the Health and Insurance Portability and Accountability Act of 1996 (42 U.S.C. §1320d); (10) “Personal Data” as that term is defined in EU Data Protection Directive (Directive 95/46/EEC) on the protection of individuals with regard to processing of personal data and the free movement of such data; or (11) any other similar identification data. “Policies and Procedures” means all applicable rules, policies, Site requirements, and procedures of Buyer and any of its Affiliates, including those in Exhibit B, which have been or will be provided to Contractor and/or posted on a secure website as designated by Buyer. “Privacy and Consumer Protection Laws” mean Laws pertaining to privacy and confidentiality of consumer information, PII, consumer protection, and advertising, whether in effect now or in the future and as they may be amended from time-to- time, including the ▇▇▇▇▇-▇▇▇▇▇-▇▇▇▇▇▇ Act of 1999 (Public Law 106-102, 113 Stat. 1138) and its implementing regulations and the Fair and Accurate Credit Act of 2003. “Professional Services” means the performance of a particular business function of a professional nature for the Buyer, including actuarial studies, advertising, audit services, engineering design and evaluation, expert witnesses, financial services, graphic design, legal services, medical or laboratory services, marketing, recruiting and staffing, regulatory work, testing, and classroom and on-line training. The function can be inside or outside the scope of the Buyer’s routine operations. Professional Services are typically performed at the Contractor’s business location. “Project Schedule” means the schedule mutually agreed to by ▇▇▇▇▇ and Contractor for the performance of the various elements of the Work identified in the Purchase Order. The Project Schedule will be one of the Contract Documents. “Punchlist” means an itemized list prepared by Contractor and augmented, if necessary, by Buyer, of those portions of the Work, which Buyer’s inspection indicates have not been completed in accordance with the requirements of the Contract Documents. “Purchase Order” means a written or electronic document issued by Buyer to Contractor incorporating by reference these Terms and Conditions and which upon acceptance by Contractor creates a contract for the performance of the Work. As used herein, the term Purchase Order includes documents that may be variously referred to as “Contracts” when issued for Services or as or as “Purchase Order Releases” or Contract Releases” when issued against a Blanket Purchase Order or Blanket Contract. “Purchase Order Amount” or “Purchase Order Value” (“POA” or “POV”) means the Contract Price in the case of a fixed price, lump sum Purchase Order; or a mutually agreed estimate of the total amount to be invoiced under a Purchase Order that includes, in whole or part, time-and-material or other variable pricing. The POA or POV is for finance and accounting control purposes and is not a cap on the final Contract Price for the Work. “Purchase Order Release” or “Release” means a Purchase Order issued against a Blanket Purchase Order and incorporating the provisions of the Blanket Purchase Order. “Real Time Industrial Control Systems Information” is a category of Restricted Confidential Information and means information regarding the configuration or protection of real-time industrial control systems. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 34 of 125 “Rejected Work” means any part of the Work found to be defective or not in accordance with the Contract Documents and rejected by the Buyer prior to Final Acceptance. “Removable Media” means portable or removable hard disks, floppy disks, USB memory drives, zip disks, optical disks, CDs, DVDs, digital film, memory cards (e.g., Secure Digital (SD), Memory Sticks (MS), CompactFlash (CF), SmartMedia (SM), MultiMediaCard (MMC), and xD-Picture Card (xD)), magnetic tape, and all other removable data storage media. “Restricted Confidential Information” is a subset of Confidential Information and includes: (1) attorney-client privileged communications and attorney work product of Buyer; (2) BES Cyber Asset Information (3) CEII; (4) Critical Cyber Asset Information; (5) Material Business Information; (6) NERC CIP Information; (7) Personally Identifiable Information; (8) Real- Time Industrial Controls Systems Information; (9) Safeguards Information; (10) security plans involving both physical and cyber assets; (11) SUNSI; (12) Transmission Function Information; (13) information that is controlled for export; (14) information marked “for your eyes only,” “for internal use only,” “reproduction or distribution prohibited”, or marked with similar restrictions (15) and other information that is protected by Law or Policies and Procedures that requires the highest level of access control and security protection. “Retiree” means an individual who formerly performed services for Exelon or its subsidiaries, was classified on Exelon’s payroll as a regular or temporary employee, and who previously received, is eligible to receive or is currently receiving benefit payments under a Retirement Plan or Savings Plan. “Retirement Plan” means any tax-qualified pension plan sponsored or maintained by Exelon Corporation or any of its subsidiaries. “Safeguards Information” is a category of Restricted Confidential Information and means information relating to (1) security measures for the physical protection of special nuclear material; and (2) security measures for the physical protection and location of certain plant equipment vital to the safety of nuclear power stations as set forth in 10 C.F.R. Section 73.2. “Safety-Related” means Work intended for, or performed on, systems, structures, components, procedures, processes and controls of a nuclear generating facility that are relied upon to remain functional during and following design-basis events and must be manufactured and/or performed in accordance with applicable NRC and nuclear industry standards for Safety- Related Materials and Services. “Savings Plan” means the Exelon Corporation Employee Savings Plan or any other tax-qualified savings plan maintained by Exelon or any Subsidiary. “Scope of Work” (or “Statement of Work”) means the detailed description of the Work to be provided by Contractor, typically broken out into specific tasks with assigned Milestone Dates, as set forth in the Purchase Order and other Contract Documents. “SDS” means Safety Data Sheet (formerly “Material Safety Data Sheet”) OSHA Form 20 or equivalent. “SOC Reports” mean Service Organization Control 1 and 2 Reports. “Services” means all of the labor, supervision, administration and other services identified in the Scope of Work and required to complete the Work set forth in the Purchase Order for Consulting and/or Professional Services. “Site” means Buyer’s facilities or such other premises (including premises owned or controlled by a third party) where the Work is to be performed and for which the Work is intended. “Special Terms and Conditions” means terms and conditions not contained in these Terms and Conditions but made a part of a Purchase Order by attachment to or reference therein. “Specification” means a highly detailed technical description of the Materials or Services to be provided by Contractor that includes the final characteristics, dimensions, tolerances, performance requirements, and certification and testing requirements, and references codes, drawings, procedures, documents, other particulars for the Work as applicable, which will be set forth in the Purchase Order or referenced and attached thereto as a Contract Document. “Staff Augmentation” means Work performed by Contractor Personnel who are employed and paid by the Contractor or a Subcontractor where ▇▇▇▇▇ may direct the Contractor Personnel’s work and the methods for completing the Work. “State-Regulated Information” is a category of Confidential Information and means information that is not generally available to the public that is related to either (1) Buyer’s or its Affiliates’ customers or (2) transmission and distribution systems, as further defined in various state Laws. “Subcontract” means the contract(s) between the Contractor and Subcontractor relating to Subcontractor’s performance of the Work. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 35 of 125 “Subcontractor” means any Person contracting directly with Contractor to furnish any part of the Work, or a Person contracting with a Subcontractor of Contractor (regardless of tier) to furnish any part of the Work. “Submittals” means all Specifications, Drawings, sketches, reports, shop drawings, diagrams, illustrations, schedules, object and source codes, and other data or information, which are prepared or assembled by or for Contractor and submitted by Contractor to Buyer pursuant to the Contract Documents. “Substantial Completion” means the point in time at which the entire or designated portion of the Work is sufficiently complete such that Buyer can occupy and utilize the Work for commissioning, start-up, and completion of performance, and reliability testing as required hereunder, with only Punchlist items remaining to be completed, as reasonably determined by Contractor and approved by Buyer. “SUNSI” or “Sensitive Unclassified Non-Safeguards Information” is a category of Restricted Confidential Information and has the definition given to it by the NRC and includes information that is generally not publicly available and that encompasses a wide variety of categories, such as proprietary information, personal and private information, or information subject to attorney-client privilege. “Suspension for Convenience” means any extension, suspension, or delay of Contractor’s performance of the Work for ▇▇▇▇▇’s convenience. “Terms and Conditions” means these Master Terms and Conditions Consulting and Professional Services between Contractor and Buyer together with all appendices, exhibits, schedules, and attachments hereto, all as such may be amended, restated, or supplemented from time to time as permitted herein. “Termination for Convenience” means termination of a Purchase Order, in whole or part, for Buyer’s convenience. “Test” means any test, inspection or witness point. “Third-Party Confidential Information” is a category of Confidential Information and means information that is owned by a third party and is disclosed to the Buyer with the requirement that it will be kept confidential. “TPPA” or “Third Party Personnel Acknowledgement” means a written acknowledgement that Contractor and its Subcontractor’s must obtain from all Contractor Personnel, substantially in the form of Exhibit C, stating that Contractor Personnel are not employees of Buyer, waiving any claims to compensation or benefits from Buyer in connection with their performance of the Work for the Contractor or Subcontractors, and identify whether they are former employees or retired employees of Buyer or Buyer’s Affiliates. “Transmission Function Information” is a category of Restricted Confidential Information and means information related to non-public transmission data, including information about available transmission capability, price, curtailments and/or ancillary services. “Work” means all Material, Services, and Submittals required to be provided by Contractor under the Purchase Order and its associated Contract Documents, including re-work and warranty work. “Work Product” means the Intellectual Property and any associated IP Rights resulting from the performance of the Work. The term Work Product excludes Buyer’s, Contractor’s, Subcontractors’ and third parties’ Intellectual Property and any associated IP Rights developed independently of the performance of the Work, even if incorporated into the Work. All other capitalized terms used herein but not set forth above will have the meanings ascribed to them in these Terms and Conditions. ARTICLE 2. SCOPE AND FORMATION OF CONTRACT ARTICLE 3. STANDARDS FOR PERFORMANCE 3.4 Site Investigations. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 36 of 125 Contractor will inspect the Site where the Work is to be performed and conditions under which the Work is to be executed and completed prior to Contractor’s acceptance of the Purchase Order, including soil conditions, any and all physical parameters necessary to build any structures, and groundwater conditions, including estimates of flow direction and volume, the nature, location, and type of contamination likely to be encountered, the location of any and all above or below ground utilities, approaches to the Sites and the space available for work areas, storage and temporary buildings. Except as expressly provided in the Purchase Order, Contractor will not rely on any investigations performed by or information provided by Buyer relating to the conditions at the Site. No reasonably discoverable condition existing at the Site at the time of Contractor’s opportunity for inspection will be deemed to adversely affect Contractor’s ability to perform the Work in accordance with the terms of the Contract Documents. Any understandings or representations concerning such conditions made before a Purchase Order is issued will not be binding on Buyer unless they are expressly stated in the Purchase Order. 3.5 Permits, Fees and Notices. 3.5.1 Unless otherwise specified in the Contract Documents, Contractor, at its expense, will obtain in advance of performing the Work, and maintain during performance of the Work, all necessary licenses, permits, and authorizations required of Contractor, the Contractor Personnel, Subcontractors and any other Person(s) to perform the Work under Contractor’s direction, and Contractor will be responsible for performance of the Work in accordance with the provisions of such licenses, permits, and authorizations. Any costs, fines, penalties, awards, damages, or other liabilities (including but not limited to fines assessed by any Governmental Authority) associated with any violations of this Section 3.5 will be borne and paid by Contractor. 3.5.2 Contractor will promptly tender to Buyer copies of all notices pertaining to the Work or the Site received from Governmental Authorities. 3.5.3 Contractor will post all notices and postings required by Law at the Site, including those for employees. 3.6 Compliance with Laws and Buyer Policies and Procedures. 3.6.1 All Work performed hereunder and all Work and Work Product generated in connection therewith will fully comply with all applicable Laws. Contractor will make all notifications relating to commencement and progress of the Work as required by applicable Laws. Additionally, where not in conflict with any other provision of this Section 3.6, Contractor will comply with Policies and Procedures. Contractor acknowledges that it has received or been provided electronic access to copies of the Buyer’s Policies and Procedures listed in Exhibit B. Buyer reserves the right to revise or update the Policies and Procedures from time to time, with or without notice to Contractor. At the request of ▇▇▇▇▇, Contractor will acknowledge in writing which Policies and Procedures of Buyer it has reviewed. 3.6.2 Contractor and Buyer each agree to fully comply with the Laws of the United States relating to the exportation of commodities or technical data, including but not limited to 15 CFR Parts 730 et seq., 10 CFR Part 110 and 10 CFR Part 810, as issued from time to time, or any successor Laws. In the event of any ambiguity or inconsistency between the provisions of this Section 3.6.2 and any other Section of these Terms and Conditions, this Section 3.6.2 will be controlling. The receiving Party agrees to: (1) ensure that all receiving Party individuals who may have access to technical data that is controlled for export by the regulations noted above are generally or specifically authorized or licensed under such regulations; (2) report to the Party sharing export-controlled information the nationality of any recipients of such information where required for purposes of reports to governmental agencies; and (3) not retransfer any export-controlled information without the prior authorization of the sharing Party. The receiving Party also agrees to contractually obligate any third-party recipients of such information to comply with such regulations. 3.6.3 Anti-Corruption Compliance. Contractor warrants that when dealing with any government official, political party, party official or candidate for any political office, Contractor will, and will cause each of its Subcontractors (of any tier), and Contractor Personnel of each of them to fully comply with the provisions of all applicable anti-corruption Laws including the U.S. Foreign Corrupt Practices Act and all relevant other anti-corruption Laws. Specifically, Contractor warrants that in connection with any Work under these Terms and Conditions, it will not directly or indirectly give, offer, or promise anything of value to any Contractor Personnel, government official, political party, party official or candidate for any political office for the corrupt purpose of influencing or inducing any act or decision by any Contractor Personnel, government official or agency, or for the purpose of securing any improper advantage on behalf of Buyer or Contractor. Contractor will cause Contractor Personnel who perform Work under any Purchase Order outside of the United States to be trained annually regarding the requirements of all relevant anti-corruption Laws and to annually certify the same. 3.6.4 SOC Reports. In the event that Work being performed subject to these Terms and Conditions involve contracting out a business function which was previously performed in-house by Exelon (“Outsourcing Services” or “Outsourced Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 37 of 125 Services”), Contractor will be required to provide on an annual basis, at Contractor’s sole expense, one of the following SOC Reports by an auditor of national reputation when applicable to the Service provided to Buyer: (i) SOC Report 1 Type 2 Report – Applicable to Services that are relevant to the Buyer’s financial statements and controls over financial reporting; or (ii) SOC Report 2 Type 2 Report – Applicable to Services where the AICPA Trust Services Principles and Criteria of Security, Availability, Processing Integrity, Confidentiality, or Privacy are relevant. With ▇▇▇▇▇’s written consent, Contractor may substitute similar types of reports for these SOC reports, including ISO 27001:2013 certification. 3.7 Disaster Recovery and Business Continuity. Contractor will provide back-up, disaster recovery and storage capabilities so as to maximize availability and progress of the Work during an event that would otherwise affect the performance or delivery of the Work. At a minimum, such capabilities will provide for restoration of Work within the timeframes set forth in the Disaster Recovery Plan. Contractor’s responsibilities will include the following: 3.7.1 Back-up and store Buyer Data (on tapes or other storage means as appropriate) for efficient data recovery and to provide protection against disasters and to meet file recovery needs. Buyer Data must be encrypted when being transmitted or stored outside of Buyer’s computer systems and network. Buyer Data must be classified according to ▇▇▇▇▇’s required levels of classification. 3.7.2 Conduct incremental and full back-ups (in accordance with the Disaster Recovery Plan) to capture data, and changes to data used in connection with the Work. Backed up data must be encrypted. 3.7.3 Develop, maintain and submit a Disaster Recovery Plan to Buyer including plans, measures and arrangements to ensure the continuous delivery of critical products and services, which permits Contractor to recover its facility, data, assets and personnel. In the event of a disaster, Contractor will assume responsibility for providing the services in accordance with the Disaster Recovery Plan. 3.7.4 Generate a report following each and any disaster measuring performance against the Disaster Recovery Plan and identification of problem areas and plans for resolution. 3.8 Compliance with Legal Holds. 3.8.1. Contractor, at its sole cost and expense, agrees to comply with any and all legal holds as issued by ▇▇▇▇▇’s legal department. A legal hold suspends all document destruction procedures in order to preserve appropriate records under special circumstances, such as litigation or government investigations. ▇▇▇▇▇’s legal department determines and identifies what types of records, documents, or data are subject to legal hold. ▇▇▇▇▇’s legal department will notify the Contractor if a legal hold is placed on records, documents, or data the Contractor or its Subcontractors controls. Contractor must then preserve and protect the specified records, documents, or data in accordance with instructions from ▇▇▇▇▇’s legal department. A legal hold remains effective until it is officially released in writing by ▇▇▇▇▇’s legal department. If Contractor is uncertain whether specific records, documents, or data are subject to a legal hold, those records, documents, or data must be preserved and protected until such time Buyer’s legal department can confirm their relevancy. 3.8.2. In the event records, documents, or data placed on legal hold are required for review by ▇▇▇▇▇’s legal department, Contractor, at its sole cost and expense, will work diligently to export all relevant records, documents, or data in a form that is reasonably reviewable. 3.9 Conflicts of Interest. 3.9.1 Representations and Warranties 3.9.1.1 Except as disclosed to, and waived by, Buyer in accordance with Subsection 3.10.2, Contractor represents and warrants that, to the best of its knowledge after exercising reasonable diligence, the execution of any Purchase Order issued subject to these Terms and Conditions will not create a Conflict of Interest. 3.9.1.2 Contractor further represents and warrants that during the term of this Purchase Order and for a period of one (1) year after the expiration or termination of any Purchase Order issued subject to these Terms and Conditions, Contractor will not undertake to perform services for any Person that creates a Conflict of Interest, without first disclosing such Conflict of Interest and obtaining Buyer’s informed, written waiver as provided below. 3.9.1.3 Contractor’s representations and warranties under this Section 3.10 will be ongoing and will survive the expiration or termination of the Purchase Order. 3.9.2 Notices and Procedures Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 38 of 125 3.9.2.1 Contractor will disclose any known Conflicts of Interest to Buyer in writing (the “Conflicts Notice”) prior to Contractor’s acceptance of a Purchase Order, and, thereafter, as required by Section 3.10.1.2. 3.9.2.2 Contractor’s disclosure of any known Conflicts of Interest is a condition precedent to the effectiveness of any Purchase Order. 3.9.2.3 Buyer may request at any time that Contractor provide its written certification that no known Conflicts of Interest exist that have not been disclosed to and waived by ▇▇▇▇▇. 3.9.2.4 If disclosure is required by Subsection 3.10.1.2, Contractor will not accept a contract or agree to perform services for or on behalf of such Person unless the Conflict of Interest has been waived in writing by ▇▇▇▇▇. 3.9.2.5 Buyer will notify Contractor whether, in its sole discretion, it will waive the Conflict of Interest on or before the later of ten (10) Business Days after receipt of the Conflict Notice, or five (5) Business Days after the date it receives additional information, if requested from Contractor, to determine (the “Decision Period”). The failure of Buyer to provide notice during this period will constitute a denial of such waiver. 3.9.2.6 At any time during the first ten (10) Day Decision Period, Buyer may request from Contractor, and Contractor will promptly supply to Buyer, such additional information as Buyer reasonably may determine necessary to make its decision. All discussions between the Parties and any information provided by Contractor to Buyer or by Buyer to Contractor under this provision will be treated and protected as Confidential Information. 3.9.3 If Contractor fails to disclose a known Conflict of Interest, or undertakes to perform services for any Person that creates a Conflict of Interest without first obtaining a waiver from Buyer, Buyer may elect to terminate any or all Purchase Orders incorporating these Terms and Conditions in accordance with Section 17.1 (Termination for Cause). 3.10 Subcontractor Compliance. Contractor will require that all its Subcontractors comply with all requirements of Sections 3.6, 3.7, 3.8, and 3.9 of this Article 3. If Contractor is unable to provide to the Buyer data obtained or generated by its Subcontractors pursuant to this Article 3, Contractor will grant Buyer the right to collect such data directly from Contractor’s Subcontractors. To facilitate the transfer of such data, Contractor will contractually obligate its Subcontractors to provide such data to Buyer. ARTICLE 4. WARRANTIES 4.1 Warranties for Performance of Work. Contractor warrants that the Services furnished to Buyer under these Terms and Conditions will: (1) comply with the Specifications contained in the Contract Documents, (2) be free from defects in design, workmanship and materials, (3) be conveyed to Buyer with good and merchantable title, (4) be free and clear of all Liensof Contractor, Subcontractors and third-party suppliers, and (5) be free of any claim of infringement, misappropriation, unfair competition or violation of any third-party right, including IP Rights, (6) be performed in accordance with the then-prevailing applicable Laws, and industry standards and practices,, and (8) be fully tested in accordance with the Contract Documents. 4.2 Remedies. If any of the Services do not comply with the foregoing warranties and Buyer notifies Contractor within 1 year (or such other period as specified in the Contract Documents, or provided by a manufacturer, supplier, or Subcontractor) after the date Buyer has accepted or, where required by the Contract Documents, Buyer has signed a certificate of final completion for the Services, then Contractor will (at its sole expense) promptly re-perform the nonconforming Services and reimburse Buyer for the cost to repair or replace any Buyer Parties’ Property damaged or otherwise adversely affected by such non-conformance; or, in the case of a Lien, then Contractor will promptly pay the cost of removing such Lien. Notwithstanding any other provisions in these Terms and Conditions to the contrary, all costs and expenses associated with the identification of the non-conforming Services, reperformance of the nonconforming Services and repair or replacement of Buyer Parties’ Property, including Buyer’s and Contractor’s investigations and root cause analyses; gaining access to or removal or replacement of systems, structures or other parts of Buyer’s facility; and all transportation costs will be paid by Contractor. All such re-performed Services and repairs will be performed on a schedule to be agreed upon by ▇▇▇▇▇. The warranty for any such re-performed Services will be 1 year from the date of Buyer’s acceptance of such re-performed Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 39 of 125 Services or for the duration of the unused warranty period if such period is longer (excluding that period, if any, during which the equipment or systems upon which the non-conforming Services were performed is not available for operation because of breach of the above warranties). 4.3 Inspection. Buyer’s inspection, testing, acceptance, payment, or use of any Services will not affect the warranties and obligations of Contractor under these Terms and Conditions or the Contract Documents, and such warranties and obligations will survive any such inspection, testing, acceptance, payment, or use. 4.4 Buyer’s Right to Perform. In the event of Contractor’s failure to re-perform the Services, in accordance with the terms hereof, Buyer, after notice to Contractor, may correct any deficiencies in the Services, or may purchase replacement Services. Buyer may either invoice Contractor for the cost of correcting the deficiencies (including the costs directly attributable to other services that are required to be performed in connection with the correction of such deficiencies), invoice Contractor for the cost of replacement, or deduct the cost associated with correction or replacement from any payments due or subsequently due Contractor. 4.5 Assignment of Warranties. Contractor agrees that it will obtain and will and does hereby assign to Buyer the benefits of any warranties provided by Subcontractors or suppliers of the Services and will perform its responsibilities so that such warranties remain in full force and effect. Such assignment will not relieve Contractor of its warranty obligations to Buyer under these Terms and Conditions or the Contract Documents. ARTICLE 5. CONTRACT PRICE, INVOICING AND PAYMENT ARTICLE 6. LIQUIDATED DAMAGES The Parties may agree to apply liquidated damages to a Purchase Order as specified in such Purchase Order. In such case, in the event of a delay by Contractor in achieving Substantial Completion as specified in the Purchase Order or Project Schedule, for any reason which is not excused under Section 12.3 (Compensable Delay), Contractor will pay to Buyer as liquidated damages the amounts specified in the Purchase Order without prejudice to Buyer’s other rights and remedies under these Terms and Conditions or the Purchase Order or at Law and not as a penalty. The Parties agree that, if such Liquidated Damages are specified, it is because it would be extremely difficult and impracticable to ascertain and fix the actual damages Buyer would suffer should Contractor delay in completing the Work by the Milestones Dates identified in the Purchase Order or Project Schedule. It is acknowledged and agreed by the Parties that the liquidated damages in the Purchase Order relate solely to Contractor’s delay in completing the Work as set forth in the Contract Documents and to no other obligation or duty of Contractor. ARTICLE 7. TERM ARTICLE 8. CONTRACTOR’S SUBMITTALS; SAMPLES 8.1 Submittals. Contractor’s Submittals will include all information and documentation in Contractor’s and Subcontractor’s possession that are required by Buyer for the design, construction, licensing, maintenance, quality assurance, operation, and/or use of the Work. Any Submittals required by the Contract Documents to be submitted to Buyer for review prior to commencement of any stage of the Work will be submitted by Contractor without unreasonable delay, and any Work affected thereby that started prior to written acceptance by ▇▇▇▇▇ will be at Contractor’s risk. Review by Buyer will not relieve Contractor from fulfilling all of Contractor’s obligations under these Terms and Conditions or the Contract Documents, including obligations relating to design and detailing. As far as practicable, each drawing Submittal will bear a cross-reference note referring to the sheet number or numbers of ▇▇▇▇▇’s drawings showing the same Work. All Submittals will become the property of Buyer, may be used by Buyer in connection with the installation, startup, maintenance, operation, and repair of the Work, and may be transferred by Buyer to any transferee of the Work. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 40 of 125 8.2 Samples and Mock-Ups. If Buyer has requested a sample or mock up of all or any portion of the Work, Contractor will not commence the associated Work until Buyer has received such samples, or reviewed such mock up, and acknowledged in writing its acceptance of such samples or mock-up. Any sample or mock-up brought on site by Contractor will be clearly marked as a sample or mock-up. All Work is required to conform to such samples or mock-up, and no change in the Work or its method of production will be made without the written consent of Buyer; provided, however, that no sample or mock-up will be installed or delivered as the final Work. ARTICLE 9. BUYER-FURNISHED PROPERTY All Buyer-Furnished Property remains Buyer’s property, and Contractor agrees to maintain a log upon receipt of such Buyer- Furnished Property that will be used for final disposal or return of such property based on instructions furnished by Buyer. Contractor will at its expense maintain all such Buyer-Furnished Property in its possession in good condition and repair and indemnify Buyer for all damage or loss to such property (other than ordinary wear and tear) and for liability arising as a result of fraudulent, illegal, inappropriate, or unauthorized use of such Buyer-Furnished Property by Contractor Personnel including, but not limited to, Buyer Photo ID, keys, parking pass, documents, laptop and the like, either during the course of the assignment of any Contractor Personnel to perform the Work or after termination of such Contractor Personnel. Contractor agrees that use of any such Buyer-Furnished Property will not affect the warranties set forth in these Terms and Conditions or the Contract Documents. ARTICLE 10. PERFORMANCE OR PROCUREMENT PROVISIONS In the event of termination of these Terms and Conditions pursuant to Article 17 or change in the Work, no claim will be allowed for performance or procurement in advance of the Project Schedule, except as was reasonably necessary to meet deliveries required by the Purchase Order or Project Schedule. ARTICLE 11. CHANGES IN THE WORK ARTICLE 12. ACCELERATION, COMPENSABLE DELAY, AND FORCE MAJEURE ARTICLE 13. LOSS OR DAMAGE Risk of loss or damage to the Work or any Buyer Parties Property in the custody of Contractor will remain with Contractor until ▇▇▇▇▇ accepts the Work If any loss of or damage to the Work or Buyer Parties Property in Contractor’s custody occurs prior to the date of acceptance, Contractor will at its sole expense promptly repair or replace the portion of the Work or property affected. ARTICLE 14. CONTRACTOR’S INDEMNIFICATION 14.1 Indemnification. In addition to the indemnification obligations set forth elsewhere in these Terms and Conditions, Contractor will, to the fullest extent permitted by Law, indemnify, defend upon request, and hold harmless Buyer Parties against losses, claims, damages, expense (including reasonable attorneys’ fees and other defense costs) and liabilities sustained or incurred by the Buyer Parties for any damage, harm, loss or injury of any kind, direct or indirect, to any property or Person (including death), including claims for injuries or loss to employees of the Buyer Parties, Contractor and/or any Subcontractor, to the extent caused by the negligent act or omission, of Contractor Parties and/or arising out of Contractor’s negligent performance of the Work under these Terms and Conditions or any contact or encounter with, or compromise or disruption of, any Buyer Parties Property, regardless of whether any such liability, damage, loss or injury is alleged to be caused by, result from or arise out of the negligence, fault or other liability of the Buyer Parties or any other party to be indemnified. Contractor will further, to the fullest extent permitted by Law, indemnify, defend Buyer Parties upon request, and hold Buyer Parties harmless against any loss sustained or incurred by Buyer Parties (including reasonable attorneys’ fees and expenses) for third party claims to the extent caused by any breach or nonperformance by Contractor or its Subcontractors of any portion of these Terms and Conditions. Buyer Parties’ right to indemnification will specifically include loss or damage to Buyer Parties Property to the extent a Contractor Party is determined to be responsible for such loss or damage. Contractor Indemnification of the Buyer Parties will include any costs or expenses (including reasonable attorneys’ fees and other costs) incurred by any Buyer Parties subpoenaed or otherwise required to participate in any proceeding Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 41 of 125 pertaining to or involving a claim brought by any third party or Governmental Authority against or involving Contractor Parties. 14.2 Limitations on Indemnity. To the extent any Law may prohibit any application of all or any part of the indemnity obligations in these Terms and Conditions, it is the intent of the Parties that such provisions are severable, and will be construed to impose the indemnity obligation in all circumstances, applications, and situations to the fullest extent permitted by Law. 14.3 Indemnification for Claims by Governmental Authorities or Others. Contractor will indemnify, hold harmless, and upon request, defend Buyer Parties from any claim, liability, damage, expense, penalties, suit, or demand (including reasonable attorneys’ fees and defense costs) for claims by Governmental Authorities or others (including Subcontractors, Contractor Personnel, and Buyer Personnel) that (1) Contractor Parties failed to comply with any Law, including failure of Contractor or any Subcontractor, or any employee thereof, to pay wages, compensation, taxes, duties, or fees or to comply with employee safety orders, safe place, or employment Laws, or (2) any of the Buyer Parties is an employer, co-employer or joint employer of any Contractor Personnel; or (3) Buyer Parties failed to comply with any Law by reason of any negligence or default by Contractor Parties. 14.4 Pollution Indemnification. Contractor agrees to indemnify, hold harmless, and upon request, defend Buyer Parties from any claim, liability, damage, expense, suit, or demand (including reasonable attorneys’ fees and court costs) for damage, harm, loss or injury of any kind arising out of actual or alleged contamination, pollution, exposure to any harmful substance, or public or private nuisance, including any request, demand or order that the Buyer Parties test for, monitor, clean up, contain, remove, treat or in any way respond to the existence or threat of any such contamination, pollution, harmful substance or nuisance, arising out of or in any manner related to, based upon, or in connection with, any operations, performance, breach, course or Scope of Work, act, omission, or presence upon, use, or other encountering of any property, Sites, personnel, vehicles, equipment, or operations of Buyer Parties or others to the extent caused by Contractor Parties in connection with these Terms and Conditions or a Purchase Order. 14.5 Settlement of Claims. Contractor will provide Buyer with reasonable advance, written notice, of the settlement of any claims pertaining to or arising out of the Work and will include Buyer as a released party if requested by ▇▇▇▇▇. 14.6 Contractor Cooperation. Contractor agrees to cooperate fully with Buyer in any investigation, claim or proceeding involving ▇▇▇▇▇, whether such investigation, claim or proceeding is initiated by Contractor Personnel, Buyer Personnel, a Governmental Authority, or Buyer. 14.7 Contractor’s obligation to provide the indemnification of this Article is conditioned upon Buyer: (1) promptly notifying Contractor of the indemnification claim, (2) providing Contractor with reasonable information, assistance and cooperation in defending the claim, and (3) giving Contractor full control and sole authority over the defense and settlement of the claim (provided that no settlement may require Buyer Parties to admit any fault or make a payment without Buyer Parties’ prior written consent). ARTICLE 15. INSURANCE 15.1 Required Coverages. Contractor will provide and maintain, and will require each Subcontractor (regardless of tier) to provide and maintain, in effect during the performance of any Work under the Purchase Order minimum insurance coverage with carriers authorized to conduct business in the State in which the Work is to be done and otherwise satisfactory to Buyer, including: 15.1.1 Workers compensation insurance (“WCI”) with statutory limits, as required by the state in which the Work is to be performed. 15.1.2 Employer’s liability insurance (“▇▇▇”) with limits of not less than one million dollars ($1,000,000.00) each accident for bodily injury by accident, one million dollars ($1,000,000) each employee for bodily injury by disease, and one million dollars ($1,000,000) policy limit. 15.1.3 Commercial general liability (“CGL”) insurance (with coverage consistent with ISO Form CG 00 01 04 13 or its Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 42 of 125 equivalent with a limit of not less than one million dollars ($1,000,000.00) per occurrence , covering liability for bodily injury and property damage, arising from premises, operations, independent contractors, personal injury/advertising injury, liability assumed under an insured contract and products/completed operations for not less than one (1) year from the date Buyer accepts the Work. 15.1.4 Automobile liability insurance (“ALI”) coverage (including coverage for claims against Buyer for injuries to Contractor Personnel) for owned, non-owned, and hired autos with a limit of not less than one million dollars ($1,000,000) per accident. 15.1.5 Excess or Umbrella liability insurance coverage with a limit of not less than four million dollars ($5,000,000.00) per occurrence. These limits apply in excess of each of the above mentioned policies. Excess coverage will be follow form. 15.1.6 The liability limits under Sections 15.1.2, 15.1.3, 15.1.4 and 15.15 may be met with any combination of primary and Excess or Umbrella Insurance policy limits totaling five million dollars ($5,000,000). 15.1.7 If the Purchase Order involves or includes Contractor providing or performing design, engineering, consulting, or any professional service, professional liability insurance (“PLI”) with a combined single limit of not less than three million dollars ($3,000,000.00) per claim/aggregate. 15.1.8 If Contractor will have access to Buyer’s Electronic Information Assets, Critical Cyber Assets, or Buyer’s Restricted Confidential Information, Contractor will provide and maintain Cyber Security Incident /Network Security Insurance with a limit of ten million dollars ($10,000,000) per claim and in the aggregate. Coverage must include liability for financial loss resulting from or arising out of acts, errors, or omissions in the performance of contracted Services assumed by Contractor under the Contract Documents, including: (i) breaches of Buyer’s information security Policies and Procedures; (ii) violation of any right to privacy Laws; (iii) Cyber Security Incidents and violation of any Cyber Security Laws; (iv) data theft, damage, destruction, or corruption, including unauthorized access, unauthorized use, identity theft, theft of Personally Identifiable Information or confidential corporate information, transmission of a computer virus or other type of malicious code; and (v) denial or loss of service attacks; (vi) internet advertising and content offenses; (vii) defamation; (viii) errors or omissions in software or systems development, implementation and maintenance. Such insurance must address all of the foregoing if caused by Contractor or Subcontractor in performing the Services or Work under the Contract Documents. Policy must provide coverage for wrongful acts, claims, and lawsuits anywhere in the world and cover data breach costs and expenses, whether or not required by applicable Law or otherwise. 15.1.9 If any policy is written on a claims-made basis, the retroactive date may not be advanced beyond the effective date of the Purchase Order and coverage will be maintained in full force and effect for three (3) years after Final Completion, which coverage may be in the form of tail coverage or extended reporting period coverage if agreed by the Parties. 15.1.10 Contractor will be responsible for any deductibles or self-insured retentions applicable to the insurance provided in compliance with this Article 15. 15.1.11 To the extent permitted by applicable Laws, all above-mentioned insurance policies will comply with the following: 15.1.11.1 Be primary and non-contributory to any other insurance afforded to Buyer except with regards to PLI and Cyber Security Incident /Network Security Insurance; 15.1.11.2 Contain cross-liability coverage as provided under standard ISO Forms’ separation of insureds clause; 15.1.11.3 Provide for a waiver of all rights of subrogation which Contractor’s insurance carrier might exercise against Buyer Parties, excluding PLI and Cyber Security Incident /Network Security Insurance; and 15.1.11.4 Any Excess or Umbrella liability coverage will not require contribution before it will apply. 15.2 Additional Coverages. Buyer reserves the right to require Contractor to provide and maintain additional coverages in the event that the particular Work involves unusual risks or a change in the characteristics of the risks subject to these Terms and Conditions. 15.3 Additional Insured Endorsement. All liability insurance policies (excluding PLI and WCI)) will include the Buyer Parties, as additional insureds, will be primary to any other insurance carried by Buyer, and will provide coverage consistent with ISO Form CG 2026 (11/85), or the combination of ISO Form CG 20 10 04 13 and CG 20 37 04 13, or their equivalents, and will maintain the required coverages for a period of not less than three (3) years from the date Buyer accepts the Work. 15.4 Evidence of Insurance. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 43 of 125 Contractor will provide evidence of the required insurance coverage and file with Buyer a Certificate of Insurance acceptable to Buyer prior to commencement of the Work. Contractor will provide written notification to Buyer if the policies required by this Article 15 are canceled, allowed to expire or the limits materially reduced with at least thirty (30) Days prior written notice (ten (10) Business Days in the case of nonpayment of premium). 15.5 Waiver of Subrogation. Contractor will waive all rights of subrogation against Buyer Parties under those policies, excluding ▇▇▇ and PLI and Cyber Security Incident /Network Security Insurance, procured in accordance with these Terms and Conditions. 15.6 Ratings. All insurance coverage will be provided by insurance companies acceptable to Buyer and having ratings of A-/VII or better in the Best’s Key Rating Insurance Guide (latest edition in effect at the latest date stated in the Certificate of Insurance referred to in Section 15.4. 15.7 Breach of Terms and Conditions. Failure to obtain and maintain the required insurance will constitute a breach of these Terms and Conditions and Contractor will be liable for any and all costs, liabilities, damages, and penalties (including attorneys’ fees, court, and settlement expenses) resulting to Buyer from such breach, unless a written waiver of the specific insurance requirement is provided to Contractor by Buyer. 15.8 Non-Waiver. Failure of Contractor to provide insurance as herein required or failure of Buyer to require evidence of insurance or to notify Contractor of any breach by Contractor of the requirements of this Article 15 will not be deemed to be a waiver by Buyer of any of the terms and conditions of these Terms and Conditions, nor will they be deemed to be a waiver of the obligation of Contractor to defend, indemnify, and hold harmless Buyer Parties as required herein. The obligation to procure and maintain any insurance required is a separate responsibility of Contractor and independent of the duty to furnish a copy or certificate of such insurance policies. 15.9 Buyer’s Right to Purchase. In the event of any failure by Contractor to comply with the insurance requirements of these Terms and Conditions, Buyer may, without in any way compromising or waiving any right or remedy at law or in equity, upon five (5) Business Days written notice to Contractor, purchase such insurance, at Contractor’s expense, provided that Buyer will have no obligation to do so and if Buyer will do so, Contractor will not be relieved of or excused from the obligation to obtain and maintain such insurance amounts and coverages. All such costs incurred by ▇▇▇▇▇ will be promptly reimbursed by Contractor and/or may be withheld from any payment due Contractor. 15.10 Contractor’s Commencement of Work Without Insurance. Commencement of Work without the required Certificates of Insurance, or without compliance with any other provision of these Terms and Conditions, will not constitute a waiver by Buyer of any rights under these Terms and Conditions. 15.11 Contractor Obligations Not Limited. None of the requirements contained herein as to types, limits, or Buyer’s approval of insurance coverage to be maintained by Contractor are intended to and will not in any manner limit, qualify, or quantify the liabilities and obligations assumed by Contractor under these Terms and Conditions, any other agreement with Buyer, or otherwise provided by law. ARTICLE 16. LIMITATION OF LIABILITY 16.2 Contractor Liability. Should Contractor Personnel ▇▇▇ ▇▇▇▇▇ for any injury allegedly received while performing Work under these Terms and Conditions and/or any Purchase Order, Contractor agrees to waive in any suit filed by Buyer any limitation or cap imposed by any Laws, case law or Governmental Authority on the damages that Buyer can recover against Contractor in a third-party action by Buyer against Contractor. ARTICLE 17. TERMINATION AND SUSPENSION 17.1 Termination With Cause. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 44 of 125 If either Party breaches any provision of the Purchase Order or other Contract Documents (including the failure by Contractor to adhere to the performance standards set forth in these Terms and Conditions or the Purchase Order), the other Party may give notice of such breach to the defaulting Party in writing. If the breach is not cured within ten (10) Business Days of receipt of such notice by the defaulting Party, the defaulting Party will be in default hereunder and the non-defaulting Party may elect to terminate the Purchase Order effective upon delivery of written notice of such termination to the defaulting Party within ten (10) Business Days of such failure to cure, or to continue the Purchase Order subject to satisfaction of any assurances of performance from the defaulting Party. In the event either Party terminates a Purchase Order pursuant to this Section 17.1, Buyer will not be required to make any payments to Contractor with respect to Services that have not been performed as of the date of termination. If the sum of all previous deposits and payments under the applicable Purchase Order with respect to the Work so terminated exceeds the amount owed to Contractor with respect to Services that have been performed as of the date of termination, the excess will be immediately refunded to Buyer. 17.2 Termination For Convenience. Buyer may, upon not less than thirty (30) Days prior written notice to Contractor, terminate a Purchase Order or other Contract Documents, in whole or part, for Buyer’s convenience 17.3 Suspension of Work. 17.3.1 Suspension for Non-compliance with Law or Terms and Conditions. In the event that it is determined by Buyer or a Governmental Authority that the Work fails to comply with any Law or with any of these Terms and Conditions (including but not limited to Work performed by Contractor Personnel not deemed to be qualified) and Buyer is required to re- inspect and correct such Work, Buyer will have the right to direct that all Work be suspended and direct that the Work be performed in a manner that complies with such Law or Governmental Authority and the Contractor will be liable to Buyer for all direct costs associated with such inspections including but not limited to excavation and re-performance of the Work, if required, to inspect or meet applicable Law. 17.3.2 Suspension for Convenience. Buyer may at any time on written notice to Contractor direct a Suspension for Convenience of all or part of the Work. Buyer will pay Contractor for all reasonable and unavoidable disbursements and expenses that Contractor has incurred or become obligated for as a result of a Suspension for Convenience. 17.3.3 Contractor’s Duties upon Suspension. Upon receipt of ▇▇▇▇▇’s notice of suspension, Contractor will immediately stop all Work under the Purchase Order and immediately cause its suppliers and Subcontractors to suspend such Work, unless Contractor is directed otherwise in the notice of suspension. 17.4 Termination Charges. 17.4.1 If Buyer terminates a Purchase Order pursuant to Section 17.1 (Termination With Cause), Contractor will not be entitled to receive any further payments under such Purchase Order until all Work has been fully performed by Buyer or by some other Person on behalf of Buyer, as follows. Buyer will have the right to complete the Work by means other than the use of Contractor, and in doing so Buyer will have the right to exercise its sole discretion as to the manner, method, and reasonableness of the costs of completing the Work. Contractor will bear any extra expenses incurred by ▇▇▇▇▇ in completing the Work, including all increased costs. After all Work has been completed, Buyer will calculate the total expenses for the completed Work. If the total expenses exceed any unpaid balance due Contractor, Contractor will be liable to Buyer and will pay the difference to Buyer on demand. 17.4.2 If Buyer terminates the Purchase Order in accordance with Section 17.2 (Termination For Convenience), or if Contractor terminates the Purchase Order pursuant to Section 17.1 (Termination With Cause), Buyer will pay Contractor for all reasonable and unavoidable disbursements and expenses that Contractor has incurred or become obligated for prior to the date of the notice of termination. In no event will the aggregate termination charges plus payment for the Work exceed the Contract Price of the Work set forth in the relevant Purchase Order and Change Orders thereto. Payments by Buyer hereunder will be credited with prior amounts deposited or paid by ▇▇▇▇▇ under the Purchase Order. If the sum of all previous deposits and payments under the Purchase Order and salvage and/or resale with respect to the Work terminated exceeds the amount owed to Contractor hereunder, the excess will be immediately refunded to Buyer. Contractor agrees to take reasonable steps to minimize termination expenses. 17.5 No Overhead Costs or Profits. Whether Buyer terminates the Purchase Order with or without cause or suspends Contractor’s Work, in no event will Buyer be responsible for overhead costs associated with Work not performed by Contractor, for any profits Contractor would have earned if it had completed Work, or for any special, consequential, incidental, or indirect damages. 17.6 Disputed Termination. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 45 of 125 If Buyer terminates these Terms and Conditions or a Purchase Order pursuant to this Article 17, and Contractor disputes Buyer’s right or grounds for such termination, the issue will be resolved in accordance with the Dispute Resolution Procedure in Article 24 (Dispute Resolution). If it is ultimately found, or agreed to by the Parties, that ▇▇▇▇▇ had no right or grounds for such termination, then the termination by Buyer will be conclusively presumed in law to have been Termination for Convenience, and the damages for which Buyer may be liable will be no more than those specified in Section 17.4.2. 17.7 Contractor’s Duties Upon Termination. If ▇▇▇▇▇ notifies Contractor that it is terminating a Purchase Order, as provided in this Article 17, Contractor will immediately discontinue the Work, and Buyer will be entitled to take possession of the Site and all or any part of the Work paid for by the Buyer, including Material delivered or in transit to the Site.Buyer. If requested by Buyer, Contractor will make every reasonable effort to cancel any existing orders, Subcontracts and contracts specified by Buyer upon commercially reasonable terms satisfactory to Buyer. Contractor, upon request, will also assign to Buyer, and ▇▇▇▇▇ may at its discretion assume, any and all contracts, Subcontracts, purchase orders, and options made by Contractor in performance of the Work, and Contractor will promptly deliver to Buyer true and correct originals thereof. Contractor will return to Buyer, at no charge, all originals and copies of Buyer Data in Contractor’s possession. Contractor may retain photocopies of all relevant documents for its own files, and all other materials relating to governmental permits, orders placed, bills, invoices, Lien waivers, and financial management under these Terms and Conditions. Notwithstanding any termination, Contractor will take such steps as are reasonably necessary to preserve and protect Work completed and in progress Contractor will cooperate with Buyer to transition performance of the Work to Buyer or a third-party contractor. No action taken by Buyer after termination will prejudice any other rights or remedies of Buyer provided by Law, by the Contract Documents, or otherwise upon such termination. Should ▇▇▇▇▇’s termination of Contractor be partial, Contractor will proceed to complete the portions of the Work, including Work pursuant to other Purchase Orders not terminated. 17.8 Resumption of Work. If Buyer extends, delays, or suspends Contractor’s performance under Section 17.3 (Suspension of Work), Contractor will thereafter resume such Work as soon as is practicable when directed to do so by ▇▇▇▇▇. Any dates for performance by Contractor that are affected by an extension, delay, or suspension of Buyer will be extended for a period not to exceed the time lost by reason of the extension, suspension, or delay. The payment schedules contained in these Terms and Conditions or Purchase Order will be adjusted to reflect the effect of the extension, suspension, or delay on Contractor’s rate of expenditures for performance hereunder, and performance schedules for Buyer’s other obligations under these Terms and Conditions that are affected will be extended for a period not to exceed the time lost by reason of the extension, suspension, or delay. With the exception of extensions, suspensions, or delays resulting from a Force Majeure, Contractor will also be entitled to an increase in the Contract Price for the Work to cover Contractor’s incremental direct costs by reason of the extension, suspension, or delay and for which Contractor is not compensated by any price adjustment provisions in the Contract Documents. Contractor will take all reasonable steps to minimize these costs. 17.9 Temporary Deferment of Services. Contractor will, without cost to Buyer, temporarily defer the execution of any portion of the Work when such action may be necessary in the opinion of Buyer for the proper advancement of the work of other contractors or for the installation of machinery, equipment, or other work by ▇▇▇▇▇, when the deferment may be accomplished without unreasonable interference with Contractor’s schedule or arrangements, or when the Work interferes or threatens to interfere with the operation of Buyer’s Sites. 17.10 Subcontractors. Contractor agrees to bind every Subcontractor to whom it subcontracts any of the Work by the provisions of this Article 17 as far as applicable to the Work of the Subcontractor. ARTICLE 18. CONTRACTOR’S INTELLECTUAL PROPERTY AND INFRINGEMENTS 18.1 Buyer’s License to Use Intellectual Property Incorporated in the Work. Unless otherwise agreed to in writing by ▇▇▇▇▇, in the event and to the extent that any of the Work produced by Contractor contains any Intellectual Property to which Contractor or a third party has IP Rights, except with regards to the Contractor Technology defined below, Contractor hereby grants to Buyer an irrevocable, perpetual, paid-up, non-exclusive, royalty-free, world-wide license to use Contractor’s and the third party’s Intellectual Property incorporated in the Work as necessary for Buyers use of the Work. Contractor will pay all royalties and license fees that are necessary for Contractor’s performance of the Work and ▇▇▇▇▇’s use of any third-party IP Rights incorporated into the Work. Except as provided in this Section 18.1, Buyer will receive no right or interest in and to Contractor’s or the third party’s Intellectual Property. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 46 of 125 Contractor Technology means Contractor’s proprietary software as a service, platforms, databases, systems, technology, or tools that utilize commercial third party software as well as related extensions, enhancements, derivative works, customizations or modifications together with associated documentation and data and all intellectual property rights related therein. Contractor Technology includes property that is (i) owned or developed by Contractor prior to the Effective Date of the Contract, or (ii) developed or obtained by Contractor after the Effective Date, including during the course of providing Work under this Contract, but which are developed or obtained without using Buyer’s Confidential Information. ▇▇▇▇▇ acknowledges and agrees that Contractor may use Contractor Technology internally to perform the Work. To the extent that ▇▇▇▇▇ is granted access to any Contractor Technology during performance of the Work, Buyer is granted a non- exclusive, royalty free license for read-only access to the Contractor Technology during the term of the Contract. ▇▇▇▇▇ acknowledges and agrees that nothing in this Contract shall grant Buyer any rights in or to the Contractor Intellectual Property not expressly granted in these Terms and Conditions or a Release. 18.2 Buyer’s Access to Intellectual Property Used in Performance of the Work. Subject to the provisions of Article 23 (Confidentiality), Contractor will make available to Buyer Material IP Information, except with regards to Contractor Technology. Buyer and Contractor agree that this Material IP Information provided will only be for Buyer’s internal use but may be provided to third parties engaged by Buyer to assist with use of or to provide service to Buyer for or upon the Work. Any third party having access to such Material IP Information will agree in writing to be bound to nondisclosure and use provisions substantially similar in all material respects to those in Article 28. Buyer may disclose Contractor’s Intellectual Property to any Governmental Authority for the purposes set forth herein, provided that Buyer will provide Contractor with notice of Buyer’s intent to disclose Contractor’s Intellectual Property and cooperate fully with Contractor to secure a protective order governing such disclosure. 18.3 Indemnity Against Infringement. Contractor will at its own expense defend any claim brought by others against a Buyer or its successors and assigns because the performance of the Work infringes, or is alleged to infringe, directly or contributorily, on IP Rights or is the basis for a claim of unfair competition resulting from similarity in design, trademark, or appearance of goods by reason of the sale or use of the Work provided by Contractor under these Terms and Conditions, except to the extent the claimed infringement is based on or results in any material part from (1) use of other than the unaltered version of the applicable deliverables; or (2) use, operation or combination of the applicable deliverables with any other product, system, or technology not supplied by Contractor if such infringement would have been avoided but for such use, operation or combination; and Contractor will indemnify and hold Buyer harmless from any liability of any nature or kind (including reasonable attorneys’ fees), arising out of any infringement or alleged infringement or claim of unfair competition. In addition, Contractor will indemnify and hold Buyer harmless against, and will pay all awards of damages assessed and all costs of suit adjudged against Buyer in such suits or proceedings, provided Buyer (1) promptly gives Contractor such information and assistance as is readily available to Buyer, and authority as may be necessary to enable Contractor so to do; (2) promptly notifies Contractor of the indemnification claim; and (3) gives Contractor full control and sole authority over the defense and settlement of the claim. At Buyer’s expense, Buyer may be represented by and actively participate through its own counsel in any such suits and proceedings if it so desires. 18.4 Remedies. In case any part of the Work is held in any such suit to constitute infringement, misappropriation or violation of any IP Rights, or its use is enjoined at any time after a claim of infringement arises, in addition to its indemnification obligations herein, Contractor will (at Contract’s option), promptly either (1) secure for Buyer the perpetual right to continue the use of such part of the Work by procuring for Buyer a royalty-free license or such other permission as will enable Contractor to secure the suspension of any injunction, (2) replace at Contractor’s own expense such part of the Work with an adequate non-infringing part or modify it so that it becomes non-infringing, but only if the replacement or modification does not adversely affect Buyer’s acquisition costs, operating or maintenance costs, construction or operating schedules, operation or maintenance procedures, public relations, employee relations, any license or permit affecting Buyer’s property or any other matter relating to Buyer’s property or its operation, or (3) refund the entire Contract Price relating to the Work affected. ARTICLE 19. CONTRACTOR’S PERSONNEL 19.1 Competent Workers. Contractor will employ and cause each Subcontractor to employ an adequate number of competent, appropriately trained, and experienced Contractor Personnel for the Work to be performed. Contractor will have full responsibility for the conduct of all Contractor Personnel employed on or in connection with the Work and will ensure that there is Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 47 of 125 adequate, daily supervision of all Work. Contractor will be familiar with and observe established and accepted labor practices, procedures, and agreements applicable to the Work. Continuous coordination between Buyer and Contractor is essential in order to provide for efficient operations and ensure the safety of all assigned personnel. Contractor’s Designated Representative will be responsible for overseeing the Work and administering any Purchase Order issued under these Terms and Conditions. In addition, the Contractor’s Designated Representative must be proficient in written and spoken English and able to translate to assigned personnel as needed. Except as otherwise provided in the Purchase Order, Contractor’s Designated Representative will be in attendance at the Site during the performance of the Work. Contractor may change its representative at any time. However, a fully qualified replacement must be ready to assume responsibility for Contractor’s Designated Representative and is subject to prior approval of ▇▇▇▇▇’s Designated Representative, which will not be unreasonably withheld. 19.2 Qualification. Contractor Personnel will maintain all professional qualifications, licenses, permits, certifications and skills and appropriately complete all training required by applicable Laws or necessary for the performance of the Work. Contractor will only employ, and will take reasonable steps to ensure that its Subcontractors only employ, persons who are lawfully eligible to perform the Work. Contractor will obtain, verify, and maintain evidence of the identity and employment eligibility under applicable U.S. Laws for all Contractor and Subcontractor Personnel performing Work at Sites. This will include compliance with the U.S. Citizenship and Immigration Service’s I-9 process. 19.3 Compliance with Exelon GPPMA 19.3.1 In connection with a Purchase Order and except as otherwise expressly provided by Buyer, if Contractor (1) performs (or plans to perform) any craft Work at a Site or (2) hires (or plans to hire) any craft labor to perform Work at a Site, subject to the GPPMA, then Contractor (or if applicable, such Subcontractor performing the Work and/or hiring craft labor) will execute a Letter of Assent, which represents such signatory’s agreement to the terms and conditions set forth in the GPPMA prior to commencement of Work at such Site. 19.3.2 Contractor will perform the Work described above in Section 19.3.1 pursuant to the Exelon GPPMA and terms, conditions and covenants contained therein, including employing, or contracting with, individuals represented by the appropriate craft unions. 19.3.3 If Contractor breaches the provisions of this Section 19.3, Contractor will indemnify, defend upon request and hold harmless Buyer Parties from all claims, liability, damages, and expenses (including advancement of reasonable attorneys’ fees and defense costs) arising out of such breach. 19.4 Use of Contractor Personnel 19.4.1 Contractor will comply with ▇▇▇▇▇’s Policies and Procedures pertaining to use of contractors as specified in Exhibit B hereof, or the Contract Documents. For purposes of this Section 19.4, all terms with initial capitalization that are not otherwise defined herein, will be as defined in such Policies and Procedures. Contractor represents and warrants that: (i) Contractor and all suppliers, Subcontractors and agents involved in the performance of the Work hereunder strictly adhere, and will continue throughout the term of these Terms and Conditions to strictly adhere, to all applicable Laws in the jurisdictions in which the Work is performed and with respect to the operation of their production and manufacturing facilities and their other business and labor practices, including Laws governing the working conditions, wages, hours and minimum age of the workforce; and (ii) the Work will not have been, and will not be, performed, in whole or in part, by child labor or by convict or forced labor Contractor further agrees promptly upon ▇▇▇▇▇’s request to furnish such documentation as may be required by Buyer to evidence compliance with the foregoing. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 48 of 125 19.4.2 Contractor, in furnishing the Work, is acting as an independent contractor, and Contractor has the sole right and obligation to supervise, manage, contract, direct, procure, perform or cause to be performed, all Work to be provided by Contractor under these Terms and Conditions. All Contractor Personnel who perform any portion of the Work hereunder for Contractor will be, and remain, employees of Contractor, and Contractor will be solely responsible for payment of compensation to such Persons as well as all applicable federal, state and local income and employment tax withholding and reporting for all such Contractor Personnel. Buyer Parties are not, and will not be construed to be, an employer (common law or otherwise), co-employer or joint employer of any Contractor Personnel. Neither Contractor (or its Subcontractors) nor any Contractor Personnel is an agent of the Buyer Parties, and no such Party or Person has any authority to represent the Buyer Parties as to any matters, except as expressly authorized in the Contract Documents. Contractor will assume full responsibility for payment of all federal, state, provincial and local taxes, withholding or contributions imposed or required under unemployment insurance, social security and income tax Laws with respect to all Contractor Personnel. Should any of the Buyer Parties be required to pay any amount to a Governmental Authority for failure by Contractor (or its Subcontractors) to withhold any such amount as may be required by Law, Contractor will indemnify each of the Buyer Parties for any such amount so paid, including interest, penalties and fines. 19.4.3 Prior to commencement of Work by any Contractor Personnel who will (1) have access to any Buyer or its Affiliates’ assets, including buildings, properties, computer systems, Confidential Information, and/or employee or customer information, and/or (2) have contact with any Buyer or its Affiliates’ customers, Contractor (or its Subcontractor), will obtain from such Contractor Personnel, either directly or through its Subcontractors, a signed acknowledgement from all such Contractor Personnel, substantially in the form of the TPPA attached hereto as Exhibit C. Contractor will provide a copy of each TPPA to Buyer’s Designated Representative and maintain the original of each TPPA for Contractor Personnel for a period of six (6) years following the termination of Contractor Personnel. 19.4.4 Based upon such executed TPPAs and prior to commencement of any Work by any such proposed new Contractor Personnel, Contractor will provide to Buyer’s Designated Representative a written notice that identifies the names (and if possible the former Exelon or Affiliate Employee identification number) of Contractor Personnel assigned to provide Work to Buyer who identify themselves as a former employee of one of the Buyer Parties or a Retiree of one of the Buyer Parties. Notwithstanding any other provision of these Terms and Conditions, Buyer reserves the right to request additional information about any Contractor Personnel, to reject any proposed Contractor Personnel, and to request the removal (with or without replacement) of any or all Contractor Personnel from performing Work for Buyer hereunder and/or from any Buyer worksite at any time at its sole discretion. In the event ▇▇▇▇▇ rejects any proposed Contractor Personnel or requests the removal of any Contractor Personnel from any Work and/or Buyer worksite Contractor will promptly remove such Contractor Personnel from providing Work to Buyer and provide a suitable replacement that meets all requirements of the Contract Documents. In the event Buyer requires the removal of any Contractor Personnel, Contractor will also ensure a prompt and smooth transition of all knowledge, information and data from such Contractor Personnel to his or her replacement. The rejection or removal of any Contractor Personnel will not be deemed a request or demand by Buyer that Contractor (or its Subcontractor) suspend or terminate the employment of any Contractor Personnel. 19.4.5 Staff Augmentation Services. 19.4.5.1 Generally. Neither Contractor nor its Subcontractors will: (1) allow any Contractor Personnel to perform Staff Augmentation Work for Buyer outside of Buyer’s MSP program without written authorization from Buyer’s Designated Representative; (2) assign any Contractor Personnel to perform Staff Augmentation Work for the Buyer Parties for a total period of time in excess of two (2) years (calculated from the start date of the Staff Augmentation assignment), without a break in service of at least ninety (90) consecutive Days, unless Buyer grants a written exception for such Contractor Personnel to the time limit; (3) report income for any of its Contractor Personnel performing Staff Augmentation work to the Buyer Parties, to the IRS on Form 1099; or (4) allow any Contractor Personnel to commence Staff Augmentation Work for the Buyer Parties until Contractor has executed and returned to Buyer Exhibit K (Staff Augmentation Services Special Terms and Conditions). 19.4.5.2 Retirees. In addition to the requirements of Section 19.4.5.1, neither Contractor nor its Subcontractors will allow any Retiree to perform any Staff Augmentation Services for the Buyer Parties unless the following conditions are met: (1) the Retiree has been retired at least six (6) months prior to commencement of Staff Augmentation Services; (2) there was no arrangement reached between Buyer or its Affiliates and the Contractor or Subcontractor before the Retiree’s retirement date, or within six (6) months thereafter; and (3) if the Retiree is receiving payments from a Retirement Plan in the form of an annuity, the Retiree may not perform Staff Augmentation Services for Buyer and its Affiliates for more than six (6) months, followed by a six (6) month break in service from performing Staff Augmentation Services for Buyer and its Affiliates, unless the Retiree agrees in writing to a suspension of the annuity payments after the first six (6) months in substantially the form of the TPPA. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 49 of 125 Suspension of annuity payments will not apply to Retirees who perform Services for Buyer and/or its Affiliates for no more than twenty (20) hours per week or six (6) months out of any rolling twelve (12) month period. In no case may a Retiree exceed one thousand (1,000) hours of Staff Augmentation Services in a rolling twelve- (12) month period without suspension of annuity payments. 19.4.6 In addition to any other audit rights under these Terms and Conditions, Contractor agrees that Buyer, or any of its authorized representatives acting on Buyer’s behalf, may upon reasonable request, audit Contractor’s files and records regarding the utilization of Contractor Personnel hereunder, including all TPPAs, personnel, employment eligibility verification, Background Investigations, and wage and hour records. This section will survive termination of these Terms and Conditions, and any Purchase Order issued hereunder, for a period of six (6) years. Contractor will promptly remedy any violation and will certify the same to Buyer in writing. The fact that Buyer inspects, or fails to inspect, or has the right to inspect, Contractor’s books and records will not relieve Contractor of its responsibility to comply with the terms of these Terms and Conditions and with such Laws, nor will Buyer’s: (i) failure to detect, or (ii) detection, but failure to notify Contractor or require Contractor’s remediation of any unsatisfactory practices constitute acceptance of such practice or a waiver of Buyer’s enforcement rights under these Terms and Conditions. 19.4.7 At Buyer’s request, Contractor agrees to participate in Buyer-provided training regarding Buyer rules, policies, and requirements. Contractor will not charge Buyer for such training time, provided ▇▇▇▇▇ pays for the training course(s). 19.5 Background Investigation. 19.5.1 Except where background checks are performed by Buyer per Section 22.5.8, Contractor will conduct Background Investigations in accordance with this Section for any Contractor Personnel: (1) who will have unescorted access to any Buyer or its Affiliates’ assets, including buildings, equipment, Electronic Information Assets, properties, Confidential Information and/or employee or customer information, (2) who will have unescorted contact with any Buyer or its Affiliates’ customers; or (3) when required in the Purchase Order. Such Background Investigations must be completed for each Contractor Personnel prior to the first Day upon which such Contractor Personnel begins to perform the Work. The purpose of the Background Investigation is to ensure application of an appropriate level of security to Contractor Personnel who may affect the reliability, safety and integrity of Buyer’s business and assets. 19.5.1.1. At a minimum, the Background Investigation must include the items set forth in Exhibit F, or Canadian equivalent screening for Canadian Contractor personnel. 19.5.1.2. Contractor is responsible for initiating, evaluating and completing all Background Investigations in accordance with any applicable Laws, including the Fair Credit Reporting Act. 19.5.1.3. Additionally, any Contractor Personnel who will have unescorted access to: (i) Personally Identifiable Information, (ii) trade secrets; (iii) Material Business Information; or (iv) will be executing, monitoring or reviewing a key financial control for ▇▇▇▇▇▇▇▇-▇▇▇▇▇ Section 404 compliance will be required to have a credit check. Any requirement for a Contractor Personnel to have a credit check as set forth in this Section 22.5.1.3 will be set forth in the applicable Purchase Order between the Parties and will only be conducted in accordance with applicable Laws. 19.5.2 The Background Investigation will be a minimum requirement, and some Buyer business units or departments may have more stringent Background Investigation requirements for particular roles as permitted or required by applicable Law, including: (1) license or professional certification verifications; (2) physical and psychological examinations, including random drug testing; (3) education verifications; and/or (4) driver’s license/MVR check. Any requirement to have the additional Background Investigation set forth under this Section 19.5.2 will be addressed in the applicable Purchase Order. 19.5.3 Contractor will require all Subcontractors and Contractor Personnel to self-report to Contractor any criminal convictions of Contractor Personnel who (1) have access to any Buyer or its Affiliates’ assets, including buildings, properties, computer systems, trade secrets, Confidential Information and/or employee or customer information, and/or (2) have contact with any Buyer or its Affiliates’ customers, unless such a requirement conflicts with applicable Laws. 19.5.4 For each Contractor Personnel, Contractor will submit a written Background Investigation certification (letter or affidavit) confirming that the Background Investigation has been conducted in accordance with the requirements of this Section. . In all situations, Contractor will evaluate the eligibility of all Contractor Personnel in accordance with all applicable Laws, including but not limited to federal guidance related to the use of criminal records issued by the Equal Employment Opportunity Commission and the Office of Federal Contract Compliance Programs. An individual with a history of one or more convictions of a crime may be deemed to pose an unacceptable safety or security risk to Contractor or Buyer or its Affiliates and therefore may be removed from further consideration for the position in question. At a Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 50 of 125 minimum, Contractor will consider the nature and gravity of the offense or conduct; the nature of the duties of the job the individual would be assigned; the number of offenses for which the individual was convicted; the age of the individual at the time of conviction, or release from incarceration; evidence that the individual has performed the same type of work, post conviction, with no known incidents of criminal conduct; the length and consistency of employment history before and after the offense or conduct; rehabilitation efforts, e.g., education/training; employment or character references; whether the individual is bonded under a federal, state, or local bonding program and any other information regarding fitness for the particular position. At all times, the guiding principle will be whether this particular applicant/employee based on all of the factors set out above, presents an unacceptable safety or security risk. Contractor will not consider arrests that do not result in findings of guilt unless Contractor has evidence that the individual has engaged in the conduct for which he or she was arrested. Similarly, where a credit report is required, Contractor will make an individualized assessment whether this particular applicant/employee represents an unacceptable safety or security risk. Applicants will not be rejected based merely on evidence that, through no fault of their own, they have been unable to pay their bills. Contractor shall not assign any Contractor Personnel to perform the Work or shall promptly remove and replace any Contractor Personnel under any Purchase Order if a Background Investigation, self-report, credit check or other information referenced in this Section shows items that, in the aggregate, this particular applicant/employee based on all of the factors set out above, presents an unacceptable safety or security risk to Persons at the Site, Buyer’s or its Affiliates’ assets or customers, or performance of the Work. If an individual refuses to consent to performance of a Background Investigation described herein, Contractor shall not be in breach of these Terms and Conditions as a result of such individual’s refusal to consent to such Background Investigation, provided that Contractor (i) does not assign or promptly removes and replaces such Contractor Personnel as provided above, and (ii) continues to perform the Services in all material respects and in accordance with these Terms and Conditions.. 19.5.5 Except for background checks performed by ▇▇▇▇▇, Contractor will be responsible for conducting the Background Investigation at its own expense and will not be entitled to recover costs thereof unless both Parties agree, in writing, in advance of the Background Investigation. 19.5.6 Buyer may perform a background check on Contractor Personnel, at Buyer’s expense, if Buyer determines that Contractor performs any Work: (1) relating to critical assets, equipment facilities or systems of Buyer or its Affiliates, including Critical Cyber Assets or BES Cyber Systems, or (2) requiring unescorted access at Buyer’s nuclear facilities. of Buyer or its Affiliates, and Contractor will fully cooperate with Buyer including but not limited to obtaining consent from such Contractor Personnel. Contractor agrees that Buyer may provide such information to NERC, FERC, or an entity with authority delegated from them in order for Buyer to demonstrate its compliance with applicable Law, including NERC Reliability Standard Requirements applicable to Critical Cyber Assets or BES Cyber Systems and NRC regulations. 19.5.7 Buyer reserves the right to terminate the applicable Purchase Order(s) as set forth in Section 17.1 (Termination With Cause) herein in the event of failure to comply with the requirements set forth in this Section. 19.5.8 Buyer will have the right to audit Contractor’s compliance with the requirements of this Section at any time and from time to time upon reasonable notice. Contractor will fully and promptly comply with such audit by Buyer or any Governmental Authority, and will provide written evidence of its compliance with the terms herein. 19.6 Key Personnel. The Purchase Order will designate any Contractor Personnel assigned to perform Work under a Purchase Order as Key Personnel. Contractor will take reasonable steps to ensure Key Personnel will remain available to perform the Work until Final Completion. Should Key Personnel become unavailable to perform the Work assigned to them, for any reason, and Contractor cannot provide an equally qualified replacement acceptable to the Buyer, Buyer reserves the right to terminate these Terms and Conditions as set forth in Section 17.1 (Termination With Cause) herein. 19.7 Firearms, Weapons and Explosives. 19.7.1 Contractor and Contractor Personnel may NOT possess firearms, weapons, or explosives of any nature or description (fireworks, any other device of explosive nature, bows and arrows, crossbows, sling shots, guns, ammunition, and knives other than those typically used for Work, or any other weapon) while in performance of their duties or at any time while on Buyer owned, leased or controlled property, including all buildings, vehicles, common areas and parking lots, unless expressly exempted in writing by the Buyer Chief Security Officer. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 51 of 125 19.7.2 Storage of a firearm in a vehicle during working hours is not permitted by Contractor or Contractor Personnel, except where employers are expressly required by state Law to allow employees to bring weapons to work. This restriction applies even if the Person has a license that allows him or her to keep firearms in his or her vehicle. The state law exception does not apply to nuclear Sites regulated by the NRC. Federal law does not allow weapons on any property owned by a nuclear licensee, including the corporate headquarters, nuclear plants, parking lots and other nuclear property. The willful unauthorized introduction of any dangerous weapon, explosive, or other dangerous instrument or material likely to produce substantial injury or damage to persons or property into or upon these premises is a federal crime. 19.7.3 To the extent that Contractor Personnel are required by Buyer to carry a weapon in the course of their assigned job duties, such Contractor Personnel must adhere to Buyer’s Firearms, Weapons and Explosives Security Policy (SY-AC-05), except as required to carry out those job duties as set forth in the applicable Purchase Order or Contract Documents. 19.7.4 Buyer may conduct security inspections or searches of any Contractor or Contractor Personnel personal property (including personal vehicles) located on any of its premises in any manner it considers appropriate to help maintain a safe work environment, protect property, prevent loss from theft, and/or comply with legal requirements. Violations of this policy, including a refusal to a search, will subject Contractor and Contractor Personnel to discipline up to and including termination of Contractor Personnel access, termination of Purchase Orders, and possible criminal sanctions depending on the location of the violation. 19.8 Alcohol and Drugs. 19.8.1 Contractor will not permit Contractor Personnel to consume, use, possess, conceal, distribute, or purchase alcoholic beverages or unlawful Drugs while performing Work for Buyer or while on Buyer Sites. 19.8.2 Contractor will not permit Contractor Personnel to perform Work for Buyer or enter Buyer Sites if under the influence of alcoholic beverages or Drugs. 19.8.3 Contractor will notify ▇▇▇▇▇’s Designated Representative of Contractor Personnel taking lawfully prescribed or over the counter medication that may impair alertness, judgment or any other ability to perform job duties. 19.8.4 Contractor Personnel who are required to have Unescorted Access to, or otherwise perform Work at, Buyer’s nuclear facilities, and Contractor Personnel who are subject to Department of Transportation requirements, may be subject to fitness for duty and self-reporting requirements. 19.8.5 Contractor will not permit any Contractor Personnel to drive or operate any motor vehicle, including Buyer’s vehicle, as part of their job duties if their driver’s license has been suspended, revoked, or restricted. 19.8.6 Any Contractor Personnel found to be in violation of any provision of this Section 19.8 will be immediately removed from ▇▇▇▇▇’s property and Work. All such violations will be reported to the Buyer’s Designated Representative and may be grounds for permanent removal from Buyer’s property and Work. ARTICLE 20. SUBCONTRACTUAL RELATIONS 20.1 Use of Subcontractors. Subject to these Terms and Conditions, Contractor may employ Subcontractors in connection with the Work only upon prior written approval by ▇▇▇▇▇. Buyer may withhold any such permission in its sole discretion and, in any event, if the Subcontract does not provide to Buyer’s satisfaction for the confidentiality of the Confidential Information and the assignment to Contractor or Buyer of all rights in the Work. 20.2 Subcontracts. Any portion of the Work to be performed for Contractor by a Subcontractor will be performed pursuant to an appropriate written subcontract between Contractor and the Subcontractor (“Subcontract”). No Subcontract will relieve Contractor of its obligations under the Contract Documents. 20.3 Assignment of Subcontracts. Each Subcontract will provide for the assignment of the Subcontract to Buyer at Buyer’s election upon termination of these Terms and Conditions or a Purchase Order by Buyer. Such assignment will provide that if ▇▇▇▇▇ fulfills Contractor’s obligations to Subcontractor, then Subcontractor will perform the Subcontract on behalf of Buyer, its successors and assigns. 20.4 Contractor’s Payments to Subcontractors. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 52 of 125 Contractor will pay each Subcontractor promptly in accordance with the terms of the Subcontract. Buyer has no obligation to pay Subcontractors (unless the Subcontract has been assigned to Buyer) or to ensure Contractor pays Subcontractors. 20.5 Disputes with Subcontractors. Contractor will inform ▇▇▇▇▇ of any material dispute arising between Contractor and any of its Subcontractors or between any Subcontractor and another Subcontractor that could affect the performance of the Work. Contractor will use its best efforts to avoid disputes regarding the Work and will resolve such disputes as they arise. Contractor will notify Buyer of any Subcontractor Labor Disputes. 20.6 Compliance with Laws and Buyer Policies and Procedures. Contractor will cause any and all of its Subcontractors to comply with all applicable Laws and Policies and Procedures in the performance of the Work hereunder. ARTICLE 21. SAFETY, SECURITY AND ENVIRONMENTAL REQUIREMENTS; COMPLIANCE WITH LAWS 21.1 Acknowledgement of Hazardous Conditions and Applicable Laws. Contractor represents and warrants that it understands and acknowledges that the Work performed hereunder may involve Hazardous Substances and Health and Safety Laws and Environmental Laws related thereto. Contractor understands the potential risks to persons, property and the environment associated with the Work and Contractor knowingly and voluntarily assumes all risk of injury and damage to Contractor, Contractor Personnel and property caused by exposure to such Hazardous Substances while at the Site. Contractor agrees to advise fully all of its Subcontractors, Contractor Personnel and others working at the Site, of the risks and all necessary environmental, safety, and health procedures required by Governmental Authorities. Contractor will perform the Work in such a manner as to ensure that all potentially Hazardous Substances will be removed and/or treated in such a manner which causes no contamination of the Site at which the Work is performed, endangers none of the workers performing the Work, and creates no short- or long-term threat to the health of other persons or the environment. Further, Contractor will continuously inspect the Work to identify any unsafe conditions and will promptly take action to correct any condition that presents such a risk. Contractor warrants that it is technically, physically, financially, and legally ready, willing, and able to perform the Work hereunder and that it is familiar with and knowledgeable about the applicable Health and Safety Laws and Environmental Laws to the extent necessary to carry out its duties in a professional, complete and competent manner. 21.2 Safety. 21.2.1 If Contractor has been designated by Buyer as a Designated Safety Contractor, then Contractor will comply with the Buyer Safety Policy training requirements as provided to Contractor by Buyer. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 53 of 125 21.2.2 Contractor will be responsible for safety with respect to Contractor’s Work at the Site and will initiate and maintain an overall safety program (the “Contractor’s Safety Program”). In order to protect persons and property from damage, injury, or loss, Contractor will comply with, and cause all Contractor Personnel performing any portion of the Work to comply with, all applicable safety Laws, or Buyer’s safety requirements, whichever is more stringent. Contractor will review and monitor the safety programs of Subcontractors to confirm that such safety programs are consistent with Contractor’s Safety Program. Buyer will not be in charge of, or in any way responsible for Contractor’s Safety Program. Contractor will promptly notify Buyer, in writing, of any material changes in Contractor’s Safety Program or if Contractor discovers any conflicts between Contractor’s Safety Program and Buyer’s safety requirements or any applicable safety Laws and safety requirements. Contractor will be responsible for all fines or penalties assessed due to Contractor’s failure to comply with applicable Health and Safety Laws and Environmental Laws, including any fines or penalties assessed against Buyer. Contractor will indemnify and hold Buyer Parties harmless from any claim, liability, loss, or expense (including reasonable attorneys’ fees and court costs) resulting from Contractor’s failure (or that of its Subcontractors or Contractor Personnel) to comply with applicable Health and Safety Laws and Environmental Laws. Contractor’s duties and responsibilities for ensuring safety and protection of the Work will continue until such time as all the Work has been completed by Contractor and accepted by Buyer, including warranty Work after Final Payment. 21.2.3 Contractor will take all reasonable precautions for the safety of, and will provide all reasonable protection to prevent damage, injury, or loss to: (i) All Contractor Personnel on the Site and all other persons who may be affected thereby; (ii) the Work and all Material to be incorporated therein, whether in storage on or off the Site, under the care, custody, or control of Contractor or any of its Subcontractors; and (iii) other property at the Site or adjacent thereto, including Buyer’s existing facility (if any). 21.2.4 Contractor will erect and maintain, as required by existing conditions and progress of the Work, all necessary or appropriate safeguards for safety and protection, including posting danger signs and other warnings against hazards and notifying owners and users of adjacent utilities. 24.2.5 Contractor will notify owners of adjacent property and of underground facilities and utility owners when the Work may affect them, and will cooperate with them in the protection, removal, relocation, and replacement of their property. 24.2.6 Contractor will designate a responsible member of its organization at each Site whose duty will include enforcement of Contractor’s Safety Program. This individual will be Contractor’s Designated Representative unless otherwise designated by Contractor in writing to Buyer. 21.2.7 Contractor will notify Buyer and post appropriate signs when the Work will potentially affect Buyer’s operations or employees. 21.3 Security. 21.3.1 Contractor will inform Contractor Personnel of, and enforce their compliance with, all applicable Laws and Policies and Procedures pertaining to access to, and security of, the Site that Contractor and Subcontractor Personnel may have occasion to visit. Site-specific requirements will be identified in the Contract Documents. Contractor will use its best efforts to ensure that Contractor and Subcontractor Personnel do not pose a threat to the safe working environment at any Buyer site or the integrity of Buyer’s business operations. 21.3.2 Contractor will take precautions acceptable to Buyer to keep all portions of the Work and the Site secure in every material respect, decrease the likelihood of accidents from any cause, and avoid vandalism and other contingencies that are liable to delay the Work or give rise to any claims or liabilities. Contractor will furnish and install all necessary equipment to provide safe means of access to all locations where Work is being performed. Contractor is responsible for receiving, storing, and securing all materials necessary to complete the Work that are delivered to the Site. 21.4 Reports of Accidents, Cyber Security Incidents, and Emergencies. 21.4.1. Accidents, Injuries or Unusual Occurrences. Contractor will report promptly to Buyer any accident or unusual occurrence during performance of the Work, including personal injury or death to any Contractor Personnel or any member of the public, or any damage to any of Buyer’s property, the Site, or adjacent property. Reports of personal injury or death will be made verbally within three (3) hours to ▇▇▇▇▇’s Designated Representative. Contractor will submit a written accident report to ▇▇▇▇▇’s Designated Representative within twenty-four (24) hours after an accident. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 54 of 125 21.4.2 Cyber Security Incidents, Suspicious Activities, or Security Threats. Contractor will promptly provide a verbal report of all Cyber Security Incidents, suspicious activities, or potential threats to the physical security of Persons and property on Buyer Sites. Contractor will immediately provide a verbal report of any Cyber Security Incidents that involve or are suspected to involve BES Cyber Assets. All reports must be made first to the ESOC at ▇-▇▇▇-▇▇▇-▇▇▇▇, and then to Buyer’s Designated Representative. The reports will include the date and time of the event (or the approximate date and time of the occurrence if the actual date and time of the occurrence is not precisely known) and a detailed summary of the facts and circumstances of the event, including a description of why the event occurred (e.g., a precise description of the reason for the system failure) and the measures being taken to address and remedy the event to prevent the same or a similar event from occurring in the future. Contractor will provide updated written reports at ▇▇▇▇▇’s request. 21.4.3 Emergencies or Immediate Endangerment to Public Health, Welfare, or the Environment. Contractor will immediately provide a verbal report of any event that may constitute an emergency situation or an immediate endangerment to public health, welfare, or the environment, to the ESOC and Contractor will immediately verbally notify all parties required by Health and Safety Laws and Environmental Laws, including the National Response Center, and will also immediately notify (but in any event no later than eight (8) hours after discovery of the event) Buyer’s Designated Representative. In the event ▇▇▇▇▇’s Designated Representative is unavailable, and in any event, Contractor will provide written notice to Buyer to be received no later than twenty-four (24) hours after the occurrence or discovery of the event. The written notice will include a detailed description of the event, including the time and location at which the event occurred or was discovered, and any known causes of the event, any actions taken, or to be taken, to stop or mitigate the event. 21.5 Environmental Requirements. 21.5.1 All notifications regarding environmental requirements must be sent immediately to Buyer’s Designated Representative. 21.5.2 In the event that Contractor Personnel encounter in the soil, air, or water at the Site, materials reasonably believed to be or contain Hazardous Substances, including those wastes and substances that are brought to the Site by Contractor, in levels in excess of any applicable standards set forth under any Health and Safety Laws or Environmental Laws, Contractor will immediately stop the Work in the area affected and report the condition to Buyer’s Designated Representative and confirm such report within twenty-four (24) hours in writing. Contractor will take appropriate actions to prevent or contain the release, movement, spread, or disturbance of such Hazardous Substances and to protect persons and property and will notify Buyer immediately of such actions. 21.5.3 Contractor will not bring, nor permit Subcontractors, or others performing the Work to bring onto the Site any Hazardous Substances. Contractor will take precautions to prevent accidental releases or spills of material, including Hazardous Substances and litter. Contractor will report promptly to ▇▇▇▇▇’s Designated Representative any spills or releases of any such material. 21.5.4 Contractor will not under any circumstances apply to, or enter into negotiations with, any Governmental Authority for acceptance of variations from or revisions to Health and Safety Laws or Environmental Laws relating to these Terms and Conditions or a Purchase Order or to the performance thereof, without ▇▇▇▇▇’s prior written consent. 21.5 Compliance Audits. Buyer will have the right to audit Contractor’s compliance with the requirements of this Article at any time and from time to time upon reasonable notice. Contractor will fully and promptly comply with such audit by Buyer or any Governmental Authority, and will provide written evidence of its compliance with the terms herein. 21.6 Site Control. 21.6.1 Buyer may immediately stop Work and/or remove, and deny access to the Site to any Person for whom Contractor is responsible under the Contract Documents and who is suspected by Buyer of: (i) committing a criminal offense; (ii) violating the Site-specific safety and security policies, practices and procedures, including Contractor’s Safety Program and policies adopted by Contractor; or (iii) otherwise posing a threat to the safety and security of the Site or other Buyer facility. 21.6.2. Contractor will immediately notify Buyer in writing when any Contractor Personnel: (i) no longer requires access to Buyer’s or its Affiliates’ assets, (ii) a Contractor Personnel is terminated or his or her employment is otherwise ended, or (iii) the Work is either completed or terminated, so that Buyer can discontinue access for such Contractor Personnel. Contractor will immediately notify Buyer to terminate access to Sites for any Contractor Personnel that is: (i) suspended or terminated from employment for cause, or (ii) that Contractor reasonably believes may pose a threat to the safe working environment at or to any Site, including to employees, customers, buildings, assets, computer systems, trade secrets, confidential data, and/or employee or customer information and Contractor will take all steps reasonably necessary to immediately deny such Contractor Personnel access to the Site and its customers, and return to Buyer any Buyer-issued property including, but not limited to, Buyer photo ID badge, keys, parking pass, documents, or laptop in the possession of such Contractor Personnel. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 55 of 125 ARTICLE 22. WORK PRODUCT The Work Product will be the sole and exclusive property of Buyer subject to Contractor’s rights in Contractor Technology as provided in Article 18. Contractor agrees to disclose to Buyer the existence of any Work Product of which ▇▇▇▇▇ would not otherwise be aware promptly upon its creation. Contractor agrees to assign and hereby does assign to Buyer the sole and exclusive right, title and interest in all Work Product. Contractor will execute and deliver to Buyer, and will cause Contractor Personnel to execute and deliver to Buyer, any and all documents that Buyer may reasonably request to convey to Buyer any interest Contractor or Contractor Personnel may have in any Work Product, or that are otherwise necessary to protect and perfect Buyer’s interest in such Work Product. Contractor will take and cause its Subcontractors and Contractor Personnel to take such other actions as Buyer may reasonably request to perfect and protect Buyer’s interest in any Work Product. Contractor will be compensated at the hourly rate last in effect between the Parties for any time expended in connection with assistance rendered by its personnel under this Article 22. Except as provided in Section 18.1 (Buyer’s License to Use Intellectual Property Incorporated in the Work), Buyer will receive no right or interest in and to Contractor’s or third party’s Intellectual Property incorporated into the Work Product. ARTICLE 23. CONFIDENTIAL INFORMATION 23.1 Receiving Party’s Obligations. For purposes of this Article 23, “Disclosing Party” shall mean the party disclosing Confidential Information. “Receiving Party” shall mean the party receiving Confidential Information. During the term of these Terms and Conditions and thereafter, except as Disclosing Party may authorize in writing, Receiving Party will, and will cause its Subcontractors and Receiving Party Personnel to treat and cause to be treated as confidential and proprietary all Confidential Information in their possession. In furtherance thereof, Receiving Party will: 23.1.1 take commercially reasonable steps consistent with industry practices to prevent the disclosure of Confidential Information except as permitted by these Terms and Conditions or otherwise agreed to in writing by the Disclosing Party; 23.1.2 use Confidential Information only in connection with the performance of the Work pursuant to these Terms and Conditions or the Purchase Order; 23.1.3 make copies of any Confidential Information only as necessary for the performance of such Work; 23.1.4 remove any Confidential Information from the Site or Disclosing Party’s Electronic Information Assets only with the express written permission of Disclosing Party; 23.1.5 disclose Confidential Information only to Receiving Party Personnel who have a need to know the Confidential Information in connection with the performance or use of the Work; 23.1.6 destroy or return any and all Confidential Information to Disclosing Party promptly following the request of Disclosing Party, and in any event upon completion of Work pursuant to these Terms and Conditions or the Purchase Order. Notwithstanding the foregoing, Receiving Party shall not be required to return or destroy copies of Confidential Information that (i) is held electronically in archive or secure backup systems in accordance with general systems archiving and backup policies; (ii) is required to be retained in compliance with the auditing or retention requirements of these Terms and Conditions; or (iii) that Receiving Party is legally prohibited from returning or destroying. Any Confidential Information that is not returned or destroyed shall remain subject to the obligations set forth herein; 23.1.7 follow any additional instructions regarding the protection of Confidential Information included in the Contract Documents or as otherwise agreed to by the Parties in writing; and 23.1.8 provide written certification to the Disclosing Party of the completion of the requirements defined in Section 23.1.6. 23.2 Exclusions. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 56 of 125 23.2.1 Confidential Information will not include information that: 23.2.1.1 is or becomes generally available to the public other than as a result of disclosure by Receiving Party Personnel; 23.2.1.2 was within Receiving Party’s possession on a non-confidential basis prior to being furnished by Disclosing Party; 23.2.1.3. becomes available to Receiving Party on a non-confidential basis from a source other than Disclosing Party; or 23.2.1.4. is developed by or for Receiving Party without any use of or reliance upon Confidential Information of Disclosing Party. 23.2.2 Confidential Information will not be deemed to fall within these exclusions merely because it is included with information that does fall within such exceptions. 23.2.3 To the extent applicable under the Defend Trade Secrets Act of 2016, 18 U.S.C. Sections 1833(b)(3) and (b)(4), Receiving Party is notified that an individual will not be held criminally or civilly liable under any Federal or State trade secret law for the disclosure of a trade secret that: (A) is made (i) in confidence to a Federal, State, or local government official, either directly or indirectly, or to an attorney; and (ii) solely for the purpose of reporting or investigating a suspected violation of law; or (B) is made in a complaint or other document filed in a lawsuit or other proceeding, if such filing is made under seal. Moreover, an individual who files a lawsuit for retaliation by an employer for reporting a suspected violation of law may disclose the trade secret to the attorney of the individual and use the trade secret information in the court proceeding, if the individual (A) files any document containing the trade secret under seal; and (B) does not disclose the trade secret, except pursuant to court order. 23.3 Disclosure Pursuant to Order of Governmental Authority. Notwithstanding the foregoing, Receiving Party may disclose Confidential Information to the extent that disclosure is ordered by a Governmental Authority of competent jurisdiction, provided that Receiving Party will provide notice to Disclosing Party of the order for such disclosure promptly upon receiving it and that Receiving Party will fully cooperate with Disclosing Party in any effort by Disclosing Party to seek reconsideration or appeal of such order, or to secure a protective order governing such disclosure. 23.4 Injunctive Relief. Receiving Party acknowledges that the breach of any of the covenants contained in this Article 23 will result in irreparable harm and continuing damages to Disclosing Party and Disclosing Party’s business, and that Disclosing Party’s remedy at law for any such breach or threatened breach would be inadequate. Accordingly, in addition to such remedies as may be available to Disclosing Party at law or in equity in the event of any such breach, any court of competent jurisdiction may issue an injunction (both preliminary and permanent), without bond, enjoining and restricting the breach or threatened breach of any such covenant, including an injunction restraining Receiving Party from disclosing, in whole or in part, any Confidential Information. 23.5 Buyer’s Restricted Confidential Information, Buyer’s Electronic Information and Buyer’s Electronic Information Assets 23.5.1 Restricted Confidential Information. If Contractor and any of its Subcontractors will have access to Buyer's Restricted Confidential Information then Contractor and such Subcontractors will comply with Exhibit H - (Restricted Confidential Information Special Terms and Conditions), which is incorporated into these Terms And Conditions to afford additional protections for such information. 23.5.2 Buyer’s Electronic Information and Electronic Information Assets. If Contractor and any of its Subcontractors will have access to Buyer’s Restricted Confidential Information as Electronic Information or access to Buyer’s Electronic Information Assets, Contractor and such Subcontractors will comply with Exhibit L (Cyber Security Special Terms and Conditions), which is incorporated into these Terms and Conditions to afford additional protections for such information. 23.6. No Warranty Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 57 of 125 Except as otherwise expressly provided in the Purchase Order, Confidential Information provided by or obtained in any manner from Disclosing Party is provided on an “As-Is” basis, with no warranty of any nature whether oral or written, statutory, express or implied and Disclosing Party will have no liability whatsoever to Receiving Party relating to or resulting from the use of the Confidential Information or any errors therein or omissions therefrom. Nothing in this Article 28 will obligate Disclosing Party to share or exchange any specific information with Receiving Party or to supplement or update any information previously furnished. ARTICLE 24. DISPUTE RESOLUTION 24.1 Step Negotiations. The Parties will attempt in good faith to resolve all Disputes promptly by negotiation as follows. Any Party may give the other Party written notice of any Dispute not resolved in the normal course of business. Executives of both Parties at levels one level above the individuals who have previously been principally involved in the Dispute will meet at a mutually acceptable time and place within ten (10) Business Days after delivery of such notice, and thereafter as often as they reasonably deem necessary, to exchange relevant information and to attempt to resolve the Dispute. If the matter has not been resolved within thirty (30) Days from the referral of the Dispute to senior executives or if no meeting of senior executives has taken place within fifteen (15) Days after such referral, either Party may initiate such legal action as it deems appropriate. If a negotiator intends to be accompanied at a meeting by an attorney, the other negotiator will be given at least three (3) Business Days notice of such intention and may also be accompanied by an attorney. All negotiations pursuant to this Section 24.1 are confidential and protected from subsequent testimonial disclosures, and will be treated as compromise and settlement negotiations for purposes of the Federal Rules of Evidence and state rules of evidence. 24.2 Work to Continue. In the case of any Dispute, Contractor will continue to perform the Work pending final determination of the Dispute, and ▇▇▇▇▇ will continue to make payments to Contractor in accordance with the Contract Documents for those portions of the Work completed that are not the subject of Dispute. 24.3 Venue. In any legal action commenced in relation to these Terms and Conditions or in connection with any Purchase Order incorporating these Terms and Conditions, the U.S. District Court located in the State where the Exelon Affiliate for whose benefit the Work is being performed has its principal place of business or is incorporated or, if the grounds for federal jurisdiction are not met, the cognizant state trial court in such jurisdiction, will have exclusive jurisdiction to hear such case. The Parties agree not to commence any action, suit or proceeding relating thereto except in such courts. Each Party hereby irrevocably and unconditionally waives any objection to the laying of venue of any action, suit or proceeding arising out of this these Terms and Conditions or the transactions contemplated hereby in the courts located in such jurisdictions, and hereby further irrevocably and unconditionally waives and agrees not to plead or claim in any such court that any such action, suit or proceeding brought in any such court has been brought in an inconvenient forum. 24.4 Waiver of Jury Trial. EACH PARTY KNOWINGLY, VOLUNTARILY AND IRREVOCABLY WAIVES ANY AND ALL RIGHT TO TRIAL BY JURY IN ANY ACTION, CLAIM, COUNTERCLAIM OR OTHER JUDICIAL PROCEEDING, WHETHER IN CONTRACT OR TORT, AT LAW OR IN EQUITY, ARISING OUT OF OR IN ANY WAY RELATED TO THETERMS AND CONDITIONS, THE CONTRACT DOCUMENTS, THE WORK, OR THE CONTRACT PRICE, OR ANY PURCHASE ORDER INCORPORATING THESE TERMS AND CONDITIONS. ARTICLE 25. MISCELLANEOUS IF AND TO THE EXTENT ANY WAIVER, EXCLUSION, LIMITATION, INDEMNITY, OR OTHER PROVISION IN ANY PURCHASE ORDER, THESE TERMS AND CONDITIONS OR OTHER CONTRACT DOCUMENTS FAILS TO COMPLY WITH THE LAW OF THE STATE UNDER WHICH IT IS CONSTRUED DUE TO THE ABSENCE OF CAPITALIZATION OR OTHER GRAPHIC EMPHASIS, EACH PARTY WAIVES OBJECTION TO THE PROVISION ON THAT BASIS TO THE EXTENT PERMITTED BY LAW AND OTHERWISE AGREES TO BE ESTOPPED FROM RAISING SUCH OBJECTION IN ANY JUDICIAL PROCEEDING. IN DOING SO, EACH PARTY ACKNOWLEDGES THAT IT IS A SOPHISTICATED COMMERCIAL PARTY REPRESENTED BY COUNSEL IN CONNECTION WITH THE NEGOTIATION AND EXECUTION OF THESE TERMS AND CONDITIONS, INCLUDING BUT NOT LIMITED TO THIS SECTION 25.1. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 58 of 125 25.5 Survivability. The provisions of the Contract Documents, and rights and obligations therein and in these Terms and Conditions, including with respect to indemnification, limits of liability, Intellectual Property and confidentiality, will survive expiration (by performance) or termination of these Terms and Conditions or a Purchase Order and will survive indefinitely, except to the extent that such provision by its express terms ends sooner. 25.6 No Third-Party Beneficiaries. No provision of these Terms and Conditions is intended or will be construed to be for the benefit of any third party . 25.7 Publicity. With the sole exception of publication of such information within Contractor’s corporate entity and subject to the Confidentiality provisions of these Terms and Conditions, Contractor will not refer to Buyer or any company affiliated with Buyer in any advertising or other publication in connection with Work performed by Contractor, without the prior written approval of Buyer. Contractor will not, either directly or indirectly, publish or disclose any photographs, images, logos, copyrighted or trademark protected information of Buyer, Affiliates or their subsidiaries, or use such information for the benefit of itself or any other Person, without the prior written consent of Buyer. 25.8 Assignment. Subject to the provisions of these Terms and Conditions, Contractor will not assign its interest (including any interest in or claim to monies owed) in these Terms and Conditions or a Purchase Order, or delegate any obligation under these Terms and Conditions or a Purchase Order, without the prior written consent of Buyer which consent shall not be unreasonably withheld. Any attempted assignment or delegation in breach of this Section 30.8 will be wholly void and totally ineffective for all purposes. No assignment or delegation made with the consent of Buyer will relieve Contractor of any of its obligations under these Terms and Conditions or the other Contract Documents, except as expressly provided in Buyer’s consent. Buyer reserves the right, without the consent of Contractor, to assign these Terms and Conditions or any Purchase Order, in whole or in part, to a third party to be selected by Buyer. 25.9 Choice of Law. The Contract Documents will be construed and interpreted in accordance with, and all disputes between the Parties will be governed by, the substantive and procedural Laws of the state of the court having jurisdiction under Section 24.3 without giving effect to principles of conflict of law. 25.11 Audit. Purchase Orders, all payments received pursuant to such Purchase Orders, and Contractor’s Work and workplace area and related offices will be subject to audit and inspection by Buyer or any of its authorized representatives acting on Buyer’s behalf for the purpose of determining the correctness of invoices issued to Buyer. Contractor will comply with all reasonable requests by ▇▇▇▇▇ to make available books and records necessary to substantiate Contractor’s charges and invoices for reimbursement upon at least 30 days’ prior written notice to Contractor, under terms of confidentiality, and during regular business hours. Such records will include, if relevant to the foregoing: all invoices billed to Buyer; payroll records, timesheets and canceled payroll checks; third-party invoices for purchases; paid invoices and canceled checks for purchased materials, subcontractor and third-party charges; records relating to air freight and ground transportation. Contractor will also include in all Subcontracts issued in conjunction with any Purchase Order the right of Contractor and/or Buyer to audit the records of the Subcontractor. This Section 25.11 will survive termination of the Purchase Order for a period of two (2) years, or the warranty period, whichever is longer. Additionally, an audit may be conducted on any other records, such as environmental, safety, security, background examinations, or such other records as are necessary to ensure compliance with the Contract Documents and applicable Laws. The Parties agree that each will bear its own internal and external costs incurred in conducting and supporting the audit process, except that all Contractor documents to be reviewed by ▇▇▇▇▇ will be copied by Buyer or Contractor at Contractor’s expense. Notwithstanding the foregoing, in the event that the Buyer audit indicates any willful misconduct or gross negligence on the part of the Contractor, Contractor will reimburse Buyer for all costs associated with the audit. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 59 of 125 25.12 Non-Waiver. The failure of Buyer to insist upon strict performance by Contractor or ▇▇▇▇▇’s failure or delay in exercising any rights or remedies provided in the Contract Documents or by Law will not be deemed or construed as a waiver of any claims. No waiver by Buyer of a breach of any provision of the Contract Documents will constitute or be construed as a waiver of any other breach or of that provision. No payment or certificate, final or otherwise, nor the acceptance of any design, will be construed as (1) an acceptance of defective Work or otherwise Work that fails to comply with requirements of the Purchase Order, Scope of Work or these Terms and Conditions, (2) relieving Contractor of its obligations to make good any defects, failures or consequences for which Contractor may be responsible, or (iii) a waiver of any obligations of Contractor under the Contract Documents. 25.13 Cumulative Remedies. Each of Buyer’s rights and remedies under these Terms and Conditions will be cumulative and additional to any other or further rights or remedies provided in Law or equity or otherwise. Buyer will specifically retain all rights of legal action in tort under these Terms and Conditions on all issues relating to contribution, insurance coverage, and contractual indemnity. 25.14 Domain Names. Contractor will not, either directly or indirectly, claim, record, purchase or otherwise establish any right of ownership or interest in any domain name or other registry of any type or kind using, referencing or incorporating the name, logos or trademarks of Buyer, its Affiliates or their subsidiaries. 25.15 Nondiscrimination and Affirmative Action. 25.15.1 Contractor will, unless exempt, comply with applicable Laws pertaining to nondiscrimination and affirmative action, including part 60-1 of Title 41 of the Code of Federal Regulations), including the following: (i) Affirmative Action Compliance Program (41 CFR 60-1.40) as set forth below; (ii) Affirmative Action - Disabled Veterans and Veterans of the Vietnam Era (41 CFR 60-250.4); (iii) Affirmative Action - Disabled Veterans, Recently Separated Veterans, Other Protected Veterans, and Armed Forces Service Medal Veterans (41 CFR 60-300.4) (iv) Affirmative Action - Handicapped Workers (41 CFR 60-741.4); (iv) Equal Opportunity without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin (41 CFR 60-1.4); (v) Employer Information Report SF-100, annual filing (41 CFR 60-1.7); (vi) Fair Labor Standards Act of 1938, as amended; (vii) Prohibition of Segregated Facilities (41 CFR 60-1.8); (viii) Small Business Concerns, Small Disadvantaged Business Concerns, and Women Owned Business Concerns (48 CFR Chapter 1, Subpart 19.7); and (ix) union-related postings and contract clause requirements under Executive Order 13201 (29 CFR, part 470), Executive Order 13496, or other applicable Law. 25.15.2. OFCCP 41 CFR 60-1.40 Equal Opportunity Clause. During the performance of any Purchase Order, Contractor agrees as follows: (1) Contractor will not discriminate against any employee or applicant for employment because of race, color, religion, sex, sexual orientation, gender identity, or national origin. Contractor will take affirmative action to ensure that applicants are employed, and that employees are treated during employment, without regard to their race, color, religion, sex, sexual orientation, gender identity, or national origin. Such action shall include, but not be limited to the following: Employment, upgrading, demotion, or transfer, recruitment or recruitment advertising; layoff or termination; rates of pay or other forms of compensation; and selection for training, including apprenticeship. Contractor agrees to post in conspicuous places, available to employees and applicants for employment, notices to be provided by the contracting officer setting forth the provisions of this nondiscrimination clause. (2) Contractor will, in all solicitations or advertisements for employees placed by or on behalf of Contractor, state that all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin. (3) Contractor will not discharge or in any other manner discriminate against any employee or applicant for employment because such employee or applicant has inquired about, discussed, or disclosed the compensation of the employee or applicant or another employee or applicant. This provision shall not apply to instances in which an employee who has access to the compensation information of other employees or applicants as a part of such employee’s essential job functions discloses the compensation of such other employees or applicants to individuals who do not otherwise have access to such information, unless such disclosure is in response to a formal complaint or charge, in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or is consistent with the contractor’s legal duty to furnish information. (4) Contractor will send to each labor union or representative of workers with which it has a collective bargaining agreement or other contract or understanding, a notice to be provided by the agency contracting officer, advising the labor union or workers’ representative of the contractor’s commitments under section 202 of Executive Order 11246 of September 24, 1965, and shall post copies of the notice in conspicuous places available to employees and applicants for employment. (5) Contractor will comply with all provisions of Executive Order 11246 of September 24, 1965, and of the rules, regulations, and relevant orders of the Secretary of Labor. (6) Contractor will furnish all information and reports required by Executive Order 11246 of September 24, 1965, Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 60 of 125 and by the rules, regulations, and orders of the Secretary of Labor, or pursuant thereto, and will permit access to his books, records, and accounts by the contracting agency and the Secretary of Labor for purposes of investigation to ascertain compliance with such rules, regulations, and orders. (7) In the event of Contractor’s non-compliance with the nondiscrimination clauses of this Purchase Order or with any of such rules, regulations, or orders, this Purchase Order may be canceled, terminated or suspended in whole or in part and Contractor may be declared ineligible for further Government contracts in accordance with procedures authorized in Executive Order 11246 of September 24, 1965, and such other sanctions may be imposed and remedies invoked as provided in Executive Order 11246 of September 24, 1965, or by rule, regulation, or order of the Secretary of Labor, or as otherwise provided by law. (8) Contractor will include the provisions of paragraphs (1) through (8) in every Subcontract or purchase order unless exempted by rules, regulations, or orders of the Secretary of Labor issued pursuant to section 204 of Executive Order 11246 of September 24, 1965, so that such provisions will be binding upon each Subcontractor or vendor. Contractor will take such action with respect to any Subcontract or purchase order as may be directed by the Secretary of Labor as a means of enforcing such provisions including sanctions for noncompliance; provided, however, that in the event Contractor becomes involved in, or is threatened with, litigation with a Subcontractor or vendor as a result of such direction, Contractor may request the United States to enter into such litigation to protect the interests of the United States. 25.15.3. CONTRACTOR AND SUBCONTRACTOR SHALL ABIDE BY THE REQUIREMENTS OF 41 CFR 60– 300.5(a). THIS REGULATION PROHIBITS DISCRIMINATION AGAINST QUALIFIED PROTECTED VETERANS, AND REQUIRES AFFIRMATIVE ACTION BY COVERED PRIME CONTRACTORS AND SUBCONTRACTORS TO EMPLOY AND ADVANCE IN EMPLOYMENT QUALIFIED PROTECTED VETERANS. 25.15.4. Contractor and Subcontractor shall abide by the requirements of 41 CFR 60–741.5(a). This regulation prohibits discrimination against qualified individuals on the basis of disability, and requires affirmative action by covered prime contractors and subcontractors to employ and advance in employment qualified individuals with disabilities. 25.16 Diversity Supplier Spend. ▇▇▇▇▇ is actively committed to supporting Diverse Suppliers as defined in applicable Policies and Procedures. In support of Buyer’s commitment, Contractor will make certain required expenditures with Diversity-Certified Suppliers as may be set forth in a Purchase Order or other Contract Document. In such cases, Contractor will report its expenditures with Diverse Suppliers on a monthly basis unless another period is negotiated by the Parties and set forth in the Purchase Order. Contractor will provide this reporting information by completing a “2nd Tier Diversity Spend Report” utilizing Exelon’s Supplier Diversity T2 reporting Website Error! Hyperlink reference not valid.▇▇▇▇://▇▇▇▇▇▇▇▇▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇. All submitted Diverse Suppliers must be supported by evidence of certification. Buyer recognizes a number of organizational certifications, including the following: National Minority Supplier Development Council (“NMSDC”) and affiliates; Women’s Business Enterprise National Council (“WBENC”) and affiliates; Illinois Department of Transportation ; City of Chicago; WMBE Clearinghouse; City of Philadelphia Office of Economic Opportunity; Bureau of Contract Administration and Business Development - Commonwealth of Pennsylvania; Maryland Department of Transportation; City of Baltimore, Maryland; ▇▇▇▇ ▇▇▇▇▇▇▇ County, Maryland. Recognition for certifications held by any other Diverse Supplier accreditation organization must be submitted to Buyer’s Diverse Business Empowerment Office for approval. 25.17 Employee Rights Notification. Refer to 29 CFR Part 471 – Notification of Employee Rights Under Federal Labor Laws. During the term of these Terms and Conditions, Contractor agrees to post a notice, of such size and in such form, and containing such content as the Secretary of Labor will prescribe, in conspicuous places in and about its plants and offices where Contractor Personnel covered by the National Labor Relations Act engage in activities relating to the performance of Work governed by these Terms and Conditions, including all places where notices to employees are customarily posted both physically and electronically. The notice will include the information contained in the notice published by the Secretary of Labor in the Federal Register (Secretary’s Notice” as set forth in 29 CFR Part 471, Appendix A to Subpart A). Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 61 of 125 ARTICLE 26. LIST OF EXHIBITS ATTACHED Exhibit A – Buyer’s Affiliates Exhibit B – Buyer Policies and Procedures Exhibit C – Third-Party Personnel Acknowledgement Exhibit F – Background Investigations Exhibit G – Utilities Special Terms and Conditions Exhibit H – Restricted Confidential Information Special Terms and Conditions Exhibit I – Contractor Travel Costs Special Terms and Conditions Exhibit L – Cyber Security Special Terms and Conditions Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 62 of 125 EXHIBIT A - BUYER AFFILIATES Annova LNG, LLC Annova LNG Common Infrastructure, LLC Atlantic City Electric Company (“Atlantic City Electric”) AV Solar Ranch 1, LLC Baltimore Gas and Electric Company (“BGE”) ▇▇▇▇▇▇▇ Cliffs Nuclear Power Plant, LLC (“CCNPP”) Clinton Battery Utility, LLC Commonwealth Edison Company (“ComEd”) Compass Energy Services, Inc. Compass Energy Services Gas, LLC Constellation Energy Nuclear Group, LLC (“CENG”) Constellation Energy Resources, LLC (“CER”) CER – Quail Run Energy Partners LP Constellation Energy Services, Inc. Constellation Energy Services – Natural Gas, LLC Constellation Energy Services of New York, Inc. Colorado Bend I Power, LLC Constellation Mystic Power, LLC Constellation NewEnergy, Inc. (“CNE”) CNEGH Holdings, LLC (“CNEGH”) Constellation Power Source Generation, LLC Criterion Power Partners, LLC Delmarva Power & Light Company (“DPL”) Eastern Landfill Gas, LLC Exelon Business Services Company, LLC Exelon ▇▇▇▇▇▇▇▇▇▇▇, LLC Exelon Framingham, LLC Exelon Generation Company, LLC Exelon Transmission Company, LLC Exelon West Medway, LLC Exelon Wind, LLC Exelon Enterprises Company, LLC ▇▇▇▇▇▇▇▇ ▇▇▇▇ Energy, LLC MXenergy Holdings, Inc. Nine Mile Point Nuclear Station, LLC (“NMPNS”) PECO Energy Company (“PECO”) PHI Service Company Potomac Electric Power Company (“Pepco”) R.E. ▇▇▇▇▇ Nuclear Power Plant, LLC (“REGNPP”) Wolf Hollow 1 Power, LLC * Including their subsidiaries. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 63 of 125 EXHIBIT B – BUYER POLICIES AND PROCEDURES Contractor will comply with, and ensure Contractor Personnel familiarized themselves and comply with, the following Policies and Procedures applicable to Exelon and its Affiliates as indicated below, in addition to such other Buyer Policies and Procedures as set out in the Contract Documents. THE FAILURE OF EXELON TO LIST ANY POLICIES AND PROCEDURES APPLICABLE TO THE PERFORMANCE OF THE WORK OR CONTRACTOR’S OBLIGATIONS UNDER THE CONTRACT DOCUMENTS IN THIS EXHIBIT WILL NOT EXCUSE CONTRACTOR FROM ITS OBLIGATIONS UNDER ARTICLE 3 STANDARDS FOR PERFORMANCE) AND SECTION 4.1 (PERFORMANCE OF WORK) OF THESE TERMS AND CONDITIONS. HR-AC-73 - Exelon Policy Against Harassment SY-AC-6 - Exelon Acceptable Use Policy Exelon Corporation Code of Business Conduct (available at ▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇.▇▇▇/▇▇▇▇▇▇▇/▇▇▇▇▇▇▇▇▇/▇▇▇▇▇▇_▇▇▇▇_▇▇▇▇▇▇▇▇_▇▇▇▇▇_▇▇▇▇▇▇▇▇▇▇▇ s.pdf) Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 64 of 125 EXHIBIT C – THIRD-PARTY PERSONNEL ACKNOWLEDGEMENT I _________________________________ acknowledge that I am an employee of _____________________________________. I acknowledge that my relationship with the Exelon company for which I will be performing work (“Buyer”), its Affiliates, or any of their successors is that of an independent contractor, not an employee, and that all services performed by me are pursuant to a contract between Buyer and _________________________________ (“Contractor”), as an employee of either Contractor or one if its Subcontractors, as applicable. I also acknowledge that during the period I perform services for or on behalf of the Buyer pursuant to an arrangement with Contractor, I am not entitled to compensation of any kind from Buyer or to participate in any employee benefit plan or program of any kind offered to any employee of the Buyer, its Affiliates, or any of their successors and I expressly waive any and all such compensation and benefits. I understand that the preceding sentence will not prohibit me from receiving any earned and vested pension or retiree health care benefits from the Buyer, its Affiliates, or their successors to which I may already be entitled as a former employee. In addition, I represent the following: 1. Check one: ___ I am not a former employee of any of Buyer or its Affiliates (skip to Section 3 and initial 3.A); or ___ I am a former employee of Buyer; or ___ I am a former employee of these Buyer Affiliates: _______________________________ 2. If I am a former employee of Buyer or its Affiliates: A. My Buyer or Affiliate former employee ID number (if known) was: ______________ B. Check one: ___ I am not eligible to receive (and am not currently receiving) a benefit under any Buyer or Buyer Affiliate pension, savings, or other retirement plan (initial 3.A and 3.B below); or ___ I am eligible to receive benefits under a Buyer or Buyer Affiliate pension, savings, or other retirement plan (initial 3.A., 3.B and 3.C. below). 3. Initial each item below to the extent that it applies to you, to indicate your acknowledgement and agreement: A. _____ I am not currently employed by Buyer or any Buyer Affiliate and will not accept employment with any Buyer or Buyer Affiliate that commences during the period I am employed by Contractor. B. _____ If providing Staff Augmentation Services to Buyer or its Affiliates, I will not provide such Services for a period in excess of two (2) years (calculated from the start date of my Staff Augmentation assignment) without a break in service of at least ninety (90) consecutive Days, unless Buyer or an authorized Affiliate has granted me a written exception to this requirement. C. _____ If I am receiving annuity payments under any Buyer or Buyer Affiliate retirement plan , and am providing Staff Augmentation Services to Buyer or its Affiliates, I agree that Buyer or Buyer’s Affiliate may suspend such payments after six (6) consecutive months of Staff Augmentation Service (this condition will not apply if my Staff Augmentation Services do not exceed six (6) months in a one year period and/or 20 hours per week). Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 65 of 125 CONTRACTOR PERSONNEL Signed: ________________________________ Print Name: ____________________________ Date: __________________________________ Note: An executed acknowledgement will be provided to Contractor named above. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 66 of 125 EXHIBIT F – BACKGROUND INVESTIGATIONS Background investigations must include the following: Use as Investigation search components the applicant’s date of birth and all names/aliases provided or identified during the investigation SSN Verification and Trace Searches of: National criminal database, such as the National Crime Information Center (NCIC) or the Widescreen Plus National Criminal Search 7 year county and, if available, local municipality criminal database search using addresses from the previous seven years 7 year Federal District Court criminal database search using addresses from the previous seven years 7 year State Law Enforcement Verification using addresses from the previous seven years The National Sex Offender & Violent Abuse Registry Extended Global Sanctions 7 year Employment Verification Education Verification – Highest completed 10-panel Drug Test Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 67 of 125 EXHIBIT G – UTILITIES SPECIAL TERMS AND CONDITIONS In the event that Contractor performs any Work for an Exelon Utility, the following provisions will apply: ARTICLE 1. DEFINITIONS Unless otherwise defined herein, all capitalized terms will have the meaning given to them in the Terms and Conditions unless context requires otherwise. “ACE” means Apparent Cause Evaluation. An Apparent Cause Evaluation is an investigation conducted to determine the apparent cause and extent of condition of an event or problem. An ACE provides a limited investigation and assignment of corrective actions “As-Built Package” means the Work Package that is returned to the Utility at the completion of Work documenting the condition of the Facilities associated with the Work. The as-built package must accurately describe the completed Work. “Baseline Work” means scopes of Work that are typically performed as routine work by Utility gas mechanics or electric lineman, and Contractors may be assigned as a Contractor of Choice (COC) to fill peaks in the base workload. “Centrally Managed Project” means a project that is managed by a Buyer project manager for the applicable Utility’s Project Management Organization. “CIWP” means Contractor Information Web Page. CIWP is an internet controlled access website where Contractors can access current versions of applicable Policies and Procedures required for the completion of assigned Work. “CPA” means contract payment authorization issued through the Buyer’s electronic contract management system (currently Asset Suite 8) to approve the payment of an invoice. “CR” means Condition Report. A Condition Report is a written document used to report initial fact finding in response to a human performance event, equipment failure, or other adverse condition. “COC” or “Contractor of Choice” means a preferred or alliance Contractor with an established contract for performing a specific category of Work. Baseline Work is often awarded to a COC under a Blanket Contract where the specific work assignments have not been identified prior to Contract Award. “Contractor’s Quality Program” will have the meaning in Section 12.1.1. “Covered Work” means Work which involves (i) an operations, maintenance, or emergency-response function regulated by 49 C.F.R. Parts 192, 193, or 195 that is performed on a pipeline or on an Liquefied Natural Gas facility; or, (ii) operation of a commercial motor vehicle and meets the additional conditions described in 49 C.F.R. Part 382.103. “Customer” means an Exelon Utility’s residential, commercial or industrial customer whose property or service is or may be affected by Contractor’s performance of the Work. “DART Rate” means Days Away Restricted Transfer Rate. “Design Criteria” means a document or document setting forth the criteria for the engineering, design or construction work scope. “DOT” means the U.S. Department of Transportation or its successor. “DOT Regulations” means 49 C.F.R. Parts 40, 192, 193, 195, 199, and 382. “Environmental Management System” or “EMS” means the applicable Exelon Utility’s Policies and Procedures to satisfy the requirements of the Exelon EMS Program (EN-AC-10) and ISO 14001:2004. EMS is a continual cycle of planning, implementing, reviewing, and improving the processes and actions that an organization undertakes to meet its business and environmental goals. Built on the "Plan, Do, Check, Act" model, the EMS enables the organization to programmatically manage its environmental risks and liabilities. Simply, the EMS is a process to manage environmental risk. “ES Group” means Buyer’s Environmental Services Group. “Exelon Utility” means Atlantic City Electric Company (“Atlantic City Electric”), Baltimore Gas and Electric Company (“BGE”), Commonwealth Edison Company (“ComEd”), Delmarva Power & Light Company (“DPL”), PECO Energy Company (“PECO”), Potomac Electric Power Company (“Pepco”) or any electric or natural gas transmission or distribution companies operated by a subsidiary of Exelon Corporation. “FFD Coordinator” means the Buyer Fitness for Duty Program Coordinator or other individual designated by Buyer to coordinate with Contractor regarding compliance with the requirements of Article 2 of these Special Terms and Conditions. “Gas Out” means Contractor has pressurized a gas utility with natural gas. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 68 of 125 “LWDC Rate” means Lost Work Day Case Rate. “OCC” means the applicable Exelon Utility’s Operations Control Center. “OSHA Recordable Rate” means number of injuries times 200,000 divided by work hours within a specific period. “Phase 1” means conceptual study or design phase. “Phase 2” means detailed design and project planning phase. “Phase 3” means execution or construction phase. “PPE” means Personal Protective Equipment. “Quality-Related Records” means Contractor’s Quality Assurance Manual; other quality control policies, procedures, and processes “Record Set of Drawings” means the record set of reference Drawings and sketches provided by Contractor. “Severity Rate” means days away times 200,000 divided by the work hours during a specific period “SWP” means Safe Work Plan. “Web-based Repository” means ISNetworld (▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇.▇▇▇/▇▇▇▇▇▇▇▇▇.▇▇▇▇) or such other third-party managed on-line reporting service and repository of Contractor’s OSHA hours as may be specified in the Purchase Order. “Work Package” means the collection of electronic work order related documents, including Scope of Work document, prints and unit sheets with estimates that identify what Work is to be performed and contains all the information necessary to enable efficient work scheduling and execution. “Work Package Checklist” means a document describing the required contents of the Work Package. ARTICLE 2. POLICIES, PROCEDURES, AND SPECIFICATIONS 2.1. Policies and Procedures. The Policies and Procedures listed below are applicable to Work performed by COCs, and as otherwise specified in the Purchase Order. These Policies and Procedures are available to Contractors on the CIWP. 2.1.7.2.1.1. ▇▇-▇▇-104 – Event Free Clock Procedure 2.1.8.2.1.2. EA-EU-P011 – EU Human Performance Program – Event Free Clock Procedure & Other Issue Identification Criteria2.1.2. PC-ED-2016 2.1.4. PC-ED-2017 – Contractor Orientation 2.1.5. PC-ED-2018 – Contractor Information Web Page 2.1.6. PC-ED-1019 Incident Response, Reporting and Investigation Procedure 2.1.7. PC-ED-P002 Contractor Oversight Process for Baseline Work 2.1.8. PC-EU-0013 – Invoice Review and Approval Procedure 2.1.9. PC-EU-1021 – Change Order Procedure 2.1.2.2.1.10. PC-EU-2016 – Contractor Compliance and Management of Contractors 2.1.11. PC-EU-P004 Contracting Management Overarching Strategy 2.1.12. Applicable Exelon Utility “Rules to Dig By” 2.1.12.1. BGE Rules to Dig By 2.1.12.2. CM-CE-080011 – ComEd Rules to Dig By 2.1.12.3. CM-PE-080010 – PECO Rules to Dig By 2.1.13. Applicable Exelon Utility Safety Rule Book 2.1.13.1. SA-BE-001 et seq., BGE Safety Manual 2.1.13.2. SA-CE-4032 – ComEd Safety Rule Book Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 69 of 125 2.1.13.3. PECO Safety Rule Book 2.1.13.4. Pepco Holdings Safety Manual for Atlantic City Electric, DPL and Pepco 2.1.14. Applicable Exelon Utility Environmental Policies and Procedures 2.1.14.1. Atlantic City Electric 2.1.14.2. BGE 2.1.14.3. ComEd 2.1.14.4. DPL 2.1.14.5. PECO 14.6. Pepco 2.2. Construction and Material Specifications. Contractor will perform all Work for Exelon Utilities in accordance with Buyer’s Construction and Material Specifications. Buyer’s Construction and Material Specifications are available to Contractors on the CIWP. ARTICLE 3. COMMUNICATIONS 3.1. Incident and Event Notification. 3.1.2. All Contractors will notify Buyer Designated Representative (and task manager where applicable) within sixty (60) minutes if any Contractor Personnel are involved in any incident involving personal injury, damage to electric, gas, water or other utilities, or customer property; traffic accident within the Work Site; environmental violations; investigations, or litigation, Customer or third-party complaints relating to the course of Work. 3.2. Communications. 3.2.1. Contractor will have the capabilities to access Buyer’s internet websites (e.g., CIWP) and services, transmit and receive emails with attachments (e.g., MS-Word, MS-Excel, Adobe Acrobat), and map and identify location (e.g. GPS). 3.2.2. Contractor will provide and maintain mobile / cellular telephone communication links with and between each of its work crews. ARTICLE 4. CUSTOMER AND PUBLIC RELATIONS The provisions of Article 4 are only applicable to Work performed by COCs, or as otherwise specified in the Purchase Order. 4.1. Customer Satisfaction. 4.1.1. Contractor will review with all Contractor Personnel, the need to keep Buyer’s Customers satisfied with Contractor performance. 4.1.2. Reviews will be conducted when each Contractor Personnel first performs Work for Buyer, and on an annual basis thereafter. 4.1.3. Contractor will provide documentation of such reviews as requested by Buyer. 4.2. Customer and Public Contacts and Interfaces.Contractor will manage its contacts and interfaces with the Buyer’s Customers and public in a manner that enhances the reputation and image of the Buyer and will use all practical means to prevent complaints from Customers and the public, including: 4.2.1. Contractor will minimize noise levels at Sites. 4.2.2. Contractor will manage without disagreement or dispute access to private property for the purpose of conducting Work. 4.2.3. Contractor will notify any Customers whose service will be interrupted forty-eight (48) hours before the start of Work in written format as approved by Buyer. Notice will include contact information, start date and time, completion date and time. 4.2.4. Contractor will minimize scheduled electrical interruptions. 4.2.5. Contractor will notify all property owners or occupants verbally or through the use of a door hanger of planned Work that will be performed on their property or which will require access to their property. Notice will include contact information, start date and time, completion date and time. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 70 of 125 4.3. Customer and Third Party Claims and Complaints. 4.3.1. Contractor will promptly respond to and investigate all complaints pertaining to the Work. 4.3.1.1. Each complaint must be reported promptly to the Buyer’s Designated Representative verbally. 4.3.1.2. Contractor will submit a follow-up written report if requested by ▇▇▇▇▇. 4.3.2. Contractor will maintain a written record of all complaints and their resolution. 4.3.3. Contractor will resolve damage claims from ▇▇▇▇▇’s Customers and third parties arising out of Contractor’s performance of the Work in a professional and timely manner not to exceed thirty (30) days. 4.3.4. Complaint records will be maintained for a period of twenty-four (24) months from the date the complaint is resolved and will be subject to audit by ▇▇▇▇▇. ARTICLE 5. GOVERNMENTAL AUTHORITIES, PERMITS AND INSPECTIONS 5.1. Governmental Authorities 5.1.1. Contractor will ensure all Contractor Personnel conduct themselves in a professional manner when interacting with Governmental Authorities. 5.2. Public Roadways. 5.2.1. Contractor will make all necessary arrangements with and notifications to Governmental Authorities for the use of public roadways traveled by the Contractor's vehicles and equipment in the course of the Work. 5.2.2. Contractor will schedule its work to comply with the applicable Law concerning road use, including posted roads. 5.3. Inspections. 5.3.1. Contractor will notify ▇▇▇▇▇’s Designated Representative immediately when any Governmental Authority performs a Site inspection of Work performed on Buyer’s property. ARTICLE 6. WORK MANAGEMENT PROCESS The provisions of Article 6 are only applicable to Work performed by COCs, or as otherwise specified in the Purchase Order. 6.1. Work Packages. 6.1.1. Contractor will perform only the authorized Work specified in the Buyer’s Work Package or approved Change Order. 6.1.2. Contractor will utilize the Work Package Checklist, perform field walk downs, and verify design-to-field conditions prior to mobilization and scheduled start of on-Site Work. 6.1.3. Contractor will mark up all affected ▇▇▇▇▇’s Drawings to show “As-Built” (redline) conditions and will constitute revisions to Buyer’s drawings following completion of the Work. 6.2. Work Management Interface. 6.2.1. Contractor will provide daily electronic report (in most current format) to Work Management, Operations, Construction & Maintenance and Alliance Management indicating each crew’s job assignments. 6.2.2. Contractor will participate in all required Work management calls and meetings to ensure schedule adherence. Participate in weekly accountability meetings to address any schedule commitments not fulfilled. 6.3. Submittals. 6.3.1. Contractor will keep a Record Set of Drawings at the Site on which Contractor will clearly and accurately record all approved changes and/or additions to the Work made to meet field conditions. The Record Set of Drawings will be used for this purpose only, and will be delivered to the Buyer’s Designated Representative, in good condition, as an accurate record of the Work, prior to Final Acceptance. 6.3.2. Buyer reserves the right to send representatives to the office of Contractor, its Subcontractors and vendors to examine drawings during the design and drafting phase to ensure conformance with the Contract Documents. 6.3.3. As-Built Packages and Record Sets of Drawings will be submitted to Buyer’s Designated Representative within ten (10) Business Days (five (5) Business Days for PECO) of Final Completion. Completed As-Built Packages will contain copies of any Contractor QC inspection information. Rejected As-Built Packages must be corrected and re-submitted within Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 71 of 125 forty-eight (48) hours. Gas Out As-built will be submitted to OCC daily. 6.3.4. Copies of any calculations, assumptions made during the calculations, and other relevant information will be submitted to Buyer‘s Designated Representative as part of the Submittals. 6.4. Scope Changes 6.4.1. Contractor will notify ▇▇▇▇▇’s Designated Representative and obtain written authorization before making any alteration in the scope of Work in the Work Package. Contractor will follow the PC-EU-1021, Change Order Procedure. 6.4.2. Contractor will submit a completed Scope Change Notice in the form prescribed by ▇▇▇▇▇ to ▇▇▇▇▇’s Designated Representative per PC-EU-1021. ARTICLE 7. DAMAGE TO PROPERTY AND GENERAL HOUSEKEEPING 7.1. Damage to Customer, Public and Third-Party Property. 7.1.1. Contractor will take reasonable care to protect and minimize damage to Customer, public and, third-party property, including buildings, streets, sidewalks, parking lots, yards, trees and ornamental vegetation and other improvements. 7.1.2. Contractor will report immediately to ▇▇▇▇▇’s Designated Representative any damage to Customer, public and third-party property in accordance with the Contract Documents. 7.1.3. Contractor will repair any damage to resulting to Customer, public and third-party property from Contractor's operations where required by applicable Law or Exelon Utility contract with customer. 7.1.4. Contractor will restore all damaged areas in a ▇▇▇▇▇▇▇-like manner, including: 7.1.4.1. Seed, rake and water for grass, and 7.1.4.2. Patch or replace asphalt and paving according to applicable municipal or state standards, if required by Purchase Order. 7.1.5. Repairs will be completed within the time-frames specified in the Contract Documents and Buyer’s Policies and Procedures. 7.1.5.1. If no time-frames are specified in the Contract Documents or Buyer’s Policies and Procedures, repairs will be completed within sixty (60) Days of completion of the Work, weather permitting. 7.1.5.2. Contractor will develop and maintain a permanent repair schedule for all surface restoration that cannot be completed at the time of the completed Work. 7.1.5.3. Contractor will provide ▇▇▇▇▇’s Designated Representative with a daily repair crew location report. 7.1.5.4. Contractor will provide written notification to Customers, Governmental Authorities, and third parties of scheduled repairs. 7.1.6. Contractor will compensate Customers, Governmental Authorities, and other third parties, in a timely manner, for all damages resulting from performance of the Work that cannot be repaired. 7.2. Work Site Housekeeping 7.2.1. Contractor will maintain good housekeeping and orderliness at all times. 7.2.2. Contractor will continuously remove rubble, scrap material and construction debris generated by the Work from the Site. 7.2.3. Contractor will thoroughly clean the Site prior to the end of each workday. 7.2.4. Contractor will promptly remove any dirt, mud, construction debris, etc. deposited by Contractor on any street. 7.2.5. The use of any existing substation for show-up and/or storage of Material and Contractor’s equipment will not be permitted (other than those substations where the Work will be performed). 7.2.6. Contractor will not use electrical power from a Buyer’s source without prior approval from ▇▇▇▇▇’s Designated Representative. ARTICLE 8. BUYER-FURNISHED MATERIAL AND PROPERTY Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 72 of 125 8.1. Buyer-Furnished Material and Property. 8.1.1. Contractor Personnel will not borrow, use, or operate Buyer-Furnished Material or Property without approval of Buyer’s Designated Representative. 8.1.2. If approval is granted, Contractor will ensure that Contractor Personnel using Buyer-Furnished Property are properly trained and provide written documentation of that training to Buyer’s Designated Representative. 8.1.3. Contractor will return surplus Buyer-Furnished Material and Buyer Furnished Property to the Buyer storeroom designated in the Work Order, Purchase Order or by ▇▇▇▇▇’s Designated Representative. 8.1.4. All Buyer-Furnished Material and Buyer-Furnished Property will be returned in an orderly manner, tagged with its catalog ID number and with the proper documentation and material return ticket indicating the Work Order associated with the material. 8.1.5. Surplus wire and cable (assuming in good condition), regardless of length, will be returned using a Material Return Ticket to the location of original distribution. 8.2. Salvage 8.2.1. Contractor will salvage all material and equipment removed from service by returning to scrap dumpsters at Buyer’s facilities or by other arrangements made with ▇▇▇▇▇’s Designated Representative and Buyer’s Investment Recovery Department. ARTICLE 9. SAFETY AND SECURITY 9.1 Audits and Reports 9.1.1. Safety Audits. 9.1.1.1. Contractor will conduct safety audits on all Work in progress for Buyer. 9.1.1.2. Results of safety audits are to be reported to Buyer as requested. 9.1.2. Safety Reports. 9.1.2.1. Contractor will submit a semi-annual safety report to Buyer. The report will contain: 9.1.2.1.1. A summary of activities undertaken in the implementation of the Contractor’s Safety Program; 9.1.2.1.2. The current LWDC rate, DART Rate, Severity Rate, and OSHA Recordable Rate. Where applicable rates are to be provided for both Buyer and non-Buyer Work; and 9.1.2.1.3. A roll up of safety audit findings from Buyer projects. This must include: number of audits conducted and the most common safety violation found. 9.1.2.1.4 This information will also be included in Performance Indicators (PI’s) for all Contractors required to provide PI’s. 9.1.3. All OSHA hours and any other required information will be entered into the Web-based Repository. 9.2. Clothing and PPE , including those listed in Section 2.1.10 of this Exhibit G. 9.2.2. Contractor will ensure that Contractor Personnel hard hats will be easily distinguishable from those of Buyer’s employees and other contractors. 9.3. Digging and Excavation 9.3.1. Contractor will follow the applicable Buyer’s Prudent Digging Techniques Procedure (“Rules to Dig By”) and any other applicable “one call”, locating or excavation regulations. 9.3.2. Contractor will be required to perform a field walk down to ensure Rules to Dig By compliance along with design and Construction Standards compliance. 9.4. Electrical Safety 9.4.1. Contractor will be required to follow Owner’s Lock Out-Tag Out Switching Request System (“SRS”) and Minimum Approach Distance (“MAD”)/Clearance Requirements. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 73 of 125 9.4.2. All Contractor Personnel performing Work in a Buyer’s substation will attend a safety / environmental / security orientation which meets or exceed the requirements established by the applicable Exelon Utility. 9.5. Orientation and Training 9.5.1. Contractor will conduct pre-Work orientation sessions for all Contractor Personnel under its direction. The orientation will address all environmental, occupational health and safety rules, job hazard identification and mitigation along with the proper use of personal protective equipment associated with the Work to be performed on Site. 9.5.2. Contractor will document Contractor Personnel participation in these pre-Work orientation sessions, and make this documentation available upon request to ▇▇▇▇▇’s Designated Representative. 9.5.3. Contractor will provide a safety orientation for each Subcontractor before Subcontractor mobilization at the Work Site, including review of the SWP specific hazards, daily safety briefing requirements, and reporting requirements. 9.6. Safe Work Plans. The provisions of Section 9.6 are only applicable to Work performed by COCs, or as otherwise specified in the Purchase Order. 9.6.1. Types of SWPs 9.6.1.1. Contractor will prepare and submit to Buyer for Buyer’s approval a general SWP for each Blanket Purchase Order within fifteen (15) Business Days of the execution of the Blanket Purchase Order, and prior to commencement of any Work under the Blanket Purchase Order. 9.6.1.2. Contractor will prepare a task specific SWP for each Purchase Order or Purchase Order Release in excess of one million dollars ($1,000,000), review it with the Buyer’s Designated Representative and Safety Professional five (5) Business Days prior to mobilizing to the Site, and receive Buyer’s approval before executing Work at the Site. 9.6.2. The SWP will include as a minimum a description of the Work to be performed, the hazards likely to be encountered, required PPE, and other safety requirements. 9.6.3. The SWP will also include a requirement for notification of Buyer and others if an incident occurs. 9.6.4. Contractor will maintain a summary of corrective actions from all ACE, RCI, CR or Near Miss incidents, as well at those of other contractors reported to the Contractor by ▇▇▇▇▇. 9.6.5. Contractor will incorporate corrective actions from previous safety incidents into the Contractor’s Safe Work Plans. The Contractor may request information from Buyer on the appropriate content of SWPs. 9.7. Site Readiness. The provisions of Section 9.7 are only applicable to Work performed by COCs, or as otherwise specified in the Purchase Order. 9.7.1. Contractor will ensure job Site readiness in advance of the Work beginning. 9.7.1.1. Contractor will coordinate with Customer to have all obstacles in the path of the Work removed as required. 9.7.1.2. Contractor will bring to the attention of ▇▇▇▇▇’s Designated Representative any conditions where the Work scope would cause interference or prevent accessibility for maintenance and operations. 9.8. Traffic Control 9.8.1. Unless otherwise specified in the Purchase Order or Work Package, Contractor will provide the required traffic control according to applicable traffic control standards developed or adopted by the permit issuing agency or regulatory authorities. 9.8.2. Police coverage will be coordinated by the Contractor as required in the Purchase Order. ARTICLE 10. WORK SUBJECT TO DOT REGULATIONS This Article 10 applies to Contractor and Subcontractors insofar as Contractor Personnel perform Covered Work for Buyer on any Exelon Utility’s premises, facilities, or at any other location. 10.1. Drug, Alcohol and Controlled Substances. Contractor will comply with applicable Law regarding use of and testing for drugs, alcohol, and controlled substances. 10.1.1. Contractor will comply with all applicable provisions of 49 C.F.R. Parts 199 and 382 with respect to any Contractor Personnel who is or will be assigned to perform Covered Work. 10.1.2. Contractor will conduct all drug, alcohol, and controlled substance testing relating to Covered Work in accordance Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 74 of 125 with the provisions of 49 C.F.R. Parts 40, 199, and 382. 10.1.3. Contractor will ensure that its drug, alcohol, or controlled substance testing programs comply with any applicable state or local Laws regarding the administration and use of drug and alcohol tests in employment, including: 10.1.3.1. Maryland: MD Code, Health-General, Title §17-214 10.1.4. Contractor will develop and submit to Buyer’s FFD Coordinator for approval an Alcohol Misuse Prevention Plan and an Anti-Drug Plan for Covered Work, to the extent required under 49 C.F.R. Parts 199.102 and 199.202. 10.1.5. Buyer authorizes Contractor to implement and conduct its own alcohol and drug testing, education, and training programs for Covered Work in accordance with 49 C.F.R. Parts 40 and 199 after Buyer approval of Contractor’s Alcohol Misuse Prevention Plan and Anti-Drug Plan,. 10.1.6. Contractor grants Buyer, the Administrator of the Pipeline and Hazardous Materials Safety Administration (“PHMSA”), and any authorized state representative access to all properties and records for the purpose of monitoring Contractor's compliance with 49 C.F.R. Parts 40 and 199 as it relates to the Covered Work. 10.2. Buyer’s Policies and Procedures. Contractor will comply with applicable Buyer Policies and Procedures pertaining to the use of and testing for drug, alcohol, and controlled substances while performing Covered Work, and while on Buyer’s premises. 10.2.1. Applicable Policies and Procedures include: 10.2.1.1. HR-AC-16 – Exelon Drug and Alcohol Policy; 10.2.1.2. HR-AC-301 – Post-Accident Testing Procedure, and 10.2.1.3. Other Policies and Procedures listed in the Purchase Order or other Contract Documents. 10.2.2 Buyer will post to Contractor Information Web Page copies of all applicable Policies and Procedures. 10.3. Compliance by Contractor Employees. 10.3.1. Prior to commencing Covered Work, Contractor must provide Buyer’s FFD Coordinator with the full name(s) and Social Security number(s) of Contractor Personnel to be used in the performance of Covered Work who have been employed previously by Buyer or its Affiliates via the Contractor Add Process. 10.3.2. Contractor will require all Contractor Personnel assigned to perform Covered Work to comply with the provisions of 49 C.F.R. Parts 199 or 382 as applicable, and any state or local Laws pertaining to the same subject matters. 10.3.3. Contractor will require all Contractor Personnel assigned to perform Covered Work to comply with all Buyer Policies and Procedures identified herein and in the Contract Documents. 10.3.4. Contractor will provide all Contractor Employees who are assigned to perform Covered Work with appropriate training and education on compliance with the applicable Law and Buyer’s Policies and Procedures referenced in these Special Terms and Conditions, including relevant supervisors or other Contractor Employees who must be trained and educated on reasonable suspicion of the use of alcohol or controlled substances. 10.3.5. Contractor will not authorize any individual to perform Covered Work unless that individual has met the requirements of 49 C.F.R. Parts 199 or 382, as applicable, and Buyer’s Policies and Procedures. 10.3.6. Buyer retains the right to grant, deny, suspend or revoke authorization for Contractor Personnel to perform Covered Work in its sole discretion, and ▇▇▇▇▇’s decision will be conclusive and binding upon Contractor. However, the fact that ▇▇▇▇▇ has not denied authorization to an individual will not relieve Contractor from its responsibilities and liabilities hereunder to ensure that such individual meets the requirements for authorization to perform Covered Work. 10.3.7. Contractor Personnel who have a positive alcohol or drug test, or who refuse to submit to required testing while performing Covered Work will not be permitted to perform any Work for Buyer or its Affiliates. 10.3.8. Nothing in these Special Terms and Conditions will create a relationship of employment between ▇▇▇▇▇ and Contractor Personnel. Contractor will remain fully responsible for the selection, training, discipline, fitness, and skill of all Contractor Personnel. 10.4 Contractor’s Certification of its Compliance. 10.4.1. Contractor will provide any information or compliance reporting to DOT as required under 49 C.F.R. Parts 40, 199, and 382. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 75 of 125 10.4.2. Contractor will provide the following information to Buyer: 10.4.2.1. Contractor must submit copies of its Alcohol Misuse Prevention Plan and Anti-Drug Plan to the Buyer’s FFD Coordinator, and Buyer must approve that Plan, prior to beginning any Covered Work for Buyer. 10.4.2.2. Contractor will notify ▇▇▇▇▇’s FFD Coordinator upon the removal of any Contractor Personnel from Covered Work in accordance the DOT regulations or Buyer Policies and Procedures. 10.4.2.3. Contractor will furnish to ▇▇▇▇▇’s FFD Coordinator] the full name and social security number of any Contractor Personnel removed from Covered Work under the DOT Regulations or Buyer’s Policies and Procedures. 10.4.2.4. Before Contractor may return Contractor Personnel to Covered Work following removal of his or her authorization, Contractor will provide certification to Buyer’s FFD Coordinator that Contractor and the Contractor Personnel have completed all return to work requirements imposed by the DOT regulations and Buyer’s Policies and Procedures. 10.4.2.5. Contractor will forward information identified in the DOT reporting requirements under 49 C.F.R. Parts 199.119, 199.229, and 382.403, to Buyer’s FFD Coordinator] on a quarterly basis. 10.4.2.6. Contractor will certify to Buyer’s FFD Coordinator on an annual basis that it has conducted and completed education and training of Contractor Personnel. 10.4.3 Contractor’s non-compliance with the any of the requirements in these Special Terms and Conditions may result in revocation of any or all authorizations for Contractor to perform Covered Work. 10.5. No Additional Compensation Contractor will not be entitled to any additional compensation for compliance with Article 10 of these Special Terms and Conditions beyond the Contract Price. ARTICLE 11. ENVIRONMENT 11.1. Environmental Compliance Plan. 11.1.1 Contractor will prepare an Environmental Compliance Plan for all non-Emergency Work and submit it to Buyer’s Designated Representative for review at least thirty (30) Days prior to Commencement of Work, or as otherwise specified in the Project Schedule. 11.1.2. The Environmental Compliance Plan will: 11.1.2.1. Assess the potential for the Work to adversely affect the environment; 11.1.2.2. Identify applicable Laws; 11.1.2.3. Identify Contractor’s proposed method of complying with applicable Laws; 11.1.2.4. Provide schedule for application and approval for all necessary permits and licenses, including necessary notifications and publications, to be incorporated into Project Schedule. 11.1.2.5. Provide a life cycle analysis for all Materials selected for use on an individual project. The analysis will indicate a listing of all Materials proposed for use and an assessment of the potential environmental impacts associated with the manufacturing, use and disposal of Material. Contractor will use Materials that have the lowest adverse environmental impact based on their lifecycle analysis, during the performance of their work. 11.2. Environmental Management System (“EMS”) 11.2.1. Contractor will comply with ▇▇▇▇▇’s EMS, including Buyer’s applicable Environmental Policies and Procedures. 11.2.2. Contractor Personnel will complete and document EMS training and provide to Buyer as requested within twenty-four (24) hours of the request. 11.3. Treatment, Disposal and Recycling Facilties 11.3.1. Contractor will submit the location(s) of treatment, disposal or recycling facilities for all material wastes for approval of to Buyer’s ES Group, per Section 25.1 of the Terms and Conditions, prior to commencement of Work. 11.3.2. Containers used for transportation of waste materials must be suitable for the material being transported. 11.3.3. All oil-filled and formerly oil-filled equipment/waste materials must be transported in sealed, lined and tarped containers. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 76 of 125 11.3.4. Within thirty (30) Days of the date of disposal, the Contractor will provide the Buyer with copies of all manifests, permits, certificates and any other documentation relating to the disposal of waste materials generated during the Work. 11.4. Spills, Releases and Leaks 11.4.1. In addition to the requirements of Section 24.5.5 of the Terms and Conditions, Contractor will immediately report all spills, releases and leaks of any substance to the environment to Buyer’s OCC and Buyer’s ES group. 11.4.2. Contractor will cease all Work in the area affected by a spill, release, or leak and implement containment measures to prevent the release, movement, spread, or disturbance of hazardous constituents and to protect Persons, property and the environment. 11.4.3. Final spill, release or leak cleanup and material disposal must be completed in coordination with the Buyer’s ES group, which may include using the Buyer’s environmental COC. 11.5 Soil Management 11.5.1. Contractor will perform the testing, excavation, handling, transportation and disposal of soils generated from all Work Sites in accordance with applicable Law and Buyer’s Policies and Procedures. 11.5.2. Contractor will identify all soil storage and disposal locations prior to the commencement of any Work. Contractor will provide documentation to the Buyer on a monthly basis which will, at a minimum, include: 11.5.2.1. Disposal/recycling facilities utilized; 11.5.2.2. Volumes generated from each Purchase Order; and 11.5.2.3. All testing and confirmation of testing performed by or for Contractor to document the soil quality. 11.6. Water Management 11.6.1. Prior to commencement of any Work, Contractor will provide details to Buyer on the proposed handling, containment, treatment, discharge, or disposal of any/all water that may be encountered as part of tits Work. 11.6.2. Contractor will perform dewatering of manholes and excavations in compliance with the requirements established by the Buyer’s ES group. 11.6.3. Contractor will perform all necessary studies to document water quality and conditions 11.6.4. Contractor will submit to Buyer’s ES group copies of all necessary environmental permits, approvals and licenses to perform work for the Buyer, including, but not limited to, permits for dewatering (withdrawal) and discharge prior to commencment of the Work. 11.6.4. Any on-Site treatment of water requires approval by the Buyer’s ES group. 11.7. Land Disturbances 11.7.1. Prior to commence of the Work, Contractor will perform all studies required by applicable Law to perform the Work including, but not limited to, geotechnical, environmental, construction, wetland, storm water, erosion and sedimentation , and zoning studies. 11.7.2. Contractor will submit copies of the study reports, and all related permits, licenses and other documentation to the Buyer prior to commencement of any Work. 11.7.3. Contractor will submit a detailed Horizontal Directional Drilling (HDD) plan to the Buyer’s Designated Representative for review prior to commencement of any HDD Work, which will include, at a minimum, the following: 11.7.3.1. Details regarding all permits, environmental/engineering studies 11.7.3.2. The HDD route; 11.7.3.3. Measures to mitigate environmentally sensitive areas; 11.7.3.4. Drilling fluid details; 11.7.3.5. Plans for handling of inadvertent drilling fluid releases; and 11.7.3.6. Plans for handling, storage and disposal of drilling wastes prior to the commencement of any Work. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 77 of 125 11.8. Demolition Work 11.8.1. Hazardous Substances Assessment. Prior to the commencement of any demolition Work, Contractor will perform and submit to Buyer’s ES group a Hazardous Substances assessment to identify any Hazardous Substances that require removal, and/or abatement (e.g., lead, mercury, PCBs, asbestos, radiation sources, or oil filled equipment) prior to commencement of the demolition activities. 11.8.2. Contractor will verify all materials have been removed prior to commencement of any demolition activities. ARTICLE 12. QUALITY ASSURANCE (“QA”) The provisions of Article 12 are only applicable to Work performed by COCs, or as otherwise specified in the Purchase Order. 12.1. Quality Control, Inspections and Acceptance of Work. 12.1.1. Contractor is responsible for quality control and conformance to Contract Documents during the course of the Work. 12.1.2. Buyer will perform periodic QA inspections and annual audits to ensure the Contractor’s Quality Program is effective and in compliance with the Contract Documents. Deviations and nonconformances identified must be completed by the specified completion date in the applicable inspection or audit report. 12.1.3. Contractor QA inspections will be conducted by subject matter experts dedicated to the quality control function and not by the Contractor Personnel performing or supervising the Work. If requested, Contractor will submit Quality Control Inspection Reports to the Buyer per specific process for each specific utility. In addition, Quality Inspection results will be part of PI’s, for contractors required to submit PI’s. Records of the inspections will be maintained for a minimum of five (5) years. 12.1.4. Buyer may require Contractor to conduct specific levels of quality control inspections on as needed, i.e., Top Priority Circuit,, Summer Critical, governmental commitment, ▇▇▇▇ commitment, etc. 12.1.5. When a Work Package is returned and Work is progressed to “completed” status, Contractor will execute a Certificate of Final Completion attesting to the quality and completeness of work. 12.2. Contractor’s Quality Program. 12.2.1. Contractor will maintain a documented quality program based on the requirements identified in ANSI/IASQC C1- 1996 (Specification of General Requirements for a Quality Program). Contractor will be responsible for obtaining a copy of the standard as well as assuring that the current revision of the standard is used (a copy can be purchased at ▇▇▇.▇▇▇▇.▇▇▇). 12.2.2. Contractor will not be required to obtain independent or third-party QA certifications, but must comply with the ANSI requirements and any additional requirements that have been identified in this contract. Document retention policies identified in this contract supersedes those identified in ANSI/IASQC C1-1996. 12.2.3. Contractor will be responsible for designating a Quality Manager to implement the Quality Program. The Quality Manager will report to a management level such that this individual has the required authority and organizational freedom, including sufficient independence from cost. 12.2.4 The Quality Manager will ensure all work is performed according to the Contractor’s Quality Program as well as all applicable Buyer policies, procedures, and specifications. Acceptance of the Contractor’s Quality Program by Buyer does not relieve the Contractor of the obligation to comply with the requirements of the procurement documents. 12.2.5. The Contractor’s Quality Program must be kept current and adhered to by Contractor as accepted; failure to do so is cause for termination of Purchase Orders. 12.2.6. If Contractor’s Quality Program is subsequently found to be ineffective or inadequate in providing acceptable quality control, Buyer reserves the right to require necessary revisions, corrective action(s), or both. 12.2.7. Contractor will ensure its Subcontractor(s) implement and maintain an effective Quality Program that complies with the Contract Documents. 12.2.8. Nonconformances in the Contractor’s Quality Program or conditions adverse to quality will be documented and reported to the Buyer’s Designated Representative immediately. The representative will determine appropriate corrective actions up to and including Purchase Order termination. Corrective actions must be completed by specified time-period in the Contractor’s Quality Program. Significant non-conformances adverse to Quality may result in a stop Work order by ▇▇▇▇▇. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 78 of 125 12.3. Quality Control Documentation 12.3.1. Contractor’s Quality Program will be documented in the Contractor’s Quality Manual; which Contractor will submit to Buyer thirty (30) Days prior to commencement of Work or by such other Milestone Date specified by ▇▇▇▇▇’s Designated Representative. 12.3.2. Contractor’s Quality Manual will be kept current and made available to Buyer or its designated agents during auditing and surveillance activities. Contractor will maintain a revision history of changes made to documents. 12.3.3. Contractor will require its Subcontractor(s) to furnish Quality Control Procedures, Process, and Quality Assurance Manual for review and acceptance by Buyer upon Buyer’s request. 12.3.4. All Contractor Quality-Related Records, procedures, and Contractor Personnel qualifications will be available for examination by Buyer or its authorized agent. 12.3.5. Contractor will maintain all Quality-Related Records for a five (5) year period. These records will identify the actual scope of Work performed, reference the Buyer Work Order number and Quality Program information. Quality-Related Records pertaining to the Work will not be destroyed or otherwise disposed of without written permission of Buyer prior to expiration of the five- (5) year period. 12.3.6. A copy of any QA inspection reports will be provided with the completed Work Package. Inspection records will contain documented evidence that inspections, tests, or analyses required by the Buyer procurement documents, specifications, or drawings referenced therein have been satisfactorily completed. ARTICLE 13. THIRD-PARTY VERIFICATION REQUIREMENTS If Contractor is performing Work for an Exelon Utility, Contractor will become a member of the Web-based Repository directed by ▇▇▇▇▇. ARTICLE 14. ADDITIONAL INVOICING REQUIREMENTS 14.1. Submission 14.1.1. Contractor will submit invoices in accordance with PC-EU-0013, Invoice Review and Approval Procedure. 14.1.2. Contractor will submit a draft invoice with corresponding pending CPA’s in Passport to the Buyer’s Designated Representative by the fifth (5th) of the month following the month in which the Work was performed and in accordance with PC-EU-0013, Invoice Review and Approval Procedure. 14.1.3. Invoices for Services rendered the previous month must be received by the fifteenth (15th) of the month following the month in which the Work was performed when the Contract Management Passport Module is used to submit invoices. 14.1.4. Contractor will not submit invoices for less than two thousand dollars ($2,000) unless for Final Invoice or approved by the Buyer’s Designated Representative. 14.2. Format 14.2.1. Equipment. 14.2.1.1. Invoices will separately itemize each category of equipment as a separate line item and will indicate whether the equipment was Contractor-owned, Subcontractor-Owned, or leased. 14.2.1.2. Equipment includes major construction equipment such as cranes, bucket trucks, dump trucks, semis, pick-up trucks, back hoes, tractors, bull dozers, pole trailers, etc., complete with appurtenances such as boom, bucket, etc. 14.2.1.3. Fuel, insurance, lubricants, maintenance, repairs (including parts) and other expenses are included in the equipment rates except as otherwise expressly specified in the Purchase Order. 14.2.2. Other Materials. Invoices will separately itemize each type of Material as a separate line item that is either an actual part of the finished Work or utilized in the performance of the Work, including consumables and multi-use supplies such as road plates, lumber, chains, forms etc. 14.2.3 Labor. 14.2.3.1. Invoices will separately itemize and categorize Contractor Personnel by job classification, such as craftsmen (e.g., apprentices, journeymen, foremen, and/or general ▇▇▇▇▇▇▇), operators of leased equipment; professionals, and supervisory personnel, and whether such Contractor Personnel are Contractor’s employees or Subcontractor employees. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 79 of 125 14.2.3.2. Invoices will separately itemize subsistence allowances (i.e., per diem) and travel expenses. 14.2.3.3. Invoices will separately itemize federal and state employee Medicare, Social Security, unemployment insurance and other government-required contributions for each Contractor Personnel. 14.2.4. Miscellaneous. All other charges that do not fit into the equipment, other Material, or labor categories will be itemized as miscellaneous charges. 14.2.5. Invoices will separately itemize all associated mark-ups, overhead and profit for each line item. 14.2.6 Invoices will separately itemize mobilization, demobilization and transportation to-and-from the Site charges as separate line items. 14.3. CPAs. 14.3.1. Each CPA will include the following information (code block) for each Work Order and will be broken out by equipment, other Materials, labor, and miscellaneous. 1.1. ys ID Work Task Actvy T C F Cntr Proj Oper R Cntr Company 14.3.2. CPAs must indicate percent of Work completed. 14.3.3. CPAs must indicate the correct performance period. 14.3.4. CPAs are anticipated to be approved by the tenth (10th) of each month. ARTICLE 15. CENTRALLY MANAGED PROJECTS 15.1 Subcontracting Plan 15.1.1. Contractor will develop a subcontracting plan and review with the Buyer’s Designated Representative and project manager (if different). The subcontracting plan will identify the Subcontractors the Contractor plans to use for each scope of Work 15.2. Material Plan 15.2.1. Contractor will develop a Material procurement plan and review with the Buyer’s Designated Representative and project manager (if different). The Plan will identify the types of Material to be procured by the Contractor versus furnished by ▇▇▇▇▇. 15.3. Scope Development 15.3.1. For Centrally Managed Projects, when the scope of Work includes engineering or design for transmission or substation facilities, Contractor will develop and maintain Design Criteria. 15.3.1.1. The Design Criteria will include project specific design requirements. 15.3.1.2. The Design Criteria will be submitted to the Buyer’s Engineer for comments and approval. 15.3.1.3. Contractor will promptly revise and re-issue the Design Criteria when new or changed criteria are identified. 15.3.2. Contractor will provide appropriate personnel to support the scope development in each phase. Scope development will include site walk-downs, development of conceptual design including layouts and general arrangements, and planning sessions with the responsible engineering, estimating, and installation personnel to assure complete scope identification. 15.3.3. Scope development will not be considered complete at the end of Phase 1 or at the end of Phase 2 unless the responsible design engineer and responsible installer perform a joint walk-down using the latest available design drawings or as required by ▇▇▇▇▇’s Designated Representative. 15.3.4. Contractor will retain records related to approved scope, design, safety, cost estimates, forecasts, accruals, and invoices. 15.4. Schedule Development 15.4.1. Project Schedule. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 80 of 125 15.4.1.1. Contractor will develop a Project Schedule that will reflect a level of detail consistent with the Phase of the Work. 15.4.1.2. Two (2) weeks prior to beginning Work, the Contractor will submit to Buyer for acceptance a logic-based Project Schedule to a level of detail and description, which allows for tracking its day-to-day operations. 15.4.1.3. The standard activity duration will be less than three (3) Business Days unless an exception is granted by ▇▇▇▇▇. 15.4.1.4. The Project Schedule will be resource-loaded, including critical materials and resources (manpower loading) and organized in a fashion acceptable to Buyer to support forecasting and budgeting. 15.4.1.5. The Project Schedule will be updated at least weekly to support weekly forecasts, identifying any changes in sequencing from the latest accepted Project Schedule. Project Schedule updates will utilize a Sunday data date and be submitted by the following Tuesday. 15.4.1.6 Any deviations in Contractor’s performance of the Work from the latest accepted Project Schedule will require Buyer’s Designated Representative approval. 15.4.2. Milestone Date Schedule. Contractor will develop a Milestone Date schedule if requested by ▇▇▇▇▇, showing pre- defined Milestones in the project. 15.4.3. Contractor will participate in schedule coordination meetings at the request of ▇▇▇▇▇. 15.4.4. Contractor will provide Project Schedule information, in the form of hard copies, or schedule software files, to Buyer for Buyer use in developing an integrated Buyer schedule of all projects. Contractor will work with Buyer on protocols and standards to facilitate transfer and integration of Project Schedule information. 15.5. Cost Estimating and Reporting. 15.5.1. Contractor will, when included in its scope of Work, develop cost estimates for each Phase of the project. These cost estimates will be developed using Buyer templates, and conform to the level of detail by ▇▇▇▇▇. 15.5.2. Phase 1 cost estimates, that is, the estimate prepared at the beginning of Phase 1, must capture the entire known engineering and construction scope, with identified contingency for unknowns. Phase 1 estimates will be developed using conservative assumptions for quantities and productivity, but with best information for unit rates. 15.5.3. Phase 2 cost estimates, that is, the estimate prepared at the end of Phase 1 to be used to obtain authorization for Phase 2, will be a definitive estimate for the detailed design (engineering) and project planning scope, and a budgetary estimate for the construction and materials scope. The level of uncertainty of the budgetary construction and materials estimate will be identified by major scope item. Contingency (risk) items must be identified with estimated costs for each, and an indication of the time when the risk will be cleared. 15.5.4. Phase 3 estimates, that is, the estimate prepared at the end of Phase 2 to be used to obtain authorization for Phase 3, will be a definitive estimate for the entire scope of Work. This estimate will be developed using the detailed engineering and labor. Quantities will be based on the detailed engineering drawings produced in Phase 2, and must use known unit rates for material, equipment. Productivity rates will be based on the most recent, comparable data. Appropriate cost escalations will be included in the unit rates. All risks will be included “below the line” as contingency line items, with costs and clear dates estimated for each. Buyer will use the base cost estimate plus contingencies for budgeting. Contractor authorizations will be for the base estimate amounts. Buyer will write scope changes if the identified contingencies occur. 15.5.5. At the start of the project (each Phase), Contractor will prepare a forecast of estimated cost by month, or forecast, for the entire project. During project executions, Contractor will, each month, prepare and submit an updated forecast that includes actual costs from past months and updated estimated costs for each future month through the end of the project. These forecasts will include sufficient line items to communicate the work of each major scope element or subcontractor, or resource type. Contractor will seek guidance from the Buyer project manager or cost engineer on the format and level of detail of the forecast. 15.5.6. At a time specified by the Buyer project manager, Contractor will provide an “accrual” estimate also known as the work incurred report (“WIR”). This accrual is the value of the work performed in the calendar month, and in theory should be equal to the invoice that will be submitted for that month. The accruals will be broken down by sub-accounts as directed by the Buyer project manager. Contractor will identify the variance between the previously submitted forecast and the monthly accrual, and the Contractor will provide explanations for each variance. 15.5.7. Contractor will submit invoices per requirement contained in Article 14 herein and identify variances between the invoice and the accrual. Contractor will provide explanations for each variance. The invoices will show costs for each sub- account, consistent with the accruals. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 81 of 125 15.6. Challenge Process. 15.6.1. Contractor will provide a Challenge Package, as directed by ▇▇▇▇▇’s Designated Representative, for use in the Buyer project authorization process. The Challenge Package will include: 15.6.1.1. Scope Statement, 15.6.1.2. Detailed AS8 Cost Estimate, 15.6.1.3. Cash Flow, 15.6.1.4. Project Schedule, 15.6.1.5. Risks and Assumptions List, 15.6.1.6. Contractors Proposal, 15.6.1.7. General arrangement drawings as applicable, and the 15.6.1.8. Project Diagram. 15.6.2. A Challenge Meeting is required before work can begin on Phase 2 or Phase 3 of the Work. 15.6.2.1. Contractor will participate, when requested by the Buyer project manager, in the Challenge meetings. 15.6.2.2. Contractor will provide resolution to comments raised at the Challenge Meeting as directed by the Buyer project manager. 15.7. Field Construction Meetings. Contractors will support weekly face-to-face field construction meetings with the Buyer project team at which time they need to report out status, schedule updates, costs, risks, and issues. 15.8. Cost Forecasts. Contractor is required to provide an initial current month cost forecast approximately mid-month and a final forecast by the end of the third week of the current month to the Exelon Project Controls Representative. Additionally, the forecast must include a cash flow forecast for all future months totaling the full value of the contract release. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 82 of 125 EXHIBIT H – RESTRICTED CONFIDENTIAL INFORMATION SPECIAL TERMS AND CONDITIONS 1. Retention of Restricted Confidential Information. Contractor will not retain any Restricted Confidential Information longer than necessary for Contractor to fulfill its obligations requiring use of the Restricted Confidential Information under the Purchase Order. As soon as Contractor no longer needs to retain such Restricted Confidential Information in order to perform its duties under the Purchase Order, Contractor will comply with Section 3 (Return or Destruction of Restricted Confidential Information) with respect to the return or destruction of Restricted Confidential Information. 2. General Requirements 2.1 No Offshore Work. Except as expressly provided in the Purchase Order, Contractor will perform all Services and prepare all Submittals involving Restricted Confidential Information within the United States. In particular, Contractor will not transmit or make available any Restricted Confidential Information to any entity or individual outside of North America without the prior written consent of Buyer. If the Purchase Order provides for Services to be performed outside of the United States, in addition to the security requirements set forth in Section 4 (Security), Contractor will comply with all of the requirements in Exhibit L (Cyber and Information Security Special Terms and Conditions), as may be applicable to the scope of Work and Contractor’s access to Buyer’s Electronic Information and Electronic Information Assets. 2.2 Compliance with Cyber Security Laws and Privacy and Consumer Protection Laws. Contractor will acquire, use, handle, collect, maintain, store, transmit, and safeguard Restricted Confidential Information in accordance with applicable Cyber Security Laws and applicable Privacy and Consumer Protection Laws. 2.3. Accuracy of Due Diligence Questionnaire Responses. If Contractor completed and signed a Contractor Due Diligence Questionnaire (the “Questionnaire”), substantially in the form attached to this Exhibit H, prior to Buyer issuing any Purchase Order, Contractor acknowledges that Buyer will rely on the information provided by Contractor in the Questionnaire as a material factor in Buyer’s decision to enter into the Purchase Order with Contractor. Contractor represents, warrants, and covenants that all of the responses to the questions in the Questionnaire, and any other information that Contractor provided in the Questionnaire, are true, accurate, and correct, and will remain true, accurate, and correct during the Term of the Purchase Order. If any Contractor response to the questions in the Questionnaire, or any other information that Contractor provided in the Questionnaire, is no longer true, accurate, and correct and such change materially decreases Contractor’s overall security of Restricted Confidential Information, Contractor will, within thirty (30) calendar days after learning of such change in circumstance, notify Buyer in writing of the specific response at issue, the details relating to the change in circumstance, and revised response to the question in the Questionnaire or, as applicable, revised additional information provided in the Questionnaire. 3. Return or Destruction of Restricted Confidential Information. On Buyer’s written request or upon expiration or termination of the Purchase Order for any reason, the Contractor will promptly, and no later than 180 days after such request, expiration or termination (a) return or destroy, at Buyer’s option, originals or copies of all documents and materials it has received containing Restricted Confidential Information, (b) deliver or destroy, at Buyer’s option, originals, copies, and backups of all summaries, records, descriptions, modifications, negatives, drawings, adaptations, and other documents or materials, whether in writing or in machine-readable form, prepared by Contractor, prepared under its direction, or at its request, from the documents and materials referred to in clause (a), and (c) provide a notarized written statement to Buyer certifying that all documents and materials referred to in clauses (a) and (b) have been delivered to Buyer or destroyed, as requested by Buyer. Contractor’s destruction or erasure of Restricted Confidential Information pursuant to this Section will be in compliance with Department of Defense 5220-22-M Standard, as may be amended. Notwithstanding the foregoing, Contractor shall not be required to return or destroy copies of Restricted Confidential Information that (i) is held electronically in archive or secure backup systems in accordance with general systems archiving and backup policies; (ii) is required to be retained in compliance with the auditing or retention requirements of the Contract; or (iii) that it is legally prohibited from returning or destroying. Any Restricted Confidential Information that is not returned or destroyed shall remain subject to the obligations set forth herein 4. Security 4.1. Physical and Environmental Security. Contractor will maintain and enforce physical and environmental security procedures and measures to protect Buyer’s Restricted Confidential Information that is in Contractor’s control or possession that (a) are at least equal to industry standards for such types of locations, (b) are in accordance with Buyer’s security requirements set forth in this Exhibit H, and (c) provide appropriate technical and organizational safeguards against accidental or unlawful destruction, loss, alteration, or unauthorized disclosure, access, or acquisition of Restricted Confidential Information accessible by Contractor under the Purchase Order. Contractor facilities that process or store Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 83 of 125 Restricted Confidential Information will be housed in secure areas and protected by perimeter security and ingress and egress controls (e.g., guards, entry badges, video surveillance, visitor access procedures and search protocols) that provide a physically secure environment from unauthorized access, damage, and interference), and include alarm systems, fire suppression, climate control, and backup power supplies. Contractor will complete periodic compliance audits of its physical and environmental security controls. 4.2. Electronic Security. Contractor will maintain and enforce security for electronic Restricted Confidential Information in accordance with Exhibit L (Cyber Security Special Terms and Conditions). 4.3. Security Breach Notification. Contractor will immediately notify Buyer after becoming aware of any actual and confirmed unauthorized access to, acquisition, disclosure, loss, use of, or any other potential corruption, compromise, or destruction of any Buyer Restricted Confidential Information that is in the control or possession of Contractor. In the event of a security breach of the Contractor systems which store Restricted Confidential Information, Contractor will, at its sole cost and expense, assist and cooperate with Buyer with respect to any investigation, disclosures to affected parties, and other remedial measures as requested by Buyer or required under applicable Law, including Cyber Security Laws and Privacy and Consumer Protection Laws. In the event of security breach of Restricted Confidential Information by Contractor that requires notification to any Person or entity, including any customer, shareholder, or current or former employee of Buyer Parties under any applicable Laws, including Privacy and Consumer Protection Laws, such notification will be provided by Buyer, unless otherwise approved by Buyer in writing. Buyer will have sole control over the timing and method of providing such notification. Contractor will use best efforts to promptly remedy security breach of Restricted Confidential Information and deliver to Buyer within sixty (60) days of such breach a root cause assessment and future incident mitigation plan regarding reoccurrence of any such security breach. 4.4. Electronic Information Data Control 4.4.1. Removable Media. Except as specifically authorized by the Buyer in writing, Contractor will not store Buyer’s Restricted Confidential Information on any form of Removable Media. If Restricted Confidential Information is transferred using Removable Media, it must be sent via a bonded courier and protected using cryptography designated in Exhibit L (Cyber Security Special Terms and Conditions) or otherwise approved by Buyer in writing. 4.4.2. Transmission over Internet or Public Networks. Contractor will not transmit Restricted Confidential Information over the Internet or over other public or shared networks unless in compliance with encryption standards set forth in Exhibit L (Cyber Security Special Terms and Conditions). 4.4.3. Disposal and Servicing of Storage Media. If any hardware, storage media, or Removable Media is disposed of or sent off-site for servicing, Contractor will remove all Restricted Confidential Information in accordance with Department of Defense 5220-22-M Standard, as may be amended. 4.4.4. Hardware Return. Upon termination or expiration of the Purchase Order for any reason, or at any time upon ▇▇▇▇▇’s request, Contractor will return to Buyer all hardware and Removable Media provided by Buyer containing Restricted Confidential Information. The Restricted Confidential Information in such returned hardware and Removable Media will not be removed or altered in any way. The hardware must be physically sealed in tamper-protected packaging and returned via a bonded courier or as otherwise directed by ▇▇▇▇▇. 5. Compliance 5.1 Audits. Upon Buyer’s written request, Contractor shall, at its discretion, either make available to Buyer for review a copy of its annual Statement on Standards for Attestation Engagements (SSAE) No. 16 Service Organization Control (SOC) 2 Type II audit, ISO 27001 audit report or equivalent third-party audit report or allow Buyer or its third party designee, at Buyer’s expense, to perform audits and security tests of Contractor’s IT or systems environment relevant to the security and confidentiality of Restricted Confidential Information shared during the course of this Contract to determine Contractor’s compliance with this Exhibit H. Any such security audit or security tests by Buyer shall be performed not more than once per calendar year, upon thirty (30) days prior written notification by Buyer, under terms of confidentiality, during normal business hours and without any substantial disruption to its business. Buyer will provide Contractor with a copy of any audit reports generated in connection with any audit under this section, unless prohibited by law. These audits and tests may include coordinated penetration and vulnerability tests, interviews of Contractor Personnel, review of documentation, and technical inspection of systems and networks as they relate to the receipt, maintenance, use, retention, and authorized destruction of Restricted Confidential Information. Contractor will comply with all reasonable recommendations that result from such inspections, tests, and audits within reasonable timeframes and at its own cost and expense. Buyer reserves the right to view, upon request, any original security reports that Contractor has undertaken or commissioned to assess Contractor’s own network security. Any regulators of Buyer or its Affiliates will have the same rights of audit as described herein upon request. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 84 of 125 5.2. On-Going Independent Monitoring of Security Controls. Upon request and at Buyer’s expense, Contractor will have on-going, independent monitoring of the development and operations of its system of internal controls performed through SOC 2 audits (a/k/a SSAE Type 2) of the Trust Services Principles (TSPs) of applications which store Buyer’s Restricted Confidential Information and are specified and agreed to by Buyer and Contractor in a Release. Contractor will provide copies of its SOC 2 Type 2 reports or the executive summaries of these reports to Buyer annually. Contractor will ensure any data center, software as a service (SaaS) or cloud-computing subcontractors which store Buyer’s Restricted Confidential Information complete and forward SOC 2 Type 2 reports or executive summaries of these reports to Buyer on an annual basis as well. Contractor will report to Buyer its plans to cure any control deficiencies identified through on-going, independent monitoring examinations. With ▇▇▇▇▇’s written consent, Contractor may substitute similar types of reports for these SOC reports, including ISO 27001:2013 certification. Buyer shall treat any audit reports provided to Buyer as Contractor’s Confidential Information. 5.3. Regulatory Examinations. Contractor agrees that any Governmental Authority with jurisdiction over Buyer Parties may examine Buyer or Contractor’s activities relating to the performance of the Purchase Order and this Exhibit H, to the extent such authority is granted to Governmental Authority under the Law. Contractor will promptly cooperate with the Governmental Authority in connection with any such examination, provide relevant information, and provide reasonable assistance and access to all equipment, records, networks, and systems reasonably requested by the Governmental Authority. Contractor agrees to comply with all reasonable recommendations that result from such regulatory examinations within reasonable timeframes at Contractor’s sole cost and expense. The foregoing cooperation and assistance will be rendered at Contractor’s then-current time and materials rates, subject to ▇▇▇▇▇’s prior written authorization, except to the extent that the examination by the Governmental Authority is caused by Contractor’s failure to comply with this Exhibit H. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 85 of 125 Contractor Due Diligence Questionnaire This Contractor Due Diligence Questionnaire (“Questionnaire”) assists Exelon Corporation and its subsidiaries (collectively, Exelon) in assessing your organization’s ability to perform the proposed/contracted services, security program, and ability to protect Restricted Confidential Information (as defined below). The responses also assist Exelon in fulfilling its legal obligations as a regulated entity, including establishing its due diligence in entrusting Restricted Confidential Information to others. The Questionnaire and your responses will be incorporated by reference into any agreement entered into between your company and Exelon. The answers are recorded and held in confidence by Exelon and, in addition to the certification provided below, you will be required to warrant the completeness and accuracy of your answers in any agreement entered into between your company and Exelon. Exelon views full and accurate completion of this Questionnaire as a critical part of its Contractor selection process. How to Complete This Questionnaire 1. Please begin by providing the contact information requested below. 2. Please complete all numbered questions by checking the most accurate answer, providing a complete answer to any question(s) or requests for information, or, as appropriate, both. If one part of a question addressing multiple requirements causes you to be unable to answer “Yes,” provide such explanatory information as appropriate on a separate attached sheet, clearly indicating the question number and part of the question to which it relates. 3. If you are unclear about any questions, please contact the Exelon Contact listed below. 4. If there are any questions for which you would like to provide supporting material or additional information, please do so on a separate attached sheet, clearly indicating the question number to which it relates. 5. Once completed, be sure to print and sign your name with the appropriate date in the Certification section and mail to the Exelon Contact below. 6. Please also return this form and any attachments via e-mail to the Exelon Contact identified at the bottom of this Questionnaire. Restricted Confidential Information You will notice throughout this Questionnaire we refer to Restricted Confidential Information. The confidentiality, security, and integrity of Restricted Confidential Information is of foremost importance to Exelon. We expect all of our Contractors and business partners to have implemented appropriate security measures and procedures to ensure protection of Restricted Confidential Information. Contractor Contact Information: Contractor’s Complete Legal Name Contact Phone Address Email City/St/Zip 2nd Phone Due Diligence Questions: CONTRACTOR RESPONSIBILITY (VR): RESPONSES: VR1. Is there any pending or threatened litigation that pertains to your data privacy, information security, or security policy and compliance program? If yes, provide a detailed description of each circumstance. VR2. Is there any pending or threatened regulatory enforcement action or investigation that pertains to your data Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 86 of 125 privacy, information, security, or security policy and compliance program? If yes, provide a detailed description of each circumstance. VR3. Has your company ever experienced a breach of security that required notification to a consumer under the ▇▇▇▇▇-▇▇▇▇▇- ▇▇▇▇▇▇ Act of 1999 (Public Law 106-102, 113 Stat. 1138), California Security Breach Information Act (California Civil Code Sections 1798.29, 1798.82 and 1798.84), or any other privacy or consumer protection laws or regulations of any jurisdiction? If so, provide the dates of all such notifications and a summary of the circumstances. VR4. Have any internal or external audits or examinations resulted in Needs Improvement or Unsatisfactory findings relating to security, privacy, or disaster recovery/business continuity that have not yet been addressed? ___ No ___ If Yes please provide a summary and your plan for addressing these issues. VR5. Does your company have TLS Gateway Encryption in place? ___ No ___ Yes VR6. Do you intend to use any affiliates or subsidiaries in connection with your performance of the proposed relationship with Exelon? If so, identify each such entity and the services and/or products they will provide. VR7. Are any of the affiliates or subsidiaries referred to in the preceding question located outside the United States? If so, identify all relevant countries. USE OF CONTRACTORS AND SUBCONTRACTORS (US): RESPONSES: US1. Do you intend to use any contractors or subcontractors in connection with your performance of the proposed relationship with Exelon? If so, identify each such entity and the services and/or products they will provide. For the avoidance of doubt, all hosting providers, collocation facilities, server farms, and similar providers must be identified. ___ No ___ Yes US2. Have your outside providers undergone a recent vulnerability assessment or Service Organization Control (SOC) evaluation performed by a recognized third party? Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 87 of 125 If yes, are they willing to share the results with us? If no, would they be willing to undergo a vulnerability assessment or Service Organization Control (SOC) evaluation? US3. Are any of the contractors or subcontractors referred to in the preceding question located outside the United States? If so, identify all relevant countries. INFORMATION SECURITY POLICY (IS):* RESPONSES: *References to Exelon “data” in this Questionnaire are intended to include, where appropriate, Restricted Confidential Information. IS1. You will: Check all that apply: ___ Process Exelon data ___ Store Exelon data ___ Operate Exelon applications ___ Install or service Exelon applications or systems ___Have access to Exelon customer and/or employee Restricted Confidential Information ___Have physical access to secured Exelon computer facilities ___ Have network access to Exelon networks ___ Transmit files to or from Exelon ___ Have Exelon client contact IS2. Are you ISO–27001 or ISO 27002 Certified? ___ Not applicable to my environment/situation ___ Conscious decision not to deploy this practice ___ Aware this is needed but no actions taken yet ___ Planned (within 3 mos)/In development ___ Yes (If checked please provide details, including date of audit, status of planned updates to the audit, and any material changes to your security environment after completion of the audit) IS3. Do you follow the guidelines set out in ISO– 27001 or ISO 27002 and the principles defined by them? ___ Not applicable to my environment/situation ___ Conscious decision not to deploy this practice ___ Aware this is needed but no actions taken yet ___ Planned (within 3 mos)/In development ___ Yes, this exists or occurs today IS4. Have you been audited / assessed against ISO-27001 or 27002 (within the last 18 months)? ___ Not applicable to my environment/situation ___ Conscious decision not to deploy this practice ___ Aware this is needed but no actions taken yet ___ Planned (within 3 mos)/In development ___ Yes (If so, please provide full original reports) IS5. Does your organization have a formal, documented, mandated, company-wide information security program, including security policies, standards and procedures (collectively “Information Security Policies”), that is in effect, monitored, and enforced? ___ Not applicable to my environment/situation ___ Conscious decision not to deploy this practice ___ Aware this is needed but no actions taken yet ___ Planned (within 3 mos)/In development,(if checked, please provided details planned Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 88 of 125 ___ Yes, this exists or occurs today, (If checked please provide a copy of the Security Policies, subject to Exelon’s confidentiality obligations). IS6. Do your Information Security Policies specifically address the confidentiality, integrity, and availability of your facilities, systems, and the information in your possession and control? ___ Not applicable to my environment/situation ___ Conscious decision not to deploy this practice ___ Aware this needed but no actions taken yet ___ Planned (within 3 mos.)/In development ___ Yes, this exists or occurs today IS7. Do you have a formalized training program for your employees with regard to your Information Security Policies? How often is training conducted? ___ Not applicable to my environment/situation ___ Conscious decision not to deploy this practice ___ Aware this needed but no actions taken yet ___ Planned (within 3 mos.)/In development ___ Yes, this exists or occurs today IS8. Has your organization taken steps to create and maintain security awareness for data processing employees and users of systems and networks? What steps are used to ensure ongoing security awareness? ___ Not applicable to my environment/situation ___ Conscious decision not to deploy this practice ___ Aware this needed but no actions taken yet ___ Planned (within 3 mos.)/In development ___ Yes, this exists or occurs today IS9. Please state the last date on which your Information Security Policies were updated and how frequently do you review the Information Security Policies? IS10. Do you conduct penetration or other testing of your networks, systems, and applications? ___ Not applicable to my environment/situation ___ Conscious decision not to deploy this practice ___ Aware this needed but no actions taken yet ___ Planned (within 3 mos.)/In development ___ Yes, this exists or occurs today IS11. Have you undergone a penetration or vulnerability assessment or Service Organization Control (SOC) evaluation of your environment performed by a professionally or nationally recognized third party? If so, can you provide a copy? ___ Not applicable to my environment/situation ___ Conscious decision not to deploy this practice ___ Aware this needed but no actions taken yet ___ Planned (within 3 mos.)/In development ___ Yes, this exists or occurs today (if checked, please provide a copy of the results of such test). IS12. Has your organization systems implemented any Intrusion Detection or Intrusion Prevention Systems (IDS/IPS)? If so, which type? How long have they been in place? How many false positives are these systems now reporting each month? ORGANIZATIONAL SECURITY (OS): RESPONSES: OS1. Do you require off-site data to be encrypted, or do you have a policy prohibiting removal of data from secured premises? Please explain. Describe your organization’s encryption key handling infrastructure? OS2. Do you use mobile computing devices, remote access and/or wireless technology? If so, please describe how these technologies/devices are secured. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 89 of 125 OS3. Does your organization have a dedicated Information Security team that is responsible for implementing, enforcing and monitoring the Information Security management function? ___ Not applicable to my environment/situation ___ Conscious decision not to deploy this practice ___ Aware this is needed but no actions taken yet ___ Planned (within 3 mos)/In development ___ Yes, this exists or occurs today OS4. Do you have a documented and established computer incident response program? ___ Not applicable to my environment/situation ___ Conscious decision not to deploy this practice ___ Aware this needed but no actions taken yet ___ Planned (within 3 mos.)/In development ___ Yes, this exists or occurs today (If checked, please provide a copy of the program and a detailed description, including whether the program includes notification/escalation procedures to notify customers in the event of an intrusion OS5. Do you have a Computer Emergency Response Team established to address hacking and other system attacks? ___ Not applicable to my environment/situation ___ Conscious decision not to deploy this practice ___ Aware this needed but no actions taken yet ___ Planned (within 3 mos.)/In development ___ Yes, this exists or occurs today OS6. Do you receive security vulnerability advisories from vendors or from organizations such as CERT® (CERT® is a registered trademark of Carnegie Mellon University)? If yes, which advisories do you receive and what actions are taken on these advisories? OS7. Do you impose all of your own security requirements on all downstream vendors, contractors, and subcontractors with access to data? Please explain. OS8. Do you include specific protections in all agreements with all 3rd parties, including outsourcing contractors, to address security, confidentiality, and access control? ___ Not applicable to my environment/situation ___ Conscious decision not to deploy this practice ___ Aware this is needed but no actions taken yet ___ Planned (within 3 mos)/In development ___ Yes, this exists or occurs today ASSET CLASSIFICATION AND DATA CONTROL (AC): RESPONSES: AC1. All information assets, including those of your customers, are accounted for and assigned a responsible owner for ensuring adequate controls are implemented to protect the confidentiality, integrity, and availability of those assets. ___ Not applicable to my environment/situation ___ Conscious decision not to deploy this practice ___ Aware this is needed but no actions taken yet ___ Planned (within 3 mos)/In development ___ Yes, this exists or occurs today AC2. Do your information security policies establish a formal procedure for provisioning user access to computing resources that would be used to process, transmit, or store Exelon data? ___ Not applicable to my environment/situation ___ Conscious decision not to deploy this practice ___ Aware this needed but no actions taken yet ___ Planned (within 3 mos.)/In development ___ Yes, this exists or occurs today (if checked, please describe your access control procedures and practices) Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 90 of 125 What level of management grants/approves employee access to information systems? How frequently are access rights reviewed? Do those procedures include requirements for adding users, adding or modifying access rights, and removal of access rights based on defined criteria? AC3. Do you have a policy establishing that sessions initiated from outside public or third-party shared networks are permitted only for authorized users and application services? What controls are implemented to enforce these requirements? ___ Not applicable to my environment/situation ___ Conscious decision not to deploy this practice ___ Aware this needed but no actions taken yet ___ Planned (within 3 mos.)/In development ___ Yes, this exists or occurs today (if checked, please describe your network access control procedures and practices) AC4. Has your organization implemented automated activity monitoring and recording capabilities? PHYSICAL AND ENVIRONMENTAL SECURITY (PE): RESPONSES: PE1. Has your organization adopted formal policies and practices to control the use of data on removable media and mobile computers that are in effect, monitored, and enforced? Examples of removable media include CDs, DVDs, ZIP drives, USB fobs, memory cards (e.g., Secure Digital (SD), Memory Sticks (MS), CompactFlash (CF), SmartMedia (SM), MultiMediaCard (MMC), and xD-Picture Card (xD). Examples of mobile computers include laptops, PDAs, and any other system that can be attached and detached easily from the network. ___ Not applicable to my environment/situation ___ Conscious decision not to deploy this practice ___ Aware this needed but no actions taken yet ___ Planned (within 3 mos.)/In development ___ Yes, this exists or occurs today (provide a copy of such a policy or describe your practices to establish these controls). PE2. Do you protect work area(s) where Exelon Restricted Confidential Information or Confidential Information are contained by badge access control providing a physically secure environment including the monitoring and logging of access to that environment? ___ Not applicable to my environment/situation ___ Conscious decision not to deploy this practice ___ Aware this is needed but no actions taken yet ___ Planned (within 3 mos.)/In development ___ Yes, this exists or occurs today (if checked, provide a copy of your current physical and environmental security procedures). PE3. Do you protect work area(s) where Exelon Restricted Confidential Information or Confidential Information are contained by security guards who are physically present at points of ingress and egress? ___ Not applicable to my environment/situation ___ Conscious decision not to deploy this practice ___ Aware this is needed but no actions taken yet ___ Planned (within 3 mos.)/In development ___ Yes, this exists or occurs today (if checked, provide a copy of your current physical and environmental security procedures). PE4. Do you protect work area(s) where Exelon Restricted Confidential Information or Confidential Information are contained by locks, alarms, and cameras which information can be monitored, recorded, and/or logged? ___ Not applicable to my environment/situation ___ Conscious decision not to deploy this practice ___ Aware this is needed but no actions taken yet ___ Planned (within 3 mos.)/In development ___ Yes, this exists or occurs today (if checked, provide a copy of your current physical and environmental security procedures). Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 91 of 125 PE5. Do you use “Badge-in” and “Badge-out” procedures to control access to critical areas such as server rooms, IDF closets, data centers, etc. where Exelon data is contained? ___ Not applicable to my environment/situation ___ Conscious decision not to deploy this practice ___ Aware this is needed but no actions taken yet ___ Planned (within 3 mos.)/In development ___ Yes, this exists or occurs today (if checked, provide a copy of your current physical and environmental security procedures). PE6. Does your organization have specific procedures to ensure data, documents or records containing sensitive information are not discarded in whole, readable form and that they are shredded, burned or otherwise mutilated and for cleansing and/or destroying computer media, including removable media, to ensure confidential information is adequately protected? In particular, has your company adopted procedures to ensure all computer media, including removable media, are wiped of all data (e.g., in accordance with the DoD 5220-22-M Standard) before being sent out for service, redeployed for use in other engagements or for the use of other customers, decommissioned, sold, etc.? ___ Not applicable to my environment/situation ___ Conscious decision not to deploy this practice ___ Aware this is needed but no actions taken yet ___ Planned (within 3 mos.)/In development ___ Yes, this exists or occurs today COMMUNICATIONS AND OPERATIONAL MANAGEMENT (CO): RESPONSES: CO1. Do you monitor all information processing facilities for security events which are reviewed and acted upon as defined in a formal, written incident response plan? ___ Not applicable to my environment/situation ___ Conscious decision not to deploy this practice ___ Aware this is needed but no actions taken yet ___ Planned (within 3 mos)/In development ___ Yes, this exists or occurs today, provide a copy of your incident response plan. CO2. Have you deployed anti-virus software is on all computers and update signature files frequently? Are incoming files scanned automatically? Are removable media scanned automatically when they are mounted on your systems? Are virus- infected files "repaired" automatically, or quarantined, or is a human operator required to make a decision? Are data storage areas regularly scanned for viruses that were not widely recognized when the data was originally collected and stored? How often does this scanning take place? ___ Not applicable to my environment/situation ___ Conscious decision not to deploy this practice ___ Aware this is needed but no actions taken yet ___ Planned (within 3 mos)/In development ___ Yes, this exists or occurs today CO3. Do you use back-up facilities to ensure essential business information can be recovered in the event of disaster or media failure? Are back-up copies of all critical and operational data stored offsite? ___ Not applicable to my environment/situation ___ Conscious decision not to deploy this practice ___ Aware this is needed but no actions taken yet ___ Planned (within 3 mos)/In development ___ Yes, this exists or occurs today(if checked please provide details of your back-up procedures, including how often back- ups are performed for various categories of Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 92 of 125 information, are back-ups retained in geographically disparate and secure locations, what is the method used to perform back-ups, and do you use RAID) SYSTEMS ACCESS CONTROL (SA): RESPONSES: SA1. Do you require all data exchanges with 3rd parties to be subject to agreements that address the confidentiality, integrity, and availability of your systems and the information, including Exelon’s data, in your possession and control? ___ Not applicable to my environment/situation ___ Conscious decision not to deploy this practice ___ Aware this is needed but no actions taken yet ___ Planned (within 3 mos)/In development ___ Yes, this exists or occurs today, provide a description of your contracting procedures. SA2. Are the devices (servers, routers and firewalls) your organization will be using to provide services to Exelon dedicated to Exelon or are they also used for you other customers as well? If the devices are hosting data from other clients, what have you done to ensure that other clients cannot access Exelon data? What logical controls are in place? SA3. Network access to both internal and external networks is controlled and monitored. ___ Not applicable to my environment/situation ___ Conscious decision not to deploy this practice ___ Aware this needed but no actions taken yet ___ Planned (within 3 mos)/In development ___ Yes, this exists or occurs today (if checked please provide a detailed description of your access control procedures). SA4. Has your organization implemented internal system barriers (logical barriers) to information access that prevent personnel or vendors from accessing information that is not relevant to their job functions? What systems are in place for this purpose? SYSTEMS DEVELOPMENT AND MAINTENANCE (SD): RESPONSES: SD1. Do you consider security at application and system design time and implement security through controls integrated into the development lifecycle? ____ Not applicable to my environment/situation ____ Conscious decision not to deploy this practice ____ Aware this needed but no actions taken yet ____ Planned (within 3 mos)/In development ____ Yes, this exists or occurs today(if checked please provide a detailed description of the procedures used in your application and systems development process to consider security risks and controls to mitigated those risks). SD2. Do you formally test systems for security before certification for production? ____ Not applicable to my environment/situation ____ Conscious decision not to deploy this practice ____ Aware this needed but no actions taken yet ____ Planned (within 3 mos) /In development ____ Yes (If checked please provide a detailed description of the procedures used to test the security of your applications and a copy of any pre-production certification procedures). Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 93 of 125 SD3. Do you have separate physical/logical environments for development, testing, production and destruction? ____ Not applicable to my environment/situation ____ Conscious decision not to deploy this practice ____ Aware this needed but no actions taken yet ____ Planned (within 3 mos)/In development ____ Yes (If checked please provide a detailed description of the testing environments used). PRIVACY POLICY (PP): RESPONSES: PP1. Does your company have a privacy policy? Is it published and available for our review? Do your personnel have copies? PP2. Will you permit Exelon to independently verify your privacy procedures? Please explain. PP3. Do you have a process for reporting and managing Restricted Confidential Information breaches? What is the number and the outcome of the Restricted Confidential Information breaches reported in the past 12 months? Please provide a statement describing your process. PP4. Are your employees and contractors trained to report Restricted Confidential Information breaches? Please explain. PP5. Is it your policy to immediately report Restricted Confidential Information breaches to your clients, such as Exelon? Please explain. PP6. Have you had to provide notice about a Restricted Confidential Information breach in the last 24 months? If yes, provide a detailed description of each circumstance. PP7. Are post-breach incidents reviewed to determine if there are system or procedure weaknesses that require remediation? PP8. Do you require your own (downstream) vendors, contractors, and subcontractors to report Restricted Confidential Information breaches to you? Please explain. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 94 of 125 Certification: I have reviewed my company’s responses to this Questionnaire and certify that all information given above is true and complete to the best of my knowledge. I further declare that all due diligence has been exercised in the preparation, gathering, and reporting of the foregoing information. I understand and acknowledge that Exelon will rely on the responses provided above in potentially entering into a relationship with my organization and entrusting us with Exelon’s data. I represent and warrant that I am authorized by my organization to execute this Questionnaire on its behalf. Please Print Name Title: ______________________________ Signature Date Exelon Contact Information: Exelon Contact Name: Phone Address Email City/St/Zip 2nd Phone Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 95 of 125 EXHIBIT I – CONTRACTOR TRAVEL COST SPECIAL TERMS AND CONDITIONS For any Purchase Order in which the Contract Price includes reimbursement of Contractor Personnel travel expenses, the provisions set forth in this Exhibit I will apply, except as expressly modified in the Purchase Order with references to this Exhibit I. ARTICLE 1 DEFINITIONS “Buyer’s Preferred Provider” means Professional Travel, Inc., or other travel services vendor that Exelon may identify in a Purchase Order. “CTA” means the Chicago Transit Authority. “IRS” means the U.S. Internal Revenue Services or its successor. “M&IE” means meals and incidental expenses. “SEPTA” means the Southeast Pennsylvania Transit Authority. “Travel Expense Plan” means template as referenced in Attachment (1) ARTICLE 2 TRAVEL REQUIREMENTS 2.1. Travel Plan. Contractor will submit a Travel Expense Plan complying with the requirements of this Exhibit to Buyer’s Designated Representative in conjunction with the Project Schedule or at such other time as specified in the Purchase Order, and upon written approval by ▇▇▇▇▇, will be incorporated into the Purchase Order as a Contract Document. 2.2. Use of ▇▇▇▇▇’s Preferred Provider. Except as approved in advance by Buyer’s Designated Representative, Contractor will use Buyer’s Preferred Provider to book travel by following the instructions in Attachment (2). 2.3. Maximum Reimbursement Amounts 2.3.1. ▇▇▇▇▇ will only reimburse Contractor for transportation and temporary lodging expenses secured by ▇▇▇▇▇’s Preferred Provider for business travel services. 2.3.2. If Contractor is authorized to use its own travel policy and makes its own reservations, any costs incurred in excess of those published by the U.S. General Service Administration (GSA) at the provided link (▇▇▇.▇▇▇.▇▇▇/▇▇▇▇▇▇▇) will not be reimbursed. 2.4. Non-Reimbursable Travel Expenses. No Contractor Personnel travel expenses will be reimbursed for: 2.4.1. Contractor Personnel who live or have their place of employment within fifty (50) miles of the Site where they are performing the Work. 2.4.2. Time spent in transit (unless performing Work-related tasks which will be invoiced as Work and not travel); 2.4.3. Personal telephone charges; 2.4.4. Dry cleaning, laundry or pressing costs; 2.4.5. Entertainment or travel to entertainment locations; 2.4.6. Personal expenses, such as haircuts, make-up, toiletries, newspapers, magazines, etc. 2.5. Limitations on Travel Expense Reimbursements. 2.5.1 Transportation Expenses. 2.5.1.1. Domestic Air and Rail Travel. Except as approved in advance by ▇▇▇▇▇’s Designated Representative, ▇▇▇▇▇ will only reimburse Contractor for domestic air or rail travel at the lowest priced, non-refundable fare at the time of ticketing (e.g., coach, economy) for a flight with the least number of stops or connections. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 96 of 125 2.5.1.1. International Air Travel. A single flight of 8 hours or more may be upgraded to business class without prior approval. 2.5.1.2. Privately Owned Vehicles. 2.5.1.2.1. Travel to and from the Site, and between the Site and the place of temporary lodging or meals, in the Contractor Personnel’s own vehicle will be reimbursed at the current IRS rate, subject to the 50 mile guideline. 2.5.1.2.2. Travel between different Sites will be reimbursed at the current IRS rate as required by Exelon. 2.5.1.3. Car Rentals: 2.5.1.3.1. Except as approved in advance by ▇▇▇▇▇’s Designated Representative, only the cost of rentals of intermediate size vehicles will be reimbursed 2.5.1.3.2. Except as approved in advance by ▇▇▇▇▇’s Designated Representative, Rentals will not be reimbursed for Contractor Personnel who are utilizing temporary lodging within Center City Philadelphia, Downtown Chicago, Baltimore, Houston and the business district within Washington DC or other locations within walking distance of the Site. 2.5.1.3.3. Contractor Personnel staying at the same or nearby locations should carpool, renting the minimum number of vehicles necessary, where feasible. 2.5.1.4. Taxicabs and Mass Transit. 2.5.1.4.1. Taxicab fare or mass transit between the transportation hub, the temporary lodging, and the Site will be reimbursed where a car rental has not been authorized. 2.5.1.5.2 Taxicabs, buses, or rail services (such as the CTA, SEPTA, etc.), when available, should be taken as the most cost-effective method over any limousine service 2.5.2. Temporary Lodging Expense. 2.5.2.1. Contractors will be reimbursed in accordance with Sections 2.3.1 and 2.3.2. 2.5.2.2. If available, Contractor will utilize short-term (extended stay) hotel/apartment rentals for Work with a duration of thirty (30) Calendar Days or longer. 2.5.2.3. Except as provided in Section 2.3.1, reimbursements for temporary lodging will not exceed the GSA standard per diem rates for the locality or county in which the Contractor Personnel are performing the Work. 2.5.3. M&IE Expense 2.5.3.1. Except as provided in Section 2.3.1, reimbursements for M&IE will not exceed the GSA standard per diem rates (published at ▇▇▇.▇▇▇.▇▇▇/▇▇▇▇▇▇▇) for the locality or county in which the Contractor Personnel are performing the Work. 2.5.3.2. Except as approved in advance by ▇▇▇▇▇’s Designated Representative, ▇▇▇▇▇ will reimburse a maximum per diem of five (5) days per week. ARTICLE 3 DOCUMENTATION 3.1. Receipts. Original receipts or a copy of the Contractor’s Itinerary for all travel, temporary lodging and M&IE must be submitted with the Contractor’s invoice. 3.2. Mark-ups. Travel expenses will be reimbursed at cost with no additional administrative mark-up. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 97 of 125 Attachment (1) Travel Plan Template Exelon Corporation - Contractor Travel Expense Plan This Travel Request May Be Used For Multiple Travelers With The Same Itineraries Today's Date Travel Arranger Name E-mail Address Phone # TRAVELER NAME Employee ID (6 digits) If Contractor, enter the Exelon sponsor name & phone AIR / AMTRAK Date DEPART Airport, City, State or Train Station ARRIVAL Airport, City & State or Train Station Time of Departure Preferred Airline, Flight Number and/or Other Flight Information If booking AMTRAK, please provide the following regarding the credit card in profile--- Security Code: Billing Zip Code: HOTEL Hotel Name City & State Check-In Date Check- Out Date Additional Hotel Information (e.g. king bed, away from elevator, etc.) RENTAL CAR Do you want a rental car based on the air flights? (Yes or No) If YES, an intermediate from National Car Rental will be reserved, unless otherwise noted below. Rental Car Company City & State Pick-Up Date & Time Drop-Off Date & Time Additional Rental Car Information (e.g. car size, one-way) Other Reservation Requirements or Information: (limo or black car service, special requests or seating, etc.) If requesting black car service, please detail location, date and time of pickup and destination. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 98 of 125 Attachment (2) Buyer’s Preferred Provider for Business Travel Exelon Corporations’ Preferred Provider for business travel is PROFESSIONAL TRAVEL Telephone 1-888-Exelon0 (▇-▇▇▇-▇▇▇-▇▇▇▇), Monday – Friday 7AM – 8PM CT Reservation Instructions: 1. Call PROFESSIONAL TRAVEL. 2. Give the agent your name and Company name and identify yourself as an Exelon Consultant/Contractor 3. Give the destination city, dates and approximate departure and arrival times 4. Confirmation and your itinerary will be sent to the Traveler’s e-mail address. PROFESSIONAL TRAVEL has a complete list of Preferred Providers for Airline, Hotels, Car Rentals and Rail and will be able to assist the traveler(s) in arranging the most suitable accommodations. Profiles: If you travel for Exelon more than 2 times a year, you may provide Professional Travel your basic information (Name, e-mail, phone number and sponsoring Exelon employee) and they will create a shell of a profile so that you may update with your travel preferences and loyalty number. ACTION: Please send your name, e-mail address, contact phone number and sponsoring Exelon employee contact information to ▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇▇ at ▇▇▇▇▇▇▇@▇▇▇▇▇▇▇.▇▇▇. We will confirm with your sponsoring Exelon employee and advise when you can log-in to Concur Travel and update your profile and book online. Note: PROFESSIONAL TRAVEL is required by contract to offer the lowest possible airfare. The reason for not accepting an offered airfare will be entered into the computer record and will appear on the travel management exception reports compiled by PROFESSIONAL TRAVEL. Please allow PROFESSIONAL TRAVEL to investigate alternative options. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 99 of 125 EXHIBIT L – CYBER AND INFORMATION SECURITY SPECIAL TERMS AND CONDITIONS The terms and conditions in this Exhibit L will be applicable to all Contractors and Subcontractors: (1) with access to Buyer’s Electronic Information Assets, (2) with access to Buyer Electronic Information, or (3) who are designing, developing, hosting, maintaining or testing Applications for use with Buyer’s Electronic Information Assets. Buyer may identify additional cyber security requirements in the Purchase Order depending on the scope of Work and the sensitivity of Buyer Electronic Information Assets or Buyer Electronic Information to which Contractor will have access. Any references to “Contractor” shall also apply to Subcontractors. ARTICLE 1 - DEFINITIONS “Access Level” means a position in a hierarchy of access rights to an Electronic Information Asset that determines what actions a User is authorized to take on that Asset. “Account ID” means any identification name or code associated with an Electronic Information Asset account (e.g. Administrator Account IDs, Service Account IDs, Shared Account IDs, and User Account IDs) that provides a specific level of access. “Administrator Account ID” means an Account ID with elevated privileges that allows users to make changes that affect other Users or configuration settings (e.g. change security settings, install software and hardware, access all files on a system or make changes to other user accounts). “Ad Hoc Mode” means a method for wireless computer networks, WLAN network or other wireless devices to directly communicate with each other without the use of an AP. “Ad-hoc Mode” may also be referred to as a peer-to-peer mode. “AES” means Advanced Encryption Standard and is an encryption algorithm specification for the encryption of electronic data established by the National Institute of Standards and Technology. “AP” means access point. “Application” means a collection of integrated software that supports a business function. “Build Procedure” means a step-by-step procedure that describes how to configure or set up a particular Application, platform, or system. “BYOD” means “Bring Your Own Device” and refers to Wireless Devices not issued by Contractor but permitted to be used by Contractor to access Contractor’s WLAN. “Certificate Authority” means an entity that issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. “CISS” means the Corporate and Information Security Services division of Exelon Business Services Company. “Data-At-Rest” means Electronic Information which is stored physically in any electronic form (e.g. databases, data warehouses, spreadsheets, archives, tapes, off-site backups, mobile devices etc.). “Data-In-Transit” means Electronic Information that is transmitted over the public or untrusted network such as the Internet and data which flows in the confines of a private network such as a corporate or enterprise Local Area Network (LAN). “Deployment Plan” has the meaning given in Section 8.6.1. “FIPS 140-2 Level 2” means Federal Information Processing Standard Publication 140-2, Level 2, a U.S. Government computer security standard used to accredit cryptographic modules. Level 2 improves upon the physical security mechanisms of a Security Level 1 cryptographic module by requiring features that show evidence of tampering, including tamper-evident coatings or seals that must be broken to attain physical access to the plaintext cryptographic keys and critical security parameters (CSPs) within the module, or pick-resistant locks on covers or doors to protect against unauthorized physical access. “Guest Wireless Access” means a dedicated wireless network that is virtually segregated from the corporate WLAN. It usually uses the same infrastructure as the corporate WLAN, but is virtually segregated or zoned off. “Infrastructure Syslog Information” means messages sent from a variety of devices reporting different events and collected on a single logging server—the syslog server. “Malware” means a form of hostile or intrusive software. “MFA” means multi-factor authentication method of computer access control in which a User is only granted access after successfully presenting several separate pieces of evidence to an authentication mechanism (e.g., passwords, PINs, etc.). Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 100 of 125 “Out-of-Band Management” means the use of a dedicated channel for managing network devices. This allows the network operator to establish trust boundaries in accessing the management function top apply it to network resources. “OWASP ASVS” means the most current version of the Open Web Application Security Project Application Security Verification Standard found at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇. “Principle of Least Privilege” means that in a particular abstraction layer of a computing environment, every module (such as a process, a User, or a program, depending on the subject) must be able to access only the information and resources that are necessary for its legitimate purpose. For example, Users must only be granted access to Buyer Electronic Information or Buyer Electronic Information Assets on a need-to-know basis and to the extent such access is required for his/her assigned job function. “Production System” means computer system used to process an organization's daily work or a system or environment with which Users interact. “RBAC” means Role-Based Access Control. “Remote Access Systems” mean applications that allow a User to connect to a computer network from a remote location, such as Citrix and VPN. “Security Event Monitoring System” means a system for holistic monitoring of an organization’s security controls. “Security Patch Management” means identifying, acquiring, analyzing, and testing Security Patches, as well as planning, communicating, implementing, and verifying their deployment. “Security Patches” mean a software or computer system patch that is intended to correct a security vulnerability in that software or system. “Service Account” means an account used for servicing a computer system that may be used by more than one User. “Shared Account ID” means an Account ID shared between two or more Users. “Standard Build Image” means a copy of complete and functioning computer system that can be simply copied to a new system. “Standard Configuration” means specific asset configuration parameters approved by Exelon . “Standard Configuration Documents” means the documentation that defines the specific asset configuration parameters approved by Exelon. “TLS 1.2” means Transport Layer Security 1.2, a cryptographic protocol defined in Request for Comment (RFC) 5246 (August 2008) that provides communications security over a computer network. “User” means any Person able to access Buyer’s Electronic Information on Contractor’s Electronic Information Assets or Buyer’s Electronic Information Assets. “VPN” means a virtual private network which extends a private network across a public network or the Internet and enables Users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. “Wireless Device” means any type of device that communicates with other devices without needing a physical connection to the other device to transfer and receive information. “WPA2 Standard Requirements” means the Wi-Fi Protected Access 2 security protocols and security certification programs developed by the Wi-Fi Alliance to secure wireless computer networks. “WLAN” means Contractor’s Wireless Local Area Network over which Buyer’s Electronic Information may be stored or transmitted. ARTICLE 2 - APPLICATION SECURITY 2.1. Buyer Architecture and Design Standard 2.1.1. Contractor will design, develop and test Applications delivered under a Purchase Order or Scope of Work for use with Buyer’s Electronic Information Assets to meet or exceed generally accepted secure software development lifecycles, including, but not limited to, the Common Criteria, Microsoft Security Development Lifecycle, NIST 800-64, the OWASP ASVS, the OWASP Comprehensive, Lightweight Application Security Process, or the UL 2900 Outlines. 2.1.2. Contractor will submit to ▇▇▇▇▇’s Designated Representative a report from a qualified, third-party entity or Contractor’s Chief Security Officer attesting that tested Applications delivered under a Purchase Order or Scope of Work to Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 101 of 125 be used with ▇▇▇▇▇’s Electronic Information Assets comply with Contractor’s software development lifecycle at least thirty (30) days prior to delivery of any Application. ARTICLE 3 - DATA PROTECTION 3.1. Controls 3.1.1. Contractor will adhere to the Principle Of Least Privilege when granting Contractor Personnel access to Buyer’s Electronic Information and Electronic Information Assets. 3.1.2. Contractor will encrypt all Buyer Confidential Information so that it meets or exceeds 128-bit AES encryption while it is Data-In-Transit or Data-At-Rest. ARTICLE 4 - CONTRACTOR’S WLAN SECURITY REQUIREMENTS 4.1. Security Requirements 4.1.1 Contractor’s embedded intrusion detection protection functions within its WLAN infrastructure will be enabled, configured, and monitored where possible. 4.1.2. Contractor’s and Subcontractor’s WLAN Syslog information will be forwarded to a Security Event Monitoring System and monitored for Cyber Security Incidents, where possible. 4.1.3. Contractor must have policies, procedures, and practices implemented for governing Wireless Devices accessing Contractor’s WLAN, and have a process in place to ensure that the security controls are not bypassed, including Ad-Hoc Mode, rogue AP devices, etc. 4.1.4 Contractor will allow only Contractor-approved Wireless Devices to connect to Contractor’s WLAN, except as provided in Section 4.6 (BYOD WLAN Access). 4.2 WLAN Configuration Requirements 4.2.1. Contractor' will use WLAN network encryption standards which meet or exceed 128-bit AES encryption and conform to the key lengths identified in this Exhibit L. 4.2.2. Contractor will set its WLAN authentication for 802.1x and EAP- TLS. 4.2.3. The Pre-Shared Key for WPA2 Standard Requirements wireless access to Contractor’s WLAN will be a minimum of 20 characters in length and randomly generated. 4.3. User Configuration Requirements 4.3.1. Contractor will ensure that all wireless devices or systems connecting with Contractor’s WLAN comply with WPA2 Standard Requirements or higher. 4.3.2. Contractor will use digital certificates issued by an approved digital certificate management utility (e.g., CISCO ISE, Radius, etc.) to establish the connection between supplicant (client) and the management server on Contractor’s WLAN. 4.3.3. A digital certificate from a commercial or Contractor self-signed Certificate Authority is installed on the digital certificate management server as the “trusted” root certificate for the WLAN clients. 4.3.4. This digital certificate will be distributed as part of a standard vendor desktop image so that all vendor-approved desktops are capable of communicating. 4.4. Guest Wireless Access 4.4.1. Network traffic for Guest Wireless Access must be segregated from Contractor WLAN traffic, routed solely to the Internet, and logged and filtered by content filters. 4.4.2. Contractor-issued Wireless Devices and Buyer’s Electronic Information Assets will not be configured for Guest Wireless Access. 4.5. ▇▇▇▇ ▇▇▇▇ Access 4.5.1. Contractor must segregate WLAN traffic for BYODs from both its WLAN traffic for Contractor-issued Wireless Devices and its Guest Wireless Access. 4.5.2. Contractor will limit BYOD access to applications on which Buyer’s Electronic Information is transmitted or stored to only Users who have been approved and authorized by Contractor. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 102 of 125 4.5.3. Contractor will log and filter BYOD network traffic using content filters to monitor user and device resource access. Non-employee BYODs are not permitted access to internal resources. 4.5.4. Contractor will ensure that BYOD authentication adheres to and enables the WPA2 Standard Requirements or higher for personal wireless access. 4.5.5. Contractor-issued Wireless Devices will not be configured to connect to Contractor’s BYOD WLAN. 4.6. Monitoring and Management 4.6.1. Contractor will document and maintain Standard Configuration settings for Contractor’s WLAN infrastructure. 4.6.2. Contractor will identify any AP connected to the WLAN that is not authorized and approved by Contractor as a rogue AP, and will disable/disconnect the rogue APs. 4.6.3. Contractor must have a process in place to conduct intrusion detection and perform physical walkthroughs to detect or discover unauthorized wireless networks within Contractor’s WLAN infrastructure. 4.6.4. Contractor will incorporate intrusion detection and/or prevention monitoring into the WLAN, where available, that monitors unusual activity and network-based attacks (e.g. denial-of-service attacks, flood attacks, AP spoofing, man-in-the- middle, etc.). ARTICLE 5 - REMOTE ACCESS TO BUYER NETWORKS 5.1. Controls 5.1.1. Buyer will individually review and approve, in its complete discretion, all Contractor Personnel requests for remote access to Buyer’s Electronic Information Assets prior to granting such access. 5.1.2. Contractor Personnel utilizing Buyer’s remote Access Systems must not: 5.1.2.1. be connected to a non-Buyer network while simultaneously connected to Buyer’s network (i.e., no split- tunneling). 5.1.2.2. bridge to unauthorized non-Buyer networks while simultaneously connected to Buyer’s network (i.e., network bridging) which, in turn, bypasses the security controls established in Buyer’s network. 5.1.3. Information pertaining to Buyer’s Remote Access Systems is Confidential Information, including : (i) Internal TCP/IP address architecture, (ii) Client/server configurations, (iii) detailed network diagrams, (iv) Detailed system design and/or security measures, and (v) User ID account passwords or PINs. 5.1.4. Contractor Personnel must use MFA to establish a remote connection to Buyer’s network when connecting from any non-Exelon network. 5.1.5. Contractor Personnel using wireless connections to remotely access Buyer’s Electronic Information or Buyer’s Electronic Information Assets must use encryption standards which meet or exceed 128-bit AES encryption. 5.1.6. Contractor Personnel must not circumvent any Buyer remote access control. 5.2. Remote Access Authentication 5.2.1. Contractor Personnel must not save their Remote Access MFA credentials through automatic login scripts, software macros, terminal function keys or use of autosave with the Remote Access System client software. 5.2.2 Contractor Personnel must not share their remote access credentials (e.g., User ID, passwords, and PINs), with anyone. 5.2.3. Contractor will notify and obtain approval from Buyer before granting Subcontractors or third-party vendors access to Buyer’s Electronic Information which is Restricted Confidential Information or Buyer’s Electronic Information Assets. 5.3. Remote Outbound/Inbound Connectivity 5.3.1. Contractor must include cryptographic controls for all inbound and outbound remote access connections to Buyer’s Electronic Information Assets. 5.3.2. Contractor must have a documented and maintained process to monitor remote outbound/inbound connections to its Remote Access Systems and take appropriate action if an anomaly is found. 5.4. Direct Business to Business (B2B) Connectivity 5.4.1. Contractor must use ▇▇▇▇▇’s preferred method for accessing Buyer’s systems and networks (e.g., Citrix). Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 103 of 125 5.4.2. If Buyer approves a B2B VPN connection, Contractor will comply with all Buyer requirements for direct B2B VPN access between Contractor Personnel and Buyer’s Electronic Information Assets that are listed in the Contract Documents. ARTICLE 6 - ACCESS CONTROL TO BUYER ELECTRONIC INFORMATION 6.1. Access Management 6.1.1. Contractor will ensure that only Contractor’s authorized administrators have the capability to create, modify or disable Contractor Personnel Account IDs and/or permissions, and to reset passwords. 6.1.2. Contractor will use RBAC to approve and authorize Contractor Personnel access to either Contractor’s and/or Buyer’s Electronic Information Assets. 6.1.3. If Contractor accesses Buyer’s Electronic Information Assets or stores Buyer’s Electronic Information, Contractor will install security warning banners on Contractor Electronic Information Assets including language to the effect that access and use of such assets and information is only by authorized individuals, access is monitored, and unauthorized or illegal use will be prosecuted. 6.1.4. Contractor will assign each individual Contractor Personnel a unique User Account ID for which Contractor will be responsible for all activities performed under that User Account ID. 6.1.5. Contractor will prohibit Contractor Personnel to share or otherwise allow other Persons to use their unique User Account IDs and associated passwords and terminate access to Buyer Electronic Information for Contractor Personnel who violate this prohibition. 6.2. Access Request and Approvals 6.2.1. Contractor will only grant access to Buyer Electronic Information and Buyer Electronic Information Assets to individual Contractor Personnel who need access in order to perform the Work, and will revoke such access promptly once the individual no longer requires or is no longer qualified for access. 6.2.2. Contractor will ensure all requests for access to Buyer Electronic Information and Buyer Electronic Information Assets by Contractor Personnel are reviewed and approved by a Contractor manager before Contractor’s authorized administrators grant access. 6.2.2.1. Contractor will document Contractor Personnel who have access to Buyer’s Electronic Information and Buyer Electronic Information Assets, their Access Levels, the Contractor manager who approved that access and, upon request, provide that documentation to Buyer. 6.2.2.2. Contractor will review the list(s) of authorized approvers periodically, preferably every 90 days or at least annually, and give ▇▇▇▇▇’s Designated Representative prompt notice of any changes to the list(s). 6.2.3. Contractor will maintain and make available upon Buyer’s request a record of all Contractor Personnel requests for access to Buyer Electronic Information and Buyer Electronic Information Assets for a minimum of two (2) years from the date of such request, with the following information included for each request: (i) Date of access request, (ii) Requestor name, (iii) User (requested for) name, (iv) System and/or Application Name, (v) Access Level/Access Type requested for the system and/or application, (vi) Need for access, (vii) Approver name(s), (viii) Date of approval(s), (ix) Date access was provisioned; (x) Date of access removal request; (xi) date access was removed; (xii) Reason for removal of access. 6.3. Authentication 6.3.1. All Contractor applications, systems and networks containing or allowing access to Buyer Electronic Information or Buyer Electronic Information Assets must require a valid Account ID and password for authentication prior to allowing access. 6.3.2. Contractor Personnel will not write down authentication credentials, such as Account IDs and passwords, or store them in readable form in automatic login scripts, software macros, terminal function keys, in computers without access control, shortcuts, and/or in other locations where unauthorized persons might discover them. 6.3.3. Contractor must protect authentication information (e.g. password files) while it is Data-At-Rest and Data-In- Transit with encryption controls to prevent unauthorized individuals from obtaining the data. 6.3.4. Contractor will require all Contractor Personnel to comply with applicable password requirements. 6.3.5. Contractor will ensure that passwords must not be displayed on any screens or reports. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 104 of 125 6.3.6. Contractor must ensure passwords are delivered via a secure and reliable method; which could include confirming emails to the account holder that do not contain the account name, and a secure temporary password which is changed immediately upon login. 6.4. Administrator Accounts 6.4.1. Where technically feasible, Contractor must rename all default system and/or Application IDs to a name that does not indicate its Access Level and change their passwords prior to being placed in the production environment or connecting to a live network. 6.4.2. Contractor must limit Administrator Account access to Buyer Electronic Information and Buyer Electronic Information Assets to only those Contractor Personnel whose job role and responsibilities require such access. 6.4.3. Contractor must ensure that Administrator Account ID passwords are changed immediately upon an assigned User’s notification of termination or change in job role that no longer requires such access. 6.4.4. Contractor must store Shared Account IDs and passwords in a secured environment and provide access to approved Users only. 6.4.5. Contractor must change Shared Account ID passwords within seven (7) Days of the voluntary or involuntary termination notification of Contractor Personnel with knowledge of the password. 6.4.6. Contractor must log and monitor all activity of Contractor Personnel with Administrative or Shared Account IDs while they are accessing Buyer Electronic Information or Buyer Electronic Information Assets if feasible. 6.4.7. Administrator Account IDs and credentials assigned to Contractor Personnel are only for valid administration purposes and must be assigned a different User Account ID that is to be used for performing non-administrative activities such as checking email, or accessing the Internet. 6.5. Access Reviews 6.5.1. Contractor will review and verify Contractor Personnel’s continued need for access and Access Level to Buyer Electronic Information or Buyer Electronic Information Assets on a semi-annual basis. 6.5.2. Contractor will retain evidence of the reviews for two years from date of each review. 6.6. Access Removal 6.6.1. Contractor will immediately remove Contractor Personnel’s access to any Buyer Electronic Information and Electronic Information Assets when: (i) the individual no longer requires access to a given Electronic information resource or Electronic Information Asset; (ii) the individual is terminated or his or her employment is otherwise ended, (iii) the Services being provided by Contractor are either completed or terminated, or (iv) when Contractor reasonably believes the individual may pose a threat to the safety or security of Buyer’s Electronic information or Buyer’s Electronic Information Assets. 6.6.2. Contractor will notify Buyer Designated Representative once access has been removed from the Electronic Information resource or Electronic Information Asset. 6.6.3. Contractor will notify Buyer of Contractor Personnel retaining access beyond the period identified in Section 6.6.1. 6.7. Password Requirements 6.7.1. Contractor will ensure that Contractor Electronic Information Assets storing or transmitting Buyer’s Electronic Information, or connecting to Buyer’s Electronic Information Assets, are protected by robust password requirement or biometric controls, including: 6.7.1.1. Passwords must be at least eight (8) characters long and composed of letters, numbers and special characters, where technically feasible. 6.7.1.2. If other biometric controls are used in lieu of, or in addition to, passwords, they must be disclosed to ▇▇▇▇▇’s Designated Representative. 6.7.1.3. The Account ID must be disabled after a reasonable threshold is met for the number of invalid login attempts. 6.7.1.4. Once an Account ID has been disabled due to reaching the maximum number of invalid login attempts, the Account ID may be automatically reset after a reasonable period for systems that support an account reset feature. 6.7.2. Contractor must notify Buyer if Contractor’s Electronic Information Assets do not meet the requirements of Section 6.7.1. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 105 of 125 6.7.3. Buyer reserves the right to request mitigating security controls as a condition for allowing access to Buyer’s Electronic Information and Buyer Electronic Information Assets. 6.8 Session Management 6.8.1. Contractor Applications with access to Buyer Electronic Information or connecting to Buyer Electronic Information Assets must automatically disconnect after no more than thirty (30) minutes of inactivity during a session. 6.8.2. A session locking feature must be configured to automatically lock the Electronic Information Asset after fifteen (15) minutes of inactivity. ARTICLE 7 - CRYPTOGRAPHIC SECURITY STANDARDS 7.1. General Cryptographic Security Requirements 7.1.1. Contractor must use strong cryptographic algorithms with sufficient key lengths for encryption, integrity checking, and authentication of origin of Buyer Electronic Information. 7.1.1.1. When a RSA Security LLC (“RSA”) cryptographic network protocol is used, the required minimum key length is 2048 bits. 7.1.1.2. When a SSH Communications Security, LLC Secure Shell (“SSH”) cryptographic network protocol is used, Contractor must utilize AES 128 bit or larger key size and must comply with password requirements in this Exhibit. 7.1.1.3. Contractor’s cryptographic infrastructures must provide all necessary primitives, functions, and operations to support any future upgrade to FIPS 140-2 Level 2 compliance. 7.1.1.4. Contractor must use TLS 1.2 or higher with bi-directional authentication to secure the transmission of Buyer’s Restricted Confidential Information. 7.1.2. Contractor must use algorithms to secure Buyer Restricted Confidential Information that are: (i) public domain, including source code, (ii) are peer reviewed and approved by NIST, and (iii) must not be known to have been compromised in practice. 7.1.3. Contractor must encrypt internal communication between application components, peer hosts, databases, and middleware where technically feasible. 7.1.4. Contractor’s encryption controls will be free from known defect and patched upon identification of a vulnerability. ARTICLE 8 - SECURITY PATCH MANAGEMENT 8.1. General Security Patch Management Requirements 8.1.1. Contractor will promptly assess vulnerabilities and identify and deploy all applicable Security Patches for each Electronic Information Asset (e.g., applications, operating systems, and components including drivers, subsystems, programming languages, libraries and BIOS) on which Buyer’s Electronic Information is stored or transmitted, or which connect to Buyer’s Electronic Information Assets. 8.1.2. Contractor will deploy all Security Patches promptly, in accordance with the criticality of an identified vulnerability. 8.1.3. Contractor will have a process in place to reassess vulnerabilities to determine whether the Security Patch closed the vulnerability. 8.1.4. Contractor will promptly notify ▇▇▇▇▇’s Designated Representative of any vulnerability that cannot be effectively closed by a Security Patch or other corrective action by Contractor and will document and implement appropriate mitigating technical controls to protect Buyer’s Electronic Information and access to Buyer’s Electronic Information Assets. 8.2. Backups of Electronic Information Assets Before Contractor deploys Security Patches to either Contractor Electronic Information Assets storing Buyer’s Electronic Information or Buyer’s Electronic Information Assets, Contractor will ensure that the Electronic Information is backed up. 8.3. Change Management and Communications 8.3.1. Contractor will coordinate deployment of all Security Patches to Production Systems with Buyer well in advance of deployment to ensure compliance with established Buyer change management processes. 8.3.2. Buyer may direct Contractor to delay Security Patch deployment until the next available opportunity due to Buyer’s business conditions (e.g. high-usage periods, emergent weather conditions, or other operational conditions). Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 106 of 125 8.4. Acquiring Security Patches 8.4.1. Security Patches must be created by the hardware or software vendor, and Contractor must acquire them directly from the hardware or software vendor or through third- parties explicitly authorized by the vendor. 8.4.2. Under no circumstances will Contractor deploy Security Patches not approved by the hardware or software vendor. 8.4.3. Contractor must validate the authenticity of the Security Patch using such methods described by the hardware or software vendor (e.g. the use of secure protocols for download, cryptographic checksums, Pretty Good Privacy (PGP) signatures, and digital certificates). 8.4.4. Contractor will scan all Security Patches for Malware prior to deployment. Both the antivirus program and the virus signature database will be updated prior to scanning. 8.5. Testing Security Patches 8.5.1. Contractor will test all Security Patches in a non-Production System environment prior to deployment to ensure there are no negative impacts to production systems. 8.5.2. Where technically feasible, Contractor will perform testing on a selection of systems that most accurately represent the configuration of the Production Systems in the deployment. 8.5.3. Testing will include uninstalling or backing out the Security Patch to address problems that may be encountered during deployment to Production Systems. 8.5.4. If the testing of Security Patches negatively impacts the functionality of dependent Electronic Information Assets, Contractor will assess whether the negative impact outweighs the risk posed by the threat. 8.5.5. If Contractor’s assessment is that the Security Patch must not be applied due to the negative impact, Contractor will develop a workaround that is approved by Buyer. 8.6. Planning Patch Deployment 8.6.1. Prior to deploying a Security Patch to Production Systems, Contractor will develop and submit to Buyer a written deployment plan (“Deployment Plan”) which will include the following: 8.6.1.1. The method by which the patch will be deployed to the assets, including manual or automated means. The means for deployment may be different for different groups of Electronic Information Assets. 8.6.1.2. Workarounds or specific Security Patch implementation procedures to ensure that the negative impact for any known or potential issues regarding the installation of the patch is reduced to a level acceptable to Buyer. 8.7. Verifying Patch Deployment Contractor will verify if Security Patch deployment for each Electronic Information Asset identified in the Deployment Plan is successful and inform ▇▇▇▇▇ of unsuccessful Security Patch deployments. 8.8. Updating Baseline Security Configuration Standards Contractor will update its security baseline configuration standards by including each Security Patch into any applicable Standard Build Image and/or Build Procedure. ARTICLE 9 - RISK MANAGEMENT AND THREAT ASSESSMENT 9.1. Security Risk Assessments 9.1.1. Upon request and at Buyer’s expense, Contractor must conduct a cyber and physical security risk assessment (“Risk Assessment”) on an annual basis and, under terms of confidentiality, provide a written report of the results of this assessment to Buyer each year or upon request . If required, ▇▇▇▇▇ and Contractor will agree to scope. 9.1.2. Contractor may be asked to participate with Buyer in an annual tabletop exercise of cyber and/or physical security specific to a threat identified by ▇▇▇▇▇ as required by ▇▇▇▇▇. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 107 of 125 ADDENDUM to ANNEX III CLIENT MANDATORY CONTRACT CLAUSES To Task Order No. AV90851001 ComEd Customer Solutions Department Energy Efficiency/Beneficial Electrification General Requirements Rev 30 – 10/25/2024 Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 108 of 125 Table of Contents A. Safety & Human Performance B. Drug & Alcohol Policy/Testing Program C. Permits & Fees D. Customer Satisfaction, Public Relations & Complaints E. Quality Control & Quality Assurance F. Contractor Personnel ▇. Security H. Invoicing, Accruals & Forecasting I. Marketing J. Reporting K. Performance Data Tracking System Requirements L. Electronic Data Security M. Incentives/Rebates N. Attachments O. Microsites & Web Content Americans with Disabilities Act (ADA) Compliance P. Telephone Consumer Protection Act (TCPA) Compliance Q. Separation of Functions and Conflicts of Interest R. Diversity Spend Commitment S. Work Force Commitment T. Integrated Distribution Company (IDC) Rules and Requirements U. Contractor Transition V. Conflicts Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 109 of 125 A. Safety & Human Performance The safety of the public, Contractor, and subcontractor personnel, and ComEd personnel shall be of primary importance to Contractor. Contractor shall be knowledgeable of all applicable laws and regulations pertaining to the work performed for ComEd. Contractor shall adhere to all applicable OSHA regulations while performing work for ComEd. Contractor is solely responsible for being aware of, initiating, maintaining, and supervising its own compliance with all safety and environmental laws, regulations, precautions, and programs in connection with the performance of work for ComEd. Contractor shall have in effect for the duration of the contract governing the work for ComEd a written safety program that identifies Contractor's safety organization, safety manager, safety manual, training program, and methodology for conducting testing and audits. Contractor will provide the written plan at ComEd’s request. Contractor shall submit to ComEd, within 30 days of contract award, a written statement that its health, safety, and environmental programs are in compliance with all applicable laws and regulations. Contractor shall perform a job hazard analysis of the job tasks performed in the completion of the ComEd work scope and incorporate the results of the analysis into Contractor’s safety program. Contractor’s safety organization shall provide initial and periodic refresher safety training to all Contractor personnel, and subcontractor personnel, performing work for ComEd. Upon request, Contractor shall provide to ComEd documentation of safety meetings, safety audits, and training records that are associated with work conducted for ComEd. Contractor shall conduct safety audits at a rate not less than that agreed to by Contractor and ComEd. Results of safety audits are to be reported to ComEd as ComEd may request. Contractor shall verbally notify ComEd (utilizing the ComEd-provided call tree) within 3 hours of the occurrence of any incident described below and provide detailed written notification within 24 hours. Contractor, even if exempt from OSHA’s incident recording requirements based on business type or class, must still report all safety incidents that meet OSHA’s definition of a recordable occupational injury to ComEd. OSHA Recordable Occupational Injury (regardless of party at fault) Electrical outage / interruption of an electrical service caused by contractor Environmental spill or release OSHA citation, vehicular moving violation, other violation of formal regulation Electrical flash or contact Vehicle accident while performing ComEd work (regardless of party at fault) Condition that draws (or may draw) negative media attention Contractor shall be required to report, investigate, and when necessary, resolve all occupational accidents, illnesses, and injuries that occur while performing work for ComEd. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 110 of 125 Contractor shall promptly mitigate any violation of safety or environmental regulations, or procedures created by its work, acts, or omissions. Should Contractor fail to ▇▇▇▇▇ any violation, ComEd may, in its sole discretion, suspend any or all of Contractor’s work activity immediately. Contractor is not entitled to any extension of time or reimbursement of costs incurred as a result of any such suspension order. Contractor shall conduct pre-work orientation sessions for all personnel under its direction. The orientation shall address all environmental, occupational health and safety rules, job hazard identification and mitigation, and the proper use of personal protective equipment associated with the work to be performed. Contractor must document participation in these pre-job preparation sessions and make this documentation available to ComEd upon request. B. Drug & Alcohol Policy/Testing Program Contractor shall have a drug and alcohol policy and testing program (DAPTP) that meets or exceeds ComEd’s DAPTP (Post Accident Testing Procedure – HR-AC-301). Contractor may adopt ComEd’s DAPTP as its own for the performance of work for ComEd, by providing ComEd the confirmation of such adoption in writing. ComEd shall be notified promptly in writing when Contractor or subcontractor personnel are found to be in violation of the Contactor’s DAPTP while performing work for ComEd. All subcontractors shall be subject to and comply with the Contractor’s DAPTP. C. Permits & Fees Contractor shall obtain and pay for all permits and approvals necessary or appropriate to perform its work for ComEd in compliance with applicable laws, except for those permits that Exelon or ComEd is specifically required to obtain by virtue of the terms of the contract governing the performance of work for ComEd or by applicable laws. D. Customer Satisfaction, Public Relations & Complaints Contractor shall ensure that all Contractor and subcontractor personnel conduct themselves in a professional manner when interacting with the public and regulatory agencies; provided that no such personnel are permitted to interact with regulatory agencies on behalf, or with the appearance or inference of interacting on behalf, of ComEd without ComEd’s express written permission. Contractor shall review, initially and on an annual basis, with all Contractor and subcontractor personnel who are or will be performing work for ComEd, the need to keep ComEd’s customers satisfied with Contractor’s performance. Contractor shall comply, and shall cause its subcontractors to comply, with all ComEd customer satisfaction and communication initiatives. At a minimum, Contractor shall maintain a written log of all complaints and their resolution. Complaint logs shall be maintained for a period of 24 months and shall be subject to audit by ComEd. Contractor shall report all program complaints (including but not limited to those reported by any customer, Energy Efficiency/Beneficial Electrification service provider, contractor, federal, state, local and regulatory agency, and legislative body) to the ComEd Program Manager within 1 business day and have an acceptable resolution in place within 2 business days of receipt of the complaint, unless otherwise directed by the ComEd Program Manager. All complaint resolutions shall be approved by the Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 111 of 125 ComEd Program Manager prior to implementation. Contractor shall report all incidents involving damage to private or public property caused by Contractor or subcontractor personnel, including any reports of damage reported to Contractor, to the ComEd Program Manager within 24 hours, and have an acceptable resolution in place within 2 business days, of such incident, unless otherwise directed by the ComEd Program Manager. All damage resolutions and damage claim resolutions shall be approved by the ComEd Program Manager prior to implementation. Contractor shall respond to customer and other stakeholder inquiries in a timely manner, which shall be within not more than 2 business days of such inquiry (and shall provide to ComEd a notice of receipt of such inquiry and the answer provided). E. Quality Control & Quality Assurance Where required and requested by ComEd, Contractor shall have in effect for the duration of the contract governing the work for ComEd a written quality assurance (QA) and quality control (QC) program that, at a minimum, identifies the Contractor's QA/QC organization, responsible manager, QA/QC manual, training program, and methodology for performing and documenting audits. Contractor will provide the written plan at ComEd’s request. Contractor shall bear any and all expenses for rework and/or additional work required due to Contractor's acts of commission, omission, or errors. No claims for contract or schedule relief, or any other relief, shall be made to ComEd by Contractor due to lack of understanding of the complete scope of work and other contract documents governing the work for ComEd. Contractor is expected to support and comply with all QA/QC verification efforts performed by ComEd, including its own personnel and subcontractors employed for this purpose. These areas of support include, but are not limited to, the following: Establishing a set of guidelines for each program to provide greater measure quality across all program offerings. Tracking resolutions in a more deliberate manner to provide improvement opportunities to inform business practices and training requirements and to enhance the customer experience Reducing or eliminating variations in performance measurements and inspection score differentials between ComEd and Contractor. Adding more quantitative data points versus qualitative observations to provide enhanced transparency and stimulate the adoption and proliferation of process improvement initiatives. Fostering alignment on the QA/QC processes and developing portfolio-wide scorecards and dashboards. Providing input in the design of the program to ultimately raise its effectiveness. F. Contractor Personnel All work for ComEd shall be performed in a professional manner utilizing workers who are skilled in the applicable work and are members in the respective trades associated with the work. Contractor and subcontractor personnel shall maintain all professional qualifications, licenses, permits, certifications, and skills and appropriately complete all training required by applicable laws or advisable to perform the work. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 112 of 125 Contractor shall conduct background investigations on their personnel, including subcontractor personnel, in accordance with the requirements defined in the terms and conditions of the Contractor’s contract with ComEd. Contractor shall develop and maintain a Qualification and Training program with tracking and defined re-qualification for all Contractor and subcontractor personnel. Contractor shall not remove any key personnel from the project without the specific approval of the ComEd Program Manager, and not until necessary arrangements satisfactory to ComEd have been completed to provide a qualified replacement. Contractor is required to notify ComEd within 24 hours of notice or decision of key personnel employment ending with the Contractor and shall include a ComEd- approved coverage plan until a permanent backfill or staffing has been completed. The ComEd Program Manager shall define the required dress code for Contractor and subcontractor personnel having in-person contact with ComEd customers. It is the responsibility of Contractor to ensure its and its subcontractor’s personnel comply with this dress code. Contractor shall assume all costs associated with the implementation of the dress code policy. Contractor shall track the issuance, use, and collection of utility-branded clothing to Contractor and subcontractor personnel. Contractor shall secure approval from ComEd in writing for the use of utility- branded clothing for its and its subcontractor’s personnel and shall purchase it from a ComEd-approved vendor prior to such use and, where joint programs with other utilities are involved, in accordance with applicable instructions from ComEd and such other utilities. Contractor shall report bi-annually its inventory of utility-branded clothing has been audited and accounted for to the ComEd Program Managers. Contractor shall define and submit to the ComEd Program Manager for approval, the minimum standard for all vehicles used by the Contractor’s and subcontractor’s field personnel with respect to condition and appearance. All such vehicles shall be of a condition that will portray a professional image to ComEd’s customers. For any Contractor and subcontractor personnel having access to ComEd systems, including but not limited to information, monitoring, tracking, reporting, communications and other electronic systems, Contractor shall notify the ComEd Program Manager within 24 hours of any changes to personnel assignments that eliminate the need for access to such systems. G. Security If directed by ComEd, all Contractor and subcontractor personnel having face-to- face contact with ComEd customers shall be required to wear a photo identification badge. If by ComEd, the required photo identification badges shall be issued by the Contractor/subcontractor and be approved by the ComEd Program Manager. Contractor shall develop and maintain a system to protect and account for all identification badges issued by the Contractor/subcontractor for the performance of ComEd work. All identification badges shall be inventoried, tracked by individual personnel, and returned to the Contractor at the request of ComEd or at the termination of such personnel’s tenure with the Contractor/subcontractor. This Contractor identification badge inventory shall be available at all times for audit by ComEd. Contractor shall be responsible for any misuse, loss, or damage associated with any identification badge. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 113 of 125 H. Invoicing, Accruals, & Forecasting Invoicing for services rendered in each month must be received no later than the 7th business day of the following month. Failure to submit invoices in the proper format, including required information and documentation, could result in delay or non-payment of such invoices until such time as a proper and properly documented invoice has been submitted, and the due date for such re-submitted invoice will be calculated from the date of such proper and properly documented invoice. All invoices must be forwarded to the ComEd Program Manager for review and approval prior to submittal to ComEd Accounts Payable (A/P). Without prior approval by the ComEd Program Manager, invoices not received within 90 days of completion of work will be rejected. Invoices shall not be submitted to ComEd Accounts Payable during last two working days of the month. Each invoice must clearly identify on company letterhead and must include, at a minimum: Billing address Unique invoice number Purchase Order or Contract number Contract Release number (if applicable) Contract Payment Authorization (CPA) number (if applicable) Itemized list of charges, providing level of detail specified by ComEd Performance period of the invoiced work Total invoice amount Each invoice must be in a professional format that is auditable by generally accepted accounting practices. The initial format and content of each invoice template will be directed by and reviewed with the ComEd EE/BE Program Manager and incorporated into the processes established by Contractor for ongoing management of its scope of work. Contractor shall provide the ComEd Program Manager by the 26th of each month, or as specified by ComEd, any cost incurred on the project through the 26th of that month, plus an estimate of costs for the remaining days of the month. If the 26th of the month falls on a ComEd non- workday, the accrual will be due on the first preceding ComEd workday. In addition to the accrual, Contractor shall provide a cost forecast for the remaining months of the program year. Contractor shall utilize an accrual and forecasting template (one format) provided by ComEd. In the event the current month actuals (invoiced amount plus accrual) deviate by more than (+/-) 5% from the current month forecast that was submitted in the prior month, Contractor shall provide to ComEd a written explanation for the variance, including planned corrective actions to ensure forecasting accuracy going forward. Such an explanation must be submitted within 5 business days following the last day of the month for ComEd’s review. Contractor’s final invoice for each Contract/Release will be marked “FINAL INVOICE” in any cover letter, email and on each page of the final invoice. I. Marketing All marketing activities performed by Contractor, and materials created, must be coordinated closely with ComEd, and conform to ComEd’s brand guidelines and messaging integration. This includes collateral materials and direct marketing tactics (e.g., fact sheets, brochures, postcards, leave-behinds, Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 114 of 125 pdfs), EE/BE kit design, webinar, presentation, workshop content, premiums, outreach events, training materials, videos, and web content or microsite design. Contractor shall bear all costs related to the compliance with this marketing policy, including adherence to the current Americans with Disabilities Act (ADA) compliance guidelines (see Section O). Current ComEd-branded apparel should be worn by Contractor and subcontractor personnel when representing ComEd in the field. Apparel can be ordered from a ComEd-approved vendor through a ComEd-provided portal. See also Section F regarding use of utility-branded clothing. Upon departure by any such personnel from Contractor’s or subcontractor’s organization, it is Contractor’s responsibility to collect the branded apparel from the former personnel. Contractor will work with ComEd to develop a marketing plan that guides the marketing and outreach activities based on program goals, utilizing the plan template provided by ComEd. The marketing plan must include objectives and strategies, audiences and messaging, tactic calendar, budget, and targeted outcomes/measurement of success. In addition, tactics shall include potential trigger tactics targeting to increase participation, as well as 3-5 tactics for retargeting and follow-up with existing customers. All marketing-related activities must be approved by ComEd prior to the start of any work, and Contractor must give ComEd at least 10 business days to route all marketing materials for the necessary approvals. If Contractor is planning to utilize advertising tactics (radio, TV, OOH, transit, etc.), Contractor shall work through ComEd’s agency of record for creative development, alignment, approval, and media buys. Contractor will establish measurable performance metrics and goals for each marketing tactic and will use data tracking to analyze effectiveness. Reporting will be generated and shared with ComEd Program Manager/s and Marketing Team throughout the execution phase, and a recap of campaign outcomes will be provided within 30 days of completion of each campaign. Contractor will also coordinate with ComEd Program Managers and Marketing Team quarterly to discuss and manage participation levels, ensure tactics are in alignment with the agreed-upon objectives, and to discuss and deploy contingency strategies/trigger tactics to increase participation, when necessary, with the ComEd Program Manager’s approval. If Contractor is supporting the EE/BE business offerings, Contractor shall share marketing lists, response rates (e.g., webinar registrations, event attendance, participation sign-ups), and any other pertinent tracking data that can be uploaded into ComEd’s campaign management tool for all marketing tactics that are managed by Contractor, within 30 days of receipt. Unless otherwise directed by ComEd or included in fixed all-in unit pricing like kits, the costs of marketing tactics and events, for the purpose of generating program participation or increasing awareness will be invoiced separately on a time and materials basis, as needed, to meet program goals and not to exceed the total contract budget. Invoices shall detail marketing work completed and related expenses and will include, but is not limited to, the costs for marketing services, concepts, and campaign strategy and planning. The following list of marketing costs shall be included in the marketing invoice and broken out in three major categories – Marketing Labor, Marketing Development, and Promotions & Events. a. Marketing labor: billed on time & material as a pass-through expense. Contractor shall detail the agreed-upon Contractor billable rate for time spent on marketing and tactic development, and events. This includes any time spent on developing marketing materials, plans, strategies, and tactics to support the program. b. Marketing development including coordination and implementation of marketing activities, graphic design, collateral material development (e.g., fact sheets, brochures, postcards, leave- behinds, pdfs), EE/BE kit design, marketing strategy, development of marketing plans/calendar/budget, printing Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 115 of 125 expense, postage for marketing mailings, content development (e.g., writing for web pages (▇▇▇▇▇.▇▇▇ or related microsites), social media, talking points), external presentation/webinar content, premium orders, creation of training materials, signage, progress reports/analytics and marketing metrics, and any costs associated with ADA web compliance, general marketing primarily designed to increase other overall Program participation rather than claiming direct savings (e.g., an online audit tool or community challenge). c. Promotions & Events including marketing tactics and event support generally related to building awareness, educating customers, and/or assisting customers with participating in the Program e.g., planning and executing campaigns, webinars, conferences, trade shows, meetings, calls, etc. Marketing expenses include tradeshow or workshop materials, webinar support and content development, branded tablecloths, signage, premiums, brochures, and apparel, blitz materials (brochures, postcards, mailing costs), sponsorships, event registrations, fees for additional EE outreach attendees and table fees, and Energy Efficiency/Beneficial Electrification Service Provider support expenses (e.g., trainings, expo events, webinars, etc.). J. Reporting Unless otherwise directed by the ComEd Program Manager, Contractor shall supply the following information each month no later than the 4th working day of the following month: Number of Lost Workday Cases OSHA Recordables Manhours worked Contractor shall become a member of ISNetworld (▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇.▇▇▇/▇▇▇▇▇▇▇▇▇.▇▇▇▇) or such other similar third-party reporting service as may be directed by ComEd. Contractor will bear the full cost associated with the subscription of such service. Contractor will work with ComEd to identify which personnel will be included in the monthly man-hour reporting. Unless otherwise directed by the ComEd Program Manager, Contractor shall provide a detailed operation manual to ComEd within 30 days of renewed annual contract award or within 90 days of a new contract award. Significant program modifications must be incorporated into the operations manual within 30 days. At a minimum, the Contactor shall review the operations manual annually and incorporate any pertinent program changes. Unless otherwise directed by the ComEd Program Manager, during the term of the contract governing the work for ComEd, Contractor, or Contractor’s Guarantor, shall be required to provide on an annual basis written financial information. Financial information shall include an audited Annual Report or, if Contractor does not have audited Annual Report, company- prepared, officer-certified Annual Report. Annual Report must contain, including but not limited to, a balance sheet and statement of cash flow prepared in accordance with generally accepted accounting principles, a schedule of long- term debt including maturity dates, and all notes to the financial statement that apply to long term debt, short term borrowing, and liquidity and capital resources. K. Performance Data Tracking System Requirements If Contractor is required to submit performance tracking data (includes both data file uploads and tracking system direct data entry) to ComEd, Contractor shall comply with the following minimum Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 116 of 125 Contractor requirements related to the submission of that data: Data File Upload / Direct Entry During the time that the program is active, Contractor shall upload / enter program performance data on a weekly basis, unless otherwise approved by ComEd, to a file location designated by ComEd. Data reporting weeks shall be defined as midnight Saturday to 11:59 pm the next Saturday unless otherwise approved by ComEd. Weekly data file uploads (excludes direct data entry) shall be due by end-of-day each Tuesday and shall consist of an incremental file upload containing program data from midnight on the preceding Saturday. Weekly direct data entries (excludes data file uploads) shall be due by end-of-day each Tuesday and shall ensure that data is made complete for the current program year. Contractor shall work with ComEd to define the content and timing of all data delivery milestones for a given program year. Such milestones will include the finalized end-of-year data delivery as well other data deliveries necessary to support ComEd’s program performance, evaluation, regulatory, and financial reporting requirements. Contractor shall be responsible for the delivery of complete, error-free data sets which satisfy the content and timeline requirements established above. ComEd reserves the right to assign KPIs (Key Performance Indicators) to Contractor related to the timeliness, quality, and completeness of such data deliveries. If Contractor is required to submit performance tracking data to ComEd via file uploads (excludes direct data entry), Contractor shall comply with the following additional minimum requirements related to the submission of that data: Data Format and Upload All data upload files must utilize a pipe delimited text file format, unless otherwise approved by ComEd. The formatting, data fields, and structure of all data upload files shall be approved by ComEd prior to their initial submission. Any changes to this information must be pre-approved by the ComEd Program Manager. Contractor shall work with ComEd to define the process by which individual data records are identified for addition, update, or deletion. Once approved by ComEd, Contractor shall not modify the format of a data upload file without prior approval by ComEd. Revisions that require prior approval include, but are not limited to, adding or deleting data fields, renaming data fields, and the modification of a data field type or length. Data Quality and Error Resolution Contractor shall have in place prior to the submission of any data to ComEd, a validation process to monitor the quality and accuracy of the data. Where errors are identified in data submitted to ComEd, Contractor shall, where possible, correct such errors prior to the next weekly data submission to ComEd. In no case shall the time required to correct such data errors exceed two (2) weeks, unless approved by ComEd. Contractor shall notify ComEd via email upon the completion of any such data error correction. Where errors are identified in data submitted to ComEd, Contractor shall implement or enhance Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 117 of 125 existing data validation processes to mitigate reoccurrence of such errors. Implementation of such validation enhancements shall be completed within four (4) weeks of the identification of the data error, unless otherwise approved by ComEd. Contractor shall notify ComEd via email upon the completion of any such data validation enhancement. Contractor processes used to validate customer utility account numbers shall be reviewed with ComEd prior to implementation to ensure the appropriate customer/account reference data is being utilized. L. Electronic Data Security If Contractor has a work scope that requires the electronic hosting (collection, processing and/or storage) of ComEd confidential information, which includes confidential information provided by ComEd or collected by Contractor from external sources (such as directly from the customers), on the Contractor’s IT systems (i.e., servers, laptops, mobile device, etc.), Contractor shall demonstrate the ability to safeguard that information. Contractor’s ability to safeguard confidential information shall be verified by Exelon IT Cyber Security through the following process: Contractor shall be required to complete a Hosted Vendor Security Risk Assessment (SRA) and/or Cloud Security Requirements Matrix (CSRM) to be reviewed by Exelon IT Cyber Security. Exelon IT Cyber Security will perform a review of the Contractor’s data security controls and Contractor shall be required to remediate all vulnerabilities identified during this review before being allowed to collect or host any confidential or sensitive ComEd customer data unless otherwise approved by ComEd. Subsequent to the completion of the Exelon IT Cyber Security review and remediation of identified vulnerabilities, Contractor is required to make the ComEd Program Manager aware of any planned changes to the design or operation of its data security controls or data collection practices which would invalidate or cause to be incomplete any information previously provided by Contractor regarding such controls or practices during the initial Exelon IT Cyber Security review. Prior to implementing any such changes, Contractor may be required to undergo a review of those changes by Exelon IT Cyber Security and remediate identified vulnerabilities. Additional requirements related to data security may be placed if Contractor has a work scope that requires accessing or collecting Personally Identifiable Information (PII). These requirements will be provided to Contractor by ComEd where applicable. If Contractor has a work scope that requires the processing of customer credit card payments, Contractor shall be required to demonstrate that the credit card payment processors used by the Contractor are in compliance with Payment Card Industry (PCI) Data Security Standards. Where applicable, proof of PCI compliance shall be provided by Contractor to the ComEd Program Manager on an annual basis. Contractor shall verbally notify ComEd within 3 hours, and provide detailed written notification within 24 hours of the occurrence of either of the following: Loss or theft of a personal electronic device (i.e. laptop, smartphone, tablet, etc.) containing ComEd confidential information Breach of ComEd confidential information Contractor shall be required to report, investigate, and resolve all incidents that occur while performing work for ComEd. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 118 of 125 Contractor shall promptly provide resolution and corrective actions to address and mitigate any deficiencies in security, process, procedures, violation of laws and regulations created by its work, acts, or omissions. Contractor shall provide timely updates as requested by ComEd on the progress made towards the completion of the resolution and corrective actions related to such incidents. Should Contractor fail to ▇▇▇▇▇ any violation, ComEd can suspend all or any part of the Contractor’s work activity immediately. Contractor is not entitled to any extension of time or reimbursement of costs incurred because of any such suspension order. Upon request from ComEd, and in any event upon completion of contracted work or termination of contract, Contractor shall, and shall cause its subcontractors to, destroy any and all electronic copies of ComEd confidential information maintained by Contractor and its subcontractors using a media sanitization process approved by ComEd and provide written certification to ComEd attesting to the completion of the required data destruction. ComEd confidential information shall be that information as described in the ComEd Terms and Conditions governing the Contractor work scope. In the event of any conflict with the requirements in this section and the Contractor’s work scope, the Contractor’s work scope will govern. Contractor and any subcontractors shall not do any work on ComEd contracts or subcontracts outside of the US without a written request made at least 6 weeks in advance and written permission granted by the ComEd Program Manager. M. Incentives/Rebates If Contractor has a work scope that includes processing incentives and/or rebates, Contractor shall comply with the following: Contractor shall provide to the ComEd Program Manager and update as required, the process flow documents outlining the key steps in the rebate payment operation. Unless otherwise directed by ComEd, incentives/rebates shall be paid by check; Contractor may strategically explore other payment options and present options to ComEd. Checks will clearly illustrate to the participating customer that ComEd is providing the incentive/rebate amount. Checks sent to participating customers and contractors must be printed on colored, ComEd-branded checks and mailed in a ComEd-branded envelope. ComEd must review and approve all check and envelope branding prior to use. The incentive/rebate payment operation must include the following elements: Contractor shall mail incentive/rebate checks to 100% of eligible customers, Energy Efficiency/Beneficial Electrification service providers, and contractors within 30 calendar days of an approved incentive/rebate application. Contractor shall track returned checks resulting from returned product. Contractor shall submit a request for funding to ComEd. ComEd will remit the incentive payment to Contractor upon project completion (if applicable), and after rebate application approval and incentive check processing is complete. Contractor will submit weekly incentive invoices. Contractor will prefund incentives so customers, energy-efficiency services providers and other incentive recipients can be paid in a timely manner. Contractor will distribute payments to the payee within net 30 of project approval date. ComEd will reimburse Contractor’s weekly incentive invoices through a wire transfer or other payment mechanism with a net 10 payment term for approved invoices. Contractor shall update the payment procedures with ComEd approval prior to implementing required changes. Contractor shall utilize approved and industry-standard banking fraud protection systems to Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 119 of 125 ensure that only checks issued through the payment operation clear the program bank account. Contractor shall track uncashed rebate checks. Contractor shall track re-issuing of rebate checks for lost or expired checks. Contractor shall coordinate and perform the escheatment process as required by the State of Illinois and other states and/or federal escheatment laws and regulations, if applicable, at the close of the program. Contractor shall establish and perform required tasks, functions, monitoring and reporting necessary to ensure compliance with escheatment laws and regulations during Contractor's performance of the program’s SOW, including the period after the program termination where escheatment processes and activities must remain active and funded to maintain compliance as required by each applicable law and regulation. Contractor shall ensure the escheatment process and activities remain operational, effective, efficient, and funded in compliance with laws and regulations during the program’s SOW contract period, including the period where the Contractor transitions the program management to another contractor or to ComEd. If Contractor is not able to perform and comply with laws and regulations, ComEd, at its sole discretion, may require Contractor. at Contractor’s expense, to provide funding and obtain escheatment services from a third party approved by ComEd. The funding period is the duration of the required activities as required by escheatment laws and regulations. Contractor shall ensure payments are only made to eligible customers given the account holder information provided by ComEd, retailers/manufacturers, energy-efficiency service providers, and contractors, and shall reimburse ComEd for any payments made that are not substantiated by an eligible application. Contractor shall not withhold payments to any customer, energy-efficiency service provider, or contractor due to invoice or data file issues between Contractor and ComEd when the delay is caused by Contractor. Contractor shall track and report rebate payment timelines for each step in the processing procedure. Contractor and ComEd will review the payment process and make any mutually agreeable changes to enhance the process and to incorporate any rebate structure changes, if applicable. Contractor will be responsible for verifying that the installing contractor is certified by the Illinois Commerce Commission (ICC) pursuant to Section 16-128B of the Illinois Public Utilities Act (PUA) for the installation of applicable measures prior to any incentive or rebate payout; payment will be withheld if the installing contractor fails the certification or until certification is approved / verified. This is not applicable if the customer self-installs the applicable measure(s). If Contractor has a work scope that includes the payment of financial incentives to drive participation in ComEd’s energy-efficiency programs, Contractor may be responsible for issuing Form 1099 and collecting the information necessary to support such issuance. Contractor shall report the payments it makes under the program in accordance with federal tax laws. To minimize the risk associated with the collection of PII, unless otherwise directed by ComEd, Contractor shall not request nor accept social security numbers from other contractors, energy- efficiency service providers or technical service providers. Contractor shall establish program policy to only request and accept Federal Tax Identification numbers for the purpose of issuing Form 1099s. If Contractor has a work scope that includes the collection of incentive and/or rebate applications, which includes assisting the customer in filling out such applications, Contractor shall not alter or omit any parts of the application terms and conditions provided to the customer and saved for record-keeping purposes, without the prior written approval by ComEd. All copies of completed incentive applications (including pre- applications) stored by Contractor and/or uploaded to ComEd’s tracking system, shall be stored and/or Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 120 of 125 uploaded in their entirety, including pages that contain application terms and conditions. N. Attachments Contractor shall be knowledgeable of all applicable ComEd policies and procedures, including but not limited to the most current revision of: Corporate Procedure – Post Accident Testing Procedure – HR-AC- 301 Unless arranged otherwise, the Contractor shall be provided timely updates to applicable policies and procedures by the ComEd Program Manager. O. Microsites & Web Content ADA Compliance All web content and microsites shall be approved by the ComEd Program Manager. Contractor shall inform the ComEd Program Manager prior to initiating web content and microsite development. Contractor shall provide such support and information to the ComEd Program Manager to facilitate the appropriate ComEd and Exelon approvals, as required. All web and microsite content hosted, maintained, or developed, including but not limited to PDFs, videos and other files, by Contractor shall conform to the ADA and Web Content Accessibility Guidelines (WCAG) technical documents developed by the Accessibility Guidelines Working Group (AG WG) under the Web Accessibility Initiative (WAI). Upon request from ComEd, and in any event upon completion of contracted work or termination of contract, Contractor shall, and shall cause its subcontractors to, decommission all microsites hosted and maintained by Contractor and its subcontractors, and Contractor shall provide written certification to ComEd attesting to the completion of the required microsite decommissioning. ComEd reserves the right to audit Contractor’s web content and microsites for compliance. P. Telephone Consumer Protection Act (TCPA) Compliance If Contractor has a work scope that includes outgoing customer contact via automated phone calls (e.g., robocalls) or text messages, Contractor shall ensure that all aspects of such work, including at minimum the items listed below, are performed in a manner that is compliant with the TCPA, including but not limited to the following: Obtaining customer consent for the specific purpose of the contact Storage of the customer consent Call and/or text processing that includes additional checks and controls incorporating Agent 511, ComEd’s Preference Center, and any applicable call scripts and text messaging scripts as may be provided by ComEd Reporting and monitoring applicable processes and activities to ComEd At the time of contract execution between ComEd and Contractor, if the Contractor scope which includes the subcontractor scope, processes, procedures, and technical functions used in the performance of ComEd program tasks are: Not subject to TCPA, the execution of such contract and these ComEd Energy Efficiency/Beneficial Electrification General Requirements serves as evidence of TCPA compliance and attestation to the compliance. If during the contractual period the Contractor scope, which includes the subcontractor scope, processes, procedures, and technical Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 121 of 125 functions, become subject to TCPA the Contractor shall comply with TCPA and provide attestation. Subject to TCPA, the execution of such contract and these ComEd Energy Efficiency/Beneficial Electrification General Requirements serves as evidence of TCPA compliance and attestation to the compliance. o In addition, Contractor shall perform an annual review of the Contractor scope, which includes the subcontractor scope, processes, procedures, and technical functions used in the performance of ComEd program tasks subject to TCPA. o When scope, processes, procedures, and technical functions used in the performance of ComEd programs tasks subject to TCPA are added, modified, or deleted, Contractor shall review and attest these changes and effects of these changes on other processes, procedures and technical functions comply with TCPA. Q. Separation of Functions and Conflicts of Interest If Contractor has multiple types of work engagement (current and future scopes of work) with ComEd Energy Efficiency/Beneficial Electrification, where types of work are listed below, Contractor shall implement and maintain effective processes, procedures, and systems to ensure separation of personnel and confidential information sharing between the different types of work engagements. The effective physical and electronic separation of information sharing must include separation of servers, equipment, systems, and access to confidential, restricted, and proprietary information specific to each work engagement. Separation of personnel supporting the different types of functions and work engagement shall be done in a way that prevents transfer of confidential information, including but not limited to, knowledge of and familiarity with physical and intellectual assets, equipment, business leads, business plans, information considered by ComEd, clients, customers, suppliers, or contractors to be of operational and strategic importance and other general information. ComEd confidential information shall be that information as described in the ComEd Terms and Conditions governing the Contractor work scope. Contractor shall manage, control, and regulate the access to information by employees, contractors, and any level of subcontractors in their roles and function. The different types of work within ComEd Energy Efficiency/Beneficial Electrification requiring separation of duties, functions, and information sharing are listed below. Separation is required when Contractor engages in any two or more types of work. Program Design and Implementation Portfolio Administration Service Provider work Planning and/or Evaluation Measurement & Verification Research & Development QA/QC Consulting R. Diversity Spend Commitment As an addendum to the annual Scope of Work, Contractor shall provide a Diverse Vendor Procurement Plan, including a contingency plan for Energy Efficiency/Beneficial Electrification programs. The Diverse Vendor Procurement Plan outlines in detail how Contractor will grow the participation of Minority and Women-owned Business Enterprises (MWBE) that are underrepresented in their supply base. Contractor shall provide a plan outlining the strategy, approach, execution, and the expected results of the Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 122 of 125 plan over the annual program contract period, and where the contract spans multiple years, shall provide annual updates, over that time horizon. The plan shall include Contractor’s program work and where the contract has multiple programs, the plan shall include a portfolio level view. The contingency plan shall include the strategy, activation threshold, approach and tactics including the expected implementation time and duration to recover from the underperformance in the diversity spend commitment. On a monthly basis, Contractor shall report diversity spend forecast to ComEd coinciding with the due date of the monthly Latest Estimate. Report is to include, monthly actuals, YTD, forecasted months, year- end, and any variance explanations to the diverse spend commitment; provide actions address variances as required. Should the diversity spend forecast differ from the diversity commitment on the contract or contract release, as applicable, Contractor will provide actions that will be taken to ensure diversity commitment is ultimately achieved. The terms of this Section R may be amended or changed at any time as ComEd updates its requirements to meet regulations or company goals. Unless otherwise directed by ComEd Program Manager, Contractor will be required to commit to diversity- certified supplier spend goals and support ComEd’s monthly tracking and reporting requirements, which could include: Tracking and reporting diversity-certified supplier spend (Tier 2 diverse subcontractors by Tier 0 suppliers) by no later than the 14th day of the following month) in Smart GEP. Submitting monthly forecasting for future monthly diversity-certified supplier spend of Tier 2 spend as directed by ▇▇▇▇▇. Engaging with ComEd in ongoing planning and strategy discussions about diversity-certified supplier spend, including opportunities for growing supplier diversity within their scope of work. Unless otherwise directed by the ComEd Program Manager, Contractor shall also commit to local workforce development and equity hiring goals, and shall track and support ComEd tracking and reporting on a quarterly basis, which include: Diversity makeup of their company. Participation in local and equity hiring initiatives and results. Engaging with ComEd in ongoing planning and strategy discussions about local and equity hiring, including opportunities for encouraging and growing local and equity hiring practices within their scope of work, which may include community specific targets. S. Workforce Commitment ComEd values and supports a diverse and equitable workplace that is inclusive for all. ComEd requires contractors to highlight actions that are being taken to promote Diversity, Equity, and Inclusion, (DE&I) in their organization. Contractor shall provide a plan to promote internal workforce DE&I and if applicable the Contractor’s subcontractor workforce DE&I. The plan shall include strategy, approach, personnel engagement, recruiting and tactics including the expected benefits. The plan shall be provided to ComEd and updated annually. In addition to the annual plan, Contractor shall provide quarterly updates of workforce diversity/ethnicity of the staff supporting ComEd programs to the ComEd Business Operations team. Workforce composition is to include employees (not subcontractors) that are both fully and partially dedicated to support the delivery of the ComEd Energy Efficiency/Beneficial Electrification portfolio. The cadence of such required reporting is quarterly by first week of each quarter (January for Q1, April for Q2, July for Q3, and October for Q4). Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 123 of 125 The ComEd Program Manager will provide the point of contact within the Business Operations team. The terms of this Section S may be amended or changed at any time as ComEd updates its requirements to meet regulations or company goals. T. Integrated Distribution Company (IDC) Rules and Requirements Definition: ComEd is an electric utility that operates its business essentially as a transmission and distribution company. As an electric utility whose primary purpose is the delivery of electricity, ComEd is known as an IDC, or Integrated Distribution Company. The Illinois Commerce Commission has put in place code of conduct rules that regulate how an IDC must operate. As an IDC, ComEd must not and cannot operate as an active marketer of retail electric supply services. The IDC rules have their greatest impact on any ComEd department or outside contractor that has direct customer contact. IDC rules are governed under Title 83 IL Administrative Code – Part 452 and includes the following: No IDC employee or agent shall state or imply that access to or quality of service for delivery of electricity is, or will be, better if the customer retains, switches to, or otherwise obtains any retail electric supply service from the IDC. No IDC employee or agent shall affirmatively prompt customer inquiries about the quality of the IDC's retail electric supply services. No IDC shall disparage the quality of an alternative retail electric supplier's services. No IDC employee or agent shall affirmatively act to retain or obtain a customer for any retail electric supply service offered or provided by the IDC. To follow the IDC rules, a good guideline that is easy to remember is this: ComEd employees and contractors (and subcontractors) must not attempt to obtain or retain customers for any ComEd retail electric supply service and should remain neutral on supply service. Requirement: To validate compliance with IDC rules, all personnel hired by contractors or subcontractors who currently have, or plan on having, customer contact (via phone or in-person) for ComEd must complete and sign a form indicating they are aware and will comply with the rules. Implementation contractors are required provide ComEd with all signed IDC forms and report status of IDC forms quarterly. U. Contractor Transition If a program continues beyond the program year end, but program implementation will no longer reside with Contractor, Contractor shall support efforts related to the transition of the program to the new implementer in a manner that minimizes any impact to the program, ComEd, and ComEd’s customers. For contracts utilizing a fixed-fee cost structure for administrative services, such transition support provided prior to the close of the program year shall be covered by the fixed administrative fee. Should Contractor support for any such transition be required beyond the close of the Program year, Contractor agrees to negotiate in good faith with ComEd regarding the terms of such support. All work/tasks that is/are in the program scope of work, shall continue to be part of the program scope and will not be considered transition work. If any program work scope does not get executed or completed prior to the transition period but is executed and completed in the transition period, Contractor must complete the work and is not entitled to additional compensation for the work done in the transition period. Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 124 of 125 V. Conflicts Should conflicts exist between this document and the ComEd terms and conditions (including the contract or contract release, as applicable) governing work performed for ComEd, this document shall govern. Should conflicts exist between this document and the contract statement of work (SOW), the statement of work (SOW) shall govern unless otherwise approved by ComEd. Revision Log Rev Date Author Reason 20 10/5/18 ▇▇▇▇▇▇▇ ▇▇▇▇▇ N/A, Rev Log baseline 21 3/21/19 ▇▇▇▇▇▇▇ ▇▇▇▇▇ Added Revision Log Updated Section F to reflect reporting requirement for removing contractor access to ComEd systems. Updated Section H to indicate invoice submission blackout period. 22 7/19/19 ▇▇▇▇▇▇▇ ▇▇▇▇▇ Rename Rev 21 Section Q “Conflicts” to Section R “Conflicts” Rewrite Rev 21 Section Q to reflect the additional EE General Requirement pertaining to new language addressing “Separation of Functions and Conflicts of Interest”. 23 8/22/19 ▇▇▇▇▇▇▇ ▇▇▇▇▇ Added utility-branded clothing language to Section F “Contractor Personnel” Updated Section M “Incentives/Rebates” to reflect updated guidance on reporting incentives. 24 10/22/19 ▇▇▇▇▇▇▇ ▇▇▇▇▇ Rewrite Section I “Marketing” deleted previous language and added new language to reflect additional requirements. Updated Section P “Telephone Consumer Protection Act (TCPA) Compliance” to reflect additional TCPA language related to annual requirements. 25 10/23/20 ▇▇▇▇▇▇▇ ▇▇▇▇▇ & ▇▇▇▇▇ ▇▇▇▇▇▇▇ Revise section “A. Safety & Human Performance” to reflect COVID- 19. Revise section “H. Invoicing, Accruals, & Forecasting” to reflect updated blackout period for submitting invoices. Revise section “M. Incentives/Rebates” to reflect updated escheatment requirements. Rename Section R “Conflicts” to Section S “Conflicts” Rewrite and rename previous Section R to “Contractor Transition” added new language addressing Contractor transitions. Revise section “S. Conflicts” to reflect updated conflict guidance language for conflicts between General Requirements document and the contract statement of work (SOW). 26 3/18/21 ▇▇▇▇▇ ▇▇▇▇▇▇▇ Revised for Plan 6 RFP Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537
Task Order No. AV90851001 Page 125 of 125 Rev Date Author Reason 27 10/12/22 ▇▇▇▇▇▇▇ ▇▇▇▇▇ Revised for program year 2023 Rewrite Section “I Marketing” to reflect updated Marketing Department language and guidance. Updated Section “O Microsites & Web Content ADA Compliance” to reflect approval of microsites and content. Rename Section R “Contractor Transition” to Section T “Contractor Transition”. Rename Section S “Conflicts” to Section U “Conflicts”. Added Section “R Diversity Spend Commitment” to reflect requirements for diverse spend commitment. Added Section “S Workforce Commitment” to reflect requirements for workforce development and commitment. Updated Section “R Contractor Transition” to include language to specify what scope is not considered transition scope. 28 10/13/23 ▇▇▇ ▇▇▇▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇ Section A • Removed Covid references Section H • Added Final Invoice direction Section J • Changed Ops Manual deadline • Moved diversity reporting to Section R Section K • Changed weekly data file/format upload directive Section L • Minor verbiage changes • Added direction for out-of-country vendor work Section R • Incorporated diversity reporting moved over from Section J Section S • Directives added 29 10/28/24 ▇▇▇▇▇ ▇▇▇▇ Section T • Added Integrated Distribution Company (IDC) Rules and Requirements Added new Table of Contents that includes page numbers. 30 10/28/24 10/30/24 ▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ Legal review and edits Docusign Envelope ID: 7B355589-6B7E-4A6B-8E51-237BCFE8E537