REVIEW OF CONTRACTS
Awarding Agency: Village of Oak Brook
Type of Contract: Computer Network Security Assessment
Department: Information Technology
Program/Account Number: 151-76950
Awarded Contract Price: $25,000
Budgeted Amount: $25,000
CONTRACT AMOUNT: $20,000 - $500,000

NOTES
This proposed agenda item is to request authorization from the Village Board to authorize an agreement Between the Village and Halock Security Labs to complete a comprehensive computer network security assessment of the Village's computer network infrastructure and security software systems. T.oz2 Name: Date: c), 1?, Z2 Name: ` Date: NALRi Y Name: Date: ZZ Three (3) Originals signed by other party Date/Initials 0�5 Original provided to staff member for other party Date/Initials p� Original provided to Official Files Date/Initials 011,1Z Village of Oak Brook I Approved by Board of Trustees- Date/Initials: VILLAGE OF OAK BROOK PROFESSIONAL SERVICES AGREEMENT This AGREEMENT is dated as of theoday of , 2022 ("Agreement'), and is by and between the VILLAGE OF OAK BROOK, 1200 Oak Brook Road, Oak Brook, Illin 's 60523 an Illinois municipal corporation ("Village'), and HALOCK SECURITY LABS,1834 Walden Office Square,Suite 200,Schaumburg,Illinois 60173("Consultant"). IN CONSIDERATION OF the recitals and the mutual covenants and agreements set forth in the Agreement, and pursuant to the Village's statutory powers,the parties agree as follows: SECTION 1. SCOPE OF SERVICES. The Village SECTION 3. REPRESENTATIONS OF retains the Consultant to perform,and the Consultant agrees to CONSULTANT. The Consultant represents and certifies that perform, all necessary services to perform the work in the Services shall be performed in accordance with the connection with the project identified below ("Services"), standards of professional practice, care, and diligence which Services the Consultant shall provide pursuant to the practiced by recognized consultants in performing services of terms and conditions of this Agreement: a similar nature in existence at the Time of Performance. The representations and certifications expressed shall be in Professional Services Agreement to Complete a addition to any other representations and certifications Comprehensive Computer Network Security Assessment of expressed in this Agreement, or expressed or implied by law, the Village's Computer Network Infrastructure and Security which are hereby reserved unto the Village. Software Systems,as more fully described in Exhibit A. The Consultant further represents that it is financially solvent, TIME OF PERFORMANCE. The Consultant shall perform has the necessary financial resources, and is sufficiently and complete the Services as mutually agreed upon between experienced and competent to perform and complete the Village and Consultant("Time of Performance'). Services in a manner consistent with the standards of professional practice by recognized consultants providing SECTION 2. COMPENSATION. services of a similar nature. The Consultant shall provide all personnel necessary to complete the Services. A. Agreement Amount. The total amount billed by the Consultant for the Services under this Agreement SECTION 4. INDEMNIFICATION; INSURANCE; shall be in the not-to-exceed amount of$25,000.00, including LIABILITY. reimbursable expenses, without the prior express written authorization of the Village Manager. A. Indemnification. The Consultant proposes and agrees that the Consultant shall indemnify and save B. Agreement Term. The term of this harmless the Village against all damages, liability, claims, agreement will commence on the Effective Date and will losses, and expenses (including attorneys' fee) that may arise, continue for a period of twelve (12) months. The Village or be alleged to have arisen, out of or in connection with the reserves the right to award additional one (1) year extension Consultant's performance of, or failure to perform, the terms,with the concurrence of the Consultant. Services or any part thereof, or any failure to meet the representations and certifications set forth in Section 4 of this C. Taxes, Benefits, and Royalties. Each Agreement. payment by the Village to the Consultant includes all applicable federal, state, and Village taxes of every kind and B. Insurance. The Consultant acknowledges nature applicable to the Services as well as all taxes, and agrees that the Consultant shall, and has a duty to contributions, and premiums for unemployment insurance,old maintain adequate insurance, in an amount, and in a form and age or retirement benefits, pensions, annuities, or similar from companies, acceptable to the Village. The Consultant's benefits and all costs, royalties, and fees arising from the use maintenance of adequate insurance shall not be construed in of, or the incorporation into, the Services, of patented or any way as a limitation on the Consultant's liability for losses copyrighted equipment, materials, supplies, tools, appliances, or damages under this Agreement. devices, processes, or inventions. All claim or right to claim additional compensation because of the payment of any such C. No Personal Liability. No elected or tax, contribution, premium, costs, royalties, or fees is hereby appointed official or employee of the Village shall be waived and released by Consultant. personally liable,in law or in contract,to the Consultant as the result of the execution of this Agreement. D. Payment of Agreement Amount. Payments shall be made pursuant to the terms of the Local Government Prompt Payment At,50 ILCS 505/3 et.seq. 1 providing, performing, and completing the Services, and with all applicable statutes, ordinances, rules, and regulations, SECTION 5. GENERAL PROVISIONS. including without limitation the Fair Labor Standards Act; any statutes regarding qualification to do business; any statutes A. Relationship of the Parties. The prohibiting discrimination because of, or requiring affirmative Consultant shall act as an independent contractor in providing action based on,race,creed,color,national origin,age,sex,or and performing the Services. Nothing in, nor done pursuant other prohibited classification, including, without limitation, to, this Agreement shall be construed to: (1) create the the Americans with Disabilities Act of 1990, 42 U.S.C. §§ relationship of principal and agent, employer and employee, 12101 et seq., and the Illinois Human Rights Act, 775 ILCS partners, or joint venturers between the Village and 5/1-101 et seq. Consultant shall also comply with all Consultant; or (2) to create any relationship between the conditions of any federal, state, or local grant received by the Village and any subcontractor of the Contractor. Village or Consultant with respect to this Contract or the Services. Consultant shall be solely liable for any fines or B. Conflicts of Interest. The Consultant civil penalties that are imposed by any governmental or quasi- represents and certifies that, to the best of its knowledge: (1) governmental agency or body that may arise, or be alleged to no Village employee or agent is interested in the business of have arisen, out of or in connection with Consultant's, or its the Consultant or this Agreement; (2) as of the date of this subcontractors, performance of, or failure to perform, the Agreement, neither the Consultant nor any person employed Services or any part thereof. Every provision of law required or associated with the Consultant has any interest that would by law to be inserted into this Contract shall be deemed to be conflict in any manner or degree with the performance of the inserted herein. obligations under this Agreement; and (3) neither the Consultant nor any person employed by or associated with the F. Prevailing Wage. If applicable, Pursuant to Consultant shall at any time during the term of this Agreement Section 4 of the Illinois Prevailing Wage Act, 820 ILCS obtain or acquire any interest that would conflict in any 130/4, Contractor agrees and acknowledges that not less than manner or degree with the performance of the obligations the applicable rate of prevailing of wages, as found or under this Agreement. ascertained by the Department of Labor and made available on the Department's Official website, or determined by the court C. No Collusion. The Consultant represents on review, shall be paid for each craft or type of worker and certifies that the Consultant is not barred from contracting needed to execute this contract or to perform such work,and it with a unit of state or local government as a result of(1) a shall be mandatory upon the contractor to whom the contract delinquency in the payment of any tax administered by the is awarded and upon any subcontractor under him, to pay not Illinois Department of Revenue unless the Consultant is less than the specified rates to all laborers, workers and contesting, in accordance with the procedures established by mechanics employed by them in the execution of this contract. the appropriate revenue act, its liability for the tax or the amount of the tax, as set forth in Section 1142.1-1 et seq. of G. Certified Payroll. If applicable, Contractor the Illinois Municipal Code, 65 ILCS 5/11-42.1-1 et seq.; or shall, in accordance with Section 5 of the Illinois Prevailing (2) a violation of either Section 33E-3 or Section 33E-4 of Wage Act, 820 ILCS 130/5, submit to the Village, and upon Article 33E of the Criminal Code of 1961, 720 ILCS 5/33E-1 activation of the database provided by 820 ILCS 130/5.1 to the et seq. If at any time it shall be found that the Consultant Department of Labor, on a monthly basis, a certified payroll. has, in procuring this Agreement, colluded with any other The certified payroll shall consist of a complete copy of those person,firm,or corporation,then the Consultant shall be liable records required to be made and kept by the Prevailing Wage to the Village for all loss or damage that the Village may Act. The certified payroll shall be accompanied by a suffer, and this Agreement shall, at the Village's option, be statement signed by the Contractor or subcontractor which null and void. certifies that: (1) such records are true and accurate; (2) the hourly rate paid is not less than the general prevailing rate of D. Termination. Notwithstanding any other hourly wages required by the Prevailing Wage Act; and (3) provision hereof, the Village may terminate this Agreement at Contractor or subcontractor is aware that filing a certified any time upon 15 days prior written notice to the Consultant. payroll that he or she knows to be false is a Class A In the event that this Agreement is so terminated, the misdemeanor. A general contractor may rely upon the Consultant shall be paid for Services actually performed and certification of a lower tier subcontractor, provided that the reimbursable expenses actually incurred, if any, prior to general contractor does not knowingly rely upon a termination, not exceeding the value of the Services subcontractor's false certification. Upon seven business days' completed. notice,Contractor and each subcontractor shall make available for inspection and copying at a location within this State E. _Compliance with Laws and Grants. during reasonable hours, the records required to be made and Consultant shall give all notices, pay all fees, and take all kept by the Act to: (i) the Village, its officers and agents; (ii) other action that may be necessary to ensure that the Services the Director of Labor and his deputies and agents; and (iii) to are provided,performed,and completed in accordance with all federal, State, or local law enforcement agencies and required governmental permits, licenses, or other approvals prosecutors. and authorizations that may be required in connection with 2 H. Default. If it should appear at any time that the Consultant has failed or refused to prosecute, or has delayed in the prosecution of, the Services with diligence at a K. Waiver. Neither the Village nor the rate that assures completion of the Services in full compliance Consultant shall be under any obligation to exercise any of the with the requirements of this Agreement, or has otherwise rights granted to them in this Agreement except as it shall failed,refused,or delayed to perform or satisfy the Services or determine to be in its best interest from time to time. The any other requirement of this Agreement ("Event of failure of the Village or the Consultant to exercise at any time Default"), and fails to cure any such Event of Default within any such rights shall not be deemed or construed as a waiver ten business days after the Consultant's receipt of written of that right,nor shall the failure void or affect the Village's or notice of such Event of Default from the Village, then the the Consultant's right to enforce such rights or any other Village shall have the right, without prejudice to any other rights. remedies provided by law or equity, to (1) terminate this Agreement without liability for further payment; or (2) L. Third Party Beneficiary. No claim as a withhold from any payment or recover from the Consultant, third party beneficiary under this Agreement by any person, any and all costs, including attorneys' fees and administrative firm, or corporation shall be made or be valid against the expenses, incurred by the Village as the result of any Event of Village. Default by the Consultant or as a result of actions taken by the Village in response to any Event of Default by the Consultant. M. Governing Laws. This Agreement and the rights of Owner and Consultant under this Agreement shall be I Assignment. This Agreement may not be interpreted according to the internal laws, but not the conflict assigned by the Village or by the Consultant without the prior of laws rules, of the State of Illinois; the venue for any legal written consent of the other party. action arising in connection with this Agreement shall be in the Circuit Court of DuPage County,Illinois. J. Notice. All notices required or permitted to be given under this Agreement shall be in writing and shall be N. Conflicts; Exhibits. If any term or provision delivered: (1)personally; (2)by a reputable overnight courier; in this Agreement conflicts with any term or provision of an or by (3) by certified mail, return receipt requested, and attachment or exhibit to this Agreement, the terms and deposited in the U.S.Mail,postage prepaid. Unless otherwise provisions of this Agreement shall control. expressly provided in this Agreement,notices shall be deemed received upon the earlier of. (a) actual receipt; (b) one business day after deposit with an overnight courier as O. No Disclosure of Confidential evidenced by a receipt of deposit; or (c) three business days Information by the Consultant. Confidential information following deposit in the U.S. mail, as evidenced by a return means all material, non-public, business-related information, receipt. Notices and communications to the Village shall be written or oral, whether or not it is marked that is disclosed or addressed to,and delivered at,the following address: made available to the Consultant, directly or indirectly, through any means of communication or observation. The Village of Oak Brook Consultant acknowledges that it shall, in performing the 1200 Oak Brook Road Services for the Village under this Agreement,have access,or Oak Brook,Illinois 60523 be directly or indirectly exposed,to Confidential Information. Attention:Jim Fox,Information Technology The Consultant shall hold confidential all Confidential Director Information and shall not disclose or use such Confidential Information without the express prior written consent of the Notices and communications to the Consultant shall be Village. The Consultant shall use reasonable measures at least addressed to,and delivered at,the following address: as strict as those the Consultant uses to protect its own confidential information. Such measures shall include, Halock Security Labs without limitation, requiring employees and subcontractors of 1834 Walden Office Square the Consultant to execute a non-disclosure agreement before Suite 200 obtaining access to Confidential Information. Schaumburg,Illinois 60173 Attention:Terry Kurzynski, Senior Partner 3 DocuSign Envelope ID:9633228D-E385-4D39-8497-E9DC208E76BC ATTEST: VILLAGE OF OAK BROOK By: By: Charlotte Pruss,Village Clerk Greg miners,Village Manager ATTEST: IIALOCK SECURITY LABS DocuSigned by: DocuSigned by: ���f��,�,,, S (Cbf^a By: _ 75D220eae _ By: _—-- Account Executive Senior Partner Title: __.._.___ - _ Its: 4 EXHIBIT A (MASTER SERVICE AGREEMENT DATED MAY 13,2022) 5 HALOCKSecurityLabs Purpose Driven Security MASTER SERVICES AGREEMENT INTRODUCTION Effective Date: May 13, 2022 Between: Village of Oak Brook (hereinafter referred to as "Client") located at 1200 Oak Brook Road, Oak Brook, IL 60523, 630.368.5000; and HALOCK Security Labs, an Illinois corporation (hereinafter referred to as "HALOCK"), located at 1834 Walden Office Square, Suite 200, Schaumburg, IL 60173, 847.221.0200. DEFINITIONS Client and HALOCK are individually referred to herein as "Party", and collectively referred to herein as "the Parties." TERMS AND CONDITIONS 1.0 Document Description. This Master Services Agreement (hereinafter referred to as "Agreement") is for the benefit of Client and HAI.00K as described above. It shall be binding upon Client and HALOCK's written approval and acknowledgment. HALOCK supplies technical consulting services ("Services") only in accordance with the complete terms and conditions contained in this Agreement or any schedule attached hereto, incorporated herein by reference and made a part hereof. HALOCK makes no other claims or representations regarding its Services other than those expressly stated in this Agreement or other written proposals or agreements by HALOCK. 2.0 Project Description. HALOCK shall provide Client with Services to be agreed upon in writing by the Parties, and Client will be billed on a time and materials basis unless a specific proposal, schedule or statement of work (hereafter collectively referred to as "SOW") specifies a fixed fee or other billing arrangement. 3.0 Invoicing and Compensation. Unless otherwise specified in a SOW, invoicing and compensation shall be as follows: HALOCK shall invoice Client on a weekly basis for time and materials work. HALOCK shall invoice Client upon achieving project milestones, or scheduled dates, for fixed fee engagements. Time and materials rates are provided in a separate rate sheet that is updated and published on an annual basis or may be provided in a specific SOW with rates that apply only to that engagement. A service charge of 1.5% per month will be charged for all delinquent invoices that are not paid within thirty (30) days. In addition, Client shall reimburse HALOCK for any additional reasonable expenses not herein authorized but subsequently incurred at Client's request with prior approval, provided, however, that such expenses are incurred in the proper performance by any employee and/or independent HALOCK Security Labs I Master Services Agreement Page 1 of 18 HALOCKSecurityLabs Purpose Driven Security subcontractor who performs Services under this Agreement. Payment terms are Net-30. HALOCK may, at its sole discretion, remove its employees from Client's premises if HALOCK's invoices are not paid in accordance with the terms of this Agreement or other applicable agreements. 4.0 Fees. A separate SOW, quotation or written proposal may be supplied for details of fees and payment terms. For projects in the absence of any other mutually agreed upon fee structure, HALOCK's Rate Sheet shall contain a list of applicable rates. HALOCK reserves the right to adjust fees at its sole discretion and publish on an annual basis. 5.0 Pricing Adjustments and Limits. The Client understands that scope increases and/or changes to any work to be performed by HALOCK under this Agreement, any SOW, and/or any other agreement between the Parties will require a written "Change Order." HALOCK will author any Change Orders, and a Change Order shall not take effect or become legally binding until it is mutually agreed to and signed by both Client and HALOCK. The Parties will document, in the Change Order, any adjustment to fees and/or the payment schedule that may apply. 6.0 Normal Business Hours. "Normal Business Hours" are defined as 7:00 AM to 7:00 PM, Monday through Friday, CST, except for U.S. Federal Holidays. Unless otherwise specified in a SOW, fees and/or billing rates for work performed within Normal Business Hours will be billed at the standard hourly rate (see rate chart below). Hours worked outside of Normal Business Hours may be billed at HALOCK's Incident Response Rate at the reasonable discretion of HALOCK's Account Manager. HALOCK will obtain authorization from Client before engaging in work efforts outside of Normal Business Hours. 7.0 Billable Time. Unless otherwise stated in an SOW, billable time for all onsite work is billed in 15-minute increments with a two-hour minimum. Any work requested outside of Normal Business Hours will be billed at Incident Response Rate at the reasonable discretion of HALOCK's Account Manager. Work performed at HALOCK's office will be billed according to actual time in 15-minute increments. Phone support will be billed according to actual time in 15-minute increments. Emergency response requests (less than 48 hours advanced notice) may be billed at the Incident Response Rate at the reasonable discretion of HALOCK's Account Manager. 8.0 Travel Time. Unless otherwise stated in a SOW, the following will specify HALOCK's travel rate policy. Travel time is defined as the time to travel (ground and/or air) from HALOCK's Schaumburg office to the Client site when on-site work is required. 8.1 Inside Chicagoland. For Clients who are located within 60 miles of HALOCK's Schaumburg Office and the billable time for the day is less than 7 hours, one-way travel charges will apply. When billable time for the day is 7 hours or more, no travel time will apply. HALOCK Security Labs I Master Services Agreement Page 2 of 18 HALOCKSecurityLabs Purpose Driven Security 8.2 Outside Chicagoland. For Clients located more than 60 miles from HALOCK's Schaumburg Office, travel time will be defined as the time required to perform round trip travel and be billed at 50% of the consultant's bill rate, plus actual travel expenses (mileage, airfare, hotel and food) round trip to and from the engagement. Copies of receipts will be submitted with expenses. 9.0 Business Relationship and Employment. 9.1 Relationship. It is expressly understood and fully agreed that any HALOCK independent subcontractor or HALOCK employee who performs any Services under this Agreement shall be and will always remain, respectively, an independent subcontractor or employee of HALOCK. Any independent subcontractor or HALOCK employee who provides Services to Client under this Agreement shall be considered an independent contractor vis-a-vis the Client. The Parties to this Agreement do not intend to create a partnership, joint venture, and/or agency relationship with one another, and neither Party shall be liable for any obligations incurred by the other Party unless specifically authorized in writing, as required by law, or as otherwise described in this Agreement. Neither Party shall act as an agent of the other Party, and shall not, ostensibly or otherwise, bind or act on behalf of the other Party in any manner, unless specifically authorized to do so in writing. Client shall not engage directly with a HALOCK independent subcontractor for billing purposes. This Agreement does not create an exclusive relationship between HALOCK and Client, and the Parties are not prevented from entering into similar agreements with other companies or entities. 9.2 HALOCK and Reasonable Risk, LLC. Client expressly acknowledges, understands and agrees (i) that HALOCK and Reasonable Risk, LLC are separate and distinct corporate entities; (ii) that HALOCK is not an employer or employee of Reasonable Risk, LLC; (iii) that Reasonable Risk, LLC is not an employer or employee of HALOCK; and/or (iv) that neither HALOCK nor Reasonable Risk, LLC have the ability or legal authority to bind and/or control the other. 9.3 Assignment of Additional Independent Subcontractors or Employees. The assignment of additional independent subcontractors or HALOCK employees to work under the Agreement may be made at HALOCK's reasonable discretion, and shall not operate to alter or cancel any of the applicable terms and conditions of this Agreement. All HALOCK employees and HALOCK independent subcontractors are subjected to HALOCK's background check, confidentiality agreements, and screening process. 9.4 Non-Solicitation. Except for any individual who is expressly identified on Schedule A (Conversion of HALOCK Employee or Independent Subcontractor to Client Employee), each Party agrees that, for the duration of this Agreement and for a period of one (1) year following the termination of this Agreement, neither Party will directly or indirectly solicit, hire or otherwise retain as an employee or independent contractor HALOCK Security Labs I Master Services Agreement Page 3 of 18 HALQC 'Secu rityLa bs Purpose Driven Security any employee of the other Party and/or any independent subcontractor who performs work under the Agreement. Except for a HALOCK employee who, with Client's actual knowledge, performed Services for Client under this Agreement, the prohibitions set forth in this Section 9.4 shall not apply to the hiring of any such person who responds to a general solicitation or public advertising for employment with Client. Any Party that breaches this non-solicitation provision shall be subject to liability for liquidated damages in an amount equivalent to six (6) month's salary for the employee and/or independent subcontractor at issue. 9.5 Facilities and Services to be provided by Client. Unless otherwise stated in this Agreement, Client shall provide any independent subcontractor and/or HALOCK employee who performs Services under this Agreement with work space, desks, terminals, and incidental supplies at Client's facilities as required by the specific project or as defined within a SOW. 9.6 Out of Pocket Costs Reimbursements. If any HALOCK employee or HALOCK independent subcontractor is required by Client to incur "out of pocket" costs (such as travel and meals) as an incidental requirement under this Agreement, such costs as shall be reimbursed to HALOCK as authorized by Client. 9.7 Replacements. In the event that any HALOCK employee withdraws from work without Client's approval before conclusion of the work specified in this Agreement, then HALOCK shall supply an acceptable replacement to Client as soon as possible. Except as otherwise provided herein, HALOCK shall have no liability to Client, other than to supply an appropriately skilled replacement. 9.8 Relationship of Subcontractors. Client expressly acknowledges that HALOCK may, in its sole discretion, elect to supply the Client with an individual who is designated as a "Subcontractor" or "Independent Subcontractor" to perform services under a separate SOW. Client expressly acknowledges and understands that any such "Subcontractor" or "Independent Subcontractor" is not an agent or employee of HALOCK. 10.0 Delays. HALOCK and Client will mutually agree to dates for Services to be performed and will make reasonable efforts to schedule and coordinate all project activities. In the event that either Party needs to reschedule a work activity for any reason, the notifying Party may do so without penalty so long as the notified Party is provided notice at least ten (10) business days prior to the scheduled work activity. HALOCK has the sole discretion to accept or deny a request, from Client, to reschedule for a specific alternate date although HALOCK will not unreasonably refuse such a request. The Client's failure to provide HALOCK with 10 business day notice, under this paragraph 10.0, may result in changes to the scope, schedule and/or an increase in fees unless alternate arrangements are agreed to by and between HALOCK and Client. HALOCK Security Labs I Master Services Agreement Page 4 of 18 HALOCKSecurityLabs Purpose Driven Security In the event delays are defined in a SOW, the terms of the SOW shall take precedence over this paragraph 10.0, and shall only apply to the Services under that SOW. In the event that the Client requests or requires a delay beyond one year from date on executed SOW, the Agreement will be terminated without any refund to Client, unless otherwise agreed by the Parties. 11.0 Confidential Information, Nondisclosure and Data Security. 11.1 General Provisions. In order for HALOCK to effectively perform its obligations under this Agreement, it may be necessary or desirable for Client to disclose confidential and proprietary information pertaining to Client's past, present and future activities. Since it is difficult to separate confidential and proprietary information from that which is not, HALOCK will instruct its employees to regard all information gained by each such person, as a result of the Services to be performed, as information that is proprietary to Client, and to keep such information strictly confidential. All records, files specifications, and technical data and the like relating to Client's business, which HALOCK shall receive, use, or come into contact with, shall be and remain Client's sole property and cannot be copied, or disseminated without Client's written permission. It is anticipated that Client may, from time to time, be provided with information that is confidential or proprietary to HALOCK. Neither Party will directly or indirectly disclose any confidential information except as required in the course of discharging its obligations under this Agreement. Furthermore, HALOCK agrees that it will not reveal any information pertaining to the business of Client, including business practices, employee or contractor identities, processes and methods of operation, except as may be required in performing Services. All records, files specifications, and technical data and the like relating to HALOCK's business, which Client shall prepare, use, or come into contact with, shall be and remain HALOCK's sole property and cannot be copied, or disseminated without HALOCK's written permission. 11.2 Limitations. Confidential information shall not, however, include any information which (i) is or subsequently becomes publicly known and made generally available through no action or inaction of the receiving Party; (ii) is in the possession of the receiving Party, without confidential restrictions, at the time of disclosure by the disclosing Party as shown by the receiving Party's files and records immediately prior to the time of disclosure; and/or (iii) is independently developed by the receiving Party without use of or reference to the disclosing Party's confidential information, as shown by documents and other competent evidence in the receiving Party's possession. 11.3 Disclosure. In the event that the receiving Party is requested or required (including, without limitation, by deposition, interrogatory, request for documents, subpoena, civil investigative demand or similar process) by a court of law, governmental authority or regulator to disclose any confidential information, the receiving Party will give the disclosing Party, to the extent not prohibited by law, rule, HALOCK Security Labs I Master Services Agreement Page 5 of 18 HALOCKSecurityLabs Purpose Driven Security applicable authority or regulation, prompt written notice of such request or requirement so that the disclosing Party may seek an appropriate order or other remedy protecting the confidential information from disclosure. The receiving Party will cooperate, to the extent commercially reasonable and at the disclosing Party's expense, with the disclosing Party to obtain such protective order or other remedy. In the event that a protective order or other remedy is not obtained or the disclosing Party waives its right to seek such an order or other remedy, the receiving Party may, without liability under this Agreement, furnish only that portion of the confidential information that the receiving Party is requested or required to disclose as determined by the receiving Party and/or its legal counsel. Nothing contained in this paragraph 11.3 shall prohibit the receiving Party from disclosing confidential information if required by any governmental, judicial, administrative or regulatory authority having jurisdiction over the receiving Party. The receiving Party will notify the disclosing Party of the request if permitted by law. 11.4 Gramm-Leach-Bliley Act. HALOCK adheres, as applicable to the Services rendered, to the final privacy rules pursuant to Section 501 (a) of the Gramm-Leach- Bliley Act. Further, in according with Section 501 (b) of the Gramm-Leach-Bliley Act (as defined in 15 U.S.C. 6801-6809), as a nonaffiliated third party to financial institutions, HALOCK does not engage in any activities as a financial institution nor does HALOCK provide services that would be defined as a financial service. In the course of providing consulting Services, HALOCK may knowingly or unknowingly encounter nonpublic personal information ("NPI"). HALOCK will not intentionally store, process, or transmit this information unless authorized as a requirement of the Services rendered. HALOCK will not disclose or share NPI with third parties nor will HALOCK use any NPI for its own marketing purposes. HALOCK will report any material breaches affecting the financial institution's NPI to the financial institution should such breach occur, including an estimate of the intrusion's effect on the financial institution, or any of its customers, and the corrective action taken or to be undertaken. HALOCK's GLBA policy may be revised or updated and is available upon request. i 11.5 Reporting Requirements. HALOCK will promptly report any confirmed breaches in security or unauthorized access to or disclosure of Client's confidential information, including without limitation any instance of theft, unauthorized access by fraud, deception or other malfeasance or inadvertent access that resulted in any unauthorized access to or disclosure of the Client's confidential information (a "Security Event"), whenever such breaches should occur, including an estimate of the intrusion's effect on the Client, or any of its customers, and the corrective action taken or to be undertaken. HALOCK will provide Client with all reasonable cooperation in connection with any Security Event. In the event of a Security Event, HALOCK shall, upon Client authorization: (i) conduct an investigation of the Security Event, including the collection and preservation of data and evidence concerning the Security Event; (ii) take all steps HALOCK Security Labs I Master Services Agreement Page 6 of 18 j HALOCI :SecurityLabs Purpose Driven Security appropriate and necessary to contain, prevent and mitigate any further Security Event; (iii) provide Client prompt notice of any such Security Event, but not later than twenty- four (24) hours after HALOCK learns of a confirmed Security Event; (iv) provide Client with a written report concerning any such Security Event within three (3) business days of the Security Event; (v) document and detail the remedial action taken and planned to be taken by HALOCK, to remediate any such Security Event; and (vi) and reasonably cooperate with Client to provide information as requested by Client, provided such requests do not violate confidentiality agreements established by and between HALOCK and other third parties. 11.6 Notice of Changes in HALOCK's Security Program. HALOCK shall notify Client whenever there are changes in its security program that would materially affect the terms stated in sections 11.1-11.5. 12.0 Assessments, Audits, Penetration Testing, and Incident Response. 12.1 General Provisions. HALOCK, through the course of its work efforts for Client, may need to perform automated scanning, manual attempts to exploit vulnerabilities, incident response, forensic analysis and/or other assessment activities in order to gain control of target systems and identify related vulnerabilities. These activities involve a variety of tools and techniques that may cause the target services to behave in an unintended manner. This may result in servers, services, applications, or other devices becoming unresponsive, and could potentially lead to data loss and/or data corruption. To the extent possible, HALOCK will take precautionary measures to avoid any such problems by conducting a planning session with Client prior to commencement of the assessment. 12.2 Client's Obligations and Waiver of Claims. The Client is expected to take appropriate steps to ensure that data and information on all systems that fall within the scope of Services and/or that may be impacted by the Services has been properly backed up prior to commencement of the Services. The Client agrees that it will make appropriate personnel available to aid in the planning and coordination of Services activity in order to minimize business impact and to assist in the process of recovering systems functionality if problems do arise. The Client shall grant HALOCK reasonable access to its networks, systems, and/or applications to perform the Services outlined in the related SOW. HALOCK will not be subject to liability for claims of any kind whatsoever that result from the Client's failure to take appropriate steps to back up data and/or information on its systems, and Client expressly waives any and all claims of any kind whatsoever, against HALOCK as well as HALOCK's employees and agents, which result from Client's failure to back up its data and/or information. 12.3 Impossibility of Identifying All Issues and Vulnerabilities. Client acknowledges and understands that, during the course of any incident response or other assessment HALOCK Security Labs I Master Services Agreement Page 7 of 18 HALOCKSecurityLabs Purpose Driven Security activity, it may be impossible and impractical for HALOCK to assess 100% of a Client's environment and, in the performance of its work, HALOCK will only assess a reasonable sample of the Client's system, server, applications, processes and/or documentation. HALOCK will conduct a reasonable sampling of the relevant information and Client recognizes that HALOCK cannot identify every single problem with a Client's system, server, application, process and/or documentation. In light of the unpredictable nature of how systems may react to tools and techniques that HALOCK may use during the course of its work, HALOCK makes no guarantee that the final report will identify all vulnerabilities, liabilities, and/or control gaps that may, have or will affect the organization. Client expressly acknowledges and understands the statements in this Paragraph 12.3. 12.4 Inability to Guarantee Identification of Incident Source during Incident Response Work. During the performance of any incident response and/or forensic analysis, HALOCK will make all reasonable efforts to identify the source of the incident. However, HALOCK makes no guarantee that it will be able to identify the incident source, and makes no guarantee that its final report will include the source of the incident. Client expressly acknowledges and understands HALOCK's representations in this regard. 12.5 Point in Time. Client acknowledges and understands that HALOCK only provides point-in-time validation, testing and assessment, and that HALOCK's validation, testing and assessment of a system, server, application, process, and/or documentation only pertains to the time when HALOCK conducts its work. HALOCK makes no representations or statements concerning the status of Client's system, server, application, process, and/or documentation at any time prior to or after the validation, testing or assessment process. Client acknowledges and understands that its system, server, application, process, and/or documentation is subject to change before, during, and/or following any validation, testing or assessment by HALOCK. 12.6 Scope of Environment. Client acknowledges and understands that HALOCK is relying on Client's representations concerning the scope and boundaries of its environment. Client acknowledges that HALOCK's performance, validation, testing and assessment may be adversely impacted if Client fails to accurately describe or scope its environment for HALOCK. Client hereby waives any and all claims for damages of any kind, against HALOCK as well as HALOCK's employees and agents, which result directly or indirectly from Client's failure to accurately scope or describe its environment. 12.7 Continuous Maintenance. Client acknowledges and understands that it is responsible for any necessary compliance and/or system maintenance that may be required following the completion of any validation, testing of other assessment by HALOCK. Client hereby waives any and all claims for damages of any kind, against HALOCK Security Labs I Master Services Agreement Page 8 of 18 HALOCKsecu rityLa bs Purpose Driven Security HALOCK as well as HALOCK's employees and agents, which result directly or indirectly from Client's failure to perform any necessary compliance and/or system maintenance. 12.8 Payment Obligation is Independent of Outcome. Client agrees that all fees are due to HALOCK for Services rendered and tools utilized regardless of the outcome, results and/or Client satisfaction of the engagement. 13.0 Term and Termination. iM 1-n-iti-al Tefm and Renewal Term. The term of this Agreement will eemmenee on the Effective Pate and Will Eantinue for- a period of hvelve (12) menths ("Initial Tefm�+ 44ier-eafter-, this Agreement will atitafnatic-ally r-enew under- these same terms fe-r- 13.2 Termination. Notwithstanding section 13.1 (Initial Term and Renewal Term), either Party may terminate this Agreement at any time upon thirty (30) days prior written notice to the other Party. Upon termination, an orderly phase-out schedule will be mutually created by Client and HALOCK, and all of Client's property, material, and work in HALOCK's possession, including any and all documents in the possession of HALOCK and/or its employees, which incorporate any classified information (from a patent, trademark, copyright, proprietary information, and government secrecy standpoint), shall be delivered to Client. 13.3 Client's Obligations Upon Termination. In the event of any termination, Client j shall pay to HALOCK any compensation due to HALOCK for the time of any independent subcontractor and/or HALOCK employee who has performed Services, plus approved reimbursable expenses as of the termination date pursuant to the terms and rates agreed to by the Parties. Unless otherwise agreed by the Parties in a separate agreement, in the event of a fixed fee project, Client shall pay to HALOCK a termination fee to be mutually agreed to by Client and HALOCK that shall be no less than an amount equal to the actual hours worked by any independent subcontractor and/or HALOCK employee multiplied by the out of scope billing rates specified in the SOW. j 13.4 Return of Equipment. Client agrees to return any and all equipment or other i HALOCK property supplied by an independent subcontractor and/or HALOCK employee within ten (10) days of the termination of this Agreement and in working order. Client agrees to reimburse HALOCK for the full replacement cost of any damaged equipment or equipment not returned in a timely manner. j i 14.0 Representations and Warranties. HALOCK and Client each represent, warrant and covenant that: (i) each party has the full right and authority to enter into, execute, and perform its respective obligations under this Agreement and that no pending or threatened claim or litigation known to it will have a material adverse impact on its HALOCK Security Labs I Master Services Agreement Page 9 of 18 HALQCKSecu rityLa bs Purpose Driven Security ability to perform as required by this Agreement; (ii) the Services and obligations hereunder will be performed in a reasonable and workmanlike manner; (iii) the Services and obligations hereunder will be performed in compliance with all applicable federal, state and local laws, statutes, rules, regulations and ordinances; (iv) each party shall dedicate such time and resources as necessary to perform the Services on a timely basis; and (v) it will keep Client reasonably informed regarding the status of the Services performed hereunder. 15.0 Limits of Liability. Except for the obligations under paragraph 18.0 (Indemnity), in no event shall either Party be liable to the other for consequential, incidental, indirect, punitive or special damages (including loss of profits, data, business or goodwill), from all causes of action of any kind, including any action sounding in contract, tort, breach of warranty, or otherwise, even if a Party was advised of the likelihood of such damages occurring. It is further agreed that, except for each Party's obligations under paragraph 18.0 (Indemnity) of this Agreement, each Party's aggregate liability for direct damages for any claim that is brought pursuant to this Agreement shall not exceed $1 million ($1,000,000). 16.0 Waiver of Claims and Liabilities by Client. Client aeknowledges that an agent-, Client also aeknowledges that-, in the peffeif:MaHlEe of its inEident r-esp . -e61 14ALOCK may not have an to advise Client about the eeinsequenc-es a stibeentr-aeteir-, given that may &*ist. Client hereby waives any , a" . A 14ALOC1<, mrd- that result 4efn (1) the Che or- infer-Enation; (2) a Eler=isien of eatir-se of eeindtfEt taken by an agent-, emplayee or- . - -,stanee suEh that there is Fte fifne to eanfer in advanee With Client witheltit r4S offered d�eF provided thr-eugh the GRC portalafid�eit:by Reasonable Risk-, I.C. 17.0 Warranty and Disclaimer of Warranties Concerning Products, Equipment and Goods. Client expressly acknowledges that it will select solutions and may agree to the use of products, software, equipment and/or goods in order to solve or attempt to solve identified problems and issues. While HALOCK may, in the performance of its work, recommend solutions to Client, including the use of products, software, equipment and/or goods, Client expressly acknowledges and agrees that HALOCK is not a designer, manufacturer, distributor, or operator of any such products, software, equipment and/or goods including but not limited to any software offered and/or provided through the GRC portal and/or by Reasonable Risk, LLC. In light of the foregoing, the Parties expressly acknowledge and agree to the following: HALOCK Security Labs I Master Services Agreement Page 10 of 18 HALOCKSecurityLabs Purpose Driven Security 17.1 If HALOCK has reason to know of the specific purpose for which a product, software, piece of equipment and/or good is required by Client, if HALOCK has reason to know that Client is relying on HALOCK's judgment when selecting a product, software, piece of equipment and/or good, and if Client actually relies on HALOCK's judgment when selecting a product, software, piece of equipment and/or good, then HALOCK hereby warrants that the product, piece of equipment and/or good is suitable for that specific purpose. 17.2 HALOCK does not make any express and/or implied warranties OF ANY KIND other than what is expressly stated in Section 17.1, and HALOCK hereby EXPRESSLY disclaims any and all additional EXPRESS AND/OR IMPLIED warranties of any kind including, but not limited to, any warranties of design and/or merchantability. 17.3 Client acknowledges that, when selecting and/or purchasing any product, software, piece of equipment and/or good for its use, Client shall not rely solely on any statement or representation made by any independent subcontractor, agent or employee of HALOCK and Client acknowledges that it has the right to independently exercise its own judgment when selecting and/or purchasing any product, software, piece of equipment and/or good. 17.4 Client acknowledges that HALOCK shall not be subject to liability for any damages caused by any design and/or manufacturing defect in any product, software, piece of equipment and/or good unless HALOCK knew or had reason to know about that defect prior to or at the time when the product, software, piece of equipment and/or good is acquired by Client and only if HALOCK failed to advise Client about the defect. 17.5 Except as is otherwise expressly stated in this Section 17.0, Client waives any claim of any kind against HALOCK or its assignee for any loss, damage or expense that is caused by or results from Client's use of any product, software, piece of equipment and/or good. 17.6 HALOCK and Client agree and acknowledge that the terms stated in this Section 17.0 apply only in the event that a separate statement of work has not been executed. If a separate statement of work exists, the terms of that statement of work supersede the terms stated in this Section 17.0. 18.0 Indemnity. 18.1 Each Party agrees that it will indemnify, defend (if requested) and hold harmless the other Party as well as its respective parents, affiliates and subsidiary entities, officers, directors, shareholders, representatives, successors, assigns, employees and agents (collectively, the "Indemnitees") from and against any and all judgments, actions, claims, lawsuits, losses, fines, penalties, interest, deficiencies, damages, HALOCK Security Labs I Master Services Agreement Page 11 of 18 HALOCKSecurityLabs Purpose Driven Security liabilities, costs and/or expenses (including reasonable attorneys' fees, expenses, court costs and/or arbitration fees) (hereinafter "Indemnification Damages") that may be suffered, made or incurred by any Indemnitee arising out of: (i) any breach or alleged breach of any of the representations, warranties, covenants, obligations or agreements made by the indemnifying Party in this Agreement, and/or (ii) the fraud, negligence, willful, illegal and/or intentional conduct of the indemnifying Party. Client acknowledges, understands and agrees that HALOCK is not obligated to defend and/or indemnify Client from and against any and all Indemnification Damages arising out of any defects and/or problems with any software offered and/or provided through the GRC portal and/or by Reasonable Risk, LLC. Finally, the Party's agree that neither Party is entitled to seek indemnification from the other Party for any Indemnification Damages arising out of a Party's own negligent, willful and/or intentional conduct. 18.2 A Party seeking indemnification from the other must provide the other Party with a written demand for indemnification promptly after learning about any claim that may require indemnification. The Party seeking indemnification must allow the indemnifying Party to assume full control of the defense and settlement of the claim. The indemnified Party agrees to provide the indemnifying Party with reasonable cooperation including, but not limited to, reasonable access to documents and witnesses that are necessary to defend the claim. The indemnified Party shall have the right to participate in the defense of the claim at its own expense. The indemnifying Party shall not enter into any settlement agreement, consent to the entry of a judgment or otherwise settle or resolve any claim without the written consent of the indemnified Party, and such consent shall not be unreasonably withheld. Finally, any failure by the indemnified Party to satisfy any obligations under this section shall limit the indemnifying Party's obligations but only to the extent it suffers actual prejudice as a result. 18.3 Insurance Requirements. HALOCK and Client shall maintain insurance against losses and damages to persons or to real or personal property, including worker's compensation, public liability, property damage and automobile liability insurance in an amount not less than $1 million ($1,000,000). Eaeh Party shall add the other- Pafty a an additional insured underthe-afer-ementioned-3nS tEe-p6lifies. Prior to the commencement of any work and upon request, a Party shall produce, to the other Party, a certificate of insurance demonstrating such coverage. 18.4 Notices. Any notice required or permitted by this Agreement shall be in writing and shall be made by personal delivery, overnight express courier (such as Federal Express) or by pre-paid certified or registered mail, addressed to the other Party as follows: HALOCK Security Labs I Master Services Agreement Page 12 of 18 HALOCKSecurityLabs Purpose Driven Security If to HALOCK: Attn: Terry Kurzynski, Senior Partner HALOCK Security Labs 1834 Walden Office Square, Suite 200, Schaumburg, IL 60173 847.221.0212 If to Client : Attn: Tim Fox, Information Technology Director Village of Oak Brook 1200 Oak Brook Road Oak Brook, Illinois 60523 630-368-5174 18.5 Or, notice may be delivered to such other address as may be given by any Party to the other in writing from time to time. Notice will be deemed to have been received upon delivery or upon rejection of delivery as evidenced by a Party's signature. 18.6 21.0 HALOCK Security Labs. The formal corporate name for HALOCK Security Labs is Remington Associates Ltd., d/b/a HALOCK Security Labs, an Illinois corporation. Client should use the name "HALOCK" or "HALOCK Security Labs" in its vendor management system. 22.0 General Provisions 22.1 Assignment and Successors. Either Party may assign any or all of its rights, obligations and/or duties under this Agreement at any time and from time to time upon the written consent of the other Party and each Party agrees that such consent shall not be unreasonably withheld. The Parties agree that this Agreement shall be binding upon the successors of each Party and shall inure to the benefit of, and be enforceable by, such successors, and any officers or directors thereof. 22.2 Rights of Title to HALOCK's Intellectual Property. Client acknowledges that HALOCK has invested substantial time, money and effort in order to develop its tools, toolkits, templates, methods, plans, posters, videos, agreements, content, processes, runbooks, as well as additional content and documents identified as its intellectual property ("HALOCK's Intellectual Property"). Except as expressly described in Section 22.3, HALOCK alone shall own all right, title and interest, including all related intellectual property rights, in and to HALOCK's Intellectual Property and any derivative works and HALOCK will have perpetual rights to HALOCK's Intellectual Property as well as any algorithms, methods, templates and processes used to develop HALOCK's Intellectual Property and any derivative works. 22.3 Ownership of Deliverables and Client's Works. A11 concepts, designs, programs, HALOCK Security Labs I Master Services Agreement Page 13 of 18 HALOCKSecurityLabs Purpose Driven Security manuals, tapes, flowcharts and any other material prepared by HALOCK for Client under this Agreement ("Deliverables") and/or any material developed independently by Client using HALOCK's Intellectual Property ("Client's Works") are created specifically for Client's use as defined by this Agreement. Client shall not redistribute or share any of HALOCK's Intellectual Property created under this Agreement with any company or persons not a party to this Agreement although this restriction shall not apply to Deliverables and/or Client's Works. Client shall own and have the right to obtain from HALOCK and/or its employees, and to hold in its own name, copyrights, trademark registrations, patents or whatever protection Client may deem appropriate in any material prepared by HALOCK specifically for Client under this Agreement. HALOCK shall, and shall cause its employees and subcontractors to, execute any documents and take any actions reasonably requested by Client to perfect its ownership and/or registration of any Deliverables, Client's Works or any intellectual property rights therein. By providing Client with the Deliverables and/or allowing Client to develop the Client's Works, HALOCK does not waive any of its right, title and/or interest in HALOCK's Intellectual Property and derivative works. 22.4 License Grant. From and after the Effective Date, HALOCK hereby grants to Client, and Client hereby accepts from HALOCK, a perpetual, irrevocable, world-wide, fully paid-up, royalty-free license to use and modify the Deliverables and, to the extent necessary under the law, Client's Works. Except as expressly provided herein, Client is granted no rights or licenses whatsoever in or to HALOCK's Intellectual Property or any other HALOCK products, services or other HALOCK intellectual property or personal rights. 22.5 Restrictions. Client agrees not to use HALOCK's Intellectual Property, the Deliverables, and/or Client's Works in a manner that violates any applicable laws, regulations or this Agreement. Client shall not distribute the Deliverables and/or Client's Works in electronic editable format to any 3rd party without technically enforceable restrictions of use, including duplication, modification, trading or selling, or any other use for personal gain although this restriction does not prevent Client from creating, modifying and/or distributing the Deliverables and/or Client's Works. 22.6 HALOCK's Trade Secrets. Client acknowledges that HALOCK's Intellectual Property constitutes trade secrets as that information (i) is not generally known and/or available to the public; (ii) has actual commercial value and provides HALOCK with an economic advantage over its competitors; and (iii) is actively protected from disclosure through contractual protection, maintaining the confidentiality of HALOCK's Intellectual Property and other reasonable efforts applicable to HALOCK's business. Client expressly agrees not to disclose any of HALOCK's Intellectual Property and/or trade secrets of any kind to any third party under any circumstances unless such HALOCK Security Labs I Master Services Agreement Page 14 of 18 HALOCKSecu rityLa bs Purpose Driven Security disclosure is expressly authorized by HALOCK in writing and further agrees to take reasonable steps to maintain the confidentiality of HALOCK's Intellectual Property and trade secrets although these restrictions and obligations shall not apply to the Deliverables and/or Client's Works. Client agrees not to use any of HALOCK's Intellectual Property and/or trade secrets for its own benefit except as expressly provided herein and in connection with the Services. Client acknowledges and agrees that the unauthorized acquisition, use or disclosure of HALOCK's Intellectual Property and trade secrets in a manner contrary to honest commercial practices by others is regarded as an unfair practice and a violation of trade secret protection as well as this Agreement. 22.7 Written Disclosure. HALOCK and its employee shall promptly disclose in writing to Client all writings, inventions, improvements, or discoveries, whether copyrightable, patentable, or not, which are written, conceived, made, or discovered by HALOCK's employees jointly with Client or singly arising out of, or during the term of this Agreement. As to each such disclosure, HALOCK and/or its employees shall specifically point out the features or concepts considered new or different. HALOCK represents and warrants that there are, at present, no writings, inventions, improvements, or discoveries not included in a copyright, copyright applications, patent, or patent application that were written, conceived, invented, made, or discovered by HALOCK and/or employees before entering into this Agreement, and which HALOCK and/or employees desire to remove from the provisions of this Agreement, except those stated specifically in writing by HALOCK. 22.8 Choice of Law. The Parties expressly agree that any dispute that arises under or in relation to this Agreement shall be governed by Illinois law, regardless of any applicable choice-of-law principles. 22.9 Binding Arbitration. The Parties agree that any controversy or claim arising out of or relating to this Agreement, or breach thereof, shall be settled via binding arbitration in accordance with the Commercial Arbitration Rules of the American Arbitration Association, and judgment upon the award rendered by the arbitrator(s) may be entered in any court having jurisdiction thereof. Further, Client and HALOCK agree to equally share the cost of arbitration while arbitration is pending, with the prevailing Party to receive the cost of arbitration, as well as all reasonable legal fees and expenses incurred in relation to the arbitration. The Parties further agree that the arbitration hearing itself will proceed at a forum located within 150 miles of the Chicago-land area to be agreed upon by the Parties. 22.10 Entire Agreement. This Agreement and any SOW constitute the entire understanding between the Parties, and supersede all prior agreements and negotiations, whether oral or written. There are no other agreements between the Parties, except as set forth in this Agreement or any SOW. No supplement, HALOCK Security Labs I Master Services Agreement Page 15 of 18 HALOCKSecurityLabs Purpose Driven Security modification, waiver, or termination of this Agreement shall be binding unless in writing and executed by the Parties to this Agreement. In the event of any conflict or inconsistency between the terms of the Agreement and the terms of any SOW, the terms of this Agreement will govern and control in all respects. The Client acknowledges and understands that the statements and representations that are included in any proposal, provided by HALOCK, are not incorporated into this Agreement as legally binding terms and obligations of HALOCK. 22.11 Survival. Termination or expiration of this Agreement for any reason shall not release either Party from any liabilities which, by their nature, are applicable following any such termination or expiration. 22.12 Headings. The inclusion of headings in this Agreement is for convenience of reference only and shall not affect the construction or interpretation hereof. 22.13 Counterparts; Facsimile and Electronic Signatures. This Agreement may be executed in as many counterparts as may be deemed necessary and convenient, and by the different Parties hereto on separate counterparts, each of which when so executed shall be deemed an original, but all such counterparts shall constitute one and the same instrument. Delivery of an executed counterpart of a signature page to this Agreement by via any electronic means shall be effective as delivery of a manually executed counterpart to this Agreement. 22.14 Severability. If any provision of this Agreement is held invalid, illegal or unenforceable, the validity, legality and enforceability of the remaining provisions will not in any way be affected or impaired. 23.0 Attorney — Client Privilege. Client further understands that any communications that involve an attorney who is providing legal advice are communications that are protected by the Attorney-Client Privilege and/or work product doctrine. Client agrees that any communications between HALOCK and an attorney for the Client are considered privileged and subject to the protection of the attorney-client privilege so long as the communications are for the purpose of providing the Client with legal advice. Client acknowledges and understands that the privilege can we waived if protected information is disclosed to third parties. Finally, Client acknowledges that it is ultimately up to a court of competent jurisdiction to determine the full nature and extent of any protection that is afforded by the attorney- client privilege. Approval and Acknowledgment. The Parties acknowledges that they have thoroughly read this Agreement, understand it, and agree to be bound by its terms and further agree that it is the complete and exclusive statement of the Agreement between the Parties, which supersedes all proposals, oral or written, and all communications between the Parties relating to the subject matter of this Agreement. HALOCK and HALOCK Security Labs I Master Services Agreement Page 16 of 18 DocuSign Envelope ID:9633228D-E385-4D39-8497-E9DC208E76BC 10 HALOCKSecu rityLa bs Purpose Driven Security Client further acknowledge that they have each had had the opportunity to review this Agreement with an attorney of their respective choice, and have each agreed to all of its terms. Under these circumstances, HALOCK and Client agree that the rule of construction that a contract be construed against the drafter shall not be applied in interpreting this Agreement and that in the event of any ambiguity in any of the terms or conditions of this Agreement, including any exhibits, schedules or attachments hereto, such ambiguity shall not be construed for or against any Party hereto on the basis that such Party did or did not author same. For: Village of Oak Brook For: HALOCJC,c� ;e crity Labs Fz- Signed: Signed: Printed: lY f E-C,, SCvAmo.r'S Printed: Terry Kurzynski Title: VA i <<0AQ_ O�MN C:� Title: Senior Partner /Date: � nE n Date: 5/20/2022 1 09:29:45 CDT HALOCK Security Labs I Master Services Agreement Page 17 of 16 HALOCKSecurityLabs Purpose Driven Security HALOCK RATE SHEET 2022 Effective Date: January 1, 2022 RATES. A separate SOW, quotation or proposal may be supplied for details of fees and payment terms. For projects in the absence of any other mutually agreed upon fee structure, this Rate Sheet contains a list of applicable rates. HALOCK reserves the right to adjust fees at its sole discretion and publish on an annual basis. APPLICABLE RATES Resource Classification Hourly Rate Security Engineer $350 Governance Risk Consultant (GRC) $350 Managing Consultant $350 Principal $350 Partner $400 Incident Response/Forensics $390 Litigation Support $400 Trial/Deposition $450 HALOCK Security Labs I Master Services Agreement Page 18 of 18